Language

Contact

News AbO

Privacy Notice

Data Privacy Notice

I. Name and adress of controller

The Controller within the meaning of the relevant data protection legislation is:

CANCOM SE
Erika-Mann-Str. 69
D-80363 Munich (headquarters)
Phone: +49 89 540 540
E-Mail:

as well as the affiliated companies according to §§ 15 ff. AktG.

CANCOM GmbH

CANCOM Austria Beteiligungs GmbH

CANCOM ICT Service GmbH

CANCOM physical infrastructure GmbH

CANCOM VVM II GmbH

CANCOM VVM GmbH

CANCOM Public GmbH

CANCOM Public BV

CANCOM Managed Services GmbH

CANCOM Slovakia s.r.o.

CANCOM Financial Services GmbH

SBSK GmbH & Co. KG

– hereinafter collectively referred to as “CANCOM”, “the Company” or “we”–

II. Name and adress of data protection officer

Der Datenschutzbeauftragter der CANCOM ist:

Tonguc Solgun
Messerschmittstraße 20
89343 Jettingen-Scheppach
Germany
Phone: +49 8225 996-1182
E-Mail:

III. data protection policy

The Data Protection Policy ensures that information is processed in accordance with data protection regulations within the CANCOM Group. You can download the Data Protection Policy here (PDF download).

IV. general information on data processing

1. Scope of personal data processing
We process personal data of our users only to the extent necessary to provide a functional website and our content and services, and to the extent that the processing of the data is permitted by law.

2. Legal basis for processing personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing necessary for the performance of pre-contractual measures. If the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

3. Data deletion and retention period
The personal data of the data subject shall be erased or blocked as soon as the purpose for which it was stored no longer applies. The data may also be stored if this is provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. Data will also be blocked or erased upon the expiration of a retention period prescribed by the aforementioned standards, unless further storage of the data is necessary for the conclusion or performance of a contract.

V. Provision of website and creation of log files

1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following information is collected

(1) Information on the type and version of browser used
(2) The user’s operating system
(3) The user’s internet service provider
(4) The user’s IP address
(5) Date and time of access
(6) Websites from which the user’s system accesses our website
(7) Websites accessed by the user’s system through our website.

This information is also stored in the log files of our system. These data are not stored together with other personal data of the user.

2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 par. 1 lit. f GDPR.

3. Purpose of data processing
Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address is stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not analysed for marketing purposes in this context.

These purposes also constitute our legitimate interest in processing the data in accordance with Art. 6 para. 1 lit. f GDPR.

4. Duration of retention
The data will be deleted as soon as it is no longer necessary to fulfil the purpose for which it was collected. In the case of data collected for the provision of the website, this will be the case at the end of each session.

If the data is stored in log files, this will be the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to identify the accessing client.

5. Right of objection, withdrawal and removal
For the necessary cookies, the collection of data for the provision of the website and the storage of the data in log files is mandatory and therefore there is no possibility of objection on the part of the user.

The other cookies can be manually activated or deactivated by the user through the cookie settings.

VI. use of COOKIES

1. Description and scope of data processing
Each time our website is accessed (e.g. web shop, marketing, presentation website, webinars, etc.), our system automatically collects data and information from the computer system of the accessing computer. The following information is collected

(1) Information about the type and version of browser used
(2) The user’s operating system
(3) The user’s internet service provider
(4) The user’s IP address
(5) Date and time of access
(6) Websites from which the user’s system accesses our website
(7) Websites accessed by the user’s system through our website.

This information is also stored in the log files of our system. This information is not stored together with any other personal information about the user.

2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 par. 1 lit. f GDPR.

Cookies are necessary for the website to function. The legal basis for this is Art. 6 para. 1 lit. f GDPR.

For all other cookies that are not necessary for the functioning of the website, your consent will be requested via the cookie banner in accordance with Art. 6 para. 1 lit. a GDPR.

3. Purpose of data processing
a) For the necessary (essential) cookies, the purpose of the data processing is the functionality of the website.

The temporary storage of the IP address by the system is necessary in order to deliver the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.

These purposes also constitute our legitimate interest in processing the data in accordance with Art. 6 para. 1 lit. f GDPR.

b) For the other cookies, the purpose is defined by the cookie settings. These are available at https://www.cancom.de/en/cookie-settings/

4. Retention period
The data is deleted as soon as it is no longer necessary to fulfil the purpose for which it was collected. In the case of data collected for the provision of the website, this will be the case when the relevant session has ended.

If the data is stored in log files, this will be the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or made anonymous so that it is no longer possible to identify the accessing client.

5. Right of objection and removal
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

VII. Newsletter

1. Description and scope of data processing
It is possible to subscribe to a free newsletter. When registering for the newsletter, the information in the registration form will be sent to us.

Form of address
Your surname
Your e-mail address

The following information is also collected during registration

(1) IP address of the accessing computer
(2) Date and time of the registration

our consent to the processing of the data is obtained during the registration process and reference is made to this Privacy Policy.

