With the following privacy policy we would like to inform you about the types of your personal data (hereinafter also referred to as “data”) that we process for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer”).
The terms used are gender-neutral.
Status: October 23, 2023
Mr Arkadi Wolfsohn
CLARIS Solutions GmbH & Co. KG
Burgweg 39
34537 Bad Wildungen
Germany
info (at) claris-solutions.de
The following overview summarizes the types of data processed and the purposes of their processing. It also refers to the affected persons.
– Inventory data
– Payment data
– Contact data
– Content data
– Contract data
– Usage data
– Meta, communication and procedural data
– Customers
– Prospects
– Communication partners
– Users
– Business and contractual partners
– Provision of contractual services and fulfillment of contractual obligations
– Contact requests and communication
– Security measures
– Reach measurement
– Office and organizational procedures
– Management and response to inquiries
– Feedback
– Profiles with user-related information
– Provision of our online offer and user-friendliness
– Information technology infrastructure
According to the GDPR: In the following we inform you about the legal bases according to the GDPR on which we base the processing of personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or our country of residence. In addition, if specific legal bases are relevant in individual cases, we will inform you of these in the data protection declaration.
Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
Fulfillment of Contractual and Pre-contractual Inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR) – The processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the request of the data subject.
Legal Obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR) – The processing is necessary to comply with a legal obligation to which the controller is subject.
Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f) GDPR) – The processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data prevail.
National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national regulations for data protection apply in Germany. This includes in particular the Law for the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains special regulations on the right to access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases including profiling. In addition, the data protection laws of the individual federal states may apply.
Note on the Validity of the GDPR and the Swiss FDPA: These privacy notices serve both to provide information in accordance with the Swiss Federal Act on Data Protection (Swiss FDPA) and with the General Data Protection Regulation (GDPR). For this reason, we ask you to note that due to the broader territorial scope and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms “processing” of “personal data”, “preeminent interest” and “particularly sensitive personal data” used in the Swiss FDPA, the terms “processing” of “personal data” and “legitimate interest” and “special categories of data” used in the GDPR are used. However, the legal meaning of the terms continues to be determined in accordance with the Swiss FDPA within the scope of the validity of the Swiss FDPA.
In accordance with legal requirements, we take appropriate technical and organizational measures taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input, transmission, securing availability and separation of them. In addition, we have set up procedures to ensure data subjects’ rights of access, rectification, deletion and objection, as well as data security in the event of data threats. Furthermore, in establishing the type and scope of the data security measures, we take due account of the risks posed by data processing, in particular as a result of the destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed. Finally, we take organizational measures and also use encryption for data security purposes wherever necessary.
TLS/SSL Encryption (https): In order to protect the data transmitted by users via our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting the data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) appears in the URL when a website is secured by an SSL/TLS certificate.
Transmission of Personal Data
In the context of our processing of personal data, it happens that the data is transmitted to other offices, companies, legally independent organizational units or persons or disclosed to them. The recipients of this data can include, for example, service providers commissioned with IT tasks or providers of services and content that are embedded in a website. In such cases, we comply with the legal requirements and in particular conclude corresponding contracts and agreements with the recipients of your data that serve to protect your data.
Data Transmission within the Organization: We may pass on personal data to other offices within our organization or grant them access to this data to the extent necessary for administrative purposes, provided that the transmission of the data is based on our legitimate commercial and business interests or is necessary for the fulfillment of our contractual obligations or if consent has been obtained from the data subjects or there is a legal permission.
– Processed Data Types: Inventory data (e.g. names, addresses); Payment data (e.g. bank details, invoices, payment history); Contact data (e.g. e-mail, telephone numbers); Contract data (e.g. contract object, term, customer category).
– Data Subjects: Prospects; Business and contractual partners.
– Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Contact requests and communication; Office and organizational procedures. Management and response to inquiries.
– Legal Bases: Performance of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR); Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR); Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Further Information on Processing Operations, Procedures and Services:
Project and Development Services: We process the data of our customers and clients (hereinafter uniformly referred to as “customers”) in order to enable them to select, acquire or commission the selected services or works as well as related activities, as well as payment and provision or execution thereof.
The required information is marked as such within the scope of the order, purchase or comparable contract conclusion and includes the information necessary for the provision of services and billing as well as contact information in order to be able to hold any consultations. Insofar as we gain access to information about end customers, employees or other persons, we process this in accordance with legal and contractual regulations;
Legal Bases: Performance of Contract and Pre-Contractual Inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR).
