Data Protection

Privacy Policy

We are pleased that you are visiting our website. Protecting your personal data is important to us, and we want you to feel secure when visiting our website. We protect your privacy and your personal data. We process your personal data in accordance with this privacy policy and in compliance with the applicable data protection regulations of the General Data Protection Regulation (GDPR) and the national provisions of the Federal Data Protection Act (BDSG).

 

Table of contents

  • Name and contact details of the data controller
  • Contact the data protection officer
  • What is personal data?
  • Purposes of data processing
  • Legal basis for data processing
  • Right to object
  • Network service
  • Use of our website for informational purposes
  • Use of our website for further services
  • Contact us
  • Security
  • Cookies
  • Consent tool
  • Web storage
  • Web analytics
  • Social Media
  • Additional features and content
  • Recipients and data transmission
  • Data transfer to third countries
  • Deletion of your data
  • Your rights
  • Changes to our privacy policy

 

Name and contact details of the data controller

conesprit GmbH, Eduard Breuniger Strasse 6/1, 71522 Backnang, is the operator of the website: www.business-one-consulting.bendit.de Controller within the meaning of the GDPR.

 

Contact the data protection officer

You can contact our data protection officer at any time with any data protection concerns at: datenschutz@conesprit.de turn around.

 

What is personal data?

Personal data is any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

Purposes of data processing

The scope and nature of the collection, processing, and use of your data differs depending on whether you are simply visiting our website to access publicly available information or using additional services. Generally, we process your personal data within the scope of our business activities for pre-contractual or contractual purposes. Furthermore, the pursuit of our legitimate interests or compliance with legal requirements may also constitute a purpose for data processing by us. We will inform you about the specific purposes of data processing in the following sections.

 

Legal basis for data processing

We process your personal data on the following legal bases:   

  • To fulfill pre-contractual or contractual obligations (Art. 6 para. 1b) GDPR)
  • Based on your consent (Art. 6 para. 1a) GDPR)
  • Within the framework of a balancing of interests (Art. 6 para. 1f) GDPR)
  • Due to legal requirements (Art. 6 para. 1c) GDPR)

 

In addition, depending on the type and scope of the processing, further legal bases may exist under country-specific regulations. We will inform you about the specific legal bases for data processing in the respective processing activities.

 

Right to object

If we process your personal data based on our overriding legitimate interest (the legal basis for data processing is Article 6(1)(f) GDPR), you have the right to object to this processing at any time on grounds relating to your particular situation. If you exercise your right to object, we will cease processing the data in question. However, further processing remains permissible (except for direct marketing; in this case, we will immediately comply with your objection) if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims. Further data subject rights remain unaffected.

 

Network service

Our website runs on the network of The Constant Company, LLC. The server location is Germany.

 

Use of our website for informational purposes

For purely informational use of our website, it is generally not necessary for you to provide personal data. In this case, we only collect the data that your internet browser automatically transmits to us when you access our website, such as:

 

  • your computer's IP address
  • Date and time of page view
  • Your browser type, browser version, and browser settings
  • the operating system used (Windows, iOS, Linux etc.)
  • the amount of data transferred and the status of transfers
  • from which website our site was accessed
  • other similar data and information that serve to prevent threats in the event of attacks on our information technology systems.

 

This is generally done through the use of log files. The purpose of this processing is to ensure the functionality and compatibility of our website for technically trouble-free use, including troubleshooting, as well as protection against technical attacks and misuse. The legal basis for this processing is our legitimate interest pursuant to Art. 6 para. 1 f) GDPR. Our legitimate interest lies in the proper operation of our website. The log file data is deleted when it is no longer required for the purpose of processing.

 

Use of our website for further services

If you use additional services offered by our company via our website, you may be required to provide personal data. The specific personal data required for providing the service will be indicated in the respective input form or application. You may provide further information voluntarily. Required fields are marked with an asterisk (*) or the note "Required field". Your data will be processed solely for the purpose of providing the service you have requested. The legal basis for processing your personal data, as well as information on when your personal data will be deleted, can be found in the description of the specific services.

 

Contact us

Contact form

On our website, we offer you the opportunity to contact us using a contact form. The personal data you provide when contacting us via this form will only be processed for the purpose of handling your inquiry. This data will only be shared with third parties if necessary for processing your inquiry. The legal basis for this processing is Article 6(1)(b) GDPR. Your personal data will be deleted when it is no longer needed to fulfill the purpose of your inquiry. Please note that your messages may need to be retained in accordance with statutory retention obligations. In this case, the legal basis is Article 6(1)(c) GDPR.