CANCOM’s service providers and partner companies that we use to fulfil our tasks may have access to your data. In particular, these are service providers that we use to provide the newsletter and the software used for this purpose (Software as a Service, ASP service). The service providers and partner companies involved will only have access to your data to the extent and for the duration necessary for the fulfilment of their tasks. These service providers and partner companies are obliged to involve only persons who are obliged to maintain confidentiality or who are subject to an appropriate legal obligation of confidentiality when performing the services.

Agreements on commissioned data processing pursuant to Art. 28 of the GDPR apply to data processing on behalf of a third party.

The data will be passed on to a third party (Mapp Digital Germany GmbH, Dachauer Straße 63, 80335 München) in connection with data processing for the purpose of sending the newsletter. The data will only be used for sending the newsletter.

2. Legal basis of data processing
The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 par. 1 lit. a GDPR, if the user has given his or her consent.

The legal basis for sending the newsletter in connection with the sale of goods or services is § 7 para. 3 UWG.

3. Purpose of data processing
The purpose of collecting the user’s first name, last name and e-mail address is to send the newsletter in a personalised manner.

The collection of other personal data during the registration process serves to prevent misuse of the services or the e-mail address used.

4. Retention period
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. The user’s e-mail address is therefore stored for as long as the subscription to the newsletter is active.

The other personal data collected during the registration process will generally be deleted after a period of seven days.

5. Cancellation and removal options
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter.

This also makes it possible to withdraw consent to the storage of personal data collected during the registration process.

VIII. Contact form and e-mail contact

1. Description and scope of data processing
Our website contains contact forms, event registration forms, application forms, feedback forms and support request forms. These can be used to contact us electronically. When a user uses one of these options, the data entered in the input mask is transmitted to us and stored.

This information is

Salutation
Name
E-Mail
Telephone number
Company Name
Reason for contacting us
Consent to data retention
Address (postcode, city)

The following data is also stored at the time the message is sent

(1) The user’s IP address
(2) The date and time of registration.

Your consent to the processing of data will be obtained as part of the sending process and reference will be made to this privacy policy with the necessary information obligations.

Alternatively, you may contact us at the e-mail address provided. In this case, the user’s personal data sent with the e-mail will be stored.

The data will only be used for the intended purpose.

2. Legal basis for data processing
We process your data on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR for specific purposes, in particular

To send newsletters with regular offers from CANCOM
To receive special information and offers as well as for market research/analysis purposes and customer surveys from CANCOM and the partner companies (here the partner companies may receive access to your data from CANCOM)
For personalised use of the website and personalised offers including profiling
To support website usage processes with reminder functions and live chats
For analytical purposes to optimise our offer for you.

Any consent given can be revoked at any time. This also applies to the revocation of declarations of consent that were given to us before the application of the GDPR, i.e. before 25 May 2018. The revocation of consent only takes effect for the future and does not affect the legality of the data processed until the revocation.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 sentence 1 lit. f) GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR.

3. Purpose of data processing
The processing of personal data from the input mask is solely for the purpose of processing the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the sending process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Retention period
The data will be deleted as soon as it is no longer necessary to fulfil the purpose for which it was collected. In the case of personal data collected through the contact form or sent by e-mail, this will be the case when the communication with the user has been concluded. The conversation is considered closed when it can be concluded from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Possibility of cancellation and removal
The user may at any time revoke his or her consent to the processing of personal data. If the user contacts us by e-mail, he/she may at any time object to the storage of his/her personal data. In such a case, the conversation cannot be continued.

A message via https://www.cancom.de/en/objection/ will suffice.

In this case, all personal data stored in connection with the contact will be deleted.

6. Terms of use
Registration for webinars and other events is also subject to our Terms of Use, which can be viewed here.

7. Data transfer
As part of the event registration process, a third party Salesforce plugin called Blackthorn is used to play on-demand videos. The data collected is sent to Salesforce. Salesforce is used as part of the contact forms (see below for Salesforce).

IX. applicant data protection

1. Description and scope of data processing
When you apply for a job with us, we collect personal information about you. This includes, in particular, your contact details (e.g. first name, last name, surname, home address, (mobile) telephone number, e-mail address) and other information you provide about your career (e.g. CV, qualifications and degrees, work experience) and about yourself (e.g. cover letter, personal interests). It may also include special categories of personal data (e.g. details of a severe disability). Your personal data will normally be collected directly from you as part of the application process and will be encrypted during electronic transmission. The data is obtained from the online application form and uploaded files.

If you voluntarily use the option to transfer your master data from one of your social media accounts, we will process the account data of your external social media platform. This data is processed for the purpose of importing your profile information into CANCOM’s applicant management system.

If you voluntarily make use of the option to have your application documents analysed so that your master data is automatically transferred to the fields of the application form (CV upload), your data will be processed by the processor rexx Systems GmbH. This processor is contractually bound to comply with data protection regulations.

