Privacy Notice

Data Privacy Notice

The Controller within the meaning of the relevant data protection legislation is:

CANCOM SE
Erika-Mann-Str. 69
D-80363 Munich (headquarters)
Tel.: +49 89 540 540
Email: ed.mo1725704770cnac@1725704770ofni1725704770

together with the affiliated companies listed below:

CANCOM a+d IT Solutions GmbH

CANCOM Computersysteme GmbH

CANCOM Financial Services GmbH

CANCOM GmbH

CANCOM ICT Service GmbH

CANCOM, Inc.

CANCOM Managed Services GmbH

CANCOM physical infrastructure GmbH

CANCOM Public BV

CANCOM Public GmbH

CANCOM Slovakia s.r.o.

CANCOM (Switzerland) AG

CANCOM VVM GmbH

CANCOM VVM II GmbH

K-Businesscom AG

– Below they are referred to jointly as “CANCOM”, the “Undertaking” or “We” –

CANCOM’s data protection officer is:

Tonguc Solgun
Messerschmittstraße 20
89343 Jettingen-Scheppach
Germany
Phone: +49 8225 996-1182
E-Mail: ed.mo1725704770cnac@1725704770ztuhc1725704770sneta1725704770d1725704770

The Data Protection Policy ensures data protection-compliant information processing at the companies of the CANCOM Group. You can download the Data Protection Policy here (PDF download, 0.3mb).

1. Scope of personal data processing
As a general rule, We only process personal data about our users where We need to do so in order to provide a functioning website, our content and services and where We are permitted to do so by law.

2. Legal basis for the processing of personal data
Where We obtain the consent of the data subject to process personal data, the legal basis for processing is Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR).
Where We process personal data for the performance of a contract to which the data subject is party, the legal basis for processing is Article 6 (1) (b) GDPR. This is also the case where We process data in order to take steps prior to entering into a contract.
Where We process personal data in order to comply with a legal obligation to which We are subject, the legal basis for processing is Article 6 (1) (c) GDPR.
Where We process personal data in order to protect the vital interests of the data subject or another natural person, the legal basis for processing is Article 6 (1) (d) GDPR.
Where We process personal data for the purposes of the legitimate interests pursued by our Undertaking or a third-party and these interests do not override the interests, fundamental rights and freedoms of the data subject, the legal basis for processing is Article 6 (1) (f) GDPR.

3. Data erasure, retention period
DWe block or erase personal data about data subjects as soon as there ceases to be a need to retain it. We may also retain data where provided for by European or national legislators in EU regulations, laws or other rules to which We, the Controller, are subject. We block or erase data when a retention period stipulated in one of the aforementioned regulations, laws or other rules expires, except where We need to retain the data for longer in connection with the conclusion or performance of a contract.

1. Description and scope of data processing
When you view our website, our system automatically collects data and information from the computer system on the computer you are using. During this process We gather the following data:

(1) information about the browser type and version used
(2) the user’s operating system
(3) the user’s internet Service Provider
(4) the user’s IP address
(5) the date and time of access
(6) websites from which the user’s system accessed our website
(7) websites accessed by the user’s system via our website.

The data is also stored in our system’s log files. This data is not stored together with other personal data about the user.

2. Legal basis for data processing
The legal basis for the temporary storage of this data and the log files is Article 6 (1) (f) GDPR.

3. Purpose of data processing
The system needs to store the IP address to deliver the website to the user’s computer. This means We need to retain the user’s IP address for the length of the session.

We store data in log files to ensure the functionality of the website. We also use this data to optimise the website and ensure the security of our information technology systems. We do not evaluate the data for marketing purposes as part of this process.

These purposes constitute the legitimate interests in data processing pursued by our Undertaking under Article 6 (1) (f) GDPR.

4. Retention period
We erase data as soon as it ceases to be needed for the purpose for which it was collected. When We collect data in order to provide the website, We no longer need it once a particular session has ended.

