Website privacy statement and at the same time information of the data subjects according to article 13 and article 14 EU General Data Protection Regulation

General data

Details of the responsible body

Company:                                                                       
aucobo GmbH

Legal representatives of the company:                          
Benjamin Schaich, Michael Reutter

Address:                                                                         
Schelmenwasenstraße 32, 70567 Stuttgart, Germany

Email:                                                                               

Contact details of data protection officer:     
IITR Datenschutz GmbH
Dr. Sebastian Kraska
Marienplatz 2
80331 Munich
Email:
Phone: +49(0)89-18917360

We are very pleased about your interest in our company. Data protection is of a particularly high priority for the management of the aucobo GmbH. The use of the Internet pages of the aucobo GmbH is possible without any indication of personal data. However, if a data subject wants to use special services of our enterprise via our website, processing of personal data could become necessary. If processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the country-specific data protection regulations applicable to the aucobo GmbH. By means of this data protection declaration, our enterprise would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this data protection declaration.

As the controller, the aucobo GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions can always be vulnerable to security risks, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

General data processing information

The dataPersonal data is only collected if you provide it to us of your own accord. No other personal data is collected. Any processing of your personal data that goes beyond the scope of the legal permissions will only be carried out on the basis of your express consent.

Purpose of processing:
Contract execution

Categories of recipients:
Public authorities in case of overriding legal provisions.
External service providers or other contractors.
Other external bodies insofar as the data subject has given his consent or a transfer is permissible for overriding interest.

Third country transfers:
In the context of the execution of the contract, processors outside the European Union may also be used.

Duration of data storage:
The duration of the storage of personal data is determined on the basis of the respective legal basis, the purpose of processing and – if relevant – additionally on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law).

When personal data is processed on the basis of explicit consent pursuant to Art. 6 (1) a GDPR, this data is stored until the person concerned revokes his or her consent.

If there are legal retention periods for data that is processed within the framework of legal business or similar obligations on the basis of Art. 6 Para. 1 lit. b GDPR, this data will be routinely deleted after expiry of the retention periods, provided that it is no longer required for the fulfilment of the contract or the initiation of the contract and/or there is no justified interest on our part in the continued storage.

When processing personal data on the basis of Art. 6(1)(f) GDPR, this data is stored until the data subject exercises his or her right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for the purpose of direct marketing on the basis of Art. 6 (1) f GDPR, this data is stored until the data subject exercises his right to object in accordance with Art. 21 (2) GDPR.

Moreover, unless otherwise specified in the other information on specific processing situations in this statement, stored personal data are deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.

Specific information about the website

Usage data

When you call up our web pages, you transmit data to our web server (out of technical necessity) via your Internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • Complete IP address of the requesting computer
  • volume of data transferred.

For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short period of time. It is not possible for us to draw conclusions about individual persons on the basis of this data. After seven days at the latest, the data is deleted or made anonymous by shortening the IP address at domain level, so that it is no longer possible to establish a link to the individual user. The data is also processed in anonymous form for statistical purposes; it is not compared with other data or passed on to third parties, even in extracts.

Contact

This website uses HubSpot, a software-based marketing service of HubSpot Ireland Ltd, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, for the provision of an online appointment booking function, e-mail contact, the live chat system and for the contact form.
In the course of contacting us (e.g. via contact form, email, live chat or booking an appointment), personal data is collected. Which data is collected when using a contact form or booking an appointment can be seen from the respective form. The data you enter (e.g. e-mail address) is stored on HubSpot’s servers in the USA. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f GDPR. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR. Your data will be deleted after final processing of your request. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified, further storage on the basis of Art. 6 (1) (a) GDPR, Art. 6 (1) (b) GDPR or Art. 6 (1) (f) GDPR can be ruled out and provided that there are no statutory retention obligations to the contrary.

We have concluded a data processing agreement with HubSpot, with which we obligate HubSpot to protect the data of our customers and not to pass it on to third parties. For the transfer of data from the EU to the USA, HubSpot refers to so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA. You can obtain further information about Hubspot’s data protection provisions at the following Internet address:  https://legal.hubspot.com/privacy-policy

Use of customer data for direct marketing

Newsletter

If you subscribe to our e-mail newsletter, we will send you regular information about our offers. Mandatory information for sending the newsletter is only your e-mail address. The provision of further data is voluntary and will be used to address you personally. We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you an e-mail newsletter if you have expressly confirmed that you agree to receive the newsletter. We will then send you a confirmation e-mail asking you to confirm that you wish to receive the newsletter in the future by clicking on an appropriate link.  By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. When you register for the newsletter, we store your IP address entered by your Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data we collect when you register for the newsletter will be used exclusively for the purpose of advertising the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the person responsible mentioned at the beginning. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this declaration.

