Diese Datenschutzerklärung klärt Sie über die Art, den Umfang und Zweck der Verarbeitung von personenbezogenen Daten (nachfolgend kurz „Daten“) innerhalb unserer Agenturleistungen und der mit ihr verbundenen Webseiten, Funktionen und Inhalte sowie externen Onlinepräsenzen, wie z.B. unser Social Media Profile auf. (nachfolgend gemeinsam bezeichnet als „Onlineangebot“). Im Hinblick auf die verwendeten Begrifflichkeiten, wie z.B. „personenbezogene Daten“ oder deren „Verarbeitung“ verweisen wir auf die Definitionen im Art. 4 der Datenschutzgrundverordnung (DSGVO).
cip marketing GmbH
Gründlacher Str. 248
90765 Fuerth, Germany
HRB 9200 District Court Fürth
Managing Director Claus Gladanyuk
Telephone: +49 (0) 911 146903 10
Telephone: +49 (0) 911 146903 10
In the following, we also summarize the data subjects as "users".
In accordance with art. 32 GDPR, we take appropriate technical and organizational measures to ensure a level of protection that is appropriate to the risk, thereby taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing and the different likelihood and severity of the risk to the rights and freedoms of natural persons; the measures include in particular safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as data access, input, transmission, safeguarding availability and its separation. Furthermore, we have established procedures that guarantee the exercise of data subjects' rights, deletion of data and response to data risks. In addition, we already take the protection of personal data into account during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly defaults (art. 25 GDPR).
The security measures include, in particular, the encrypted transmission of data between your browser and our server. You can detect encryption by the fact that https:// is shown in your browser. You can also find out about the validity of the certificate used and its validation.
If we disclose data to other persons and companies (data processors or third parties) within the scope of our processing, transmit the data to them or otherwise grant them access to the data, this shall only take place on the basis of a legal authorization (e.g. when transmission of the data to third parties, such as payment service providers, is required for contract fulfilment in accordance with art. 6 para. 1 lit. b GDPR ), you have consented, a legal obligation provides for this or it takes place on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
Insofar as we outsource data processing to third parties on the basis of an “order processing contract”, this takes place on the basis of art. 28 GDPR.
Insofar as we process data in a third-party country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this only takes place if it occurs for the fulfilment of our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual authorizations, we process data or have data processed in a third country only if the particular requirements of art. 44 ff. GDPR are met. This means, for example, that processing takes place on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g. as for the USA by means of the "Privacy Shield") or compliance with officially recognized special contractual obligations (called "standard contractual clauses").
You have the right to request confirmation as to whether the data concerned are being processed and to request information about these data as well as further information and a copy of the data, in accordance with art. 15 GDPR. In accordance with art. 16 GDPR, you have the right to request the completion of data concerning you or the correction of inaccurate data concerning you. In accordance with art. 17 GDPR, you have the right to demand that the data in question be deleted immediately, or alternatively in accordance with art. 18 GDPR, to demand that the processing of the data be restricted. You have the right to request receipt of the personal data with which you have provided us in accordance with art. 20 GDPR and to request their transmission to other responsible bodies. In accordance with art. 77 GDPR, you further have the right to lodge a complaint with the responsible supervisory authority.
In accordance with art. 7 para. 3 GDPR, you have the right to revoke your consent with future effect.
You can always object to any future processing of your data in accordance with art. 21 GDPR. Objection may be lodged in particular against processing for direct advertising purposes.
In accordance with legal requirements, storage takes place in particular for 6 years pursuant to § 257 Para. 1 of the German Commercial Code (HGB) (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) as well as for 10 years pursuant to § 147 para. 1 German Fiscal Code (AO) (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).
When applying by electronic means, i.e. via our web form, we collect and process your personal data for the purpose of processing the application and for carrying out pre-contractual measures in accordance with art. 6 para. 1 lit. b. GDPR art. 6 para. 1 lit. f. GDPR, insofar as data processing becomes necessary for us, e.g. within the framework of legal procedures (in Germany § 26 Federal Data Protection Act additionally applies).
Applications that are sent by other means (e.g. by e-mail) will not be saved or deleted immediately, as e-mails are generally not sent encrypted and we cannot accept responsibility for the transmission of the application between the sender and the reception on our server.