When we store data in log files, We generally erase it after no more than seven days. In certain circumstances We may retain it for a longer period, in which case users’ IP addresses are erased or masked so that that they can no longer be connected to the retrieving client.

5. Right to object, right of removal
The collection of data to provide the website and the storage of the data in log files is essential to our operation of the website. As a result, the user has no right to object to it.

1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can also be identified after a page change (technically necessary cookies).

The following data is stored and transmitted in the cookies:

  • language settings

  • Article in a shopping cart

  • Log-in information

In addition, we use cookies on our website that allow an analysis of users’ browsing behavior (technically unnecessary cookies).

In this way, the following data can be transmitted:

  • Entered search terms

  • Frequency of page views

  • Use of website features

  • Anonymized usage data for generating statistics

When you visit our website, you are informed about the use of cookies and your consent to the processing of the personal data used in this context is obtained. In this context, there is also a reference to this privacy policy.

2. Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) lit. f. DSGVO.

The legal basis for the processing of personal data using cookies for analysis purposes is the consent of the user Art. 6 para. 1 lit. a GDPR.

3. Purpose of data processing
The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some features of our website can not be offered without the use of cookies. For these it is necessary that the user is recognized by an ID even after a page break. We require cookies for the following applications:

  • Transfer of language settings

  • Remember searchterms

  • shopping cart

The use of the analysis cookies is for the purpose of improving the quality of our website and its contents for the user. Through the analysis cookies, we learn how the website is used and so we can constantly optimize our offer and the user experience.

4. Retention period, Right to object, right of removal
Cookies are stored on the computer of the user and transmitted by this on our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.

1. Description and scope of data processing
Users are able to subscribe to our free newsletter. When they sign up, the following data from the sign-up form is sent to us:

  • Title

  • Surname

  • E-Mail-Adress

We also collect the following data during the sign-up process:

(1) the IP address of the computer from which the site is being viewed
(2) the date and time of registration.

On the sign-up form We ask for your consent to process the data. The sign-up form also contains a reference to this privacy notice.

The service providers We use to help provide our services may have access to your data. They are primarily service providers We engage to help provide the newsletter and the software we use to do so (Software-as-a-Service, ASP service). We allow them access to your data only in so far as is necessary to provide their services and for the necessary period. They undertake to use only people who have signed a confidentiality undertaking or are subject to an appropriate statutory duty of confidentiality to provide their services.
The processing of data on behalf of other parties is governed by data processing agreements as stipulated in Article 28 GDPR.

We disclose data to third parties (Mapp Digital Germany GmbH, Dachauer Straße 63, 80335 Munich) in connection with the processing of data for the mailing out of newsletters. This data is used exclusively to mail out the newsletter.

2. Legal basis for data processing
Where we have obtained the user’s consent, the legal basis for processing data after he or she has signed up to the newsletter is Article 6 (1) (a) GDPR.

The legal basis for mailing out newsletters following the purchase of goods and services is section 7 (3) of the German Law Against Unfair Competition [Gesetz gegen den unlauteren Wettbewerb, UWG].

3. Purpose of data processing
We collect the user’s title, surname and email address so that We can personalise the newsletter.

We collect other personal data during the sign-up process in order to prevent any abuse of the services and the email address used.

4. Retention period
We erase data as soon as it ceases to be needed for the purpose for which it was collected. As a result, we store the user’s email address for as long as his or her newsletter subscription remains active.

Other personal data collected during the sign-up process is generally erased after a period of seven days.

5. Right to object, right of removal
Users can cancel their newsletter subscription at any time. Each newsletter contains a specific link for this purpose.

This link also allows you can withdraw your consent for us to store personal data collected during the sign-up process.

1. Description and scope of data processing
Our website contains forms for contacting us, registering for events and advertising and forms for feedback and processing support requests. They can be used to contact us electronically. When a user completes one of these forms, the data entered into the form is sent to us and stored.
The data entered is as follows:

  • Title

  • Name

  • E-Mail

  • Telephone number

  • Company

  • Reason for making contact

  • Consent to store data

  • Address (location, post code)

As the message is sent, the following data is also stored:

(1) the user’s IP address
(2) the time and date of registration.