Our email newsletters are sent via the technical service provider HubSpot, a software-based marketing service of HubSpot Ireland Ltd, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, to whom we pass on the data you provided when registering for the newsletter. This transfer takes place in accordance with Art. 6 (1) lit. f GDPR and serves our legitimate interest in using an effective advertising, secure and user-friendly newsletter system. Please note that your data is usually transferred to a HubSpot server in the USA and stored there.
HubSpot uses this information to send and statistically evaluate the newsletters on our behalf. For the evaluation, the sent e-mails contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. With the help of the web beacons and tracking pixels, HubSpot automatically creates general, non-personal statistics about the response behavior to newsletter campaigns. However, based on our legitimate interest in the statistical evaluation of newsletter campaigns for the optimization of advertising communication and better targeting of recipient interests, the web beacons also collect and utilize data of the respective newsletter recipient (email address, name, time of retrieval, IP address, browser type, and operating system) in accordance with Art. 6 Par. 1 lit f GDPR. This data allows an individual conclusion to be drawn about the newsletter recipient and is processed by HubSpot for the automated creation of statistics that show whether a specific recipient has opened a newsletter message.
If you wish to deactivate the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
HubSpot itself does not use the data for its own purposes, nor is the data passed on to third parties. To protect your data in the USA, we have concluded a data processing agreement (“Data Processing Agreement”) with HubSpot based on the standard contractual clauses of the European Commission to enable the transfer of your personal data to HubSpot. If you are interested, this data processing agreement can be viewed at the following Internet address: https://legal.hubspot.com/dpa

You can view HubSpot’s data protection provisions here:
 https://legal.hubspot.com/privacy-policy

Advertising by letter post

Based on our legitimate interest in personalised direct advertising, we reserve the right to store your first name and surname, your postal address and – insofar as we have received this additional information from you as part of the contractual relationship – your title, academic degree, year of birth and your professional, industry or business designation in accordance with Art. 6 (1) lit. f GDPR and to use it to send you interesting offers and information about our products by post.
You can object to the storage and use of your data for this purpose at any time by sending a message to the person responsible.

Cookies (in general)

In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your terminal device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your terminal device and enable us or our partner companies (third-party cookies) to recognise your browser on your next visit (persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie.

If personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR either for the execution of the contract or in accordance with Art. 6 Para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.

We may work with advertising partners who help us to make our website more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). If we cooperate with aforementioned advertising partners, you will be informed individually and separately about the use of such cookies and the scope of the information collected in each case within the following paragraphs.

Please note that you can set your browser in such a way that you are informed about the setting of cookies and can decide individually about their acceptance or can exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:

Internet Explorer: https://support.microsoft.com/en-GB/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d

Firefox: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop

Chrome: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en

Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac

Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Please note that if you do not accept cookies, the functionality of our website may be limited.

Technically necessary Services/Cookies

Essential cookies enable basic functions and are necessary for the proper functioning of the website.

This website uses a so-called “cookie consent tool” to obtain effective user consent for cookies and cookie-based applications that require consent. The “cookie consent tool” is displayed to users in the form of an interactive user interface when they access the page, on which consent for certain cookies and/or cookie-based applications can be given by ticking the appropriate box. When using the tool, all cookies/services requiring consent are only loaded if the respective user grants the corresponding consent by ticking the appropriate box. This ensures that such cookies are only set on the respective user’s end device if consent has been granted. The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed.
If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.
Further legal basis for the processing is furthermore Art. 6 para. 1 lit. c GDPR. As the responsible party, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.
Further information on the operator and the setting options of the cookie consent tool can be found directly in the corresponding user interface on our website.

This website uses as a “cookie consent tool” “Borlabs Cookie”, which sets a technically necessary cookie (borlabs-cookie) to store your cookie consents. Borlabs cookie does not process any personal data. The borlabs-cookie stores the consent you gave when you entered the website. If you wish to revoke these consents, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked again for your cookie consent. You can find out more about the data processed through the use of BorlabsCookie in the Privacy Policy at https://borlabs.io/privacy/.

Google Tag Manager

We use the service called Google Tag Manager from Google. “Google” is a group of companies and consists of Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland as well as Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and other affiliated companies of Google LLC.

