Privacy Policy

The following privacy policy serves to inform you in accordance with Art. 12, 13 and 21 of the General Data Protection Regulation (GDPR) regarding the processing of your personal data (hereinafter referred to as “data”) in connection with the use of this website, the mobile apps (hereinafter collectively referred to as “website”) and the WebID services by WebID Solutions GmbH (“WebID”).
Your data will be processed in compliance with the relevant data protection regulations, in particular the provisions of the GDPR and the Federal Data Protection Act (BDSG).

1. Responsible

The controller within the meaning of the GDPR is
WebID Solutions GmbH, Unter den Linden 10, 10117 Berlin
Email: service@webid-solutions.de

2. Data protection

You can contact our external data protection officer as follows:
Silvia C. Bauer
WebID Solutions GmbH, Data Protection Officer
Unter den Linden 10, 10117 Berlin
Email: datenschutz@webid-solutions.de

3. Purposes and legal basis of data processing

3.1 Processing of data when using apps

When you download mobile apps, the necessary information is transferred to the app store, in particular your user name, your email address and the customer number of your account, the time of the download, payment information (if applicable) and the individual device identification number. We have no influence on this data collection and are not responsible for it. We only process the data to the extent necessary for downloading the mobile app to your mobile device and, in this context, to the extent necessary for the use of the app, on the basis of Art. 6 para. 1 lit. b, f GDPR and § 25 para. 2 no. 2 TDDDG. For further information on data protection, please refer to the data protection information of the respective app.

3.2 Informational use of the website

You can visit our website without providing any personal information. If you use our website for informational purposes only, i.e. you do not register at or otherwise provide us with information about yourself, we do not process any personal data, with the exception of data that your browser transmits to enable you to visit the website and information that is transmitted to us through the use of cookies.

3.2.1 Provision of the website

For the purpose of the technical provision of the website, information is collected by our IT systems when you visit the website. This data is collected and stored in so-called server log files automatically as soon as you enter our website. The following information is collected:

• Browser type and browser version
• Operating system
• Referrer URL
• Time of the server request
• IP
• The previous website from which access was made.

This data is not merged with other data sources. The temporary storage of your IP address by our system is necessary to enable the website to be delivered to your computer. For this purpose, the user’s IP address must be stored for the duration of the session.

The IP address is stored in the log files to ensure the functionality of our website. We also use this data to optimise the website and to ensure the security of our information technology systems (e.g. attack detection).

We process your personal data for the technical provision of our website on the following legal basis:

• for the technical provision of our website in accordance with Section 25 (2) No. 2 TDDDG, as the processing of the above-mentioned data is absolutely necessary to enable us to provide you with the use of our website that you have expressly requested (i.e. also without or with cookies);
• to fulfil a contract or to carry out pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR, insofar as you visit our website to find out about our products;
• to protect our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR in order to be able to provide you with the website in a technically sound and secure manner.

3.2.2. Consent Manager

We use a consent manager on our website. The consent manager provider of Jaohawi AB (Håltegelvägen 1b, 72348 Västerås, Sweden) is a solution that allows us to obtain your consent to certain data processing operations that require consent (e.g. analysis, tracking, etc.). This allows us to inform you about the individual cookies and tools we use. You can use the consent manager to choose which cookies and tools you want to accept or reject individually or categorically. This enables you to make an informed decision about the transfer of your data and allows us to use cookies and tools in a manner that is compliant with data protection regulations, transparent and documented.

The consent management provider processes your personal data in order to record your decision on the use of cookies and tools and to store it for a return visit to our website. This includes the corresponding cookie with your consent decision as well as other usage data, such as your IP address, the browser used, language and country, and the website you visited. In addition, the consent management provider stores the following cookies:

• “euconsent” – Consent string of the IAB CMP framework. This contains information about whether/how you have consented to the processing of your data.
• “eupubconsent” – Similar to “euconsent”, but with less information.
• “__cmpconsent*” – Similar to “euconsent”.
• “euconsent_backup” – Backup copy of the “euconsent” cookie
• “__cmpcvc*”/”__cmpvendors”/”__cmpiab” – Information about consent from providers.
• “__cmpcpc*”/”__cmppurposes” – Information about the purpose of consent.
• “__cmpcc”/”__cmpccx” – This cookie only contains a number and is used to check whether your browser supports cookies.
• “__cmpiuid” – A random text. The purpose of this cookie is to log the status of your consent.
• “__cmpld” – Contains the date on which the consent level was last displayed to you.
• “anna”/”annac” – Contains a number used to count visitors to the website.
• “kmd” – When you log in to our system, we store your login information here.

Further information and the privacy policy of the consent management provider can be found at: https://www.consentmanager.net/datenschutz/.

We process your personal data for the technical provision of our website on the following legal basis:

• for the technical provision of consent management in accordance with Section 25 (2) No. 2 TDDDG, as the processing of the above-mentioned data is absolutely necessary to enable us to provide you with the use of our website that you have expressly requested (with or without cookies);
• to protect our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR in order to be able to provide you with the website technically,
• to fulfil a legal obligation under the GDPR pursuant to Art. 6 para. 1 lit. c GDPR, which lies in providing the option to give consent and documenting your decision.

3.2.3 Statistical analysis of website usage and tracking

When you visit our website, your surfing behaviour may be statistically evaluated. This is done primarily with cookies and so-called analysis programmes. This enables us to improve the quality of our website and its content. We learn how the website is used and can thus continuously optimise our offer. You can find detailed information on this in the following explanations.

We process your personal data on the basis of the following legal grounds:

• with your consent in accordance with Section 25 (1) TDDDG with regard to the initial storage and retrieval of data;

• with your consent in accordance with Art. 6 para. 1 lit. a GDPR for further data processing (e.g. provision of functionalities, analyses, tracking, optimisation, etc.).

You can revoke your consent at any time with future effect via our Consent Manager. You can access the Consent Manager from any page by clicking on the check mark icon in the lower left corner of the website and adjust your settings to revoke your consent. If further legal bases apply, these are listed below.