We ask for your consent to process this data during the sending process and provide a reference to this privacy notice with the necessary duties of information.

Alternatively, you can contact us using the email address provided. If you do this, We store the personal data about you sent with the email.

We do not pass the data collected during this process on to third parties. It is used for the stated purpose only.

2. Legal basis for data processing
Where we have obtained the user’s consent, the legal basis for data processing is Article 6 (1) (a) GDPR.

The legal basis for processing data provided when an email is sent is Article 6 (1) (f) GDPR. Where email contact leads to the conclusion of a contract, Article 6 (1) (b) GDPR provides another legal basis for processing.

3. Purpose of data processing
We only use personal data collected from contact forms to process the contact request. If you contact us by email, this in itself constitutes our legitimate interest in processing the data.

Other personal data collected during the sending process is used to prevent any misuse of the contact form and ensure the security of our information technology systems.

4. Retention period
We erase data as soon as it ceases to be needed for the purpose for which it was collected. This means that we erase personal data entered in a contact form or sent by email once the conversation with the user has finished. The conversation is deemed to have finished when the circumstances indicate that the matter at issue has been resolved.

Other personal data collected during the sending process is erased after a period of no more than seven days.

5. Right to object, right of removal
Users can withdraw their consent for us to process personal data at any time. If a user contacts us by email, he or she can object to the storage of his or her personal data at any time. Where this is the case, however, it is impossible to continue the conversation.

To object to the storage of your personal data, simply send a message via cancom.de/en/objection.

In this case, all the personal data stored when you made contact will be erased.

6. terms of use
When you register for webinars and other events, our terms of use also apply. You can find them here.

1. Description and scope of data processing

When you apply to us, we collect personal data. This includes, in particular, your contact data (such as first name, last name, name affixes, private address, (mobile) phone number, e-mail address) as well as other data provided by you regarding your career (e.g., curriculum vitae, qualifications and degrees, work experience) and your person (e.g., cover letter, personal interests). This may also include special categories of personal data (e.g. information on a severe disability). As a rule, your personal data is collected directly from you as part of the application process and is encrypted during electronic transmission. The data originates from the application form to be completed online and from the uploaded files.

If you voluntarily use the option to implement your master data from one of your social media accounts, we process the account data of your external social media platform. This data is processed for the purpose of importing your profile information into the CANCOM applicant management system.

If you voluntarily use the option to have your application documents analyzed so that your master data is automatically transferred to the fields of the application form (CV upload), your data will be processed by the order processor rexx Systems GmbH. This processor is contractually obligated to comply with the provisions of data protection law.

2. Legal basis for data processing

We process personal data in accordance with the provisions of the EU Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):

  • On the basis of your consent (Art. 6 para. 1 p. 1 lit. a) GDPR, Art. 88 GDPR and § 26 para. 2 BDSG).
    If you provide us with special categories of personal data (e.g. racial and ethnic origin, political opinions, religious or ideological beliefs or trade union membership, health data), we process this on the basis of your express consent.If you have given us your consent to process personal data for specific purposes (e.g. storage of application data for a longer period of time), the processing of this data is lawful on the basis of your consent.If you are still a minor, i.e. you have not yet reached the age of 18 and would like to apply to us, we require that you have the consent of your legal representative (usually your parents).If you have not yet reached the age of 16, a declaration of consent from a legal representative must be included with your application. If we do not have this declaration of consent, your application cannot be considered and your data will be deleted immediately.

  • On the basis of statutory or other legal provisions (Art. 6 (1) p. 1 lit. c) GDPR, Art. 88 GDPR and Section 26 BDSG) or in the public interest (Art. 6 (1) p. 1 lit. e) GDPR). Legal regulations can be, for example, trade and craft law regulations on storage and transmission, regulations of labor law, social law and telecommunications law and general registration law.

3. Purpose of data processing

The processing of personal data is necessary to achieve the above purposes, including the fulfillment of a contractual relationship or a pre-contractual activity (initiation of an employment relationship).

