Privacy Policy – CO-CREATING VALUE

Data Policy

I. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation and other EU Member State legislation for the protection of privacy as well as other provisions for the protection of privacy is:

Aximpro Deutschland GmbH
Münchner Straße 7,
85354 Freising,
Germany

+49 8161 2499100
info@aximpro.com
www.aximpro.com

II. Name and address of the data protection officer
The controller’s data protection officer is:

DataCo GmbH
Kivanç Semen
Dachauer Str. 65
80335 München
Deutschland

+49 89 740045840
datenschutz@dataguard.de
www.dataguard.de

III. Rights of the data subject

The following list comprises all of the rights of data subjects under the GDPR. There is no requirement to enumerate rights of no relevance to the own website. This being the case, the list can be truncated.

If your personal data are processed, then you are a data subject within the language of GDPR, and you have the following rights vis-à-vis the controller:

1. Right to information

You can request that the controller confirm whether we will process personal data concerning you.

If such processing occurs, you can require the controller to disclose the following information:

the purposes for which the personal data are processed;
the categories of personal data processed;
the recipients or categories of recipients to which the personal data concerning you has been or will be disclosed;
the planned period of storage of the personal data concerning you or, if specific information in this respect is not possible, the criteria used to determine the storage period;
the existence of a right of rectification or erasure of personal data that concern you, of a right to restrict processing by the controller, or of a right to object to such processing;
the existence of a right of appeal to a supervisory authority;
all available information about the origin of the data, if the personal data have not been collected from the data subject;
the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – reliable information about the logic involved and the scope and the desired effects of such processing for the data subject.
You have the right to request information as to whether personal information concerning you will be transmitted to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.

2. Right of rectification

You have a right of rectification and/or completion vis-à-vis the controller if the processed personal data concerning you are inaccurate or incomplete. The controller must make the rectification immediately.

3. Right to restrict processing

You may request restriction of the processing of personal data concerning you under the following conditions:

if you dispute the accuracy of the personal data concerning you for a period of time that permits the controller to verify the accuracy of the personal data;
the processing is unlawful and you reject erasure of the personal data and instead request restriction of the use of the personal data;
the controller no longer requires the personal data for purposes of processing, but you require them for the establishment, exercise or defence of legal claims, or
if you have filed an objection to processing in accordance with Art. 21 (1) GDPR, and it has not yet been established whether the controller’s legitimate grounds for processing override your own grounds.
Where processing of the personal data concerning you has been restricted, such data – apart from their storage – may be processed only with your consent or for the establishment, exercise or defence of legal claims, or to protect the rights of another natural or legal person, or on grounds of an important public interest of the European Union or of a Member State.

If processing has been limited in accordance with the above conditions, you will be informed by the controller responsible before the limitation is lifted.

4. Right to erasure

a) Erasure obligation

You can request that the controller erase personal data concerning you without delay, and the controller has the obligation to erase these data wherever one of the following grounds applies:

the personal data about you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
the personal data about you have been collected in relation to the offer of information-society services referred to in Art. 8(1) GDPR.
the personal data about you must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
the personal data applicable to you have been unlawfully processed;
you object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR;
you withdraw consent on which the processing is based according to Art. 6 (1) (1) (a) GDPR, or Art. 9 (2) (a) GDPR, and where there is no other legal ground for the processing;
b) Forwarding information to third parties

Where the controller has made the personal data public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The right to erasure shall not apply if processing is required

for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health in accordance with Art. 9 (2) (h) and (i) GDPR as well as Art. 9 (3) GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR in so far as the right referred to under section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the establishment, exercise or defence of legal claims.
5. Right to be informed

If you have exercised your right to have the controller rectify, erase or limit processing of personal data, the controller shall have an obligation to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of these data, or of the limitation on processing thereof, unless this proves impossible or involves a disproportionate effort.

You have the right to vis-à-vis the controller to be informed about these recipients.