Google Tag Manager is a utility service through which website tags can be managed. The tool that implements the tags does not store any personal data. The Google Tag Manager takes care of loading other components, which in turn may collect data. Google Tag Manager does not access this data. For more information about the Google Tag Manager, please see Google’s privacy policy.

Analysis and Statistics Services/Cookies

Statistics Cookies collect information anonymously. This information helps us understand how our visitors use our website.

Google Analytics

This website uses Google (Universal) Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google (Universal) Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. This website uses Google (Universal) Analytics exclusively with the extension “_anonymizeIp()”, which ensures anonymization of the IP address by shortening and excludes a direct personal reference. Through this extension, your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google LLC.server in the USA and shortened there. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. In this context, the IP address transmitted by your browser as part of Google (Universal) Analytics will not be merged with other Google data.
Google Analytics also enables the creation of statistics with statements about age, gender and interests of site visitors on the basis of an evaluation of interest-based advertising and with the inclusion of third-party information via a special function, the so-called “demographic characteristics”. This allows the definition and differentiation of user groups of the website for the purpose of targeting marketing measures. However, data records collected via the “demographic characteristics” cannot be assigned to a specific person.
All processing described above, in particular the setting of Google Analytics cookies for the reading of information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 (1) a GDPR. Without this consent, Google Analytics will not be used during your visit to our website.
You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “Cookie Consent Tool” provided on the website. We have concluded an data processing agreement with Google for the use of Google Analytics, which obliges Google to protect the data of our site visitors and not to pass it on to third parties.
For the transfer of data from the EU to the USA, Google refers to so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.
Further information on Google (Universal) Analytics can be found here: https://policies.google.com/privacy?hl=en&gl=de

Hotjar

This website uses the web analytics service Hotjar from Hotjar Ltd. Hotjar Ltd is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe Tel: +1 (855) 464-6788).
With this tool, movements on the websites on which Hotjar is used can be tracked (so-called heat maps). For example, it is possible to see how far users scroll and which buttons users click on and how often. Furthermore, with the help of the tool it is also possible to obtain feedback directly from the users of the website. In this way, we obtain valuable information to make our websites even faster and more customer-friendly. We pay particular attention to the protection of your personal data when using this tool. For example, we can only track which buttons you click and how far you scroll. Areas of the websites in which personal data of you or third parties are displayed are automatically hidden by Hotjar and are therefore not traceable at any time.
All of the processing described above, in particular the reading of information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 Para. 1 lit. a GDPR. Without this consent, Hotjar will not be used during your visit to our website.
You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “Cookie Consent Tool” provided on the website.
Alternatively, Hotjar offers each user the option of using a “Do Not Track header” to prevent the use of the Hotjar tool so that no data is recorded about the visit to the respective website. This is a setting that supports all common browsers in the respective current version. To do this, your browser sends a request to Hotjar with the information to deactivate the tracking of the respective user. If you use our website with different browsers/computers, you must set up the “Do Not Track header” separately for each of these browsers/computers. Detailed instructions with information about your browser can be found at: https://www.hotjar.com/opt-out

More information about Hotjar Ltd. and about the Hotjar tool can be found at: https://www.hotjar.com

Privacy policy of Hotjar Ltd. can be found at: https://www.hotjar.com/privacy.

Marketing Services/Cookies

Marketing cookies are used by third-party vendors or publishers to display personalized ads. They do this by tracking visitors across websites.

Facebook Pixel

Within our online offer, the so-called “Facebook Pixel” of the social network Facebook is used, which is operated by Facebook Ireland Limited, 4 Grand Canal Quare, Dublin 2, Ireland (“Facebook”).

If a user clicks on an advertisement placed by us and played on Facebook, an addition is added to the URL of our linked page by Facebook Pixel. If our site allows data sharing with Facebook through Pixel, this URL parameter is inscribed in the user’s browser via a cookie that our linked site sets itself. This cookie is then read by Facebook Pixel and enables the data to be forwarded to Facebook.
With the help of the Facebook Pixel, it is possible for Facebook, on the one hand, to determine the visitors to our online offer as a target group for the display of advertisements (so-called “Facebook Ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited), which we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook Pixel, we also want to ensure that our Facebook Ads correspond to the potential interest of users and do not have a harassing effect. This allows us to further evaluate the effectiveness of the Facebook ads for statistical and market research purposes by tracking whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).
The data collected is anonymous for us, so it does not allow us to draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy/). The data can enable Facebook and its partners to place advertisements on and outside of Facebook.
The data processing associated with the use of the Facebook Pixel is only carried out with your express consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. To exercise your revocation, remove the check mark next to the setting for the “Facebook Pixel” in the “Cookie Consent Tool” integrated on the website.