By submitting an application on our recruiting page, you express your interest in seeking employment with us. In this context, you provide us with personal data that we use and store exclusively for the purpose of your job search / application. In particular, the following data are collected:
Only authorized employees from the HR department or employees involved in the application process have access to your data. There is no transmission of data to third countries which do not have a sufficient level of protection.
Insofar as special categories of personal data are provided within the meaning of art. 9 para. 1 GDPR, they shall also be processed in accordance with art. 9 para. 2 lit. b GDPR (e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of art. 9 para. 1 GDPR are requested from applicants during the application procedure, these are additionally processed in accordance with art. 9 para. 2 lit. a GDPR (e.g. health data, if these are necessary for the exercise of the profession).
Personal data are stored exclusively for the purpose of filling the vacant position for which you have applied.
Your data will be stored for a period of 180 days beyond the completion of the application process. This usually takes place to fulfill legal obligations or to defend against any legal claims. Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations. After the retention period, we are obliged to delete or anonymize your data. In the case of anonymization, the data are only available to us as so-called metadata without direct personal reference for statistical evaluations (for example, proportion of male or female applicants, number of applications per period, etc.).
Applicants’ data will also be deleted if an application is withdrawn, which the applicants are entitled to do at any time. If applicants wish to revoke the data processing before the expiration of the six-month retention period, they may contact the company data protection officer at any time by writing an e-mail to firstname.lastname@example.org and have their data deleted, unless a legal retention period precludes this.
If you receive an offer for employment from us during an application process and accept it, we will store the personal data collected during the application process at least for the duration of the employment relationship.
Please contact our Privacy Officer by e-mail for assertion of your rights in relation to the data processed in this online application process.
If you contact us by e-mail, phone or fax, your request, including all ensuing personal data (name, nature of inquiry), is stored and processed by us for the purposes of processing your request. We do not share these data without your permission.
These data are processed on the basis of art. 6 para. 1 lit. b GDPR if your request relates to the execution of a contract or is required to carry out pre-contractual activities. In all other cases, the processing is based on your consent (art. 6 para. 1 lit. a GDPR) and / or our legitimate interests (art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective handling of the requests addressed to us.
We will retain the data you provide on the contact form until its deletion is requested, your consent for storage is revoked, or the purpose for its storage is no longer applicable (e.g. after the handling of your inquiry has been completed). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected.
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, in order to answer your question and any follow-up questions. We do not share these data without your permission.
We will therefore process any data you enter on the contact form only with your consent (art. 6 para. 1 (a) GDPR). You may revoke your consent at any time. An informal e-mail message sent to us is sufficient. The legality of the processing of data which has already occurred before we receive your request remains unaffected by this.
We will retain the data you provide on the contact form until such time as you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer applies (e.g. after fulfilling your request). Any mandatory statutory provisions, in particular those regarding mandatory data retention periods, thereby remain unaffected.
We collect data on the basis of our legitimate interests as defined in art. 6 para. 1 f GDPR regarding each access to the server on which this service is located (known as server log files). Access data includes the name of the requested website, file, date and time of access, amount of data transferred, report on whether the site has been successfully retrieved, browser type and version, the user's operating system, the referrer URL (the site visited before coming to our site), the user's IP address and the requesting internet service provider.
Log file information is stored for a maximum of 190 days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data which must be retained as potential evidence are not deleted until the relevant incident has been definitively clarified.
On the basis of our legitimate interests within the meaning of art. 6 para.1 lit. f. GDPR, we maintain online presences on social networks and platforms in order to communicate with active customers, interested parties and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.
Cookies are information that is transferred from our web server or third party web servers to the user's web browser and stored there for later retrieval. Cookies can be small files or other types of information storage. Cookies do not damage your computer and do not contain viruses. Cookies help make our website more user-friendly, efficient and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called "session cookies", which are only stored for the duration of the current visit to our online presence. A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offer and log out or close your browser, for example. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
On our behalf, Google will use this information to analyze the use of our website by users, to compile reports on activities on this website and to provide us with other services relating to the use of this website and the Internet. Pseudonymous usage profiles of users may be created from the processed data.
We use Google Analytics only with activated IP anonymization. This means that the user’s IP address is truncated by Google within the member states of the European Union or in other countries that are party to the Agreement on the European Economic Area. Only in exceptional cases will the entire IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyze your use of the website, compile reports regarding website activity and provide other services to the website operator relating to website usage and internet usage.