6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and
the processing is carried out by automated means.
In exercising his or her right, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not extend to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) (1) (e) or (f) GDPR, including profiling based on those provisions.

The controller will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

In the context of the use of information-society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to revoke the data-protection declaration of consent

You have the right to revoke your data-protection declaration of consent at any time. Revocation of consent will not affect the legality of processing undertaken on the basis of this consent prior to its revocation.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

is necessary for entering into, or performance of, a contract between you and a data controller,
is authorised by European Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
is based on your explicit consent.
However, these decisions may not be based on specific categories of personal data pursuant to Art.9 (1) GDPR, unless Article 9 (2) (a) or (g) GDPR applies and appropriate measures have been taken to protect rights and freedoms as well as your legitimate interests.

In the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

IV. General information on data processing
1. Scope of processing of personal data

We process our users’ personal data only insofar as this is necessary for the provision of an operational website along with our content and services. The processing of our users’ personal data is undertaken periodically and only subject to the user’s consent. An exception applies in those cases in which prior consent cannot be obtained for legal or factual reasons and the processing of these data is permitted by applicable law.

2. Legal basis for the processing of personal data

Where we obtain the consent of the data subject for processing steps, Article 6 (1) (1) (a) of the EU General Data Protection Regulation (GDPR) serves as a legal basis.

Art. 6 (1) (1) (b) GDPR shall form the basis in law for the processing of personal data as required for performance of a contractual agreement to which the data subject is a party. This also applies to processing operations that are necessary for carrying out pre-contractual measures.

Art. 6 (1) (1) (c) GDPR shall form the basis in law for the processing of personal data as necessary to fulfil a legal obligation to which our company is subject.

Art. 6 (1) (1) (d) GDPR shall form the basis in law in cases in which the vital interests of the data subject or of another natural person require the processing of personal data.

Art. 6 (1) (1) (f) GDPR shall form the basis in law for cases in which this processing is necessary to the protection of a legitimate interest of our company or of a third party, and if the interests, fundamental rights and freedoms of the data subject do not outweigh the aforementioned interest.

3. Data deletion and storage duration

The data subject’s personal data will be deleted or blocked as soon as the purpose for which they were stored no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. Data will be blocked or deleted even if a storage deadline prescribed by the above-mentioned standards expires, unless data storage is a necessity for the conclusion or performance of a contract.

V. Deployment of the website and creation of log files
1. Description and scope of data processing

With every visit to our website, our system automatically collects data and information from the computer system of the accessing computer.

The following data are collected in this connection: Date and time of access

The data are also stored in the log files of our system. Not affected by this are the user’s IP addresses or other data that enables assignment of the data to a user. These data are not stored together with other personal data of the user.

2. Basis in law for the processing of data

The legal basis for the temporary storage of data and is Art. 6 (1) (1) (f) GDPR.

3. Purpose of data processing

Temporary storage of an IP address by the system is necessary to enable delivery of the website to the user’s computer. To this end, the user’s IP address must remain stored for the duration of the session. These purposes also encompass our legitimate interest in data processing in accordance with Art. 6 (1) (1) (f) GDPR.

4. Period of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of data collection for provision of the website, this will be undertaken once the respective session has ended.

5. Option for objection and removal

Collection of data for provision of the website and the storage of data in log files are absolutely necessary for operation of the website. Consequently, there is no option for objection on the part of the user.

VI. Use of cookies
a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser to the user’s computer system. If a user visits a website, a cookie may be stored to the user’s operating system. This cookie contains a distinctive

character string that enables precise identification of the browser when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require that the browser accessing the website be identifiable even after a site change.

The following data is stored and transmitted in the cookies:

(1) Language settings
(2) Log-in information

b) Basis in law for the processing of data

The basis in law for the processing of personal data using cookies is Art. 6 (1) (1) (f) GDPR.

c) Purpose of data processing

The purpose for using technically necessary cookies is to simplify the use of websites for users. Some features of our website cannot be offered without the use of cookies. In this case, the browser has to be recognised even after changing the page.