LinkedIn Pixel

This website uses the retargeting and conversion tool of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, with the help of which personalised advertisements on the “LinkedIn” platform can be displayed to visitors to this website.
For this purpose, a cookie, a small text file, is set on the browser of your end device when you visit our website, which loses its validity after 120 days. If the user visits certain pages of this website and is logged into his LinkedIn account at the same time, a connection is established to the LinkedIn servers, via which interest-based advertising can be displayed on the platform. At the same time, the cookie enables the creation of anonymous reports on the performance of the advertisements on LinkedIn as well as information on website interaction, which is provided to us and LinkedIn.
The display of advertisements and the creation of statistical reports will not take place if the user is not logged into their LinkedIn account at the same time as visiting this website.
The information obtained with the aid of the cookie never permits personal identification of the respective user.
All of the processing described above, in particular the setting of cookies for the reading of information on the end device used, is only carried out if you have given us your express consent to do so in accordance with Art. 6 (1) a GDPR. Without this consent, LinkedIn Insights will not be used during your visit to the site. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “Cookie Consent Tool” provided on the website.
You can also permanently deactivate the LinkedIn Insight Tool as well as the display of interest-based advertising on LinkedIn by setting an opt-out cookie under the following link: https:
//www.linkedin.com/psettings/guest-controls/retargeting-opt-out. This Opt-out cookie only works in this browser and only for this domain. If you delete your cookies in this browser, you must click the above link again.
You can obtain more information about LinkedIn’s privacy policy at the following Internet address: https://www.linkedin.com/legal/privacy-policy#choices-oblig

External Media

Content from video platforms and social media platforms is blocked by default. If cookies from external media are accepted, access to this content no longer requires manual consent.

HubSpot (Pixel)

This website uses the services of HubSpot, a software-based marketing service of HubSpot Ireland Ltd, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.
With the help of HubSpot, various customer service and customer management services can be digitally synchronized and processed via a central user interface. For example, HubSpot enables the generation of leads, central email and newsletter marketing, contact management via the classification of user groups with the help of CRM, and the management of contact forms.
To fulfill the various functions, HubSpot uses cookies, small text files that are stored locally in the cache of your web browser on your end device and enable an analysis of your use of the website by us. The cookies collect certain information, such as the IP address, the location, the time of the page view, etc. Information collected by HubSpot is stored on HubSpot servers and evaluated on our behalf.
All processing described above, in particular the setting of cookies for the reading of information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 Para. 1 lit. a GDPR. Without this consent, HubSpot will not be used during your visit to the site.
You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “Cookie Consent Tool” provided on the website.
Other legal bases for data processing that apply in the context of specific HubSpot services (such as the need for explicit consent pursuant to Art.6 (1) lit. a GDPR when sending newsletters) remain unaffected by this.
We have concluded an data processing agreement with HubSpot, with which we oblige HubSpot to protect our customers’ data and not to pass it on to third parties. For the transfer of data from the EU to the USA, HubSpot refers to so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.
You can obtain further information about Hubspot’s data protection provisions at the following Internet address: https://legal.hubspot.com/privacy-policy

YouTube

Our websites use the Youtube embedding function to display and play videos from the provider “Youtube”, which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
The extended data protection mode is used here, which, according to the provider, only triggers the storage of user information when the video(s) is/are played. If the playback of embedded Youtube videos is started, the provider “Youtube” uses cookies to collect information about user behaviour. According to information from “Youtube”, these are used, among other things, to collect video statistics, to improve user-friendliness and to prevent abusive behaviour. If you are logged in to Google, your data is directly assigned to your account when you click on a video. If you do not wish to have your data associated with your YouTube profile, you must log out before activating the button. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. Within the scope of using YouTube, personal data may also be transmitted to the servers of Google LLC. in the USA.
Independently of a playback of the embedded videos, a connection to the Google network is established each time this website is called up, which may trigger further data processing operations without our influence.
All processing described above, in particular the reading of information on the end device used via the tracking pixel, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 (1) lit. a GDPR. Without this consent, Youtube videos will not be used during your visit to the site.
You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “Cookie Consent Tool” provided on the website via alternative options communicated to you on the website.
Further information on data protection at “Youtube” can be found in the Youtube terms of use at https://www.youtube.com/static?template=terms as well as in the Google data protection declaration at https://policies.google.com/privacy?hl=en&gl=de.