2. Legal basis for data processing
We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):

On the basis of your consent (Art. 6 para. 1 sentence 1 lit. a) GDPR in conjunction with Art. 88 GDPR and Section 26 para. 2 BDSG). If you provide us with special categories of personal data (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data), we will process such data on the basis of your express consent. If you have given us your consent to process personal data for specific purposes (e.g. to store application data for a longer period of time), the processing of this data is lawful on the basis of your consent. If you are a minor, i.e. under the age of 18, and you wish to apply for a job with us, we will assume that you have the consent of your legal representative (usually your parents). If you are under 16, you must include a letter of consent from a legal representative with your application. If we do not receive this declaration of consent, your application will not be considered and your details will be deleted immediately.
On the basis of statutory or other legal provisions (Art. 6 para. 1 sentence 1 lit. c) GDPR, Art. 88 GDPR and Section 26 BDSG) or in the public interest (Art. 6 para. 1 sentence 1 lit. e) GDPR). Legal provisions may include, for example, trade and craft regulations on storage and transmission, labour, social and telecommunications law, and general registration law.

The processing of personal data is necessary to achieve the above-mentioned purposes, including the fulfilment of a contractual relationship or a pre-contractual activity (initiation of an employment relationship).

If the aforementioned personal data is not provided or not provided to the required extent or if CANCOM is unable to collect it, the individual purposes described cannot be achieved or the application cannot be processed.

If your application does not result in employment, a recognition data record will be stored (so-called truncated data reduction). We need this record for further statistical analysis. All of your professional qualifications will be deleted from this record.

The recognition record contains the following information

– Title
– First name
– Job ID

The regular record will be reduced to the recognition record after six months and stored indefinitely.

4. Passing on the data
Within our company, only those individuals and departments (e.g. Human Resources) have access to your personal data that is absolutely necessary to complete the application process or to comply with our legal obligations. If necessary, your application will be forwarded to the appropriate person for consideration. Under no circumstances will your personal data be disclosed to third parties without your consent.

We use the software and services of rexx systems GmbH as part of the CANCOM applicant management system. This processor is contractually obliged to comply with data protection regulations.

When your data is transferred to our applicant management system, it is automatically encrypted. The data security precautions are always state-of-the-art.

5. Participation „JobAlert”
You can register for „Job Alert” which will automatically notify you by email as soon as a new vacancy matching your search criteria appears. Personal data will only be collected and processed for the purpose of contacting you and sending you job vacancies. The data will not be passed on outside CANCOM and the processor rexx systems GmbH. This data is stored until a final status is reached (hiring or rejection) or until you unsubscribe from JobAlert.

6. Invitations to career events and evaluation of the recruitment processes
You may register to receive invitations to career events and to be contacted for recruitment evaluation purposes. Personal data is collected and processed solely for the purpose of establishing contact between a successful application and the start of employment. The data will not be passed on outside CANCOM and the processing company rexx systems GmbH. The data will be stored for twelve months.

7. Recommendation by CANCOM Group employees
Depending on the target position and the company advertising the position, it may be possible to provide the name of an employee who recommended the job offer to you. By providing this name, you agree that the employee will be informed if your application results in employment. The reason for this is the payment of referral bonuses to the employee who referred you.

8. Duration of storage
Your data relating to an application for a specific job advertisement will be stored and processed by us during the ongoing application process. Upon completion of the application process (e.g. acceptance or rejection), the application process, including all personal data, will be deleted from the system six months after completion of the application process. After this period, the results will only be stored in the form of a truncated data reduction for further statistical analysis. This statistical record does not allow any conclusions to be drawn about the individual and is used as a basis for statistical analysis.

If you are accepted, we reserve the right to retain your application for a longer period if the date of entry is more than six months in the future.

9. Possibility of objection and elimination

If you have any questions regarding the processing of your data in the context of an application procedure, you can contact us at and/or https://www.cancom.de/en/objection/.

X. Webshop

1. Description and scope of data processing
If you are a company (business customer) or a public authority, you can order IT products from our web shop. For order processing

Your professional contact details,
Your billing/delivery address (business or private) and
account and payment details

are required.

These are usually taken from our CRM system where you are already registered.

Credit checks may be carried out during the order process. Details of this will be displayed during the order process.

Of course, you can provide more information yourself if you wish.

2. Legal basis for data processing
We process the data provided by you in the order form only for the execution or processing of the contractual relationship, Art. 6 para. 1 sentence 1 lit. b) GDPR, unless you consent to further use. The credit check is carried out in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR as part of our legitimate interest in the solvency of the customer.

3. Purpose of data processing
We process the data provided by you in the order form only for the purpose of fulfilling or processing the contractual relationship.

The principle of data economy and data avoidance is observed in that you only have to provide us with the data that we absolutely need to perform the contract or to fulfil our contractual obligations (i.e. your name, address, e-mail address and the payment data required for the selected payment method) or that we are legally obliged to collect.

4. Duration of storage
The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected and as soon as there is no legal obligation to retain it. In the case of fulfilment or processing of the contractual relationship, this is generally the case after ten years.