We require cookies for the following applications:

Applying language settings

These purposes also encompass our legitimate interest in the processing of personal data in accordance with Art. 6 (1) (1) (f) GDPR.

d) Period of storage, option for objection and removal

Cookies are stored on the user’s computer, which then transmits them to our website. As a user, you thus have full control of the use of cookies. You can disable or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can be done automatically as well. If cookies are disabled for our website, it may no longer be possible to make full use of all of the website’s functions.

IX. Use of FormAssembly
1. Description and scope of data processing

Ou website use functionalities of the FormAssembly online form builder of FormAssembly Inc, 885 S College Mall Rd, 47401, Bloomington, Indiana, United States (hereinafter: FormAssembly). FormAssembly facilitates the creation, integration and administration of web forms. Cookies from FormAssembly are stored on your end device. In particular, the following personal data is processed by FormAssembly:

(1) Salutation
(2) First name
(3) Last name
(4) Email address
(5) Company name
(6) Message
(7) Opt-in timestamp
(8) Language settings
(9) Information on user behaviour
(10) Telephone number

In the process, data is transmitted to FormAssembly servers in the USA. The protection of the data is additionally secured via the standard data protection clauses. In order to ensure appropriate safeguards for the protection of the transfer and processing of personal data outside the EU, the transfer of data to and processing of data by FormAssembly is based on appropriate safeguards pursuant to Art. 46 et seq. DSGVO, in particular by concluding so-called standard data protection clauses pursuant to Art. 46 (2) lit. c DSGVO. A copy of the standard data protection clauses can be requested at any time by sending us an informal email.

FormAssembly reserves the right to share data with companies that participate in FormAssembly through acquisitions, joint ventures, financing or similar purposes. For more information on FormAssembly’s processing of data, please click here: https://www.formassembly.com/privacy-policy/

Alternatively, contact is also possible via the e-mail address and telephone\mobile number provided. In this case, the user’s personal data that are transmitted along with the e-mail will be stored. The data will not be transferred to third parties in association with this. The data are used exclusively for the processing of the conversation.

2. Purpose of data processing

Where a user has granted his or her consent, the basis in law for the processing of data is Art. 6 (1) (1) (a) GDPR. Art. 6 (1) (f) GDPR provides the legal basis for the processing of data transferred in the course of sending an e-mail. If the e-mail contact aims to conclude a contract, then an additional legal basis for the processing is provided under Art. 6 (1) (1) (b) GDPR.

3. Legal basis for the processing of personal data

The legal basis for the processing of users’ personal data is generally the user’s consent in accordance with Art. 6 Para. 1 S.1 lit. a DSGVO.

4. Period of storage

Your personal information will be stored for as long as necessary to fulfil the purposes described in this privacy policy or as required by law, e.g. for tax and accounting purposes.

5. Option for objection and removal

You can prevent the collection as well as the processing of your personal data by FormAssembly by preventing third-party cookies from being stored on your computer, using the “Do Not Track” feature of a supporting browser, disabling the execution of script code in your browser or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) on your browser.

You can find more information on revocation and removal options concerning FormAssembly at: https://www.formassembly.com/privacy-policy/

X. Use of WeClapp
1. Description and scope of data processing

We use an ERP software provided by WeClapp GmbH, Frauenbergstraße 31 – 33, 35039 Marburg, Germany, and have embedded this software on our website. Once the data entered are confirmed by clicking the Send button, an encrypted connection to the servers of WeClapp GmbH is created, whereupon the data are transmitted and incorporated into our database.

2. Basis in law for the processing of data

The basis in law for the processing of the users’ personal data is Art. 6 (1) (1) (b) GDPR.

3. Purpose of data processing

The integration of the contact form and the associated functionality serves the purpose of communication.