Spotify

Plugins of the music service Spotify, a service of Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden (“Spotify”), are integrated on our websites for the playback of music tracks. You can recognize the Spotify plugins by the green logo on our site. An overview of the Spotify plugins can be found at: https://developer.spotify.com.
When visiting this page, a direct connection between your browser and the Spotify servers can be established via the plugin, even if you do not have a Spotify account or are not logged into one. Spotify thereby receives the information that you have visited our site. The information collected in this respect (including your IP address) is transmitted by your browser directly to a Spotify server and stored there. However, the information is not used to identify you personally and is not passed on to third parties.
If you click the Spotify button while you are logged into your Spotify account, Spotify can associate your visit to our site with your user account.
The data processing described above is carried out pursuant to Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in the appealing acoustic design of visits to our website.
If you do not want Spotify to be able to associate your visit to our site with your Spotify user account, please log out of your Spotify user account. You can also object to the loading of the Spotify plugin and thus to the data processing operations described above for the future with add-ons for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/). For
more information, please refer to Spotify’s privacy policy at https://www.spotify.com/uk/legal/privacy-policy/.

Google Web Fonts

This site uses so-called web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google’s servers. This may also result in the transmission of personal data to the servers of Google LLC. in the USA. In this way, Google obtains knowledge that our website was accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. If your browser does not support web fonts, a standard font will be used by your computer.
You can find more information on Google Web Fonts at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=en&gl=de

Facebook Plugin

Our website uses so-called social plugins (“plugins”) of the social network Facebook, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
In order to increase the protection of your data when visiting our website, these buttons are not fully integrated into the page as plugins, but only using an HTML link. This type of integration ensures that when you call up a page on our website that contains such buttons, no connection is yet established with Facebook’s servers. When you click on the button, a new browser window opens and calls up the Facebook page, where you can interact with the plugins there (possibly after entering your login data). The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, can be found in Facebook’s privacy policy: https://www.facebook.com/policy.php.

LinkedIn Plugin

Our website uses so-called social plugins (“plugins”) of the online service LinkedIn, which is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”).
In order to increase the protection of your data when visiting our website, these buttons are not fully integrated into the page as plugins, but only using an HTML link. This type of integration ensures that when you call up a page of our website that contains such buttons, no connection is yet established with the servers of LinkedIn. When you click on the button, a new browser window opens and calls up the LinkedIn page, on which you can interact with the plugins there (possibly after entering your login data). The purpose and scope of the data collection and the further processing and use of the data by LinkedIn, as well as your rights in this regard and setting options for protecting your privacy, can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

Twitter Plugin

Our website uses so-called social plugins (“plugins”) of the microblogging service Twitter, which is operated by Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland (“Twitter”).
In order to increase the protection of your data when visiting our website, these buttons are not fully integrated into the page as plugins, but only using an HTML link. This type of integration ensures that when you call up a page of our website that contains such buttons, no connection is yet established with the servers of Twitter. When you click on the button, a new browser window opens and calls up the Twitter page, where you can interact with the plugins there (if necessary, after entering your login data). Please note that when you interact with the plugin, information collected (including your IP address) is transmitted from your browser directly to a server of Twitter Inc. in the USA and stored there.
For the purpose and scope of the data collection and the further processing and use of the data by Twitter, as well as your rights in this regard and setting options for protecting your privacy, please refer to Twitter’s data protection information: https://twitter.com/privacy

Xing Plugin

If you contact us via email or the contact form, the data you provide will be used The “XING Share Button” is used on this website. When you access this website, a connection is briefly established via your browser to servers of XING AG (“XING”), with which the “XING Share Button” functions (in particular the calculation/display of the counter value) are provided. XING does not store any personal data about you when you call up this website. In particular, XING does not store any IP addresses. There is also no evaluation of your usage behavior via the use of cookies in connection with the “XING Share Button”. The current data protection information on the “XING Share Button” and supplementary information can be found on this website: https://www.xing.com/app/share?op=data_protection.

Preference Cookies

In order not to have to make different settings again when you visit our website again, you can store your preferences by agreeing to setting cookies. These cookies often do not store any personal data.

Polylang

For the multilingualism of our website, we use the Polylang program, a product of WP SYNTEX, 28, rue, Jean Sébastien Bach, 38090 Villefontaine, France. Cookies from Polylang are set exclusively to recognize and record the language used or chosen by the user. These cookies remain stored for one year and are then deleted. For more information about Polylang, please visit the website https://polylang.pro/doc/is-polylang-compatible-with-the-eu-cookie-law/.