XI. Whistleblower reporting

1. Description and scope of data processing
With our whistleblower tool, CANCOM guarantees more protection for whistleblowers who want to report violations of EU or German law. With this tool, CANCOM has created a secure channel for whistleblowing.

a) Categories of affected persons
The data subjects are primarily the persons to whom the report relates, which may include employees, partners or other persons associated with CANCOM for a specific reason, depending on who is mentioned in the report.

In addition, CANCOM will process personal data about the reporting person if the reporting person submits his or her contact details or other information (“Report Confidentially” tool option) that can be used to identify the reporting person directly or indirectly. As a reporting person, you must therefore be aware that CANCOM may process personal data about you in connection with the handling of the reported case.

The report can be made on a 100% anonymous basis (option of the ‘Report anonymously’ tool). In this case, no personal data of the reporting person will be processed.

b) Categories of personal data
The categories of personal data that are processed depend on the reported data and information of the reported issue.

With regard to the reporting person who has opted out of anonymity (option of the ‘report confidentially’ tool), CANCOM mainly processes general personal data such as name, e-mail address (optional) and telephone number (optional), unless the reporting person provides further personal data himself.

If the reporting person reports personal data about another person, including the reported person or persons, CANCOM will also process this personal data. Which personal data is processed in this case depends on which personal data is contained in the report. The following categories of personal data may be processed:

General personal data (name, address, e-mail address, telephone number, position, etc.)
Personal data relating to criminal convictions or suspected criminal convictions
Special categories of personal data (information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership, data concerning health and data concerning a person’s sex life or sexual orientation)

CANCOM advises the whistleblower to report only information that is specifically relevant to the case reported and, in particular, to refrain from reporting criminal offences and special categories of personal data unless such information is central to the handling of the case reported.

2. Legal basis for data processing
The processing of personal data is necessary to fulfil a legal obligation to which CANCOM is subject, see Art. 6 para. 1 sentence 1 lit. c) GDPR. This is the German “Gesetz für einen besseren Schutz hinweisgebender Personen (Hinweisgeberschutzgesetz – HinSchG) sowie zur Umsetzung der Richtlinie zum Schutz von Personen, die Verstöße gegen das Unionsrecht melden”, which transposes the EU Directive “Directive on the protection of persons reporting breaches of Union law” (2018/0106 COD) into national law.

In addition, the processing is necessary for the purposes of the legitimate interests pursued by CANCOM in the detection of serious violations or potential violations of German or EU law or other serious matters which override the interests or fundamental rights and freedoms of the data subject, see Art. 6 para. 1 sentence 1 lit. f) GDPR.

As far as the processing of special categories of personal data is concerned, the processing is necessary for reasons of substantial public interest on the basis of the “Act for the Better Protection of Whistleblowers and for the Implementation of the Directive on the Protection of Persons Reporting Breaches of Union Law”, cf. Art. 9(2)(g) GDPR. In addition, the processing of special categories of personal data is necessary for the establishment, exercise or defence of legal claims, cf. Art. 6 para. 1 sentence 1 lit. f) GDPR.

The processing is also necessary for the performance of a task carried out in the public interest, cf. Art. 6 para. 1 sentence 1 lit. e) GDPR.

3. Purpose of data processing
The purpose of the processing of personal data is the administration of CANCOM’s whistleblowing system, including the detection of serious violations or possible violations of German or EU law or other serious matters.

4. Disclosure of the data
All reports are received and processed within the CANCOM Group by the Compliance Department. The original responsibility for the reaction to the reported violation (e.g. follow-up measures) remains with the respective company. As part of the necessary coordination between the Compliance Department and the company concerned, it may be necessary to pass on information to the responsible persons in these companies. Personal data will only be disclosed for a specific purpose and in accordance with the principle of data minimisation, i.e. only the personal data that is absolutely necessary for processing the report will be disclosed.

CANCOM will disclose personal data of the reporting person to public authorities if this is necessary to deal with serious violations or serious matters or to ensure the right of defence of the persons concerned. In other cases, CANCOM will only disclose personal data about the whistleblower with the whistleblower’s consent. CANCOM will only disclose personal data about persons other than the reporting person in the context of the follow-up of a reported case or to deal with serious offences or serious matters.

CANCOM cooperates with the software manufacturer Whistleblower Software ApS, which acts as a platform supplier and encrypts personal data immediately before passing it on. As Whistleblower Software ApS is responsible for order processing within the meaning of Art. 28 GDPR, we have concluded an order processing contract in accordance with the legal requirements. More information about Whistleblower Software ApS can be found here: https://whistleblowersoftware.com/en/personal-data-policy

5. Duration of storage
Personal data that proves to be irrelevant for the processing of a reported case by CANCOM, as well as reports that CANCOM considers to be unfounded or that do not fall within the scope of the whistleblower regulation, will be deleted at the latest one year after CANCOM’s decision.