If the aforementioned personal data is not provided or not provided to the extent required, or if CANCOM is unable to collect such data, the individual purposes described cannot be fulfilled or the application cannot be processed.

If your application does not result in employment, a recognition data record is stored (so-called truncated data reduction). We need this data record for further statistical evaluation. All of your professional qualifications are deleted in this data record.
The recognition data record contains the following information:

  • Title

  • First name

  • Job ID

The regular record is reduced to the recognition record after six months and stored without a time limit.

4. Passing on the data

Within our company, only those persons and departments (e.g. Human Resources) have access to your personal data that absolutely need it to carry out the application process or to fulfill our legal obligations. If necessary, your applications will be forwarded to the relevant responsible persons for review. Under no circumstances will your personal data be passed on to third parties without authorization.

We use the software and services of rexx systems GmbH as part of the CANCOM applicant management system. This order processor is contractually obligated to comply with the provisions of data protection law.

When your data is transferred to our applicant management system, it is automatically encrypted. The precautions for data security always correspond to the current state of the art.

5. Participation „JobAlert

You can sign up to participate in „JobAlert”, where you will be automatically notified by e-mail as soon as a new job offer appears that matches your search specifications. Personal data is collected and processed solely for the purpose of contacting you and sending you job vacancies. Data is not passed on outside CANCOM and the order processor rexx systems GmbH. This data is stored until a final status is reached (recruitment or rejection) or until you unsubscribe from JobAlert.

6. Invitations to career events and evaluation of the recruitment processes.

You can sign up for invitations to career events as well as to be contacted for the evaluation of recruitment processes. Personal data is collected and processed solely for the purpose of contacting you between the successful application process and the start of employment. Data is not passed on outside CANCOM and the order processor rexx systems GmbH. The data is stored for twelve months.

7. Recommendation by employees of the CANCOM Group

Depending on the target position and the advertising company, it may be possible to provide the name of an employee who recommended the job offer to you. By providing this name, you agree that the employee will be informed whether your application results in an employment relationship. The reason for this is the payment of referral bonuses to the recruiting employee.

8. Duration of storage

Your data relating to an application for a specific job posting will be stored and processed by us during the ongoing application process. After completion of the application process (e.g. in the form of an acceptance or rejection), the application process including all personal data is deleted from the system six months after completion of the application process. After that, the results are only stored in the form of the truncated data reduction for further statistical evaluation. This statistical data record does not allow any conclusions to be drawn about the natural person and serves as the basis for statistical evaluations.

In case of acceptance, we reserve the right to keep your application for a longer period of time, provided that the entry date is more than six months in the future.

9. Possibility of objection and elimination

If the processing of your data is based on consent, you have the right to revoke this consent at any time with effect for the future. In such a case, the application process cannot be continued.

For this purpose, it is sufficient to send a message to ed.mo1725704770cnac@1725704770sboj1725704770.

All personal data that was stored in the course of the application process and is no longer subject to a legal retention obligation will be deleted in this case.

1. Description and scope of data processing

In our webshop you can order products around information technology as a company (business customer) and public client. For order processing

  • professional contact details,

  • Your billing/delivery address (professional, as well as private if desired) and

  • Account and payment data

needed.

These are generally taken from our ERP system in which you are already registered. In general, this is personal data in B2B business that CANCOM processes. In the course of orders, credit checks may be carried out under certain circumstances. Details of this will be displayed to you during the order process.

Of course, you can provide even more data on your own if you wish.

2. Legal basis for data processing

We process the data you provide as part of the order form only for the implementation or processing of the contractual relationship, Art. 6 para. 1 p. 1 lit. b) GDPR, unless you consent to further use. The credit assessment takes place in accordance with Art. 6 para. 1 p. 1 lit. f) GDPR within the framework of our legitimate interest in the solvency of the purchaser.

3. Purpose of data processing

We process the data provided by you in the order form only for the purpose of implementing or processing the contractual relationship.