Comment function

In the context of the comment function on this website, in addition to your comment, information on the time of the creation of the comment and the commentator name you have chosen will be stored and published on this website. Furthermore, your IP address will be logged and stored. This storage of the IP address is done for security reasons and in case the person concerned violates the rights of third parties or posts illegal content through a submitted comment. We need your e-mail address in order to contact you if a third party should object to your published content as being illegal. The legal basis for the storage of your data is Art. 6 para. 1 lit. b and f GDPR. We reserve the right to delete comments if they are objected to by third parties as unlawful.

Information on further data processing procedures

aucobo Career Page

The aucobo career site is provided by the software-based recruiting service of Recruitee B.V., Keizersgracht 313, 1016 EE Amsterdam, The Netherlands.

Recruitee provides a central user interface to control and analyze various recruiting services, applicant and job management as well as the career site and job advertisements. To perform the various functions, Recruitee uses cookies, which are small text files that are stored locally in the cache of your web browser on your terminal device and enable an analysis of your use of the website by us. In doing so, the cookies collect certain information, such as the origin/source of a visitor or applicant. The processing described above, in particular the setting of cookies for reading out information on the end device used, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 (1) a GDPR. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the “Cookie Consent Tool” provided on the Careers website. Other legal bases for data processing that apply in the context of specific Recruitee services (such as the handling of the application process pursuant to Art. 88 (1) GDPR in conjunction with. § 26 BDSG in the case of an application), remain unaffected by this. We have concluded an data processing agreement with Recruitee, by which we oblige Recruitee to protect our customers’ data and not to pass it on to third parties.
The hosting of the careers site takes place through Recruitee, which means that when you visit the careers site, usage data such as IP address, browser and device information is also transferred to Recruitee. For more information about Recruitee’s privacy policy, please visit the following web address: https://recruitee.com/en/privacy.

For more information on the processing of personal data in the case of an application, please refer to the chapter “Application procedure” of this privacy statement.

Application procedure

Data concerned:
Application data (e.g. name, qualifications, photo, etc.)
Communication data (e.g. e-mails and their contents)
Other data (e.g. status and notes on applications)

Purpose of processing:
Implementation of the application procedure

Categories of recipients:
Public bodies in the event of overriding legal provisions.          
External service providers or other contractors, e.g. for data processing (Recruitee). Other external bodies insofar as the data subject has given his consent or a transfer is permissible for overriding ­interest.

Third Country Transfers:
No processors outside the European Union are used.

Duration of data storage:
Application data will generally be deleted within six months of notification of the decision, unless consent to longer data storage has been given in the context of inclusion in the applicant pool.

Processing of customer/prospect data

Data concerned:
Data communicated for the execution of the contract; if necessary, data going beyond this for processing on the basis of your express consent.

Purpose of processing:
execution of contracts, including quotations, orders, sales and invoicing, quality assurance.

Categories of recipients:
Public authorities in case of overriding legal provisions.          
External service providers or other contractors, including for data processing and hosting, for shipping, transport and logistics, service providers for printing and shipping information, call centers, offer preparation and invoicing.          
Other external bodies insofar as the data subject has given his or her consent or transmission is permissible for predominant interest, including for creditworthiness information for purchase on account, for electronic dispatch of information, for quality assurance purposes.

Third country transfers:
In the context of the execution of the contract, processors outside the European Union may also be used, including providers of email and CRM services, data storage systems, project management systems.

Duration of data storage:
The duration of data storage depends on the legal storage obligations and is usually 10 years.

Processing of employee data

Data concerned:
Data communicated for the execution of the contract; if necessary, data going beyond this for processing on the basis of your express consent.

Purpose of processing:
Contract execution in the context of the employment relationship

Categories of recipients:
Public authorities in the case of overriding legal provisions, including the tax office, social insurance institutions, employers’ liability insurance association.
External service providers or other contractors, including for data processing and hosting, payroll accounting, travel expense accounting, insurance benefits, vehicle use, further training and building access.          
Other external bodies insofar as the data subject has given his/her consent or a transfer is permissible for reasons of overriding interest, e.g. for order acquisition, for insurance services.

Third country transfers:
In the context of the execution of the contract, processors outside the European Union may also be used, including email providers and providers of data storage systems.

Duration of data storage:
The duration of data storage depends on the legal storage obligations and is usually 10 years.

Processing of supplier data

Data concerned:
Data communicated for the execution of the contract; if necessary, data going beyond this for processing on the basis of your express consent.