Reports and personal data collected by CANCOM in the course of processing a report that forms the basis for further processing will be deleted five years after the case has been closed, i.e. on the date on which CANCOM has made a decision in the case, unless special circumstances or legal and regulatory requirements require a shorter or longer period. In order to comply with such requirements or legal obligations, e.g. as part of an investigation, CANCOM can no longer guarantee that the data can be deleted after it has been transmitted.

XII. USE OF THIRD PARTY TOOLS AND SERVICES

SALESLOFT

1. Description and scope of data processing
We use Salesloft for lead management and live website tracking. The provider is Salesloft, Inc, 1180 West Peachtree Street NW, Suite 600, Atlanta, USA. The provider processes contact data (e.g. email addresses, telephone numbers) and meta/communication data (e.g. device information, IP addresses) in the USA.

2. Legal basis for data processing
The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. Data subjects may revoke their consent at any time, for example by contacting us using the contact details provided in our privacy policy. Withdrawal does not affect the lawfulness of the processing until revoked.

The legal basis for transfers to countries outside the EEA are standard contractual clauses. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses which have been approved in accordance with the review procedure pursuant to Art. 93(2) GDPR (Art. 46(2)(c) GDPR), which we have agreed with the provider. There is also an adequacy decision (EU-US Privacy Shield Framework).

3. Purpose of data processing
We use the Salesloft service to support our customers.

We use various tools to process the data stored in our CRM systems, including the Salesloft sales platform, which we use to better organise our sales processes. Salesloft accesses some of the customer information contained in our CRM systems (contact information and company information) and combines it with information about the interactions that have taken place with us (e.g. telephone calls, communication via email and/or social networks). This information helps us to centrally coordinate our sales activities and to communicate with our customers in an authentic and up-to-date manner.

4. Retention period
The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information can be found in the provider’s privacy policy at https://salesloft.com/platform-privacy-notice/.

5. Right of objection and deletion

Data subjects may withdraw their consent at any time. If you wish to exercise your right of withdrawal, simply send a request to https://www.cancom.de/en/objection/.

The withdrawal does not affect the lawfulness of the processing until the withdrawal.

SEISMIC

1. Description and scope of data processing
In order to improve our services, we use the ‘LiveSend’ software solution from Seismic Software, Inc (Seismic Software, Inc, 12390 El Camino Real, San Diego, CA 92130, USA). LiveSend uses a tracking process that sets cookies.

The following categories of information are processed

Date and time of access

E-mail address

User location

Browser type

Operating system

Name of content viewed

Time spent viewing each page of a document/video

Downloaded the document yes/no (if enabled)

2. Legal basis
The legal basis is the consent of the user according to Art. 6 par. 1 lit. a GDPR. The cookies are only set after consent has been given. The Seismic software provides us with information about what content the user has viewed, when and for how long.

3. Purpose of data processing
The purpose of the Seismic software is to present our content in the best possible way and to analyse user behaviour so that we can continually improve our products and services and provide users with targeted information.

4. Recipients
The recipients of the data are employees in the marketing, sales and IT departments of the CANCOM Group.

5. Duration of storage
For the above purpose, the data will be stored for two weeks after your consent and then automatically deleted.

Users can also use the Seismic solution without giving their consent to the LiveSend function. In this case, the user’s behaviour will not be tracked and the user can continue to make full use of the content provided via the Seismic solution.

6. Right of objection and removal
Data subjects may withdraw their consent at any time. If you wish to exercise your right of withdrawal, simply send a request to https://www.cancom.de/en/objection/.

Withdrawal does not affect the lawfulness of the processing up to the time of withdrawal.

We have entered into an order processing agreement with Seismic Software Inc. which includes standard terms and conditions. You can find more information about Seismic’s LiveSend feature and the data processor’s privacy policy here: https://www.seismic.com/privacy-policy/

GOOGLE ANALYTICS

1. Description and scope of data processing
This website uses Google Analytics, a web analytics service provided by Google, Inc (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website, such as

Browser type/version,
Operating system used,
Referrer URL (the previously visited page),
Host name of the accessing computer (IP address),
The time of the server request

is generally transmitted to and stored by Google on servers in the United States. The IP address transmitted by your browser as part of Google Analytics will not be combined with other data held by Google. We have also added the ‘anonymiseIP’ code to Google Analytics on this website. This will mask your IP address so that all data is collected anonymously. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA, where it will be truncated.

2. Legal basis for data processing
The legal basis for the processing of the data is Art. 6 par. 1 lit. a GDPR, if the user has given his/her consent.

3. Purpose of data processing
On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide the operator of the website with further services relating to website activity and internet usage.

4. Duration of storage
The data we send that is linked to cookies, user identifiers (e.g. user ID) or advertising IDs is automatically deleted after 24 months. Data that has reached the end of its retention period is automatically deleted once a month.

5. Opting out and removal
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on. Opt-out cookies prevent the future collection of your data when you visit this website. If you click here, the opt-out cookie will be set: Deactivate Google Analytics

6. Further information
For more information on terms of use and privacy policy, please visit:

https://marketingplatform.google.com/about/analytics/terms/us or https://policies.google.com/?hl=en

FACEBOOK PIXEL

1. Description and scope of data processing
CANCOM uses ‘Facebook Pixel’ on its websites, a service provided by Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA, now Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter referred to as ‘Facebook’).

