Last Updated June 2018
The protection of your personal data is important to us ("CYNORA"). We always process your personal data such as your name, your address, your e-mail address or your telephone number in compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
- Controller and Data Protection Officer
The controller is:
Phone: +49 (0) 7251 919 67 0
Telefax: +49 (0) 7251 919 67 99
The contact details of the data protection officer of cynora GmbH are:
Phone: + 49 (0)173 -763 29 62
2. Collection of General Data and Information
This website collects a series of general data and information with each visit. This general data and information is stored in the log files of the server. The following general data and information may be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referer), (4) the sub-websites which are reached via an accessing system on our website, (5) the date and time of access to the website, (6) the Internet Protocol address (IP address), (7) the Internet service providers of the accessing system, and (8) other similar data and information used for security purposes in the event of attacks to our IT systems.
When using this general data and information, CYNORA cannot associate this data to you. Rather, we need this information to correctly deliver the contents of our website, to optimize the contents of our website as well as the advertisements shown on them, to ensure the permanent functionality of our IT systems and of the technology of our website, and to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack.
CYNORA statistically evaluates this anonymously collected data and information with the aim of increasing data protection and data security in our company. We store the anonymous data of the server log files separately from all personal data provided by you. The legal basis for the temporary storage of data and log files is Article 6 para. 1 lit. f) GDPR.
To protect your data during transmission, we use a state-of-the-art encryption process (such as SSL) via HTTPS.
3. Data Processing upon Contact
You can contact us via the contact form provided on this website or via the e-mail address provided. If you contact CYNORA through one of these channels, we will automatically store the personal data you submit. Such personal data voluntarily provided to CYNORA will be stored for the purpose of processing your request and/or contacting you. In the case of contract initiations or executions, the legal basis for the processing of data is Article 6 para. 1 lit. b) GDPR. In all other cases the legal basis for the processing is Article 6 para. 1 lit. f) GDPR.
4. Google Analytics
By anonymizing your IP address on this website, Google will reduce your IP address within the member states of the European Union or in other contracting parties to the Agreement on the European Economic Area prior to transmission to the USA. Google uses this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage.
The legal basis for processing your personal data using analytics cookies is Article 6 para. 1 lit. f GDPR. Google self-certified to the EU-U.S. Privacy Shield. Therefore, the legal basis for the transmission of personal data to the USA is, in accordance with the EU-U.S. Privacy Shield, Article 45 para. 1 GDPR.
5. Google Maps
We use the offer of Google Maps on this website. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function.
The legal basis for processing your personal data using Google Maps is Article 6 para. 1 lit. f) GDPR. Google self-certified to the EU-U.S. Privacy Shield. Therefore, the legal basis for the transmission of personal data to the USA is, in accordance with the EU-U.S. Privacy Shield, Article 45 para. 1 GDPR.
6. Social Plug-Ins
On our website, we use social plug-ins ("plug-ins") from Facebook, Linkedin and Xing. In particular, we use plug-ins to enable you to share content from our website with other users of social networks or to draw their attention to such content. You can recognize the provider of the respective plug-in by its logo or initial letter.
When using plug-ins, we use c't's so-called "Shariff solution" (more infomation can be found here). When you visit our website, we do not initially transmit any personal data to the providers of the plug-ins. However, if you click on the marked button, your personal data will be transmitted directly to the provider of the respective plug-in and processed – possibly in third countries, such as the USA – by this provider. After clicking on the plug-in button, a new window of your browser will open and call the page of the provider of the respective social network up. Data will be transmitted to the provider of the respective plug-in, regardless of whether you have an account with the social network of the plug-in provider. If you are logged in at the plug-in provider’s social network, your data collected at our website will be matched to your existing account with the plug-in provider.
We have no influence on the type and scope of data collected and processed through the use of the plug-ins, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods. According to the providers of the plug-ins, the transmitted data includes information about your browser, the websites visited and the date and time of your visit. The plug-in providers process this information, for example, in order to create user profiles and to display demand-oriented advertising. You have a right to object to the creation of these user profiles. Please contact the respective plug-in provider to exercise the right to object. For further information, please refer to the websites and data protection information of the respective providers.
We offer you to use these social plug-ins to interact with social networks and other users, so that we can improve our services and make them more interesting for you as a user. This represents our legitimate interest in using the plug-ins on the legal basis of Article 6 para. 1 lit. f) GDPR. Facebook and Linkedin have self-certified to the EU-U.S. Privacy Shield. Therefore, the legal basis for the transmission of personal data to the USA is, in accordance with the EU-U.S. Privacy Shield, Article 45 para. 1 GDPR.
Embedded YouTube Videos
We embed YouTube videos on some of your websites. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit a website which contains the YouTube plugin, a connection to the YouTube servers will be established. YouTube will be informed which pages you visit. If you are logged into your YouTube account, YouTube will be able to attribute your web surfing behavior to you personally. You can prevent this by logging out of your YouTube account beforehand.
Art. 6 Para. 1 lit. f) GDPR serves as legal basis for processing personal data through the use of YouTube videos.
Further information regarding data protection at “YouTube” is available in the privacy statement of the provider at : https://www.google.de/intl/de/policies/privacy/
7. Data Transmission to Third Parties
External service providers
Access to personal data is possible for service providers and contractual partners that we use for the operation of our websites. These external providers are obliged to use your personal data only to provide the services requested by us or otherwise in accordance with our instructions.
Disclosure of data to third parties
Apart from the above mentioned data transmission to external service providers, we do not transmit, sell or market your personal data to third parties, such as other companies or organizations, unless you have given your express consent, or the transmission is necessary to fulfil our contractual obligations to you, the user of the website.
