Privacy Policy
1. Data protection at a glance
General information
The following information provides a simple overview concerning what happens with your personal data when you visit this website. Personal data refers to all data that can be used to identify you personally. You can find detailed information on the topic of data protection in our Privacy Policy as outlined in this text.
Collection of data on this website
Who is responsible for data collection on this website?
On this website, data processing is carried out by the website operator. The website operator’s contact details can be found in the section “Information about the controller” in this Privacy Policy.
How do we collect your data?
Your data is collected in part when you provide it to us. For example, this could involve data that you enter in a contact form
Other data is collected automatically by our IT systems or after you provide consent during your website visit. This primarily concerns technical data (e.g. internet browsers, operating system or time of page access). The collection of this data occurs automatically as soon as you visit this website.
For what purposes do we use your data?
Some of this data is collected in order to ensure that the website can be provided without faults. Other data may be used to analyze your user behavior.
What right do you have concerning your data?
You have the right to obtain access to information free of charge regarding the origin, recipient and purpose of your stored personal data. You also have the right to demand rectification or erasure of this data. If you have given your consent to data processing, you can withdraw this consent at any time with future effect. You also have the right to demand the restriction of processing concerning your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with a supervisory authority.
For this purpose as well as concerning other questions about data protection, you can contact us at any time.
Analysis tools and third-party tools
When you visit this website, your browsing behavior may be statistically analyzed. This takes place primarily using analysis programs.
Detailed information about these analysis programs can be found in the following Privacy Policy.
2. Hosting and Content Delivery Networks (CDN)
External hosting
This website is hosted by an external service provider (host). Personal data that is collected on this website will be stored on the host’s servers. This data may include IP addresses, contact requests, metadata and communication data, contract data, contact details, names, website accesses and other data that is generated via a website.
The involvement of a host occurs for the purpose of contract fulfilment for our potential and existing customers (Art. 6 (1)(b) GDPR) and in the interest of secure, rapid and efficient provision of our online platform by a professional provider (Art. 6 (1)(f) GDPR).
Our host will only process your data to the extent necessary in order to fulfil its service obligations, and is bound to follow our instructions with regard to your data. We have concluded a processing agreement with our host.
We use the following host:
Weber eBusiness Service GmbH
Bahnhofstr. 16
72336 Balingen, Germany
3. General notes and mandatory information
Data protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data as confidential and according to the statutory data protection regulations as well as this privacy policy.
When you use this website, various types of personal data are collected. Personal data refers all data that can be used to identify you personally. This Privacy Policy explains which data we collect and what we use the data for. It also explains how and for what purpose this occurs.
We hereby inform you that data transmission on the Internet (e.g. in communication by email) may involve security vulnerabilities. Data cannot be completely protected against access by third parties.
Information about the controller
On this website, the controller for data processing is:
DESKO GmbH
Gottlieb-Keim-Str. 56
95448 Bayreuth, Germany
Phone: +49 (0)921/792790
Email: info@desko.de
Controller means the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses and more).
Duration of storage
Unless a more specific duration of storage is mentioned within this Privacy Policy, your personal data remains with us until the purpose for data processing ceases to apply. If you assert a justified request for erasure or revoke consent to data processing, your data will be erased unless we have different legally permissible grounds for the storage of your personal data (e.g. retention periods under tax or trade law); in the latter case, erasure will occur after these grounds cease to apply.
Legally mandated data protection officer
We have appointed a data protection officer for our company.
DEKRA Assurance Services GmbH
Herr Jürgen Schmidt
Handwerkstr. 15
70565 Stuttgart
Email: datenschutz@desko.de
Note regarding forwarding of data to the USA
We rely on various service providers who supply us with technologies and/or products. Many of these use servers in third countries, that is, outside the European Union or European Economic Area, for which a fundamentally equivalent level of data protection to European data protection laws has not been established by the EU Commission through adequacy agreements. The transfer of personal data involved in this regard must be permissible according to Art. 44 et seq. GDPR. To safeguard the requirements for transfer to third countries, we observe the standard data protection clauses issued by the EU Commission with our service providers who transfer personal data to a third country for which the EU Commission has not established a sufficiently equivalent data protection law.
