Data Protection Declaration

This data protection declaration explains to you the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the associated websites, functions and contents as well as external online presences, e.g. our social media profile (hereinafter jointly referred to as "online offer"). With regard to the terms used, such as "processing" or "person responsible", we refer to the definitions in Art. 4 of the Basic Data Protection Ordinance (GDPR).

Responsible entity

cronn GmbH
Portlandweg 4
53227 Bonn
Managing Director: Jobst Eßmeyer
LEGAL NOTICE
Contact Data Protection Officer: dsb-cronn@krisensicher-werden.de

Types of data processed

• Inventory data (e.g., names, addresses)
• Contact details (e.g., e-mail, telephone numbers)
• Content data (e.g., text input, photographs, videos)
• Usage data (e.g., visited websites, interest in content, access times)
• Meta/communication data (e.g., device information, IP addresses)
• Applicant data such as curriculum vitae, certificates, etc.

Purpose of processing

• Provision of the online offer, its functions and contents
• Answer contact requests and communicate with users
• Execution of application procedures
• Security measures
• Range measurement/marketing

Terms used

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

"Processing" means any operation carried out with or without the aid of automated procedures or any such series of operations in connection with personal data. The term is comprehensive and covers practically every handling of data.

„Responsible" means the natural or legal person, authority, institution or other body that alone or together with others decides on the purposes and means of processing personal data".

Applicable legal bases

In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consents is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the performance of our services and performance of contractual measures as well as for answering inquiries within a contract or pre-contractual measures is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. In case vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para 1 lit. d GDPR serves as the legal basis.

Safety precautions

We ask you to inform yourself regularly about the contents of our data protection declaration. We will adapt the data protection declaration as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

Cooperation with contract processors and third parties

If we disclose data to other persons and companies (contract processors or third parties) within the scope of our processing, transmit it to them or otherwise grant them access to the data, this shall only take place on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, in accordance with Art. 6 Para. 1 lit. b GDPR for contract fulfilment is necessary), if you have consented, if we are legally obligated to do so or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR.

Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this only takes place if it occurs for the fulfilment of our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or leave the data in a third country only if the special requirements of Art. 44 ff. Process GDPR apply. This means, for example, processing is carried out on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").

Rights of data subjects

You have the right to request confirmation as to whether the data concerned are being processed and to request information about these data as well as further information and a copy of the data in accordance with Art. 15 GDPR.

In accordance with Article 16 of the DSBER, you have the right to request the completion of data concerning you or the correction of inaccurate data concerning you.

In accordance with Art. 17 GDPR, you have the right to demand that relevant data be deleted immediately or, alternatively, to demand a restriction on the processing of the data in accordance with Art. 18 GDPR

You have the right to request that the data concerning you that you have provided to us be received in accordance with Art. 20 GDPR and to request its transmission to other persons responsible.

In accordance with Art. 77 GDPR, they also have the right to file a complaint with the competent supervisory authority.

The supervisory authority responsible is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Telefon: 02 11/384 24-0
Fax: 02 11/384 24-10

Right of revocation

If we process your personal data on the basis of your consent, you have the right at any time to revoke this consent pursuant to Art. 7 para. 3 GDPR without reasons with effect for the future. You can send your revocation to .

Right of objection

You can object to the future processing of the data concerning you in accordance with Art. 21 GDPR at any time. The objection may be lodged in particular against processing for direct marketing purposes.

Cookies and right to object to direct marketing

This website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. A user accessing a website allows for a cookie to be stored on the user's operating system. The cookie stores information that is connected to the specific device being used. However, this does not give us direct knowledge of your identity.

The use of cookies makes the use of our services more pleasant for you. We have a legitimate interest in using them. The website uses so-called session cookies to recognise that you have already visited individual pages of the website. These are automatically deleted after leaving our site.

In addition, temporary cookies are used to optimize user-friendliness. These are stored on your device only for a defined period of time. If you visit the site again it will be automatically recognized that you have already been here and what entries and settings you had made. This means you don't have to make them again.

The legal basis for the processing of personal data using cookies is GDPR Art. 6 (1) (f).

Deletion of data

The data processed by us will be deleted or their processing restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory storage obligations. If the data are not deleted because they are necessary for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

In accordance with statutory requirements in Germany, the records are kept in particular for 6 years in accordance with § 257 (1) HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with § 147 (1) AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

Business processing

Additionally we process

• Contract data (for example, contract object, term, customer category).
• Payment data (e.g., bank details, payment history)

from our customers, prospects and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.

Hosting

The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offering.

We or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta- and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer according to Art. 6 Para. 1 lit. f GDPR in conjunction with. Art. 28 GDPR (conclusion of order processing contract).

Collection of access data and log files

We, or our hosting provider, collect the following data on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR data on each access to the server on which this service is located (so-called server log files). Access data includes the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for a maximum of 7 days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data whose further storage is required for evidentiary purposes are excluded from deletion until the respective incident has been finally clarified.