Facebook Pixel enables Facebook to show our advertisements on Facebook, known as ‘Facebook Ads’, only to those Facebook users who have visited our website, in particular those who have shown an interest in our online services or in certain topics or products. Facebook Pixel enables us to check whether a user has been directed to our website after clicking on our Facebook Ads. Facebook Pixel uses, among other things, cookies, which are small text files stored locally in the cache of your web browser on your device.

If you are logged in to Facebook with your user account, your visit to our online services will be recorded in your user account. The data collected about you is anonymous to us and does not allow us to draw any conclusions about the identity of the user. However, this data may be linked by Facebook to your user account there. We have no control over the scope and further use of the data collected by Facebook through the use of Facebook pixels. To the best of our knowledge, Facebook receives the information that you have accessed the relevant part of our website or clicked on one of our advertisements. If you have a Facebook user account and are registered, Facebook may associate your visit with your user account. Even if you are not registered with Facebook or have not logged in, it is possible that Facebook may determine and store your IP address and other identifying features.

2. Purpose of data processing
CANCOM uses Facebook pixels for marketing and optimisation purposes, in particular to place relevant and interesting advertisements for you on Facebook and thus improve our offer, make it more interesting for you as a user and avoid annoying advertisements. This also constitutes our legitimate interest in the processing of the aforementioned data by the third party provider. The legal basis is Art. 6 par. 1 sentence 1 lit. f) GDPR.

3. Opt-out and removal
You may opt out of the aforementioned collection of Facebook pixels and the use of your data to display Facebook ads. You can set your preferences regarding the types of ads you see within Facebook by visiting the following Facebook website: https://www.facebook.com/settings?tab=ads.

Please note that this setting will be lost if you delete your cookies. You can also opt out of cookies used for audience measurement and advertising purposes at the following websites:

Please note that this setting will also be deleted if you delete your cookies.

4. Further information
Further information from the third party provider about privacy can be found on the following Facebook website: https://www.facebook.com/about/privacy. Information about Facebook Pixel can be found at the following Facebook website: https://www.facebook.com/business/help/651294705016616

FACEBOOK CONVERSION TRACKING

Description and scope of data processing
CANCOM uses Facebook’s “visitor action pixel” on our website. This allows the behaviour of users to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and may help optimise future advertising efforts.

The data collected does not allow any conclusions to be drawn about the identity of the user. However, the data is stored and processed by Facebook so that it can be linked to the user’s profile and used by Facebook for its own advertising purposes in accordance with the Facebook Data Usage Policy.

OUTBRAIN

1. Description and scope of data processing
CANCOM uses Outbrain conversion tracking on its websites from Outbrain UK Ltd, 5 New Bridge Street, London, EC4V 6JA, UK. The conversion tracking pixel is set when a user interacts with an ad served by Outbrain. The ads served by Outbrain are determined based on the content you have previously viewed. The content is technically controlled and automatically delivered by Outbrain. Outbrain pixels do not contain any personally identifiable information. No personal data is stored. To select appropriate content, the pixel uses information about the device source, browser type and your IP address, which is completely anonymised by removing the last octet.

2. Legal basis for data processing
The processing is based on Art. 6 (1) lit. f GDPR on the legitimate interest in targeted advertising and the analysis of the effectiveness and efficiency of such advertising.

3. Option of objection and removal

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, based on Art. 6 (1) lit. f GDPR. You may object to tracking for the purpose of displaying interest-based recommendations at any time by clicking on the “opt-out” box in Outbrain’s privacy policy, available at https://www.outbrain.com/en/legal/privacy. For more information about Outbrain’s privacy policy, please visit https://www.outbrain.com/en/legal/privacy.

PLISTA

1. Description and scope of data processing
The CANCOM website uses plista. This service is provided by plista GmbH, Torstraße 33-35, D-10119 Berlin (e-mail: , phone: +49 (0) 30 4737537-0, fax: +49 (0) 30 484984411). Further information about this provider and the processing of personal data by this company can be found at https://www.plista.com/de and https://www.plista.com/de/about/privacy/.

Based on the individual surfing behaviour of users, plista provides personalised recommendations of editorial content and advertising on thousands of websites of its partner network of users. plista compares the reading behaviour (e.g. clicks, visits) of different users with each other in order to find similarities and the same interests among them. In addition to the information in paragraph 1, you can find out more about this at https://www.plista.com/de/about/opt-out/.

2. Purpose of data processing
Plista currently collects anonymous usage data. This is anonymous information about a reader’s website visits and clicks without any personal reference. For example, plista may collect information about your choice of browser (e.g. Firefox or Internet Explorer), operating system (e.g. Macintosh or Windows), Internet provider (e.g. Telekom or 1&1), and whether you respond to advertisements. In order to provide relevant advertising, the provider may collect information such as device type, model and version, operating system, user ID and information limited to the browser and applications used. You can find out more about this, in addition to the information in paragraph 1, at https://www.plista.com/de/about/opt-out/.

3. Option of objection and removal
If you, as a user, do not wish to have your data processed by plista in the manner described above, please note the following: Simply use the opt-out button. This allows you to delete the plista identification cookie at any time with a single click. This means that you can no longer be identified by plista. The opt-out does not prevent ads or pop-ups from appearing on your computer, but only the delivery of adaptive ads from plista. This means that plista widgets, recommendations and ads will continue to be displayed on the web. Only the targeting, i.e. the matching of recommendations and ads to your personal interests, will be lost if you disable your cookie by opting out. Please note, however, that in order for plista to recognise you as a user who has opted out, you must allow cookies to be set in your browser. If you have not explicitly deactivated this, this is usually already the case. Setting the opt-out cookie is necessary so that plista does not set its identification cookie again the next time you visit a partner. If you delete the cookies in your browser, you must also repeat the opt-out process. If you use more than one computer or web browser, you will need to opt out on each one separately. In addition to the information in paragraph 1, you can learn more about this at https://www.plista.com/de/about/opt-out/.

4. Further information
As an alternative to the opt-out option in paragraph 4, you may also use the EDAA (European Interactive Digital Advertising Alliance) preference management system at www.youronlinechoices.com. Plista is a member of the EDAA and as part of our membership we comply with the provisions of the IAB Europe EU Framework for Online Behavioural Advertising in the markets to which these self-regulatory provisions apply. For information about interest-based advertising and the options available to you, and to opt-out of the placement of interest-based advertising by us and other participating EDAA member companies using cookies, please click here: www.youronlinechoices.com.

LINKEDIN

1. Description and scope of data processing
For advertising purposes, CANCOM uses the LinkedIn Matched Audiences feature of the business network of LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2, Ireland; “LinkedIn”). This enables us to show you, as a user of our website, targeted advertisements relevant to your interests about our website and our offers on the websites of the LinkedIn network in the future.

To do this, we use cookies/pixels on our websites that record that you have visited our website. These cookies enable LinkedIn to recognise you as a user of our website within the LinkedIn network.

2. Option of objection and removal
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

In addition, you can always opt out of receiving advertising from LinkedIn based on your usage patterns by opting out of the LinkedIn advertising cookie here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

3. Further information
You can find LinkedIn’s privacy policy here: https://www.linkedin.com/legal/privacy-policy.

4. Legal basis of data processing
Your data will be processed on the legal basis of Art. 6 para. 1 f) GDPR (balancing of interests) and in our interest to be able to show you interest-based advertising about us and our offers.

XIII. Video Plugins

1. Youtube
Our website also contains videos that we (or third parties) have posted on the social networking and video-sharing site YouTube. For this purpose, plug-ins from the youtube.de and youtube.com websites are used to display the videos. The YouTube service is operated by YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066, USA. YouTube LLC is an affiliate of Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you visit our website, a pop-up window with a cookie selection appears. Only if all cookies are enabled by the user or explicitly loaded by the user will a connection to the YouTube servers be automatically established and the embedded video be displayed on the website by sending a message to your browser.

YouTube uses cookies for this purpose, which tell the YouTube server which pages of our site you have visited and what actions you have taken (e.g., clicking/starting a video or submitting a comment). If you are logged in to YouTube as a member, YouTube also associates this information with your personal YouTube user account. According to YouTube, you can prevent this association by logging out of YouTube before accessing the site with the YouTube plugin.

Please note that we have no knowledge of the content of the transmitted data or its use by YouTube and that we are not responsible for YouTube’s collection and processing of the data. For information about YouTube’s collection and use of information, please see YouTube’s privacy policy at www.youtube.de/t/privacy.

2. Vimeo
Our website integrates plugins from the Vimeo video portal of Vimeo, LLC (555 West 18th Street, New York, New York 10011, USA).

A cookie selection pop-up is displayed when you access our website. A connection to the Vimeo servers is only made automatically and the embedded video is only displayed on the website by a message to your browser if all cookies are enabled by the user or explicitly loaded by the user.

Each time you access a page containing one or more Vimeo video clips, a direct connection is established between your browser and a Vimeo server in the United States. Information about your visit and your IP address is stored there. When you interact with the Vimeo plugins (for example, by clicking the Start button), this information is also sent to and stored by Vimeo.

If you have a Vimeo account and do not want Vimeo to collect information about you through this website and link it to your membership information stored at Vimeo, you must log out of Vimeo before visiting this website.

Vimeo’s privacy policy, which contains more detailed information about Vimeo’s collection and use of your information, can be found at http://vimeo.com/privacy.

Vimeo also calls the Google Analytics tracker through an iFrame in which the video is viewed. This is Vimeo’s own tracking and we do not have access to it. You can opt out of Google Analytics tracking by using the opt-out tools that Google provides for some Internet browsers. You may also refuse the processing of data about your use of this website (including your IP address) by Google by downloading and installing the browser plugin available from https://tools.google.com/dlpage/gaoptout?hl=en.