Processing purpose:
Contract execution, including inquiries, purchasing, quality assurance

Categories of recipients:       
Public authorities in the case of overriding legal provisions, including tax office, customs.   
External service providers or other contractors, e.g. for data processing and hosting, accounting, payment processing.
Other external bodies insofar as the data subject has given his consent or a transfer is permissible for overriding interest.

Third country transfers:
In the context of the execution of the   contract, data processors outside the European Union may also be used, including providers of email and CRM services, data storage systems, project management systems.

Duration of data storage:
The duration of data storage depends on the legal storage obligations and is usually 10 years.

Online meetings and conferences

We use the service “Microsoft Teams ” of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA (hereinafter “Microsoft Teams”) to conduct online meetings, video conferences and/or webinars.
In case of using Microsoft Teams, different data are processed. The scope of the data processed depends on the data you provide before or during participation in an online meeting, video conference or webinar. When using Microsoft Teams, data of the communication participants is processed and stored on Microsoft Teams servers. This data may include, but is not limited to, your credentials (name, email address, phone (optional), and password) and meeting data (topic, participant IP address, device information, description (optional)). In addition, visual and auditory contributions of the participants, as well as voice inputs in chats may be processed.
When processing personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 (1) lit. b GDPR serves as the legal basis. If you have given us your consent for the processing of your data, the processing is based on Art. 6 (1) a GDPR. Consent given can be revoked at any time with effect for the future.
Furthermore, the legal basis for data processing when conducting online meetings, videoconferences or webinars is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in the effective conduct of the online meeting, webinar or videoconference. For more information on data usage by Microsoft Teams, please see the Microsoft Teams privacy policy at https://privacy.microsoft.com/de-de/privacystatement.

aucobo wearable platform

The aucobo wearable platform (“aucobo system”) is mainly aimed at enterprise customers (customer/contractor/responsible party), whereby aucobo itself always acts as a processor.

The aucobo wearable platform consists of the following components:

  • aucobo core: main software for device management, task management, workflow editor, role and user management and analyses
  • aucobo mobile: Software for mobile devices (e.g. smartwatches)
  • aucobo connector: universal connection between hardware and software systems and the aucobo core (e.g. for machine connection)

The aucobo system offers in principle the possibility to work with pseudonymized or/and personal data for users. This choice is incumbent on the customer (Controller). If personal data is used, the aucobo system provides an integrated function to anonymize personal data. The following data can be anonymized: all personal data in messages sent from our system and stored in the system.

If the aucobo system is used as a cloud solution, data is transmitted to our web server (due to technical necessity) via the end device (e.g. industrial smartwatch). If the aucobo system is used as an on-premise solution, data is transmitted (due to technical necessity) via the end device (e.g. industry smartwatch) to the server of the respective contractual partner/customer/responsible party (e.g. your employer).

In order to optimize the application and improve our software, we evaluate which functions of the software are used within the framework of Art. 6 Para. 1 lit. f GDPR. Due to the prior anonymization of personal data, it is not possible to draw any conclusions about individual persons.

User data – aucobo mobile:
The contracting party/customer can define roles via the role authorization concept (e.g. “Administrators”, “API users” and “ProcessOwners”) and assign corresponding authorizations to these roles. The respective holders of these authorizations can create the following data, also in pseudonymized/anonymized form, about the respective users of the aucobo mobile application in the system of the respective contracting party/customer by using the aucobo core frontend (part of the aucobo system):

  • Username
  • Optional: E-mail address
  • Optional: Name
  • Optional: First name
  • Optional: Skills
  • Optional: Qualification

Usage data – aucobo mobile:
The following data is recorded during an ongoing connection for communication between your end device and our app server / the server of the respective contractual partner / customer:

  • Acceptance/rejection of work items (with respective time stamp)
  • Message notifications and their contents (with respective time stamp)
  • Voice message notifications and their contents (with respective time stamp)
  • Interactions with the mobile device (e.g. QR code scan) (with respective time stamp)

User data – aucobo core:
The following master data can be stored for the users of aucobo core (e.g. administrators):

  • Username
  • Role authorization within the aucobo system
  • Optional: E-mail address

Usage data – aucobo core:
The following data is recorded during an ongoing connection for communication between your internet browser and our web server:

  • Date and time of your visit
  • Internal IP address (not the external IP address)
  • Web browser and operating system used

For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us in logs. It is not possible for us to draw conclusions about individual persons on the basis of this data. A comparison with other data or a transfer to third parties, even in extracts, does not take place.