This website uses the Google Analytics "Demographics" function. This allows reports to be generated containing statements about the age, gender and interests of site visitors. These data come from interest-based advertising from Google and visitor data from third-party providers. These collected data cannot be attributed to any specific individual. You can disable this feature at any time by adjusting the ads settings in your Google account, or you can generally forbid the collection of your data by Google Analytics as described in the section "Objecting to data collection."
For all else, the personal data will be anonymized or deleted after a lapse of 26 months. For details, see Google Analytics.
We have entered into a contract with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Our websites use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
This function enables the target groups created using Google Analytics Remarketing to be linked with the cross-device functions of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified from your previous usage and surfing behavior on a device (such as your mobile phone) and also for other devices (such as a tablet or computer).
Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. In this way, the same personalized promotional messaging can be used for any device that signs in to your Google Account. To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target groups for cross-device ad targeting.
You can permanently opt out of cross-device remarketing / targeting by disabling personalized advertising in your Google Account.
The aggregation of the data collected in your Google Account data is based solely on your consent, which you may grant to Google or revoke (art. 6 para. 1 (a) GDPR). For data collection operations not aggregated into your Google Account (for example, because you do not have a Google Account or have objected to aggregation), the collection of data is based on art. 6 para. 1 lit. f GDPR. The legitimate interest arises from the fact that the website operator has an interest in anonymous analysis of website visitors for advertising purposes.
This website uses Google AdWords. AdWords is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
As part of Google AdWords, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that the internet browser stores on the user's computer. These cookies expire after 30 days and are not used to personally identify the user. If you visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that you clicked on the ad and proceeded to that page.
Each Google AdWords customer receives a different cookie. The cookies cannot be tracked via the website of AdWords clients. The information obtained using the conversion cookie is used to create conversion statistics for AdWords clients who have opted into conversion tracking. Clients are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not obtain any information which can be used to identify you personally. If you do not wish to participate in tracking, you can refuse by simply deactivating the Google conversion tracking cookie via your internet browser settings. By doing so, you will not be included in the conversion tracking statistics.
The storage of "conversion cookies" and the use of this tracking tool are based on art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.
You can configure your browser in such a way that you are informed whenever a cookie is set, and you can choose on a case-by-case basis whether or not to allow this. You can also set up your browser to prohibit the setting of cookies in general, and/or to delete cookies automatically when you close the browser. Disabling cookies may limit the functionality of this website.
Our website uses YouTube plug-ins. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in the extended data protection mode. According to YouTube, this mode causes YouTube not to store any information about visitors to this website before they watch the video. The disclosure of data to YouTube partners is, however, not mandatorily excluded by the extended data protection mode. Therefore, YouTube will establish a connection to the Google DoubleClick network, regardless of whether you are viewing a video or not.
You will be linked to the YouTube servers as soon as you start a YouTube video on our website. The YouTube server is then informed about which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to directly associate your surfing habits with your personal profile. You can prevent this by logging out of your YouTube account.
In addition, YouTube can store different cookies on your device once you have started a video. YouTube can use these cookies to gather information on visitors to our website. Such information is used, among other things, to capture video statistics, to improve user-friendliness and to prevent attempted fraud. The cookies will remain on your device until you delete them.
Starting a YouTube video may trigger further data processing operations over which we have no control.
This website uses so-called web fonts provided by Google to support the uniform display of fonts. When you open a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
To do this, the browser you use must connect to Google's servers. Google is therefore aware that our web page has been accessed via your IP address. Google Web fonts are used in the interest of a uniform and appealing presentation of our website. This constitutes a legitimate interest pursuant to art. 6 para. 1 lit. f GDPR.
On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our website within the meaning of art. 6 para. 1 lit. f. GDPR), we include content or service offerings from third parties so that we can incorporate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always requires that the third-party providers of this content can see the IP address of users, since without the IP address they would not be able to send the content to the users' browsers. Your IP address is therefore necessary to display this content. We strive to only use content from providers who use the IP address solely for the delivery of content.
Third-party providers may also use so-called pixel tags (invisible graphics, also known as web beacons) for statistical or marketing purposes. "Pixel tags" can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online offering. It may also be linked to such information from other sources.
The following presentation offers an overview of third-party providers and their content in addition to links to their privacy policies, which contain further references to the processing of data and the opportunities to object ('opt-out'), which have already been mentioned here to some extent: