The aim of this data privacy statement is to inform you as the user of the website about the type, scope and purpose of the processing of personal data and the rights that exist for you, insofar as you as the person concerned in according to Art. 4 No. 1 of the General Data Protection Regulation (GDPR) apply.
The following data privacy statement takes into account the changes in accordance with the General Data Protection Regulation (GDPR) that has been in effect since 25 May 2018. At the same time, this declaration also fulfills the previously applicable requirements of Section 13 of the Telemedia Act.
In principle, visiting our website is possible without providing personal information.
The processing of personal data is only necessary if you decide to use certain services (e.g. use of a contact form). We always take care to process your personal data only in accordance with a legal basis or with your consent. We adhere to the regulations of the General Data Protection Regulation (GDPR) that have been in force since May 25, 2018 and the applicable national regulations, such as the Federal Data Protection Act, the Telemedia Act or other more specific data protection laws.
The following declaration gives you an overview of how CND guarantees this protection and what type of data is collected and for what purpose.
For all data protection questions and notifications, please contact CND at the e-mail address email@example.com or by post at the above address of CND Technology GmbH.
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
‘filing system’ means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. 2However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
‘data concerning health’ means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;
‘enterprise’ means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity
In some cases, when you visit our website, we collect certain personal data for which we need your consent. This takes place, for example, when you send us a message using one of our forms.
Declaration of consent
By using our available forms, you consent to us collecting the personal data you have provided and processing it as described in this data protection declaration. You can revoke this consent at any time with future effect by making a corresponding declaration to us. However, we would like to point out that it is no longer possible to use our service without your consent. To revoke your consent, please use the contact methods given below (please give us your name, email and postal address in this case).
This website and the range of services are provided by the
(hereinafter referred to as "CND") and is available to interested parties from Germany as an information portal on data protection and compliance management.
Purpose and legal basis for the processing of personal data
We process personal data that are necessary for the establishment, implementation or processing of our service offer on the legal basis of Art. 6 Para. 1 (b) GDPR. Insofar as you have given us your consent to the processing of personal data for certain purposes, we will process it on the basis of your consent in accordance with Art. 6 Para. 1 (a) GDPR.
Insofar as we use external service providers in the context of order data processing, the processing takes place on the legal basis of Art. 28 GDPR.
The personal data is collected, processed and used by us exclusively for the following purposes:
for contacting and related correspondence - based on your consent
for processing your request and for any further advice you may require - based on your consent
to contact you to verify your data - based on your consent
to create an offer - based on your request
for the technical implementation of our offers - based on legitimate interests
Personal data collected and processed
We only collect and process your personal data if you provide them voluntarily with your knowledge, e.g. by completing our forms or sending emails.
In the context of the available forms or messages, this is the following data:
Data from interested parties for services:
full phone number
consent to the data protection declaration
The personal data you provide and their content remain exclusively with us and our affiliated companies. We will only save and process your data for the above-mentioned purposes. Any use that goes beyond the stated purpose requires your express consent.
Our data protection regulations apply to data processing by our cooperation partners.
The personal data will be deleted immediately if you withdraw your consent or if the purpose of the data has ceased.
CND will immediately notify its cooperation partners that they have withdrawn their consent. CND has obliged its cooperation partners to delete the personal data immediately after becoming aware of the revocation.
CND has also obliged its cooperation partners to immediately inform CND of a revocation declared to the cooperation partner. After becoming aware of the declaration of revocation, CND will promptly delete the data from itself and any other cooperation partners.
General log files
The web server temporarily stores the connection data of the requesting computer (IP address), the pages you visit, the date and duration of the visit, the identification data of the browser and operating system type used, and the website from which you came visit us and record the successful retrieval in log files. The technical administration of the websites and anonymous statistical surveys enable an evaluation of the access to the offer of CND and an evaluation with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us.
The data of the server log files are stored separately from all the personal data you have provided.
Subject to any statutory retention requirements, we delete or anonymize your IP address after you leave our website.
Information is collected and stored on our website through the use of so-called browser cookies.
What are cookies?