3.2.3.1 Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (subsidiary of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). Google Analytics uses cookies that enable an analysis of your use of the website and tracking of visits to other websites or websites you have previously visited. The information generated by the cookie about your use of this website (IP address, login status, postcode, last login, registration date, user ID and registration source) is usually transferred to a Google server in the USA and stored there. On our behalf, Google uses this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

Google Analytics is only integrated into the company website, not into the websites for identification processes or other services we offer.

We have also activated Google Signals in Google Analytics. If you have enabled personalised advertising in your Google account and are logged into your Google account, our Google Analytics statistics (advertising reports, information for remarketing, cross-device reports) will be supplemented by demographic characteristics and interests that Google collects and sends to us in anonymised form. Google Signals can also be used to perform remarketing to logged-in Google users.

Google performs cross-device tracking so that your data is analysed across devices (e.g. when you use your smartphone or laptop) and also uses the data for cross-device marketing. The data collected by Google is linked to your Google account. This may include information about your interests and demographic characteristics, such as age, language, gender, location, occupation, marital status or income, which Google collects directly or through partners.

IP anonymisation

We have activated the IP anonymisation function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.

We only use Google Analytics with your consent. You can revoke your consent at any time by

• using the button at the end of this website for your cookie settings,
• preventing the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of our website to their full extent,
• downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de or clicking on this link to prevent Google Analytics from collecting data on our website in the future. An opt-out cookie will be stored on your device. Please note that you must activate the opt-out cookie in each browser you use on all your devices and may need to reactivate it if you delete all cookies in a browser.

Further information on the terms of use and data protection of Google Analytics can be found at http://www.google.com/analytics/terms/de.html, https://support.google.com/analytics/answer/6004245?hl=de and https://policies.google.com/privacy?hl=de.

3.2.3.2 Google Ads, Google Ads Conversion Tracking, Google Ads Enhanced Conversions

We use the online advertising programme “Google Ads” and, within the scope of Google Ads, conversion tracking. Google Conversion Tracking is an analysis service provided by Google Ireland Limited (“Google”), a company registered and operating under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).. If you click on an ad placed by Google, a cookie for conversion tracking will be stored on your computer. These cookies expire after 30 days, do not contain any personal data and are therefore not used for personal identification.

If you visit certain pages on our website and the cookie has not yet expired, Google and we can recognise that you clicked on the ad and were redirected to this page. Each Google Ads customer receives a different cookie. This means that cookies cannot be tracked across the websites of Ads customers.

The information collected using the conversion cookie is used to generate conversion statistics for Ads customers who have opted for conversion tracking. This tells customers the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag and, for example, participated in a competition. However, you will not receive any information that can be used to personally identify users.

We also use Google Enhanced Conversions. This is a feature that improves the accuracy of conversion tracking compared to simple Google Conversion Tracking (see previous section).

For the use of Google Ads Enhanced Conversions, encrypted user data (e.g. names, email addresses, addresses, customer-specific identifiers) is forwarded to Google. Your user data is converted into a hashed and pseudonymised (so-called SHA256) character string before being forwarded to Google and then used to improve conversion measurement. This allows Google to compare whether the transmitted user data matches existing Google customers. Based on this information, users can be assigned to the corresponding Google accounts in which they were logged in when they interacted with one of our ads. This enables us, for example, to measure conversions even if the cookies set by Google have already expired. We only receive statistical evaluations from Google to measure the success of our advertising. We cannot establish any connection to individual users within the scope of these statistical evaluations.

You can prevent Google Ads from processing your data by

• preventing the storage of cookies by selecting the appropriate settings in your browser software; however, we would like to point out that in this case you may not be able to use all functions of our website to their full extent;

Further information and Google’s privacy policy can be found at: https://policies.google.com/privacy and www.google.com/policies/technologies/ads/

3.2.3.3 Google Tag Manager

We use Google Tag Manager from Google on our website. Google Tag Manager is a solution that allows marketers to manage website tags via an interface. The Google Tag Manager service itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The Google Tag Manager service triggers other tags, which may collect data. Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level , this remains in place for all tracking tags implemented with Google Tag Manager.

3.2.3.4 LinkedIn Insight Tags

We use LinkedIn Insight Tags. This service is provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (a subsidiary of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA) (hereinafter referred to as “LinkedIn”).

The LinkedIn Insight Tag and the cookie used in this context enable the collection of data about visits to our website and are used to display advertising. LinkedIn Insight Tags enable targeted advertising on and outside this website without you being identified as a website user. LinkedIn first collects so-called log files (URL, referrer URL, IP address, device and browser properties, and time of access). The data is only collected if you are registered with LinkedIn and are recognised as a LinkedIn member via log-in or cookies; this processing takes place on the systems of the provider LinkedIn. The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymised).

When you visit our website, LinkedIn is notified of the actions you have taken on our website. This serves to analyse and optimise our online offering, in particular for retargeting, i.e. the renewed advertising approach on other websites and the assignment to target groups. This enables us, among other things, to analyse your key professional data (e.g. career level, company size, country, location, industry and job title) and thus better tailor our website to the respective target groups. Furthermore, with the help of LinkedIn Insight Tags, we can measure whether visitors to the website use our products (conversion measurement). Conversion measurement can also be carried out across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function that allows us to display targeted advertising to visitors to our website outside the website. According to LinkedIn, the advertising recipient is not identified in this process.

LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties, and time of access). IP addresses are shortened or (if used to reach LinkedIn members across devices) hashed (pseudonymised).

We cannot assign the data collected by LinkedIn to specific individuals. However, LinkedIn may store the data on its servers in the United States and use it for its own advertising purposes. For details, please refer to LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy.

As a user, you can decide at any time whether to execute the JavaScript code required for the tool via your browser settings by

• changing the settings in your Internet browser and deactivating or restricting the execution of JavaScript, thereby also preventing storage. However, we would like to point out that you may then no longer be able to use all the functions of the website to their full extent.

If you are a LinkedIn member and do not want LinkedIn to collect data about you via our website and link it to your member data stored on LinkedIn, you must log out of LinkedIn before visiting our website.

If consent has been obtained, the use of the above-mentioned service is based exclusively on Art. 6 para. 1 lit. a GDPR and § 25 TGGGG.

In addition, LinkedIn provides us with statistics and analyses on the use of our social media offerings. These do not contain any names or other information about individual users. This processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR; we have a legitimate interest in effective advertising measures using social media and in improving and analysing our social media activities. In this context, WebID and LinkedIn act as joint controllers within the meaning of Art. 26 GDPR and have entered into a joint controller agreement (see https://legal.linkedin.com/pages-joint-controller-addendum). In addition to our data protection officer (see section 2), you can also contact LinkedIn’s data protection officer. The contact details are available here: https://www.linkedin.com/help/linkedin/ask/TSO-DPO.

3.2.3.5 Hubspot

This website also uses Hubspot, a service provided by Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (with a branch in Ireland, among other places; contact: HubSpot, Ground Floor, Two Dockland Central Guild Street, Dublin 1, Ireland, telephone: +353 1 5187500) for our marketing activities. Hubspot uses cookies to analyse your use of the website. The information collected by the cookies about your use of the website is usually transferred to a Hubspot server and stored there. For more information about HubSpot, please visit: https://legal.hubspot.com/legal-stuff.

Hubspot collects, among other things, your IP address, geographical location, browser type, duration of visit and pages visited.

Hubspot processes this data on our behalf to evaluate your use of the website, to compile reports on website activity and to provide us with other services related to website activity, marketing and internet usage. If you register with us, e.g. to receive a newsletter, your website activities may be linked to the data you provided during registration in order to provide you with targeted information, for example.

We only use Hubspot with your consent; this includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. You can also revoke your consent once you have given it by

• preventing the storage of cookies by adjusting your browser software settings accordingly; however, we would like to point out that in this case you may not be able to use all functions of our website to their full extent;

Further information about how Hubspot works can be found in the privacy policy of Hubspot Inc., available at: http://legal.hubspot.com/de/privacy-policy.

3.2.3.6 SalesViewer

We use the SalesViewer service provided by SalesViewer GmbH, Huestraße 30, 44787 Bochum, Germany, to analyse the behaviour of visitors to our website. SalesViewer enables us to analyse information about the use of our website for marketing purposes and to optimise and improve our online offering. When using SalesViewer, the data listed in section 3.2.1 and information about the respective interaction with the website are processed. IP addresses are encrypted using a non-reversible one-way function (known as hashing), immediately pseudonymised and not used to identify visitors to the website.

Processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR; we have a legitimate interest in effective advertising measures using appropriate services and in optimising and analysing our website. If you do not want your data to be collected by SalesViewer, you can

• prevent this by setting an opt-out cookie at the following link: https://www.salesviewer.com/de/opt-out/. The opt-out cookie is stored on your device. If you delete your cookies in your browser, you must click the link again.

Further information about SalesViewer can be found in the privacy policy of SalesViewer GmbH, available at: https://www.salesviewer.com/de/datenschutzerklaerung/. SalesViewer GmbH is used as a data processor.

3.3 Active use of the website

In addition to using our website for informational purposes, you can also actively use our website to use our WebID products, such as secure online identification, identity verification using artificial intelligence and biometrics without the involvement of a human employee (“WebID AutoID”) or digital contract signing, to create a permanent user profile, to register for our newsletter or to contact us. In addition to the processing of your personal data described above for purely informational purposes, we will then also process further personal data from you that we require to provide the respective services and respond to your enquiries.

3.3.1 Verification and confirmation of identity – identification methods

The processing of your data by WebID in connection with the verification and confirmation of identity, a documented declaration, is carried out on behalf of the respective partner company of WebID, such as a bank, a telecommunications company or an insurance company, at whose request the verification is carried out (“Partner”).

Your data will be processed exclusively for the purpose of verifying your identity and your declaration and confirming this to the respective partner.

For this purpose, we process the data that you provide to us in connection with your use of the respective WebID service and, if necessary, data that the respective partner provides to us for the purpose of comparing it with the data you have provided to us. A prerequisite for processing is the creation of a user profile (see section 3.3.3) in which your data is recorded and which enables us to communicate with you for the purposes of the respective identification method, e.g. by email and SMS, in order to send you the transaction number (TAN) for the successful completion of the respective identification.

The scope of the processing of this data and the legal basis for this processing are determined by the intended or existing contractual relationship between you and the partner and the legal requirements that require proof of identity in individual cases. Depending on the legal basis for proof of identity, proof of the existence of a valid, official identity document (e.g. identity card or passport) may also be required.

In addition, WebID provides partners with data as part of the TrueID product, which it processes either as a processor or as a controller (see Sections 3.3.1.f and 3.3.3.).

As a rule, the following data is processed as part of the following processes, whereby the exact scope of this data or the processing depends on the respective identification method:

3.3.1.a. for all identification methods:

• Surname, first name
• Place of birth
• Date
• Nationality
• Full address
• Mobile phone number
• Email
• Username of the video conferencing programme used
• Photo/screenshot of the person and the front and back of the identity document
• ID details (such as date and place of issue, issuing authority, etc.)

3.3.1.b. WebID VideoID:

For identification using WebID VideoID, the following data will be processed in addition to the data listed in section 3.3.1.a:

• Username of the video conferencing programme used
• Video and audio recording of the video call

3.3.1.c. WebID AutoID

For identification using WebID AutoID Ident, you must take a portrait photo of yourself after providing the data specified in section 3.3.1.a. The data transmitted by the partner, the ID data and the portrait photo are subject to fully automated verification by WebID AutoID. The fully automated identification process by WebID AutoID may vary depending on the partner’s model. Either your data will be compared with your ID document or an additional check will be carried out to verify that the ID document is valid; if necessary, a biometric comparison of the portrait photo with the photo on your ID document will also be carried out. When using WebID AutoID, the photos taken are checked in the background by artificial intelligence-supported software, which verifies both the authenticity of the identity documents using various security features and that the photo on the identity documents matches the photo taken during the identification process. In the event of anomalies and to verify that the software is functioning correctly, trained service staff may be called in to check individual identification processes. The results of the identification are automatically transmitted to the partner after verification. For more info on how your biometric data is handled and your options if you don’t want this data to be processed, check out section 3.3.1.g.. To use WebID AutoID, first fill out a form (usually on the partner’s website), accept the WebID terms and conditions, and read this privacy policy. The partner will then forward you to us.

3.3.1.d. WebID AccountID

For identification using WebID AccountID, a fully automated identity check is first carried out. For this purpose, the data described in more detail in section 3.3.1.c (WebID AutoID) is processed and the processes specified there are carried out. In the next step, you log in to your bank’s online banking system with your access data. To use WebID AccountID, you must grant secure access to the information stored in your bank account via digital PSD2 or online banking interface. This serves the purpose of verifying the data collected in this way and the existence of your bank account. As part of a legally required reference transfer, a small amount (e.g. 1 cent) will be transferred from your bank account to a verification account of WebID. This transfer will be executed by your bank. You irrevocably agree that your bank will execute this transfer order to a verification account of WebID. This process is usually embedded with the partner for whom we are acting and is based on Art. 6 (1) lit. a, b and c GDPR in conjunction with Art. 28 GDPR. Alternative procedures are regularly available to you which do not require access to data stored in your bank account or a reference transfer.

3.3.1.e. WebID eID (online ID function)

To identify yourself using WebID eID, you need the My WebID app, which you must have downloaded to your smartphone. If you decide to use this app and identify yourself using WebID eID, you will be redirected to the app. There you will find the WebID eID online ID function, which we use to verify your identity for our partner. To do this, you must have activated the online function on your ID card and have a smartphone with NFC function activated so that a connection can be established between your ID card and your smartphone. You start the identification process by entering the transaction number displayed. By entering the 6-digit PIN for your ID card, you initiate the transmission of the required data using end-to-end encryption based on the reading of the NFC chip and authorise this transmission. WebID checks the transmitted data and completes the identification accordingly. By using the My WebID app, it is not necessary to download the AusweisApp. WebID uses eID service providers authorised in accordance with Section 21b of the German Federal Identity and Authentication Act (PAuswG), such as D-Trust or MTG, which have received a certificate of authorisation from the Federal Office of Administration to read the relevant ID card data.

3.3.1.f. WebID TrueID

WebID TrueID makes future identification easier for you and WebID’s partners.

In accordance with the legal requirements on money laundering, WebID processes the data listed in sections 3.3.1.a and b on behalf of its partners and, with their consent, makes this data available to other partners as a messenger for identification purposes.

Alternatively, WebID may process the data stored in your WebID user profile under your user profile (see section 3.3) for its own purposes, such as performing future user identification, within the scope of TrueID. As a first step, WebID partners can ask WebID, through a technical service provider, whether a user profile for one of their customers is stored with WebID and, if so, how likely this is. To do this, the partner sends the name and address of their customer to WebID. WebID automatically compares this information with the user profiles stored with it. It calculates a mathematical probability value, which indicates the probability that a user profile is stored with it. The partner then receives this value without any further personal data and can decide for itself, based on the probability value, whether it wants to request identification of its customer from WebID. If the partner requests WebID to do so, you as the customer will be informed of the identification requested by the partner by WebID automatically sending a TAN to the mobile phone number you have provided. You can then give your consent to identification by WebID by entering the TAN in a mask provided for this purpose. Once you have given your consent, WebID will carry out the requested identification.

3.3.1.g. Processing of biometric data

When automated products are used for identification purposes, a biometric data comparison is carried out between the photo taken and the photo on your ID document (position data of the face) so that, among other things, attempts at fraud, such as identity theft, can be better detected. The measurement data collected in this process is only processed for comparison purposes. The measurement data is not stored. Only the result of the comparison is stored. This does not contain any biometric data, but only the information that the data comparison was successful.

The data is processed by the following subcontractors:

Amazon Web Services Luxembourg Sàrl, 38 avenue John F. Kennedy, L-1855, Luxembourg; BioID AG, Brünigstrasse 95, 6072 Sachseln, Switzerland.

If you wish to avoid the processing of biometric data, you can alternatively use other identification methods, provided that these are offered by your contractual partner (our partner). If these are not offered, please contact the partner directly.

3.3.1.h. Further process and legal basis

Once we have established and verified your identity, we will transfer the data collected to the partner. Depending on the identification method used, you may receive a message via email informing you of the outcome of the identification process. If, at your request, the verification of your identity has been forwarded to one of our sales partners or one of the partner’s sales partners, the sales partner will only receive a success message regarding the verification status.

When TrueID is carried out via WebID using the WebID user profile database, the partner will receive a success message regarding the verification status after you have given your consent and the identification has been successful.

The partner will process the transmitted data to fulfil its obligations under money laundering legislation or other identification obligations, as well as its rights and obligations arising from the contractual relationship between the partner and you.

The processing of your personal data is carried out (in addition to the legal bases specified above in section 3.3.1 a-g) on the following legal bases:

• within the scope of the respective contractual relationship with our respective partner, Art. 28 GDPR;
• for the performance of a contract pursuant to Art. 6 para. 1 lit. b GDPR;
• to fulfil a legal obligation to which the partner is subject in accordance with Art. 6 para. 1 lit. c GDPR;
• if you have given us your consent, in accordance with Art. 6 (1) lit. a GDPR.

3.3.2 Digital contract signing

You can also use our services to conclude digital contracts with our partners. Following the above video identification or equivalent identification and after reviewing the respective contract, you can digitally sign your contractual partner’s contract using a certificate.