8. Duration of Data Storage
We store your personal data according to respective legal retention periods. We routinely delete the corresponding data after these periods expire, provided that it is no longer necessary for the performance or initiation of a contract.
If the storage purpose ceases to apply, or if a compulsory storage period by European Union or national law expires, the personal data is routinely blocked or deleted in compliance with statutory provisions.
Data protection for customers
For the purposes of pre-contractual offer phase or for contract performance or service provision, we process personal data, for example address and contact data, information about conversations which were held, your requirements, offers as well as any other information we receive from you. For corporate customers, we also process information about our contact partners, especially contact data. We may also store and process data about your bank account and/or your credit card information for the purposes of processing payments. Where external partners are part of service provision and/or contract performance, information required to perform the relevant service may be passed on to them. When processing such information, auxiliary systems (IT environment, CRM/ERP systems, financial accounting) may be used which are accessed by service providers as part of maintenance activities. In such cases, we conclude the required agreements for order processing. Art. 6 Para. 1 lit. b) GDPR serves as legal basis for data processing during contract initiation or contract performance, and Art. 6 Para. 1 lit. f) GDPR for all other cases.
Data protection for suppliers
During the process of selecting suppliers or service providers, we will store and process information about them. We may obtain and store further information, for example from information offices, when reviewing and/or assessing suppliers. For the purposes of order processing, we will also process order-specific information beyond your master data. For corporate contacts, we also process information about our contact partners, especially contact data. When processing such information, auxiliary systems (IT environment, CRM/ERP systems, financial accounting) may be used which are accessed by service providers as part of maintenance activities. In such cases, we conclude the required agreements for order processing. Art. 6 Para. 1 lit. b) GDPR serves as legal basis for data processing during contract initiation or contract performance, and Art. 6 Para. 1 lit. f) GDPR for all other cases.
Data protection for applications and during the application process
The controller collects and processes personal data of applications for the purposes of processing the application process. Such data may also be processed electronically. This is the case especially if an applicant submitted application documentation to the controller electronically, for example via e-mail or through a web form on a website. Where the controller concludes an employment agreement with an applicant, the transmitted data are stored for the purposes of processing the employment relationship with adherence to legal regulations. If no employment agreement is concluded between controller and applicant, the application documentation will be automatically deleted four months after communication such a rejection, unless other legitimate interests of the controller prevent this deletion. Defined as other legitimate interests, for example, are burdens of proof in a process as per the General Act on Equal Treatment (AGG). Art. 6 Para. 1 lit. b) GDPR in association with §26 BDSG-2018 serves as legal basis for data processing during contract initiation or contract performance, and Art. 6 Para. 1 lit. f) GDPR for all other cases.
Legal bases for processing
Art. 6 I lit. a GDPR serves as legal basis for our company for processing transactions during which we obtain consent for a certain processing purpose. Where processing personal data is used to fulfill contractual duties with the contractual party being the data subject, as is the case during processing transactions, for example, which are required for the delivery of goods or the provision of any other service or return service, such processing is based on Art. 6 I lit. b GDPR. This shall also apply for processing transactions required for the performance of pre-contractual measures, for example in the context of inquiries about our products or services. Where our company is subject to a legal obligation which requires processing of personal data, such as for the performance of tax obligations, such processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be required in order to protect the vital interests of the data subjects or any other natural persons. This would be the case, for example, if a visitor were to be injured on the premises of our company and would have to pass on the name, age, health insurance data or other vital information to a doctor, hospital or any other third party. In such a case, the process would be based on Art. 6 I lit. d GDPR. Finally, processing transactions may be based on Art. 6 I lit. f GDPR. Processing transactions based on this legal foundation are those not included in any other previously mentioned legal bases or if the processing is required to maintain a legitimate interest of our company or of a third party as long as the interests, basic rights and freedoms of the data subject do not outweigh such interests. We are particularly entitled to such processing transactions as they were particularly mentioned by the European legislature which is of the opinion that interests can be considered as legitimate if the data subject is a customer of the controller (Recital 47 Clause 2 GDPR).
Legal or contractual regulations for the provision of personal data; necessity for contract conclusion; obligation of the data subject to provide the personal data; possible consequences of non-provision
We hereby inform you that the provision of personal data is in part legally required (for example tax regulations) or may result from contractual regulations (for example information about the contractual partner). Furthermore, a contract conclusion may necessitate for a data subject to provide personal which we then process. For example, the data subject is obligated to provide us with personal data if our company concludes a contract with this data subject. Failure to provide the personal data would result in the contract not being concluded with the data subject. Before the data subject provides personal data, the data subject must contact our staff. Our staff will inform the data subject whether the provision of personal data is legally or contractually required or required for a contract conclusion, whether an obligation exists to provide the personal data and what the consequences of non-provision of personal data would be.
Existence of automated decision-finding
Being a responsible company, we forgo any automated decision-making processes or profiling.
9. Your Rights
As the data subject, you are entitled to the rights mentioned in Articles 15-21 GDPR against CYNORA if the conditions stated therein are fulfilled. These are the rights of access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (Article 17 GDPR), restriction of processing (Article 18 GDPR), data portability (Article 20 GDPR) and the right to object (Articles 21 and 22 GDPR). Apart from this, you have the right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR. The supervisory authority responsible for you is determined by the federal state of your residence, your employment or the alleged violation. A list of supervisory authorities (for the non-public domain) with address can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Changes to our data protection provisions
We reserve the right to occasionally change this data protection declaration so that it always complies with the current legal requirements or in order to implement our services into the data protection declaration, for example when a new service is introduced. In such a case, the new data protection declaration will apply for your next visit.