These are small text files that are stored on your data carrier and that save certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the domain from which the cookie data was sent, information about the age of the cookie and an alphanumeric identifier.
Cookies enable our systems to recognize the user's device and to make any default settings available immediately. As soon as a user accesses the platform, a cookie is transferred to the hard drive of the user's computer. Cookies help us to improve our website and to be able to offer you a better and more customized service. They enable us to recognize your computer or your (mobile) device when you return to our website.
If you as a user do not want the use of browser cookies, you can set your browser so that the storage of cookies is not accepted. Please note that in this case you may only be able to use our website to a limited extent or not at all. If you only want to accept our own cookies, but not the cookies of our service providers and partners, you can select the "Block third-party cookies" setting in your browser. We are not responsible for the use of third-party cookies.
Use of Google Analytics
Google Analytics collects first-party cookies, data related to the device/browser, IP address and on-site/app activities to measure and report statistics about user interactions on the websites and/or apps that use Google Analytics. Customers may customize cookies and the data collected with features like cookie settings, User-ID, Data Import, and Measurement Protocol.
Google Analytics mainly uses first-party cookies to report on visitor (aka. user) interactions on Google Analytics customers’ websites. Users may disable cookies or delete any individual cookie.
Where a site or app uses Google Analytics for Apps or the Google Analytics for Firebase SDKs, Google Analytics collects an app-instance identifier — a randomly generated number that identifies a unique installation of an App. Whenever a user resets their Advertising Identifier (Advertising ID on Android, and ID for Advertisers on iOS), the app-instance identifier is also reset.
Where sites or apps have implemented Google Analytics with other Google Advertising products, like Google Ads, additional advertising identifiers may be collected. Users can opt-out of this feature and manage their settings for this cookie using the Ads Settings.
Google Analytics also collects Internet Protocol (IP) addresses to provide and protect the security of the service, and to give website owners a sense of which country, state, or city in the world their users come from (also known as "IP geolocation"). Google Analytics provides a method to mask IPs that are collected (detailed below) but note that website owners have access to their users’ IP addresses even if the website owners do not use Google Analytics.,
Google Analytics is a data processor under GDPR because Google Analytics collects and processes data on behalf of our clients, pursuant to their instructions. Our customers are data controllers who retain full rights over the collection, access, retention, and deletion of their data at any time. Google’s use of data is controlled by the terms of its contract with Google Analytics customers and any settings enabled by customers through the user interface of our product.
Information requirements for applicants according to Art. 13 and Art. 14 GDPR
If you apply to CND electronically, your details will only be used to process your application and will not be passed on to third parties.
Please note that applications that you send to CND by email will be transmitted unencrypted. In this respect, there is a risk that unauthorized persons can intercept and use this data.
We only collect and process the personal data you have provided to us as part of the application process. This is the data listed below (type of data):
Personal details (name, address, and other contact details, place of birth, birthday, nationality)
Qualification documents (certificates, assessments or similar training certificates)
Processing is carried out taking into account and in accordance with the applicable General Data Protection Regulation (GDPR) and the new Federal Data Protection Act (BDSG-new), area-specific data protection standards in the course of the application process, such as the Social Code, Telecommunications Act and Works Constitution Act.
With your consent to the processing of personal data, the lawfulness of the collection and processing of your personal data is based on the consent you have given us. This can be revoked at any time. The revocation takes effect in the future and cannot be granted retrospectively. If the processing of the personal data collected is revoked, the purpose for which it was collected can no longer be fulfilled or implemented.
The data collected is forwarded within our company to the responsible authorities, which have been entrusted with the processing of the application process and who need it to fulfil legal obligations.
If necessary, your personal data will be processed and stored for the duration of the application process. After fulfilling the purpose, but at the latest after 6 months, we will delete them. If the storage of the data is no longer necessary to carry out the application process and there is no legal retention period for this or if we do not have your consent, which justifies a longer storage period, the data will be deleted immediately.