Administration, financial accounting, office organization, contact management

We process data within our administrative tasks as well as the organisation of our company, financial accounting and compliance with legal obligations, e.g. archiving. We process the same data that we process as part of the performance of our contractual services. The processing bases are Art. 6 para. 1 lit. c. GDPR, Art. 6 para. 1 lit. f. GDPR. Customers, prospects, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, generally tasks which serve the maintenance of our business activities, execution of our tasks and provision of our services. The deletion of the data with regard to contractual services and contractual communication corresponds to the information provided in these processing activities.

We disclose or transmit data to the tax authorities, consultants, such as tax consultants or auditors, as well as other fee offices and payment service providers.

Furthermore, we store information on suppliers, event organisers and other business partners on the basis of our business interests, e.g. for the purpose of making contact at a later date. We store this data, which is mainly company-related, permanently.

Data protection information in the application process

We process the applicant data only for the purpose and in the context of the application procedure in accordance with the legal requirements. The processing of the applicant data takes place in order to fulfil our (pre)contractual obligations in the context of the application procedure within the meaning of Art. 6 para. 1 lit. b. GDPR Art. 6 para. 1 lit. f. GDPR if data processing becomes necessary for us, e.g. within the framework of legal procedures (in Germany § 26 BDSG additionally applies).

The application procedure requires that applicants provide us with their data. If we offer an online form, the necessary applicant data are marked or result from the job descriptions and generally include personal data, postal and contact addresses and the documents belonging to the application, such as cover letter, curriculum vitae and certificates. In addition, applicants may voluntarily provide us with additional information.

By submitting the application to us, applicants agree to the processing of their data for the purposes of the application procedure in accordance with the type and scope set out in this data protection declaration.

Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily communicated within the scope of the application procedure, they are additionally processed in accordance with Art. 9 para. 2 letter b GDPR (e.g. health data, e.g. severely disabled status or ethnic origin). If special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants during the application procedure, they are additionally processed in accordance with Art. 9 para. 2 lit. a GDPR (e.g. health data, if these are required for the exercise of the profession).

If made available, applicants can send us their applications via an online form on our website. The data is encrypted and transmitted to us according to the state of the art. Applicants can also send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and that the applicants themselves must ensure that they are encrypted. We cannot therefore accept any responsibility for the transmission of the application between the sender and receipt on our server and therefore recommend that you use an online form or the postal dispatch. Instead of using the online application form and e-mail, applicants can still send us their application by post.

If the application is successful, the data provided by the applicants can be further processed by us for the purpose of employment. Otherwise, if the application for a job offer is not successful, the applicants' data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which the applicants are entitled to do at any time.

The deletion will take place after a period of six months, subject to a justified revocation by the applicant, so that we can answer any follow-up questions to the application and meet our obligations under the Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.

Talent-Pool

As part of the application, we offer applicants the opportunity to be included in our "talent pool" for a period of two years on the basis of consent within the meaning of Art. 6 (1) (b) and Art. 7 GDPR.

The application documents in the talent pool will only be processed in the context of future job advertisements and the search for employees and will be destroyed at the latest on expiry of the deadline. Applicants are informed that their consent to inclusion in the talent pool is voluntary, has no influence on the current application procedure and they can revoke this consent at any time for the future and declare their objection within the meaning of Art. 21 GDPR.

Contacting

When contacting us (e.g. via contact form, e-mail, telephone or social media), the user's details are processed for processing the contact enquiry and its processing in accordance with Art. 6 para. 1 lit. b) GDPR. User information can be stored in a customer relationship management system ("CRM system") or comparable storage form.

We delete the requests if they are no longer necessary. We review this requirement every two years; the statutory archiving obligations also apply.

Comments and contributions

If users leave comments or other contributions, their IP addresses may be used on the basis of our legitimate interests within the meaning of Art. 6 (1) (f). GDPR for 7 days. This takes place for our safety, if someone leaves illegal contents in comments and contributions (insults, forbidden political propaganda, etc.). In this case we can be prosecuted ourselves for the comment or contribution and are therefore interested in the identity of the author.

Furthermore, we reserve the right, on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR to process user information for spam detection.

Comment subscriptions

Users may subscribe to follow-up comments with their consent in accordance with Art. 6 para. 1 lit. a GDPR. Users will receive a confirmation email to verify that they are the owner of the email address they entered. Users can unsubscribe from ongoing comment subscriptions at any time. The confirmation email will contain information on the cancellation options. For the purpose of providing proof of user consent, we store the login timestamp along with the user's IP address and delete this information when users unsubscribe from the subscription.

You can cancel the receipt of our subscription at any time, i.e. revoke your consent. We may store the e-mail addresses we have unsubscribed for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of these data is limited to the purpose of a possible defence against claims. An individual application for cancellation is possible at any time, provided that at the same time the former existence of a consent is confirmed.

Online presence in social media

We maintain online presences within social networks and platforms in order to communicate with customers who are active there, prospective customers and users, and to inform them about our services. We would like to call attention to the fact that user data may be processed outside the European Union. This can cause risks for users, for example by complicating the enforcement of users' rights.