4. Period of storage

The data will be deleted as soon as they are no longer needed for our recording purposes. In our case, this is after 10 years. If retention of data is required by law, deletion takes place only after expiry of the prescribed retention period.

5. Option for objection and removal

To get your data removed please send an email to unsubscribe@aximpro.com.

XI. Use of Salesforce
1. Description and scope of data processing

We use a CRM software provided by salesforce UK Limited, village 9, floor 26 Salesforce Tower, 110 Bishopsgate, London, UK, EC2N 4AY., and have embedded this software on our website. Once the data entered are confirmed by clicking the Send button, an encrypted connection to the servers of salesforce is created, whereupon the data are transmitted and incorporated into our database.

2. Basis in law for the processing of data

The basis in law for the processing of the users’ personal data is Art. 6 (1) (1) (b) GDPR.

3. Purpose of data processing

The integration of the contact form and the associated functionality serves the purpose of communication.

4. Period of storage

5. Option for objection and removal

To get your data removed please send an email to unsubscribe@aximpro.com.

XII. Use of Matomo
1. Description and scope of data processing

We use a Matomo for website usage tracking provided by InnoCraft Ltd, 150 Willis Street 6011 Wellington, New Zealand, and have embedded this software on our website. After opting-in over the consent banner the data is collected.

The following data is being recorded:

IP Address
Optional User -ID
Date and time of request
Title of the page being viewed (Page Title)
URL of the page being viewed (Page URL)
URL of the page that was viewed prior to the current page (Referrer URL)
Screen resolution being used
Time in local user’s timezone
Files that were clicked and downloaded
Links to an outside domain that were clicked
Pages generation time
Location of the user: country, region, city, approximate latitude and longitude
Main Language of the browser being used
User Agent of the browser being used

2. Basis in law for the processing of data

The basis in law for the processing of the users’ personal data is Art. 6 (1) (1) (b) GDPR.

3. Purpose of data processing

The integration of the tracking cookies serves the purpose of usage analysis and user experience improvements.

4. Period of storage

5. Option for objection and removal

More information can be found here.

XIII. Use of PRIMELEADS
1. Scope of personal data processing

We use functions of the web analysis plug-in Primeleads provided by Spyla UG, Berliner Allee 121, 13088 Berlin, Germany (hereinafter referred to as Spyla).

The plug-in enables us to analyze, optimize and personalize our web offering.
The following personal data is processed by Spyla as a result:

Browser type and browser version
Operating system used
Referrer URL
Host name of accessing computer
Date and time of server request
IP address

More information about data processing by Spyla is available here: https://www.primeleads.de/dsgvo

2. Purpose of data processing

We use Primeleads in order to optimize and personalize our web offering.

3. Legal basis for processing personal data

The legal basis for data processing is Art. 6 (1) (1) a GDPR. The relevant personal data will only be processed upon express consent.

4. Length of storage

Your personal information will be stored for as long as is necessary to fulfill the purposes described in this Privacy Policy or as required by law, e.g. for tax and accounting purposes.

5. Right of objection and removal

You can withdraw your declaration of consent at any time. To do so, send an informal email to: unsubscribe@aximpro.com

The withdrawal of consent shall not affect the lawfulness of any processing carried out with consent prior to its withdrawal.

More information about your rights of objection and removal vis-à-vis Spyla is available at: https://www.primeleads.de/dsgvo

XIV. Using Google Analytics
1. Scope of personal data processing

We use Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA their representatives in the Union Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google). Google Analytics examines, among other things, the origin of visitors, their length of stay on individual pages and the use of search engines, thus allowing better monitoring of the success of advertising campaigns. Google places a cookie on your computer. This allows personal data to be stored and evaluated, in particular the user’s activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and the operating system), data on the advertisements displayed (in particular which advertisements have been displayed and whether the user has clicked on them) and also data on advertising partners (in particular pseudonymized user IDs). The information that is generated by the cookie about your use of this website is usually transmitted to a Google server in the USA where it is saved. If IP anonymization is activated on this website, your IP address will be truncated beforehand by Google within Member States of the European Union or in the countries and territories of other signatories of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and abbreviated there.