The principle of data economy and data avoidance is observed in that you only have to provide us with the data that we absolutely need to execute the contract or fulfill our contractual obligations (i.e. your name, address, e-mail address and the payment data required for the selected payment method) or which we are legally obligated to collect.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected and there are no longer any legal retention obligations. In the case of the implementation or settlement of the contractual relationship, this is usually the case after ten years.

1. Description and scope of data processing

Through our whistleblower tool, CANCOM ensures greater protection for whistleblowers who want to report violations of EU or German law. Through this tool, CANCOM has established a secure channel for whistleblowing.

a) Categories of data subjects

The data subjects are primarily the persons to whom the notification relates, including employees, partners or other persons professionally associated with CANCOM, depending on who is mentioned in the notification.

In addition, CANCOM processes personal data about the reporting person if the reporting person submits his/her contact information or other information from which the reporting person can be directly or indirectly identified. As the reporting person, you must therefore be aware that CANCOM may process personal data about you in connection with the processing of the reported case.

The notification can be made on a 100% anonymous basis. In this case, no personal data of the reporting person will be processed.

b) Categories of personal data

The categories of personal data that are processed depend on the information reported.

With regard to the reporting person who has opted out of anonymity, CANCOM mainly processes general personal data such as name, e-mail address (optional) and telephone number (optional), unless the reporting person himself provides further personal data.

If the reporting person reports personal data about another person, including the reported person or persons, CANCOM also processes this personal data. Which personal data is processed in this case depends on which personal data is included in the notification. The following categories of personal data may be processed:

  • General personal data (name, address, e-mail address, telephone number, position, etc.)

  • Personal data on criminal convictions or the suspicion of such

  • Special categories of personal data (information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, data concerning health, and data concerning a person’s sex life or sexual orientation)

CANCOM advises the reporting person to report only information that is of concrete relevance to the reported case and, in particular, not to report information about criminal acts and special categories of personal data unless these are of central importance to the processing of the reported case.

2. Legal basis for data processing

The processing of personal data is necessary for compliance with a legal obligation to which CANCOM is subject, see Article 6 (1) sentence 1 lit. c) GDPR. This is the German “Gesetz für einen besseren Schutz hinweisgebender Personen sowie zur Umsetzung der Richtlinie zum Schutz von Personen, die Verstoß gegen das Unionsrecht melden” (Act for better protection of whistleblowers and for the implementation of the Directive on the protection of persons reporting infringements of Union law), which transposes the EU Directive “Directive on the protection of persons reporting infringements of Union law” (2018/0106 COD) into national law.

In addition, the processing is necessary to protect CANCOM’s legitimate interest in detecting serious violations or potential violations of German or EU law or other serious matters that override the interests or fundamental rights and freedoms of the data subject, see Article 6 (1) sentence 1 lit. f) GDPR.

As far as the processing of special categories of personal data is concerned, the processing is necessary for reasons of substantial public interest on the basis of the “Law for Better Protection of Whistleblowers and for the Implementation of the Directive on the Protection of Persons Reporting Breaches of Union Law”, cf. Art. 9 (2) g) GDPR. In addition, the processing of special categories of personal data is necessary for the establishment, exercise or defense of legal claims, cf. Art. 9 (2) (f) GDPR in conjunction with. Art. 6 para. 1 p. 1 lit. f) GDPR.

The processing is also necessary for the performance of a task carried out in the public interest, cf. Art. 6 (1) p. 1 lit. e) GDPR.

3. Purpose of data processing

The purpose of processing personal data is to manage CANCOM’s whistleblower system, including the detection of serious violations or possible violations of German or EU law or other serious matters.

4. Disclosure of the data

The reports are forwarded to CANCOM’s compliance team, which processes them. After evaluation, the reports are forwarded internally to the respective management of the responsible CANCOM company by e-mail. The reason for forwarding is that only the respective management can decide on any follow-up measures, not the central Compliance department. In this process, personal data is only forwarded for a specific purpose and in accordance with the principle of data minimization, i.e., only the personal data that is absolutely necessary to process the report is forwarded.