In doing so, we process the data listed in section 3.3.1.a. for the purposes of identification and digital contract signing. The processing is carried out for contractual purposes, Art. 6 para. 1 lit. b GDPR, and is also governed by the legal requirements that must be observed in individual cases in the context of digital contract signing, such as the eIDAS Regulation.

3.3.3. Processing for the purposes of the “My WebID” user profile

Our services for you also include the creation of a user profile.

In doing so, we process the data collected by us as part of the identification methods described above or the digital contract signing (see Sections 3.3.1 and 3.3.2) as well as the transaction number linked to your user profile. This does not include biometric data; we do not store this data (see Section 3.3.1.f).

We use this data in this context as the controller for the purpose of enabling you to prove your identity to our existing and future partners or to enable you to provide digital signatures in the future.

The creation of your user profile and the processing of the above-mentioned data for WebID’s own purposes is carried out in accordance with Art. 6 para. 1 lit. b GDPR and, if applicable, a declaration of consent, Art. 6 para. 1 lit. a GDPR.

3.3.4 Enquiries

In order to process and respond to your enquiries to us, e.g. via the contact form or to our email address, we process the data you provide in this context. This includes your name, age and email address so that we can send you a reply, as well as any other information you send us in your message.

We process your data to respond to your enquiries on the following legal basis:

• If you contact us within the scope of a contract to which you are a party or for the purpose of implementing pre-contractual measures, the legal basis is Art. 6 para. 1 lit. b GDPR.
• To protect our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR; our legitimate interest lies in responding appropriately to customer enquiries.

3.3.5 Newsletters, surveys, etc.

With your consent, we use your data for advertising purposes, such as sending you one of our newsletters, contacting you by telephone or conducting advertising surveys. We only collect the data that is necessary for this purpose, such as your email address. As part of the registration process, you will receive an email from us with a confirmation link that you can use to confirm your identity (double opt-in). Your registration is only complete once you have confirmed the link.

Through our service provider Hubspot (Hubspot Inc., USA with a branch in Ireland; contact: HubSpot, Ground Floor, Two Dockland Central Guild Street, Dublin 1, Ireland ), statistics and tracking data are also collected, compiled and used on our behalf for the purpose of sending newsletters (e.g. read confirmations, interaction with links, opened/not opened with date/time of first opening and number of openings, country of opening and device used, unsubscriptions, bounces (indication of non-delivery). The evaluation and analysis of this data helps us to avoid sending you random advertising. Instead, we send you advertising, such as newsletters or product recommendations, that correspond to your areas of interest. In this respect, we also compare which of our advertising emails you open, for example, to avoid sending you unnecessary emails. In addition, we would like to provide you with information that is relevant to you. By tracking opening and click rates, we can better identify which content is of interest to you.

We also use the programme of CleverReach GmbH & Co. KG, Schafjückenweg 2 in 26180 Rastede, to send newsletters and create anonymised statistical reports in this context (e.g. delivery, click or bounce rates) and to manage newsletter unsubscriptions. CleverReach GmbH & Co. KG acts as a processor.

We process your data for these purposes on the following legal basis:

• If you have given us your consent, in accordance with Art. 6 para. 1 lit. a GDPR;

• If we record and analyse your response to our emails to protect our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR; our legitimate interest is our economic interest in carrying out advertising measures and target group-oriented advertising ( ), analysing your response to our communication and optimising communication in order to continuously adapt its quality and content and thus our marketing to your preferences and thereby send you more suitable communication.

We also use your email address to send you advertising for other products and services, provided that you have provided us with this address in connection with the use of our services (e.g. when creating a user profile as part of the identification process).

The processing for these purposes is based on the following legal basis:

• To protect our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 UWG (German Unfair Competition Act) for the purposes of electronic direct marketing. Our legitimate interest lies in sending you information about similar WebID products and services that may be of interest to you and in our economic interest in carrying out advertising measures.

Right to object: WebID will use your email address for these purposes as long as you have not objected to its use. You can object to this either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter email, without incurring any costs other than the transmission costs according to the basic rates.

3.3.6 LinkedIn Sales Navigator

We actively use our social media accounts on business-oriented platforms such as LinkedIn and associated tools such as LinkedIn Sales Navigator to communicate, initiate, manage and expand our business contacts and leads. We also use the tool to find suitable contacts for us and our services and to contact them directly via the integrated messaging function on LinkedIn so that we can present our services. In doing so, we process the data provided to us by LinkedIn. This may include, in particular, your name, your employer, your position at your employer, your education and other contacts on the platform. Depending on the nature of the contact with you, we may process additional data, such as the specific business relationships or the content of the communication with you. In addition, we may transfer your data to our CRM systems and merge or link it with data already stored there.

Sales Navigator is provided by LinkedIn Ireland Unlimited Company (“LinkedIn Ireland”). WebID and LinkedIn Ireland act as joint controllers within the meaning of Art. 26 GDPR and have entered into a Joint Controller Agreement (see https://legal.linkedin.com/pages-joint-controller-addendum). Information about LinkedIn Sales Navigator and its features can be found here: https://business.linkedin.com/de-de/sales-solutions/sales-navigator. LinkedIn’s privacy policy with further information on data processing can be found here: https://de.linkedin.com/legal/privacy-policy. In addition to our data protection officer (see section 2), you can also contact LinkedIn’s data protection officer. The contact details are available here: https://www.linkedin.com/help/linkedin/ask/TSO-DPO

We process your personal data for the purpose of contacting you, communicating with you or initiating business contacts with you (including via our CRM) on the basis of the following legal grounds:

• Your consent pursuant to Art. 6 para. 1 lit. a GDPR, which you have given to the provider when registering for the respective social media platform, insofar as this concerns your platform user data (name, employer, position, usage behaviour on the platform, etc.);
• to fulfil a contract or to carry out pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR, provided that we already have a business relationship with you or are carrying out pre-contractual measures via the platform based on your request (e.g. further contact or communication);
• to protect our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR; our legitimate interest lies in the appropriate addressing, targeted communication or even the initiation of business contacts for the establishment, implementation, maintenance or termination of a business relationship with you. This enables us to generate attention for our services and offer our services in a concrete and targeted manner.