 

Contact via email

On our website, we offer you the option of contacting us via email. Please note that unencrypted email communication is insecure. It cannot be ruled out that data transmitted in this way may be read, copied, altered, or deleted by unauthorized persons. The personal data you provide when contacting us via email will only be processed for the purpose of handling your email inquiry. It will only be shared with third parties if this is necessary for processing your inquiry. The legal basis for this processing is Article 6(1)(b) GDPR. Your personal data will be deleted when it is no longer needed to fulfill the purpose of your inquiry. Please note that your messages may need to be retained in accordance with statutory retention obligations. In this case, the legal basis is Article 6(1)(c) GDPR.

 

Security

We have secured our website and other systems against loss, destruction, access, alteration, or distribution of your data by unauthorized persons through technical and organizational measures. In particular, your personal data provided in the contact form is transmitted in encrypted form. We use the TLS 1.3 (Transport Layer Security) encryption protocol for this purpose.

 

Cookies

We use cookies to track visitor preferences and optimize our website. Cookies are small text files that are stored on your computer when you visit our website. You can delete cookies at any time. However, this may result in some features no longer being available to you. For information on how to delete cookies, please refer to your browser's help function.

 

Consent tool

GDPR/CCPA compliance

This website uses the cookie consent tool provided by Complianz BV, CoC 717814475, Kalmarweg 14-5, 9723 JG, Groningen (NL). The purpose of processing this data is to obtain and document consent for the storage of certain cookies on your device or for the use of certain technologies, as well as to technically enable you to withdraw your consent. In this context, your browser may transmit personal data to the provider. Furthermore, the provider may store a cookie in your browser to associate your given consent or its withdrawal with you. The legal basis for this is Article 6(1)(f) GDPR. The data collected in this way will be stored until you request its deletion, delete the cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected. You can find further information in the provider's privacy policy at: https://complianz.io/legal/privacy-statement/?cmplz_region_redirect=true&cmplz-region=eu

 

Web storage

We use so-called web storage technology (also known as "local data" and "local storage") on our website. The purpose of this is to enable functionalities that we have implemented on our website. Data is stored locally in your browser's memory (called the "cache") and can continue to be processed even after you close the browser window or terminate the program. Third parties cannot access the data stored in web storage. It is not shared with third parties and is not used for advertising purposes. We only use web storage technology where it is absolutely necessary to enable the functionality of our website (see Section 25 of the German Telemedia Act (TMG)). The legal basis for this is Article 6 Paragraph 1 f) of the GDPR. The data collected in this way is stored until you close the browser window (session storage) or clear the cache via your internet browser (local storage). If the use of web storage technology is not absolutely necessary to enable the functionality of our website, we only use it with your consent. The legal basis for this is Article 6(1)(a) GDPR.

 

Web analytics

Sourcebuster

We use the web analytics service Sourcebuster to analyze how users find our website. This helps us understand whether our users arrive via search engines or other sources. Sourcebuster processes information such as your IP address, browser type, operating system, referrer URL, and the date and time of your visit. Sourcebuster is hosted by us, so your data is not shared with third parties. Data processing by Sourcebuster is based on your consent. The legal basis for this is Article 6(1)(a) GDPR. You can withdraw your consent at any time by changing the cookie settings on our website.

 

Social Media

We maintain publicly accessible profiles on social networks. The specific social networks we use are listed below.

Social networks like Facebook can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media pages triggers numerous data processing operations relevant to data protection. Specifically:

If you are logged into your social media account and visit our social media page, the operator of the social media platform can associate this visit with your user account. Your personal data may also be collected even if you are not logged in or do not have an account with the respective social media platform. In this case, data collection occurs, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of social media platforms can create user profiles that store your preferences and interests. This allows them to display interest-based advertising to you both on and off the respective social media platform. If you have an account with the respective social network, this interest-based advertising can be displayed on all devices on which you are or have been logged in.

Please also note that we cannot track all data processing activities on social media platforms. Depending on the provider, the operators of the social media platforms may carry out further data processing activities. For details, please refer to the terms of use and privacy policies of the respective social media platforms.

 

Legal basis

Our social media presence is intended to ensure an informative online presence. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. The analysis processes initiated by the social networks may be based on different legal grounds, which must be specified by the operators of the social networks (e.g., consent within the meaning of Article 6(1)(a) GDPR).

 

Responsible party and assertion of rights

When you visit one of our social media pages, we are jointly responsible with the operator of the social media platform for the data processing operations triggered by this visit. You can generally assert your rights (access, rectification, erasure, restriction of processing, data portability, and the right to lodge a complaint) against both us and the operator of the respective social media portal.