CANCOM discloses personal data about the reporting person to public authorities if this is necessary to deal with serious violations or serious matters or to ensure the right of defense of the data subjects. In other cases, CANCOM will disclose personal data about the reporting individual only with the consent of the reporting individual. CANCOM discloses personal data about persons other than the reporting person only as part of the follow-up to a reported case or to deal with serious violations or serious matters.

CANCOM cooperates with the software manufacturer Whistleblower Software ApS, which acts as a platform supplier and immediately encrypts the personal data before it is passed on. Since commissioned processing within the meaning of Art. 28 GDPR takes place here by Whistleblower Software ApS, we have concluded a commissioned processing agreement in accordance with the statutory provisions. For more information about Whistleblower Software ApS, please visit: https://whistleblowersoftware.com/en/personal-data-policy

5. Duration of storage

Personal data that proves irrelevant to CANCOM’s handling of a reported case, as well as reports that CANCOM deems unfounded or that do not fall within the scope of the whistleblower regulation, will be deleted within three months of CANCOM’s decision.

Notifications and personal data collected by CANCOM in the course of processing a notification that forms the basis for further processing will be deleted five years after the case has been closed, i.e. on the day on which CANCOM has made a decision in the case, unless special circumstances or legal as well as official requirements require a shorter or longer period.

GOOGLE ANALYTICS

1. Description and scope of data processing
This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”. Cookies are text files that are stored on your computer and allow us to analyse how you use our website. Information on how you use the website generated by the cookie, including:

  • browser type/version,

  • operating system used,

  • referrer URL (page previously visited),

  • host name of the accessing computer (IP address),

  • time of the server request,

is generally transmitted to a Google server in the USA, where it is stored. Google does not combine the IP address transmitted by your browser via Google Analytics with any other data. In addition to Google Analytics, we have also installed “anonymizeIP” on this website. This masks your IP address so that all data is collected anonymously. If, in exceptional circumstances, the full IP address is sent to a Google server in the USA, it is abbreviated.

2. Legal basis for data processing
Where we have obtained the user’s consent, the legal basis for data processing is Article 6 (1) (a) GDPR.

3. Purpose of data processing
On behalf of the provider of this website, Google uses this information to assess how you use our website, to compile reports on website activity and to provide the website provider with other services connected with website and internet use.

4. Retention period
Data sent by us which is linked to cookies, login details (e.g. a user ID) or advertising IDs is erased automatically after 26 months. Data which has reached its storage limit is erased automatically once a month.

5. Right to object, right of removal
You can set your browser software to block the installation of cookies. If you do this, however, you may be unable to use all the functions of our website fully. You can also prevent Google from collecting and processing data generated by cookies relating to your use of the website (including your IP address) by downloading and installing the browser-add-on Opt-out cookies stop your data being collected when you visit a website in the future. Click here to install the opt-out cookie: deactivate Google Analytics

6. Further information
You will find further information on our terms of use and data protection at:

https://www.google.com/analytics/terms/de.html and https://policies.google.com/?hl=de

FACEBOOK PIXEL

1. Description and Scope of Data Processing

On its websites, CANCOM uses Facebook Pixel, a service of Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA (hereinafter referred to as “Facebook”).

Facebook Pixel enables Facebook to display our Facebook ads only to Facebook users who have visited our website, especially those who have shown interest in our online content or certain topics or products. Facebook Pixel makes it possible to check whether a user was redirected to our website after clicking on our Facebook ads. Facebook Pixel uses cookies, which are small text files that are stored locally in the cache of your web browser on your end device.

If you are logged into Facebook with your user account, your visit to our online offerings is recorded in your user account. The data collected about you is anonymous to us and therefore does not give us any information about the identity of users. However, Facebook may link this data to your Facebook user account. We have no control over the extent and further use of data collected by Facebook through the use of Facebook Pixel. To the best of our knowledge, Facebook receives information that you have visited the relevant part of our website or clicked on an ad from us. If you have a Facebook user account and are registered with Facebook, Facebook can assign the visit to your user account. Even if you are not registered with Facebook or have not logged in, Facebook may collect and store your IP address and other identifiers.