3.3.7 Hubspot CRM

We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA with a branch in Ireland, contact: HubSpot, Ground Floor, Two Dockland Central Guild Street, Dublin 1, Ireland (hereinafter “Hubspot”).

Hubspot CRM enables us, among other things, to manage existing and potential customers as well as customer contacts. With the help of Hubspot CRM, we are able to record, sort and analyse customer interactions via email, social media or telephone across various channels. The personal data collected in this way can be evaluated and used for communication with potential customers or for marketing measures (e.g. newsletter mailings). Hubspot CRM also enables us to record and analyse the user behaviour of our contacts on our website.

The use of Hubspot CRM is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in customer management and customer communication that is as efficient as possible.

For details, please refer to Hubspot’s privacy policy: https://legal.hubspot.com/de/privacy-policy

3.3.8 Salesforce Sales Cloud

We use Salesforce Sales Cloud to manage customer data. The provider is Salesforce: The Customer Company Germany GmbH, Erika-Mann-Str. 31, 80636 Munich (hereinafter “Salesforce”).

Salesforce Sales Cloud is a CRM system that enables us, among other things, to manage existing and potential customers and customer contacts and to organise sales and communication processes. The use of the CRM system and the processing of the data we collect also enables us to analyse and optimise our customer-related processes and our website, to target customers and to improve the customer experience.

Customer data is stored on Salesforce servers on our behalf. The data is transferred to Salesforce Sales Cloud and processed there for the purposes mentioned above, among other things. In this context, personal data may also be transferred to Salesforce’s parent company: The Customer Company Germany GmbH, Salesforce: The Customer Company  Inc., Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA. Details on the functions of Salesforce Sales Cloud and data processing can be found here: https://www.salesforce.com/de/products/sales-cloud/overview/ and https://www.salesforce.com/de/company/privacy/.

The use of Salesforce Sales Cloud is based on Art. 6 para. 1 lit. f GDPR. WebID has a legitimate interest in customer management and customer communication that is as efficient as possible.

Salesforce has Binding Corporate Rules (BCR) that have been approved by the French data protection authority. These are binding internal company regulations that legitimise internal data transfers to third countries outside the EU and the EEA. Details can be found here: https://compliance.salesforce.com/en/salesforce-bcrs

3.3.9 YouTube

We embed videos from the YouTube service, which is provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). In order to make the videos available, Google processes data that is technically necessary for this purpose. Google is responsible for this processing. For more information about how Google handles your personal data, please visit: https://policies.google.com/privacy?hl=de.

The legal basis for the initial reading and/or storage of data is Section 25 (2) No. 2 TDDDG, as the processing of the data is absolutely necessary to enable us to provide the use of our website that you have expressly requested (e.g. with YouTube videos). The legal basis for the initial reading and/or storage of other, technically unnecessary data is the consent of the user in accordance with Section 25 (1) TDDDG. Further data processing when integrating YouTube is necessary for the needs-based design of our website. This also constitutes our legitimate interest in data processing in accordance with Art. 6 (1) lit. f GDPR.

3.3.10. Atlassian Status Page

WebID uses the incident management tool “Status Page” from Atlassian. Pty Ltd, Level 6, 341 George Street, Sydney NSW 2000, Australia (“Atlassian”) for incident reporting purposes as part of the implementation of appropriate technical and organisational measures. Atlassian acts as a processor for WebID in this context. Authorised contact persons of WebID’s partners can register to use the tool via the link provided by WebID in order to receive or access incident management information (“WebID Status”) for the WebID products they have selected. This includes, for example, information regarding upcoming maintenance work, possible application failures, malfunctions or security incidents. During registration, WebID collects the email address of the contact person, which is confirmed by the latter using a double opt-in procedure. In addition to the email address, WebID also records the name and mobile phone number of the contact persons named by the partner in the tool in order to verify their authorisation to register, to inform them of the WebID status by email or to contact them at short notice if necessary.

WebID processes the contact persons’ data in connection with the status page on the following legal bases:

• within the scope of registration for the use of the tool and then when using the tool to fulfil a contract or to carry out pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR;
• to implement the legally required appropriate technical and organisational measures through the use of an incident management tool in accordance with Art. 6 para. 1 lit. c GDPR in conjunction with Art. 32 GDPR.

3.3.11. Use of GoToMeeting and GoToWebinar for webinars

In order to conduct webinars and enable them to be accessed, we use the services “GoToMeeting” and “GoToWebinar” provided by GoTo Technologies USA LLC, 333 Summer Street, 5th Floor, Boston, MA 02210, USA, and its subsidiaries (“GoTo”). GoTo acts as a processor for WebID.

The webinars are recorded in advance by WebID. They are then made available to interested participants for a specified period of time for retrieval and viewing. To do this, participants must first register using the registration form provided on our website.

When registering, participants must provide their name (first and last name) and email address so that they can be sent the access information for the recording. They may also voluntarily provide their address, telephone number, company and job title so that WebID can communicate with them more specifically, e.g. in the event of any queries regarding the content of the webinar.

After successful registration, participants will receive an email with the dial-in details for the respective webinar and can then use the dial-in details to access the corresponding recording online using GoToWebinar or GotToMeeting (hereinafter: “Services”). Unauthorised recordings, copying, etc. by participants are prohibited. The passcode may not be disclosed to third parties. Participants may use the chat function of the Services or send WebID enquiries, e.g. by email, for questions, comments, etc., e.g. regarding the content of the webinar (“Enquiries”). Enquiries are only visible to WebID and will generally be answered by WebID by email.

When participants use the services, technical information such as device identification data and traffic data (e.g. MAC addresses, weblogs, IP addresses) data for tracing and identifying the origin and destination of a communication when participating in a webinar or otherwise using the services, such as telephone numbers, data on the location of the device (if collected), the date, time, duration, type of use and, if applicable, further information regarding, for example, access to the webinar, content of chats, content of support requests or other enquiries (including those made to GoTo) and, if applicable, preferences selected by participants when using the services, such as contact mode, time preferences, calendar availability or language preferences, may also be processed.