 

Please note that despite our joint responsibility with the social media platform operators, we do not have full control over the data processing operations of these platforms. Our options are largely determined by the respective provider's company policy.

 

Storage duration

The data we collect directly through our social media presence is deleted from our systems as soon as the purpose for its storage no longer applies, you request its deletion, you withdraw your consent to its storage, or the purpose for data storage ceases to exist. Stored cookies remain on your device until you delete them. Mandatory legal provisions – in particular, retention periods – remain unaffected.

We have no control over how long your data is stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g., in their privacy policy, see below).

 

Social networks in detail

 

Facebook

We have a profile on Facebook. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads 

It cannot be ruled out that your personal data will also be transferred to Meta Platforms Inc., which is based in the USA. Meta has certified itself under the EU-US Data Privacy Framework to comply with the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/. Further information on data protection can be found in Facebook's privacy policy. https://www.facebook.com/about/privacy/

 

XING

We have a profile on XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Details on how they handle your personal data can be found in XING's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung

LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out 

For details on how they handle your personal data, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy

 

Instagram
Our website integrates features from the Instagram service. These features are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking the Instagram button. Currently, it must be assumed that this establishes a direct connection to the provider's services and that at least your IP address and device-related information are collected and used. It is also possible that attempts will be made to store cookies on your computer. Further information can be found in Instagram's privacy policy: http://instagram.com/about/legal/privacy/

 

YouTube

We use the platform YouTube.com to make our own videos publicly available for advertising purposes. We link to our YouTube channel on our website. YouTube is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you click on such a link, YouTube will store and use your data (IP address and other personal data) to provide the service and for its own business purposes. Further information on data protection by YouTube (Google) can be found at: https://www.google.com/policies/privacy/ 

 

Additional features and content

Should we use additional functions and content (e.g. map or text services) on our website, through which we or the service provider process your personal data, we will inform you about this here.

 

Google services

We use Google services on our website. The provider of these services is generally Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. It cannot be ruled out that your personal data may also be transferred to Google LLC, which is based in the USA, or that the use of a Google service may result in Google itself loading further Google services without our control (e.g., YouTube services). Google has certified its compliance with the EU-US Data Privacy Framework, ensuring adherence to the data protection standards applicable in the EU. The certificate can be viewed at [link to certificate]. https://www.dataprivacyframework.gov/s/  can be viewed.

Further information about data processing by Google can be found here: https://www.google.com/policies/privacy/

 

Google Fonts

Our website uses external fonts, specifically Google Fonts. Google Fonts is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In doing so, your browser also transmits personal data to Google LLC in the USA. Google has certified its compliance with the EU-US Data Privacy Framework, ensuring adherence to the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/. The legal basis for the use of Google Fonts is Article 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by unchecking the box [here / below the link to the consent tool]. Further information about data processing by Google can be found here: https://www.google.com/policies/privacy/

 

Google Photos

Our website uses a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: ggpht). In doing so, your browser also transmits personal data to Google LLC in the USA. The legal basis for this data processing is Article 6(1)(a) GDPR. You can find more information about data processing by Google here: https://www.google.com/policies/privacy/

 

Google Maps

This website uses Google Maps, a map service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to display an interactive map. In doing so, your browser also transmits personal data to Google LLC in the USA. The legal basis for this data processing is Article 6(1)(a) GDPR. Further information about data processing by Google can be found here: https://www.google.com/policies/privacy/

 

Google reCAPTCHA

We use the reCAPTCHA service from Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland, on our website. This query serves to distinguish between input by a human and input by automated, machine processing. For this purpose, your input is transmitted to Google and further processed there. Additionally, your IP address and, if applicable, other data required by Google for the reCAPTCHA service are transmitted to Google. It cannot be ruled out that your personal data may also be transferred to Google LLC, based in the USA, or that the use of reCAPTCHA may result in Google itself loading further services without our control; the services loaded by reCAPTCHA include XXX.
Google has certified itself under the EU-US Data Privacy Framework to comply with the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/.
The legal basis for the use of Google reCAPTCHA is Article 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by removing the checkmark [here / below the link to the consent tool]. Further information on Google reCAPTCHA and the associated privacy policy can be found at: https://www.google.com/recaptcha/about/ and https://www.google.com/privacy

 

Doubleclick

DoubleClick by Google is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“). DoubleClick by Google uses cookies to present you with relevant advertisements. A pseudonymous identification number (ID) is assigned to your browser to check which ads have been displayed and which ads have been clicked. The cookies do not contain any personally identifiable information. The use of DoubleClick cookies merely enables Google and its partner websites to display ads based on previous visits to our or other websites on the internet. The information generated by the cookies is transmitted to and stored by Google on a server in the USA for evaluation.