2. Purpose of Data Processing

CANCOM uses Facebook Pixel for marketing and optimization purposes, in particular to place relevant and interesting ads on Facebook and thus improve our content, make it more interesting for you as a user, and avoid annoying ads. This also includes our legitimate interest in the processing of the above data by the third-party provider. The legal basis is article 6, paragraph 1, sentence 1, point (f),of the GDPR.

3. Objection and Possibility of Removal

You may object to the collection of data by Facebook Pixel as described above and to the use of your information to display Facebook ads. You can adjust settings about what types of advertisements you see within Facebook on the following Facebook website: https://www.facebook.com/settings?tab=ads. Please note that this setting will be deleted if you delete your cookies. In addition, you can deactivate cookies used for measuring reach and advertising purposes via the following websites:

1. YouTube
Our website also includes videos that we (or third parties) have posted on the platform of the social network and video portal “YouTube.” Plug-ins from the websites youtube.de and youtube.com are used to display the videos. The service YouTube is operated by YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066, USA. YouTube LLC is an affiliate of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA.

Cookie selection pop-up appears upon accessing our websites. Only when the users allows all cookies or explicitly loads a video is a connection to YouTube’s servers automatically established and the integrated video displayed on the website by a transmission to your browser.

YouTube uses cookies to tell the YouTube server which pages of our website you have visited and what actions you have taken (e.g. clicking/starting a video or sending a comment). If you are logged into YouTube as a member, YouTube will also assign this information to your personal YouTube user account. According to YouTube, you can prevent this information from being assigned to your user account if you have logged out of YouTube with the YouTube plug-in before accessing the website.

We would like to point out that we are not aware of the content of the transmitted data and its use by YouTube and that we are not responsible for the collection and processing of data by YouTube. Information on the collection and use of data by YouTube can be found in the YouTube’s Privacy Policy at www.youtube.de/t/privacy.

2. Vimeo
Our websites integrate plug-ins from the video portal Vimeo provided by Vimeo, LLC (555 West 18th Street, New York, NY 10011, USA).

Cookie selection pop-up upon accessing our websites. Only when the users allows all cookies or explicitly loads a video is a connection to Vimeo’s servers automatically established and the integrated video displayed on the website by a transmission to your browser.

Each time you access a page that offers one or more Vimeo video clips, a direct connection is established between your browser and a Vimeo server in the United States. In the process, information about your visit and your IP address is stored there. By interacting with the Vimeo plugins (e.g. clicking the start button), this information is also transmitted to Vimeo and stored there.

If you have a Vimeo user account and do not want Vimeo to collect information about you and link it to your Vimeo member information through this website, you must log out of Vimeo before visiting this website.

On our website we offer the chance to use so-called social media buttons. To protect your data we have chosen to use the Shariff plug-in. This means that the buttons simply appear on the website as icons which contain a link to the relevant button provider. Clicking on an icon takes you to the services offered by the relevant provider and it is only at this point that your data is sent to the provider. If choose not to click on the icon, no data will be exchanged between you and the social media button providers. You can find how social networks collect and use your data in the terms of use published by the various providers.
Our website features social media buttons for the following providers:

XING button, XING SE, Dammtorstraße 30, 20354 Hamburg, Germany
You can find XING’s privacy notice at: https://privacy.xing.com/de/datenschutzerklaerung

LinkedIn button, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
You can find LinkedIn’s privacy notice at: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

Twitter button, Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”)
You can find Twitter’s privacy notice at: https://twitter.com/privacy

Youtube button, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Youtube”)
You can find Google’s privacy notice at: http://www.google.com/intl/de/+/policy/+1button.html

Facebook button, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”)
You can find Facebook’s privacy notice at:
http://www.facebook.com/policy.php

Google+ button, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
You can find Google’s US data protection notice at: http://www.google.com/intl/de/+/policy/+1button.html