WebID processes participants’ data during registration and when using the services on the following legal bases:

• within the scope of registration for accessing the webinars, when accessing or using the services, and within the scope of communication with WebID or GoTo for the fulfilment of a contract or for the implementation of pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR;
• insofar as voluntary information is provided during registration, to protect our legitimate interests in accordance with Art. 6 (1) lit. f GDPR; our legitimate interest lies in the appropriate addressing, targeted communication or initiation of business contacts for the establishment, implementation, maintenance or termination of a business relationship with the participants. The additional information enables us to communicate with participants in a more targeted manner;
• for the technical provision of the services in accordance with Section 25(2)(2) of the German Telemedia Act (TDDDG), as the processing of the above-mentioned data is absolutely necessary to enable us to provide participants with the services they have expressly requested;
• to protect our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR; our legitimate interests consist in being able to provide the services technically, checking whether they are being used in accordance with the technical and legal requirements, and implementing any preferences selected by the respective participant, thereby improving their user experience.

3.3.12 Compliance with legal requirements

We also process your personal data to fulfil other legal obligations. These may arise in connection with business communication, among other things. This includes, in particular, commercial, trade or tax law retention periods or the implementation of the necessary technical and organisational measures or other data protection requirements.

We process your personal data on the following legal basis:

• to fulfil a legal obligation to which we are subject in accordance with Art. 6 para. 1 lit. c GDPR in conjunction with commercial, trade or tax law, insofar as we are obliged to record and store your data, or also with data protection law, insofar as we are obliged, for example, to implement appropriate technical and organisational measures.

3.3.13 Legal enforcement

We also process your personal data to assert our rights and enforce our legal claims. We also process your personal data on the basis of the law ly to defend ourselves against legal claims. Finally, we process your personal data to the extent necessary to prevent or prosecute criminal offences.

We process your personal data for this purpose on the following legal basis:

• to protect our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, insofar as we assert legal claims, defend ourselves in legal disputes, prevent or investigate criminal offences.

3.3.14 Sale of the company, mergers, etc.

We may process your personal data in order to carry out a (partial) sale of the company or a merger (or similar transactions such as a takeover in the context of liquidation, insolvency, dissolution, etc.) with another company. In the event that another company acquires or intends to acquire the assets/capital, which may include your personal data, from us, or if we merge with or seek to merge with another company, we may need to grant that company access to your personal data stored by us or transfer it for the purpose of reviewing and implementing the company sale/merger (e.g. to determine the value of the company, business risks, etc.). access to your personal data stored by us or transfer it for the purpose of reviewing and implementing the sale/merger of the company (e.g. to determine the value of the company, business risks, etc.).

We process your personal data on the following legal basis:

• to protect our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR in order to be able to plan and carry out a planned company sale or merger.

4. Categories of recipients

Within WebID, only those departments that need the data to fulfil our contractual and legal obligations have access to it.

As part of our activities as a processor, we transfer the collected data to the respective partner with whom you are in contact. If, at your request, the verification of your identity has been forwarded to one of our sales partners or one of the partner’s sales partners, or if you consent to identification within the scope of TrueID, the sales partner or the partner will only receive a success message regarding the verification status. The partner will process the transferred data to fulfil its obligations under money laundering legislation or other identification obligations, as well as its rights and obligations arising from the contract between the partner and you or within the scope of the digital signature, in particular to prove the conclusion of the contract.

In addition, we will share your personal data with other recipients to the extent permitted or required by law. Some of these recipients provide services for us in connection with our website or our services (e.g. IT service providers or cloud service operators), while others act independently (e.g. law enforcement agencies or tax authorities). We limit the disclosure of your personal data to what is necessary, in particular to enable us to provide our services. If our service providers receive your personal data as processors, they are strictly bound by our instructions when handling your personal data. Further information is available from our data protection officer on request.

5. Transfer to third countries

We do not transfer your personal data to countries outside the EU or the EEA (“third countries”) or to international organisations.

When transferring data to third countries, we ensure that a level of data protection in accordance with Art. 44 ff. GDPR is maintained.

If service providers or processors such as Salesforce, GoTo or Atlassian are used in third countries and we are able to influence this, they are obliged to comply with the EU standard data protection clauses in addition to written instructions in order to maintain the level of data protection in Europe. Alternatively, we transfer the data on the basis of Binding Corporate Rules, an adequacy decision or appropriate safeguards, such as the EU-US Data Privacy Framework Agreement. In the context of the use of Google Analytics, LinkedIn InSight Tags and Google Ads, this concerns, for example, the transfer of your IP address or your shortened IP address to third countries, including the USA. For further information, please contact our data protection officer at .

6. Links

Some sections of our website contain links to third-party websites, e.g. to display YouTube videos. These are not social media plug-ins, but mere links. When you visit our website, no personal data is forwarded to these third-party providers. Data is only transferred to the respective third-party provider when you deliberately use the link. The websites of all third-party providers are subject to their own data protection principles. We are not responsible for their operation, including data handling. If you send information to or via such third-party websites, you should check the privacy policies of these websites before providing them with any information that can be used to identify you.

7. Duration of storage
8. Informational use of the website

When you use our website for informational purposes only, we store your personal data on our servers exclusively for the duration of your visit to our website. Once you leave our website and close your browser, your personal data will be deleted immediately.

Session cookies are deleted when you close your browser.

Cookies installed by us on the basis of your consent are deleted after a storage period of up to 14 months. With regard to Google cookies, the storage period may be reset to the specified duration in the event of further actions. If a cookie is used for recognition purposes, you can delete it yourself at any time via your browser settings.

With regard to the LinkedIn Insight Tag, the direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymised data is then deleted within 180 days (and if anonymised data is processed, after 90 days) .