Provision of Software and Platform Services: We process the data of our users, registered users and any test users (hereinafter collectively referred to as “users”) in order to provide them with our contractual services and on the basis of legitimate interests to ensure the security of our offering and further develop it if necessary. The required information is designated as such within the framework of the order, purchase or comparable contract conclusion and includes the information necessary for the provision of services and billing as well as contact information in order to be able to hold any necessary consultations;
Legal Bases: Performance of Contract and Pre-Contractual Inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR).
Service Providers and Services Used in the Course of Business
In the course of our business activities and in compliance with legal requirements, we use additional services, platforms, interfaces, or plugins from third-party providers (hereinafter referred to as “services”). Their use is based on our interests in the proper, lawful and economic operation of our business and our internal organization.
– Processed Data Types: Inventory data (e.g. names, addresses); Payment data (e.g. bank details, invoices, payment history); Contact data (e.g. e-mail, telephone numbers); Content data (e.g. entries in online forms); Contract data (e.g. contract object, term, customer category); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. device information, IP addresses).
– Data Subjects: Customers; Prospects; Users (e.g. website visitors, users of online services); Business and contractual partners; Communication partners.
– Purposes of Processing: Provision of contractual services and customer service; Office and organizational procedures; Contact requests and communication; Direct marketing (e.g. by e-mail or postal mail).
– Legal Bases: Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
We process the data of users to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to deliver the contents and functions of our online services to the user’s browser or end device.
– Processed Data Types: Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, time references, identification numbers, consent status); Content data (e.g. entries in online forms).
– Data Subjects: Users (e.g. website visitors, users of online services).
– Purposes of Processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Security measures; Performance of contractual services and fulfillment of contractual obligations.
– Legal Bases: Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Further Information on Processing Operations, Procedures and Services:
Provision of Online Offer on Rented Storage Space: To provide our online offer, we use storage space, computing power and software that we rent or otherwise obtain from a corresponding server provider (also referred to as “web host”); Legal Basis: Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Collection of Access Data and Log Files: Access to our online offer is logged on the basis of so-called server log files. The server log files may contain the address and name of the web pages and files accessed, the date and time of access, data volumes transferred, notification of successful access, browser type and version, the operating system of the user, referrer URL (the previously visited page) and, as a general rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure the stability and optimal load balancing of the servers; Legal Basis: Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f) GDPR)
Deletion of Data: Log file information is stored for a maximum period of 30 days and then deleted or anonymized. Data whose further storage is necessary for evidentiary purposes are excluded from deletion until final clarification of the respective incident.
Email Sending and Hosting: The web hosting services used by us include the dispatch, receipt as well as the storage of emails. For these purposes, the addresses of the recipients and senders as well as further information relating to the email dispatch (e.g. the relevant providers) as well as the contents of the respective emails are processed. The above data may also be processed for SPAM detection purposes. Please note that emails on the Internet are generally not sent in encrypted form. As a rule, emails are encrypted during transport, but not on the servers from which they are sent and received (unless an end-to-end encryption method is used). We cannot accept any responsibility for the transmission path of emails between the sender and our server; Legal Basis: Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
In case of contacting us (e.g., by contact form, e-mail, telephone or via social media) as well as in the context of existing user and business relationships, the personal data of the inquiring persons are processed insofar as this is necessary to answer the contact inquiries and any requested measures.
– Processed Data Types: Contact data (e.g. e-mail, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, time references, identification numbers, consent status).
– Data Subjects: Communication partners.
– Purposes of Processing: Contact requests and communication; Management and response to inquiries; Feedback (e.g. collecting feedback via online form). Provision of our online offer and user-friendliness.
– Legal Bases: Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Performance of Contract and Pre-Contractual Inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR).
Further Information on Processing Operations, Procedures and Services:
Contact Form: If users contact us via our contact form, e-mail or other communication channels, the data provided in this context is processed for the purpose of processing the communicated request; Legal Basis: Performance of Contract and Pre-Contractual Inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Web analysis (also known as “reach measurement”) serves to evaluate the flows of visitors to our online offer and can include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of web analysis we can e.g. recognize at what time our online offer or its functions or content are most frequently used or invited to reuse. We can also track which areas need optimization.
In addition to web analysis, we may also conduct test procedures, e.g. to test and optimize different versions of our online offer or its components.
Unless otherwise stated below, profiles, i.e. user-related evaluations of data, can be created and information stored in a browser or end device and read out for these purposes – so-called cookies or comparable technologies can be used. The information collected includes in particular visited websites and content used, technical information about the browser and operating system, referring websites, time of access and further information about the use of our online offer. They may also include data entered, including usernames and contact information. If users have agreed to the collection of their location data from us or service providers, location data may also be processed.