Vimeo button, Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA
You can find Vimeo’s privacy notice at: https://vimeo.com/privacy

Instagram button, Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”)
You can find Instagram’s privacy notice at: https://help.instagram.com/155833707900388/

We safeguard our website and other systems against the loss, destruction, access, alteration or dissemination of your data by unauthorised persons by technical and organisational measures. In particular, your personal data is transmitted in encrypted form. On our website we use standard SSL (Secure Socket Layer) technology. Unfortunately, however, the transmission of information via the Internet is never completely safe. For this reason, We are unable to guarantee the security of data transmitted to our Website via the Internet.

We do not pass on your personal data to third parties, unless otherwise described, unless you have consented to the passing on of data or we are entitled or obliged to pass on data due to legal provisions and/or official or judicial orders. This may involve, in particular, the disclosure of information for the purposes of law enforcement, the prevention of danger or the enforcement of intellectual property rights.

Whenever your personal data is processed, you are a Data Subject within the meaning of the GDPR. This gives you the following rights in respect of the Controller:

1. Right of access
Under Article 15 GDPR, you have the right to access any personal data about you that We process. In particular, you have the right to obtain information about the purposes of the processing; about the categories of personal data concerned; about the categories of recipients to whom the data has been or will be disclosed; about the planned retention period; about your right to the rectification or erasure of personal data, to the restriction of processing of personal data and to object to such processing; about the source of data where it was not collected by us; about the existence of automated decision-making including profiling; and, where appropriate, to access detailed and meaningful information on these issues.

2. Right to rectification
Under Article 16 GDPR, you have the right to obtain from the Controller the rectification and/or completion of processed personal data about you that is inaccurate or incomplete. The Controller shall carry out such rectification without undue delay.

3. Right to erasure
Under Article 17 GDPR, you have the right to obtain the erasure of your data where its processing is not necessary to the exercise of the right of freedom of expression and information, to compliance with a legal obligation, for reasons of public interest or to the establishment, exercise or defence of legal claims.

4. Right to restriction of processing
Under Article 18 GDPR, you have the right to obtain restriction of the processing of your personal data where you dispute the accuracy of the data, where the processing is unlawful but you refuse the erasure of the data and where We no longer need the data but you need it for the establishment, exercise or defence of legal claims or where you have objected to the processing under Article 21 GDPR.

5. Right to data portability
Under Article 20 GDPR, you have the right to receive any personal data you have provided to us in a structured, common and machine-readable format or transmit it to another Controller.

6. Right to withdraw consent
Under Article 7 Abs. 3 GDPR, you have the right to withdraw the consent you have given us at any time. Once you have withdrawn your consent, We must cease processing based on this consent for the future.
To exercise your right to withdraw consent, use the contact box by the following link:
cancom.de/en/objection
In addition, in each newsletter you will find a link that allows you to unsubscribe from further newsletters.

7. Right to object
Where your personal data is being processed on the basis of legitimate interest under Article 6 (1) sentence 1 (f) GDPR, Article 21 GDPR gives you the right to object to this processing on grounds relating to your particular situation or where the objection is against direct marketing.
In the case of direct marketing, you have a general right to object which can be exercised without indicating a particular situation.
To exercise your right to object to processing, use the contact box by the following link:
cancom.de/en/objection

8. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data about you breaches the GDPR.
The supervisory authority with which the complaint has been lodged will inform you about the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

Competent supervisory authority:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

Address:
Promenade 18
91522 Ansbach, Germany

Mailing address:
P.O. Box 1349
91504 Ansbach, Germany

Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
E-mail: ed.nr1725704770eyab.1725704770adl@e1725704770llets1725704770tsop1725704770

Our website may contain hyperlinks to and from third-party websites. Please note that if you follow a hyperlink to a third-party website, We cannot accept any liability or responsibility for third-party content or privacy notices. Please check the relevant privacy notices before sending personal data to these websites.

his privacy notice was last updated on 14 June 2022. CANCOM reserves the right to update this privacy notice from time to time.