Within the framework of the legal requirements from the GDPR and the BDSG-new, everyone concerned has the right to information about the processing of their personal data, the right to correction, deletion and restriction of this as well as the right to object to the processing and the right to data portability. When asserting the right to information as well as deletion, the restrictions of §§ 33, 34 BDSG-new must be taken into account. Furthermore, there is a right to lodge a complaint with the responsible supervisory authority in accordance with Art. 77 GDPR in conjunction. § 19 BDSG new.
Unfortunately, the transmission of information via the Internet is never 100% secure, which is why we cannot guarantee the security of the data transmitted to our website via the Internet.
However, we secure our website by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons.
In particular, we transfer your personal data in encrypted form. We use the SSL / TLS (Secure Sockets Layer / Transport Layer Security) coding system. Our security measures are continuously improved in line with technological developments.
Under the conditions of Art. 15 GDPR, you have the right to request confirmation as to whether personal data relating to you are being processed and to obtain free information from the controller at any time about the personal data stored about you and a copy of this information receive.
Right to rectification
Under the conditions of Art. 16 GDPR, you have the right to request the immediate correction of incorrect personal data concerning you. In addition, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration - taking into account the purposes of the processing.
Right to cancellation
Under the conditions of Art. 17 GDPR, you have the right to request that the personal data concerning you be deleted immediately, provided that one of the reasons stated in Art. 17 GDPR exists and as far as the processing is not necessary.
Right to restriction of processing
Under the conditions of Art. 18 GDPR, you have the right to request that processing be restricted if one of the conditions mentioned in Art. 18 GDPR is met.
Right to data portability
Under the conditions of Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, provided the further requirements of Art. 20 GDPR are met.
Right to withdraw consent
You have the right to revoke your consent to the processing of personal data at any time with future effect. Please address the revocation to the contact details given above.
Right to object
Under the conditions of Art. 21 GDPR, you have the right to object to the processing of your personal data at any time. If the requirements for an effective objection are met, we may no longer process the data.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data violates the requirements the GDPR violates.
Passing on your personal data
Your personal data will be passed on as described below.
The website is hosted by an external service provider in Germany. Here we ensure that data processing takes place in Germany and the EU alone. This is necessary for the operation of the website, as well as for the establishment, implementation and processing of the existing license agreement and is also possible without your consent.
The data will also be passed on if we are entitled or obliged to pass on data due to legal regulations and/or official or judicial orders. This can be, in particular, the provision of information for purposes of law enforcement, security or to enforce intellectual property rights. Insofar as your data is passed on to service providers to the extent necessary, they only have access to your personal data to the extent necessary to fulfil their tasks. These service providers are obliged to treat your personal data in accordance with the applicable data protection laws, in particular the GDPR.
Beyond the above-mentioned circumstances, we generally do not transmit your data to third parties without your consent. In particular, we do not pass on any personal data to a location in a third country or an international organization.
Storage period for personal data
With regard to the storage period, we will delete personal data as soon as it is no longer necessary to fulfil the original purpose and there are no longer any statutory retention periods. The legal retention periods ultimately form the criterion for the final duration of the storage of personal data. After the deadline, the relevant data will be routinely deleted. If there are retention periods, processing is restricted in the form of blocking the data.
References and links
When you visit websites that are referred to on our website, you can again ask for information such as name, address, email address, browser properties, etc. This data protection declaration does not regulate the collection, transfer or handling of personal data by third parties.
Third-party service providers may have different and separate provisions in dealing with the collection, processing and use of personal data. It is therefore advisable to find out about the practice of handling personal data on third-party websites before entering personal data.
Changes to the data protection declaration
We are constantly developing our website in order to be able to provide you with an ever-better service. We will always keep this data protection declaration up to date and adapt it accordingly if and to the extent that this should become necessary.
We will of course inform you of any changes to this data protection declaration in good time. We will e.g. by sending an email to the email address you provided to us.
If further consent from you to our handling of your data should become necessary, we will of course obtain this from you before the corresponding changes take effect.
You can access the current version of our data protection declaration at any time on the Internet under data protection.
As of May 2020
Source: Datenschutz-Konfigurator von mein-datenschutzbeauftragter.de