Purpose of processing:          
Contract execution / data processing

Categories of recipients:        
Public authorities in case of overriding legal provisions.            
External service providers or other contractors, among others for data processing and hosting. The respective contractual partners/customers as well as their employees who receive access to the aucobo core frontend and authorizations from the contractual partner/customer to view, process and/or delete personal data (e.g. “Administrators”, “API Users” or “ProcessOwners”). Other external bodies insofar as the person concerned has given his consent or transmission ­is permissible for reasons of ­overriding interest.

Third country transfers:       
Contractors outside the European Union may be used in the performance of the contract, including cloud service providers (Amazon Web Services) and database service providers (MongoDB).

Duration of data storage:     
The data will be deleted at the latest at the end of the contract.

Analysis of the aucobo core application with Matomo

For the demand-oriented design of our aucobo core application, we use the tool Matomo as an on-premise solution exclusively in case of using the aucobo core application as a cloud solution. This is a so-called web analytics service. In order to record and analyze the usage of our aucobo core application, usage information is transferred to our server and stored for analysis purposes. This is only used for general usage analysis. The transmitted data is only stored anonymously, which means that it is never possible to draw conclusions about individual users. Your IP address is only processed in abbreviated form during this process and is thus made anonymous. If you would like to prevent the processing for analysis purposes, you can object at any time with a mouse click. To do so, please navigate in the aucobo core frontend to “Privacy”. There you have the possibility to prevent the processing by using an opt-out function. In this case, a so-called opt-out cookie is stored in your browser without usage data, which means that Matomo does not collect any session data.

Service provision and support

Data concerned:         
Data provided for the execution of the contract; if applicable, data going beyond this for processing on the basis of your express consent. Among others:

  • Inventory data (e.g. names, addresses)
  • Contact details (e.g. e-mail, telephone numbers)
  • User master data (e.g. user name)
  • Usage data (e.g. notifications)
  • Communication data (e.g. on e-mail, telephone)
  • Content data (e.g. text input, photographs, videos, meeting minutes)

Purpose of processing:          
Contract execution (service provision, support, etc.)

Categories of recipients:       
Public authorities in case of overriding legal provisions, e.g. tax office, customs, External service providers or other contractors, e.g. for data processing, ticket management, correspondence.
Other external bodies insofar as the data subject has given his consent or a transfer is permissible for overriding interest.

Third country transfers:       
Contractors outside the European Union may also be used in the course of contract performance, including ticket and project management systems (Atlassian’s Jira).

Duration of data storage:     
The duration of data storage depends on the legal storage obligations and is usually 10 years.

Rights of the data subject

Data subject rights

The applicable data protection law grants you comprehensive data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, which we inform you about below:

  • Right to information pursuant to Art. 15 GDPR: You have in particular the right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it is not processed by us or rather the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it has not been collected by us from you, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and the intended effects of such processing concerning you, as well as your right to be informed which guarantees exist in accordance with Article 46 of the GDPR in the event of forwarding of your data to third countries;
  • Right to rectification in accordance with Art. 16 GDPR: You have a right to the immediate rectification of incorrect data relating to you and/or completion of your incomplete data stored by us;
  • Right to erasure in accordance with Art. 17 GDPR: You have the right to request the erasure of your personal data if the conditions of Art. 17 (1) GDPR are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
  • Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is being verified, if you refuse the deletion of your data due to unlawful data processing and instead request the restriction of the processing of your data, if you require your data for the assertion, exercise or defence of legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons relating to your particular situation, as long as it has not yet been determined whether our legitimate reasons prevail;
  • Right to information pursuant to Article 19 of the GDPR: If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
  • Right to data portability pursuant to Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible;
  • Right to revoke consent granted in accordance with Art. 7 (3) GDPR: You have the right to revoke consent to the processing of data once granted at any time with effect for the future. In the event of revocation, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;
  • Right to lodge a complaint under Article 77 GDPR: If you consider that the processing of personal data concerning you infringes the GDPR, you have – without prejudice to any other administrative or judicial remedy – the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement.

RIGHT OF OBJECTION

If we process your personal data within the framework of a balancing of interests on the basis of our overriding legitimate interest, you have the right at any time to object to this processing with effect for the future for reasons arising from your particular situation.

If you exercise your right to object, we will stop processing the data concerned. However, we reserve the right to continue processing if we can demonstrate compelling legitimate reasons for the processing which override your interests, fundamental rights and freedoms, or if the processing is for the purpose of asserting, exercising or defending legal claims.

If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing. You can exercise the objection as described above.

If you exercise your right to object, we will stop processing the data concerned for direct marketing purposes.

Close Menu