7.2 Active use of the website

Within the scope of video identification, WebID AutoID or equivalent identification and digital contract signing, we process your data on behalf of our partners. The storage period therefore depends on the contractual agreements you have made with the partner or the statutory retention periods applicable to them. Within the framework of the Money Laundering Act, our partner may be obliged to store the data for a period of up to five years or, in accordance with commercial or tax law requirements, for a period of up to 10 years.

In the context of providing services relating to qualified electronic signatures, we are also obliged to store your data in the long term in accordance with the provisions of the eIDAS Regulation and the accompanying national legislation in order to ensure legally compliant evidence of the services provided in this way. In Austria, for example, the storage period is up to 35 years.

If you have given your consent to the processing of your data, we will store your data until you revoke your consent; even in these cases, we may be required to archive your data in accordance with statutory or legal requirements. In such cases, your data will of course be blocked for use for other purposes and will only be stored for the fulfilment of our statutory or legal obligations.

If you send us an enquiry when using our website, use a service offered there or if we process your data within the framework of a contractual relationship, we will otherwise store your personal data for the duration of our response to your enquiry, as long as this is necessary for the use of the service or for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.

In addition, we will then store your personal data until the expiry of any legal claims arising from the relationship with you, in order to use it as evidence if necessary. The limitation period is generally between 1 and 3 years, but can also be up to 30 years.

Upon expiry of the limitation period, we will delete your personal data unless there is a legal obligation to retain it, for example under the German Commercial Code (Sections 238, 257(4) HGB) or the German Fiscal Code (Section 147(3), (4) AO). These retention obligations can range from two to ten years.

8. Your rights as a data subject

Under the legal requirements, you have the following rights as a data subject, which you can assert against us:

Right to information: You are entitled at any time to request confirmation from us within the scope of Art. 15 GDPR as to whether we are processing personal data relating to you; if this is the case, you are also entitled within the scope of Art. 15 GDPR to information about this personal data and certain other information (including processing purposes, categories of personal data, categories of recipients, planned storage period, your rights, the origin of the data, the use of automated decision-making and, in the case of transfer to third countries, the appropriate safeguards) and a copy of your data.

Right to rectification: You have the right to request that we rectify any personal data we have stored about you if it is inaccurate or incorrect in accordance with Art. 16 GDPR.

Right to erasure: You have the right to request that we erase personal data concerning you without undue delay under the conditions set out in Art. 17 GDPR. The right to erasure does not apply, among other things, if the processing of personal data is necessary for (i) exercising the right to freedom of expression and information, (ii) fulfilling a legal obligation to which we are subject (e.g. statutory retention obligations) or (iii) for the assertion, exercise or defence of legal claims.

Right to restriction of processing: You have the right to request that we restrict the processing of your personal data under the conditions set out in Art. 18 GDPR.

Right to data portability: You are entitled, under the conditions of Art. 20 GDPR, to request that we transfer the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format.

Right to object: You have the right to object to the processing of your personal data under the conditions of Art. 21 GDPR, so that we must stop processing your personal data. The right to object only exists within the limits provided for in Art. 21 GDPR. In addition, our interests may prevent us from terminating the processing, so that we are entitled to process your personal data despite your objection.

Right to lodge a complaint: You can lodge complaints with the bodies named in sections 1 and 2. Furthermore, you are entitled to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

The supervisory authority responsible for us is:
Berlin Commissioner for Data Protection and Freedom of Information,
Alt-Moabit 59-61, 10555 Berlin.
Email:mailbox@datenschutz-berlin.de
Central telephone number: +49 30 13889-0
Fax: +49 30 2155050

Revocation of consent: If you revoke your consent to the collection, processing and use of your data with future effect, either in whole or in part, we will delete your data immediately or block it from further use to the extent you request, subject to statutory retention periods.

9. Obligation to provide data

In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we will not be able to make our website available to you, respond to your enquiries or provide you with our services. Personal data that we require for the above-mentioned processing purposes is marked with an “*” or another symbol.

10. Automated decision-making

We do not use automated decision-making or automated analysis of your personal circumstances.

However, when using WebID AutoID, the identity documents are checked in the background by software supported by artificial intelligence, which checks both the authenticity of the identity documents using various security features and the correspondence of the photo on the identity documents with the photo taken during the identification process. In the event of anomalies and to verify that the software is functioning correctly, trained service employees may be called in to check individual identification processes. The results of the identification are automatically transmitted to the partner after verification.

In addition, TrueID automatically compares the data provided to us by the partner with the data stored in the user profile and then calculates a mathematical probability value regarding the existence of the user in the WebID user profile database. This value is transmitted to the requesting partner, who can then decide independently whether to use the identification service.

In accordance with Art. 22 (3) GDPR, when automated decision-making is used, you have the right to intervene on the part of the controller, to state your own point of view and to contest the decision. These rights must be asserted against the partner. The partner may also offer you alternative procedures, for example. In the TrueID procedure carried out by WebID, the rights must be asserted against WebID.

Should we use further procedures in individual cases, we will inform you accordingly.

11. Encryption

When collecting or transferring your data, we use state-of-the-art SSL encryption (SSL = Secure Sockets Layer). SSL encryption ensures the confidentiality of communication. This security feature is active when either the symbol of an intact key or a closed lock (depending on your browser) appears at the bottom of your browser window.

Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you by us on the basis of Art. 6 (1) (e) (performance of a task in the public interest) or Art. 6(1)(f) GDPR (legitimate interests pursued by the controller), if there are reasons arising from your particular situation; this also applies to profiling based on these provisions. We will then no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
Please address any objections to the address specified in section 1.

You can object to the analysis of your usage behaviour and targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

Consent to data processing by Google Analytics can also be revoked at any time.

12. Changes

We reserve the right to change this privacy policy at any time. Any changes will be announced by publishing the amended privacy policy on our website. Unless otherwise specified, such changes will take effect immediately. Please check this privacy policy regularly to view the current version.

Last updated in June 2025