Google has signed and is certified under the Privacy Shield Agreement between the European Union and the United States. By doing so, Google is committed to complying with the standards and regulations of European data protection law. More information can be found in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

IP anonymization is active on this website. Google will use this information on behalf of the website operator for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website utilization and Internet usage vis-à-vis the website operator. Google will not associate the IP address transmitted by your browser within the framework of Google Analytics with any other data held by Google. You may refuse the use of cookies by configuring your browser software accordingly; however, please note that if you do this, you may not be able to use all of the functions on our website.
More information about data processing by Google is available here:
https://policies.google.com/privacy?gl=EN&hl=en

2. Purpose of data processing

The purpose of processing personal data is to specifically address a target group that has already expressed an initial interest by visiting the site.

3. Legal basis for processing data

In principle, the legal basis for processing users’ personal data is the consent of the user in accordance with Art. 6 (1) (1) a GDPR.

4. Length of storage

Your personal information will be stored for as long as is necessary to fulfill the purposes described in this Privacy Policy or as required by law. Advertising data in server logs is anonymized through the deletion of parts of the IP address and cookie information by Google after 9 or 18 months.

5. Right of objection and removal

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of any processing carried out with consent prior to its withdrawal.

You can prevent the collection and processing of your personal data by Google by preventing the storage of third-party cookies on your computer, by using the “Do Not Track” function of a supporting browser, by deactivating the execution of script code in your browser or by installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.

You can also prevent the collection of the data relating to your use of the website (including your IP address) created by the Google cookie and the processing of such data by Google by downloading and installing the browser plug-in available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=en

You can use the following link to deactivate the use of your personal data by Google
https://adssettings.google.de

More information about your rights of objection and removal vis-à-vis Google is available at:
https://policies.google.com/privacy?gl=EN&hl=en

XV. LinkedIn Insight Tag
Using the LinkedIn Insight Tag

1. Scope of personal data processing

We use functions of the marketing plug-in LinkedIn Insight Tag provided by LinkedIn Corporation, 1000 W. Maude Ave., 94085, Sunnyvale, California, United States (hereinafter referred to as LinkedIn).

The plug-in allows us to collect information about visitors to the website and run detailed campaign reports.

The following personal data is processed by LinkedIn as a result:

URL
Referrer URL
IP address shortened or hashed
Device and browser properties (user agent plus time stamp)

Cookies from LinkedIn are stored on your end device. More information about the cookies used is available here:
https://www.linkedin.com/legal/cookie-policy

LinkedIn does not share any personal data with us, rather it provides only aggregated reports on the target group and advertisements. LinkedIn also provides a remarketing function which we can use to send you personalized advertising in a targeted manner away from our website without determining your identity.

In doing so, data can be transmitted to LinkedIn servers in the USA. LinkedIn has signed and is certified under the Privacy Shield Agreement between the European Union and the United States. By doing so, LinkedIn is committed to complying with the standards and regulations of European data protection law. More information can be found in the following linked entry:
https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active \n\n

More information about data processing by LinkedIn is available here: https://www.linkedin.com/legal/privacy-policy?_l=en_US

2. Purpose of data processing

The LinkedIn Insight Tag allows us to collect information about visitors to our website.

3. Legal basis for processing personal data

In principle, the legal basis for processing users’ personal data is the consent of the user in accordance with Art. 6 (1) (1) a GDPR.

4. Length of storage

Members’ direct identifiers are removed within seven days in order to make the data pseudonymous. This remaining pseudonymized data is then deleted within 180 days.

5. Right of objection and removal

More information about your rights of objection and removal vis-à-vis LinkedIn is available at:
https://www.linkedin.com/legal/privacy-policy?_l=en_US