The legal basis for the processing of personal data using cookies is Article 6(1)(a) GDPR.

Further information and the applicable data protection regulations of DoubleClick by Google can be found at https://www.google.com/policies/privacy/ can be retrieved.

 

YouTube

Our website includes embedded videos from YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. YouTube uses cookies to collect and statistically analyze data. These statistics allow YouTube to evaluate how often a video has been viewed, whether the video was viewed on YouTube itself, and on which websites the video was embedded. To protect your privacy, we only use embedded YouTube videos in enhanced privacy mode. This means that YouTube does not store cookies for a user who views a website with an embedded YouTube video but does not click on the video to play it. If the video is played, YouTube may store cookies on the user's computer, but no personally identifiable information about the playback of embedded videos is stored. You can find more information about data protection by YouTube (Google) at [link to YouTube's privacy policy]. www.google.de/intl/de/policies/privacy.

 

WooCommerce

We use the WooCommerce e-commerce system from Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA; "Automattic" on our website. WooCommerce stores cookies on your device and processes personal data such as your name, address, and payment information to enable the ordering process on our website. The use of WooCommerce is based on your consent pursuant to Art. 6 para. 1 a) GDPR. You can withdraw your consent at any time with effect for the future. The recipient of the data is Automattic, acting as a data processor. We have concluded a data processing agreement with Automattic. Your data may be transferred by Automattic to the USA. Automattic is certified under the EU-US Data Privacy Framework and thus guarantees compliance with European data protection standards. You can find further information on terms of use and data protection at [link to terms of use and data protection policy]. https://automattic.com/privacy/

 

Recipients and data transmission

We have centralized certain data processing operations within our company. These can be handled centrally by our individual business units, for example, to process inquiries. To ensure we fulfill our tasks and contractual obligations, we may also engage external contractors and service providers (e.g., logistics companies or IT service providers). Furthermore, data may be transferred to recipients to whom we are obligated or entitled to disclose it due to contractual or legal requirements, or based on your consent.

 

Data transfer to third countries

Data will only be transferred to third countries (countries outside the EU and the European Economic Area EEA) if this is necessary for the performance of a contract/order/business relationship including its initiation, or is permitted by our legitimate interest or based on your consent, and only in compliance with the data protection requirements prescribed for this purpose.

 

Notice regarding data transfer to the USA

Our website integrates services from companies based in the USA, or we link to these services. When using these services, personal data may be transferred to US servers of the respective service providers.

 

Under the so-called "Data Privacy Framework" (DPF), the EU Commission has recognized the level of data protection for certain US companies as adequate in its adequacy decision of July 10, 2023. The list of certified companies and further information about the DPF can be found on the US Department of Commerce website at https://www.dataprivacyframework.gov/ (in English). In this privacy policy, we inform you which of our service providers are certified under the DPF for each service.

 

Deletion of your data

We process your personal data only for as long as is necessary to fulfill the respective purpose, or until a legal basis for the processing no longer exists (e.g., withdrawal of consent to data processing). We comply with all applicable statutory retention and storage periods.

 

Your rights

You have the right:

  • free of charge Information to obtain information about the personal data we have stored about you (right of access)
  • one Confirmation to request information about whether we process personal data concerning you (right to confirmation)
  • to request that we delete your personal data without undue delay, provided that its processing is no longer necessary and the other requirements of the GDPR for a deletion are fulfilled (right to erasure)
  • the immediate Correction and completion to request the correction of inaccurate personal data concerning you (right to rectification)
  • the restriction to request the processing of your personal data (right to restriction of processing)
  • to receive the personal data concerning you in a structured, commonly used and machine-readable format (right to Data portability)
  • to object to the processing of your personal data (right to object) Contradiction)
  • You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (Right to a decision in individual cases).
  • at any time your consent to the processing of your personal data with effect for the future revoked.
  • to lodge a complaint with the supervisory authority responsible for data protection if you believe that the processing of your personal data infringes the GDPR (Right of appeal).

For further information about your rights, please contact our data protection officer.

 

Changes to our privacy policy

To ensure that our privacy policy always complies with current legal requirements, we reserve the right to make changes at any time. This also applies if the privacy policy needs to be adapted due to new or revised services, such as new service offerings. The new privacy policy will then apply to your next visit to our website.