XIV. Social Plugins

We offer you the opportunity to use so-called ‘social media buttons’ on our website. In order to protect your privacy, we use buttons that are only integrated into the website as graphics and contain a link to the corresponding website of the button provider. When you click on the graphic, you will be directed to the services of that provider. Only then will your data be sent to the respective provider. If you do not click on the graphic, there will be no exchange between you and the social media button providers. For information about the collection and use of your information in the social networks, please refer to the respective social network’s terms of use.

We have included social media buttons from the following companies on our website:

XING button, XING SE, Dammtorstraße 30, 20354 Hamburg, Germany
You can find XING’s privacy notice at: https://privacy.xing.com/de/datenschutzerklaerung

LinkedIn button, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
You can find LinkedIn’s privacy notice at: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

Youtube button, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Youtube”)
You can find Google’s privacy notice at: http://www.google.com/intl/de/+/policy/+1button.html

Facebook button, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, now Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
You can find Facebook’s privacy notice at: http://www.facebook.com/policy.php

Vimeo button, Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA
You can find Vimeo’s privacy notice at: https://vimeo.com/privacy

Instagram button, Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”)
You can find Instagram’s privacy notice at: https://help.instagram.com/155833707900388/

XV. Data security

We use technical and organisational measures to protect our website and other systems against loss, destruction, access, modification or distribution of your data by unauthorised persons. In particular, your personal information is transmitted in encrypted form. We use the widely used SSL (Secure Socket Layer) method when you visit our website. Unfortunately, however, the transmission of information over the Internet is not completely secure, and we cannot guarantee the security of any information you transmit to us over the Internet.

XVI. disclosure of data

Unless otherwise described, we will not share your personal information with third parties unless you have consented to the sharing of the information or we are authorised or required to do so by law and/or governmental or judicial order. In particular, this may include disclosing information for the purposes of criminal prosecution, to avert danger or to enforce intellectual property rights.

XVII. Rights of data subjects

Whenever your personal data is processed, you are a Data Subject within the meaning of the GDPR. This gives you the following rights in respect of the Controller:

1. Right of access
Under Article 15 GDPR, you have the right to access any personal data about you that We process. In particular, you have the right to obtain information about the purposes of the processing; about the categories of personal data concerned; about the categories of recipients to whom the data has been or will be disclosed; about the planned retention period; about your right to the rectification or erasure of personal data, to the restriction of processing of personal data and to object to such processing; about the source of data where it was not collected by us; about the existence of automated decision-making including profiling; and, where appropriate, to access detailed and meaningful information on these issues.

2. Right to rectification
Under Article 16 GDPR, you have the right to obtain from the Controller the rectification and/or completion of processed personal data about you that is inaccurate or incomplete. The Controller shall carry out such rectification without undue delay.

3. Right to erasure
Under Article 17 GDPR, you have the right to obtain the erasure of your data where its processing is not necessary to the exercise of the right of freedom of expression and information, to compliance with a legal obligation, for reasons of public interest or to the establishment, exercise or defence of legal claims.

4. Right to restriction of processing
Under Article 18 GDPR, you have the right to obtain restriction of the processing of your personal data where you dispute the accuracy of the data, where the processing is unlawful but you refuse the erasure of the data and where We no longer need the data but you need it for the establishment, exercise or defence of legal claims or where you have objected to the processing under Article 21 GDPR.

5. Right to data portability
Under Article 20 GDPR, you have the right to receive any personal data you have provided to us in a structured, common and machine-readable format or transmit it to another Controller.

6. Right to withdraw consent
Under Article 7 Abs. 3 GDPR, you have the right to withdraw the consent you have given us at any time. Once you have withdrawn your consent, We must cease processing based on this consent for the future.

To exercise your right to withdraw consent, use the contact box by the following link:
cancom.de/en/objection

In addition, in each newsletter you will find a link that allows you to unsubscribe from further newsletters.

7. Right to object
Where your personal data is being processed on the basis of legitimate interest under Article 6 (1) sentence 1 (f) GDPR, Article 21 GDPR gives you the right to object to this processing on grounds relating to your particular situation or where the objection is against direct marketing.

In the case of direct marketing, you have a general right to object which can be exercised without indicating a particular situation.

To exercise your right to object to processing, use the contact box by the following link:
cancom.de/en/objection

8. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data about you breaches the GDPR.

The supervisory authority with which the complaint has been lodged will inform you about the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

Competent supervisory authority:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

Address:
Promenade 18
91522 Ansbach
Germany

Mailing address:
P.O. Box 1349
91504 Ansbach,
Germany

Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
E-mail:

XVIII. Data protection and third-party websites

Our website may contain hyperlinks to and from third party websites. If you follow a hyperlink to one of these websites, please note that we cannot accept any responsibility or liability for the content or privacy practices of third parties. Please check the applicable privacy policy before submitting any personal data to these websites.

XIX. Version

This privacy notice was last updated on October 2024. CANCOM reserves the right to update this privacy notice from time to time.