Furthermore, user data will regularly be used for market research and advertising purposes. For example, user profiles may be generated from user behaviour and the users' interests deduced from it. These users' profiles may then again be used, for example, to create adverts within and outside the platforms that presumably correspond to the users' interests. For this purpose, Cookies will usually be installed on the user's PC in which the user's usage behaviour and interests will be saved. Moreover, data may be stored in the user profiles irrespective of the devices utilized by the user (especially if the users are members of the respective platforms and logged in).

The processing of users' personal data takes place on the basis of our legitimate interest in effective user information and communication with users in accordance with Art 6 para. 1 lit. f. GDPPR.
If the users are asked by the respective providers for consent to data processing (i.e. to give their consent e.g. by ticking a checkbox or confirming a button), the legal basis of processing is Art. 6 para. 1 lit. a., Art. 7 GDPR.

For a detailled description of the respective processing and of the possibilities of objection (opt-out), we refer to the information supplied by the providers linked below.

After completion of the application process and in case of rejection of your application, we will store your application data for up to six months after completion of the application process. After this period, your personal data will be automatically deleted unless there are legal retention obligations or consent from the data subject for longer storage. There will be no further processing of your application data.

The storage of data is carried out for a period of six months to allow us to answer any follow-up questions regarding the application and to comply with our obligations under the General Equal Treatment Act (§ 26 BDSG in conjunction with Art. 6 (1) (b) and (f) GDPR, as well as the AGG). The deadline for deletion is either the date of rejection or, in the case of email systems, the expiration of a processing period of six months. (Invoices for any travel expense reimbursements will be archived in accordance with tax regulations.)

• Facebook (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland):
  Privacy statement, Opt-Out und youronlinechoices.com,
• Instagram (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland):
  Privacy Statement, Opt-Out,
• Google/ YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA):
  Privacy statement, Opt-Out,
• Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA):
  Privacy statement, Opt-Out,
• LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland):
  Privacy statement, Opt-Out,
• Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland):
  Privacy statement/Opt-Out.
• GitHub (GitHub BV, Vijzelstraat 68-72, 1017 HL Amsterdam, The Netherlands):
  Privacy statement, Privacy settings.

Collection and analysis of data on user behaviour

We use Fathom's analysis service on our website, which is provided by the Canadian company Conva Ventures Inc., BOX 37058 Millstream PO, Victoria, British Columbia, V9B 0E8, Canada.

Fathom is a privacy-friendly website analytics software. Your IP address will only be processed for a short time, and we (the operator of this website) have no way of identifying you. Fathom is not based on "cookies", so a consent banner is superfluous, according to the provider. Nevertheless, we would like to obtain your consent before we continue to use Fathom for the possible processing of your personal data. European customers also run on a pure EU infrastructure - so no data is stored and processed outside the EU. The use of Fathom is based on Art. 6 para. 1 lit. f GDPR. The site operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both the website and marketing campaigns.

• Further information on the data protection of Fathom Analytics can be found here:
  https://usefathom.com/privacy
• Fathom's entire data journey is documented here:
  https://usefathom.com/data

Use of SalesViewer® technology

On this website, data is collected and stored for marketing, market research and optimization purposes using the SalesViewer technology of SalesViewer®® GmbH on the basis of the legitimate interests of the website operator (Art. 6 (1) (f) GDPR).
For this purpose, a javascript-based code is used, which is used to collect company-related data and its corresponding use. The data collected with this technology is encrypted using a non-reversible one-way function (so-called hashing). The data is immediately pseudonymized and is not used to personally identify the visitor to this website.
The data stored within the framework of Salesviewer will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations.
The collection and storage of data can be objected to at any time with effect for the future by clicking on this link https://www.salesviewer.com/opt-out to prevent the collection by SalesViewer® within this website in the future. An opt-out cookie for this website will be stored on your device. If you delete your cookies in this browser, you will have to click on this link again.

Integration of third-party services and content

Within our online offer, we make no representations or warranties of any kind based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) content or service offerings of third parties to incorporate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content").

This always presupposes that the third party providers of this content perceive the IP address of the users, since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content. We make every effort to use only those contents whose respective providers use the IP address only for the delivery of the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online offer, as well as be linked to such information from other sources."

Integration of Youtube videos

We use embedded YouTube videos on our website to provide you with multimedia content directly on our site. YouTube is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The videos are embedded in "extended privacy mode", which means that no data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you actively start the videos will data processing be triggered.

When an embedded video is played, YouTube uses cookies to collect information about user behavior. According to Google this information is used to improve video statistics, prevent fraud attempts, increase the user experience, and more. Whether you are signed in to a Google service or not, this data may be processed by Google. If you have a Google account and are logged in, Google can assign this data directly to your account. If you don't want this mapping, you'll need to log out of your Google account before playing the video.

The processing of your personal data by playing YouTube videos is based on your explicit consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future. Please note that YouTube may set up cookies that are necessary for the provision of the services, regardless of consent.

For more information about data protection at Google please refer to Google's privacy policy: https://policies.google.com/privacy. There you will also find further information about your rights and what options are available to protect your privacy.

By integrating YouTube videos we want to make our online offer more attractive for you and also give you the opportunity to find out about multimedia content directly on our website.