The IP addresses of users are also stored. However, we use an IP masking procedure (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored in the context of web analysis, A/B testing and optimization, but pseudonyms. I.e. neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.
Processed data types: Usage data (e.g. visited websites, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, time references, identification numbers, consent status).
Affected persons: Users (e.g. website visitors, users of online services).
Purposes of processing: Reach measurement (e.g. access statistics, detection of recurring visitors). Profiles with user-related information (creation of user profiles)
Security measures: IP masking (pseudonymization of the IP address)
Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).
Further information on processing operations, procedures and services:
Jetpack (WordPress Stats): Jetpack offers analytics features for WordPress software; Service provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://automattic.com; Privacy Policy: https://automattic.com/privacy. Basis for data transfer to third countries: EU-US Data Privacy Framework (DPF).
Plugins and embedded functions as well as content
We integrate functional and content elements into our online offer that are retrieved from the servers of their respective providers (hereinafter referred to as “third party providers”). These may include graphics, videos or city maps (hereinafter uniformly referred to as “content”).
The integration always requires that the third party providers of this content process the IP address of the users, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required for the presentation of these contents or functions. We strive to use only content whose respective providers use the IP address solely for delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the device of the users and can contain, among other things, technical information about the browser and operating system, referring websites, visit times and other information on the use of our online offer and can also be combined with such information from other sources.
Processed data types: Usage data (e.g. visited websites, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, time references, identification numbers, consent status); Master data (e.g. names, addresses); Contact data (e.g. e-mail, phone numbers); Content data (e.g. entries in online forms).
Affected persons: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of our online offer and user-friendliness.
Legal bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Further information on processing operations, procedures and services:
Google Fonts (provision on own server): Provision of font files for user-friendly presentation of our online offer; Service provider: The Google Fonts are hosted on our server, no data is transmitted to Google; Legal bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Font Awesome (provision on own server): Display of fonts and symbols; Service provider: The Font Awesome icons are hosted on our server, no data is transmitted to the provider of Font Awesome; Legal bases: Legitimate interests (Art. 6 Para. 1 p. 1 lit. f) GDPR).
YouTube videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Basis for data transfer to third countries: EU-US Data Privacy Framework (DPF). Possibility of objection (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=en, settings for the display of advertising overlays: https://adssettings.google.com/authenticated.
jsDelivr: We use the jsDelivr service of the company Prospect One Sp., Krolweska 65A, 30-081 Krakow, Poland, email: hello@prospectone.io, website: https://prospectone.io/ on our site. The transmission and processing of personal data takes place exclusively on servers in the European Union.
The legal basis for the transmission of personal data is our legitimate interest in processing pursuant to Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in achieving the purpose described below.
JsDelivr is a content delivery network that provides parts of our content to ensure an optimal user experience.
With regard to processing, you have the right of objection set out in Art. 21. Further information can be found at the end of this privacy policy.
Further information on the handling of the transmitted data can be found in the privacy policy of the provider at https://www.jsdelivr.com/privacy-policy-jsdelivr-com.
Amendment and updating of the data protection declaration
Please inform yourself regularly about the contents of our data protection declaration. We will adapt the data protection declaration as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require cooperation on your part (e.g. consent) or other individual notification.
If we provide addresses and contact information of companies and organizations in this privacy policy, please note that addresses may change over time and check the information before contacting us.
Definitions
In this section you will find an overview of the terms used in this privacy policy. Insofar as the terms are legally defined, their legal definitions shall apply. The following explanations, on the other hand, are intended primarily for understanding.
Personal data: “Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Profiles with user-related information: The processing of “profiles with user-related information”, or in short “profiles”, includes any kind of automated processing of personal data that consists of using those personal data to analyse, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include different information concerning demographics, behaviour and interests, such as interaction with websites and their content, etc.) ). Profiling is often used to analyse or predict interests in certain content or products, click behaviour on a website or geographic location. For profiling purposes, cookies and web beacons are often used.
Reach measurement: Reach measurement (also known as web analytics) serves to evaluate visitor flows to an online offering and can cover visitor behaviour or interests in certain information, such as content of websites. By using reach analyzes, operators of online services can e.g. recognize at what times your websites are visited and for which content those visitors are interested in. This allows them, for example, to better adapt the content of the websites to the needs of their visitors. For the purposes of reach measurement, pseudonymous cookies and web beacons are often used in order to recognize recurring visitors and thus obtain more precise analyses of the use of an online service.
Controller: “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processing: “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.