For some service providers, there are also approved rules of conduct (Binding Corporate Rules – “BCR”) which ensure that European data protection standards are observed in the company. Where these exist, we do not agree on any separate standard contractual clauses with the service providers who are bound by the relevant BCRs. In each case, the BCRs are reviewed by one of the European supervisory authorities for data protection and approved in the individual case.
At the same time, it is possible that the level of data protection in the third country may not correspond to the level in the European Union despite contractual and technical protective measures. For these cases, we ask you if relevant when visiting the website or accessing individual services on your website to provide your consent to the transfer of personal data to your third country in accordance with Art. 49 (1)(a) GDPR.
Particularly when data processing in the USA is intended, or data will be accessible from the USA, the following is relevant: In that country, authorities and intelligence agencies such as the National Security Agency (NSA) may have rights to access and read personal data without our knowledge as a data exporter or without your knowledge as a data subject, and there may not be any suitable legal means to prevent this or take action against such access. However, some of our service providers have committed to exercising and exhausting the legal remedies to which you are entitled under US law against any official access to your data. Some of them also publish transparency reports in which, where legally possible, official requests and responses are listed. Furthermore, in July 2023 the EU Commission approved the “EU-U.S. Data Privacy Framework” (DPF), a new adequacy decision for the transfer of data to the USA; however, this only applies for service providers who agree to observe special rules and legal means for data subjects in the form of self-certification. Whether a provider has been certified under the DPF can be seen on the DPF website under https://www.dataprivacyframework.gov/s/participant-search.
In this Privacy Policy, we mention for individual services whether the transfer of data to a third country is based on the standard contractual clauses, BCR, DPF or other legal bases.
In our Consent Management tool, which is linked in the “Cookies” section of this Privacy Policy, you can find additional information about service providers from third countries which we use, as well as the legal basis and purpose of data transfer. Revoking your consent to data processing
Many data processing operations are only possible with your explicit consent. You may withdraw your consent at any time after giving it. The lawfulness of the data processing that has occurred up until withdrawal will be unaffected by this withdrawal.
Right to object to data collection in particular cases as well as against direct marketing (Art. 21 GDPR)
IF DATA PROCESSING OCCURS ON THE BASIS OF ART. (6) (1) (E) OR (F) OF THE GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO PROCESSING OF YOUR PERSONAL DATA, INCLUDING PROFILING BASED ON THESE PROVISIONS. YOU CAN FIND THE SPECIFIC LEGAL BASIS USED FOR PROCESSING IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NOT CONTINUE TO PROCESS YOUR PERSONAL DATA, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF PROCESSING IS NECESSARY FOR THE ASSERTION, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION IN ACCORDANCE WITH ART. (21) (1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT ADVERTISING, YOU CAN OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES FOR PROFILING INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION IN ACCORDANCE WITH ART. (21) (2) GDPR).
Right to lodge a complaint with a supervisory authority
In the event of breaches against the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, especially in the member state of their habitual residence, workplace or the place of the alleged breach. The right to lodge a complaint exists notwithstanding other administrative or judicial legal remedies.
Right to portability of data
You have the right to receive the personal data concerning you which we have processed based on your consent or to implement the contract in a commonly used and machine-readable format. If you request the direct transmission of this data to another controller, this will only occur if this is technically feasible.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to use as a website operator, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the address line of your browser changing from “http://” to “https://” as well as the lock symbol in your browser line.
If the SSL or TLS encryption is active, data that you transfer to us cannot be read by third parties.
Access, erasure and rectification
Within the framework of the applicable legal provisions, you have the right to receive information free of charge at any time about personal data stored concerning you, its origin and recipients and the purpose of data processing as well as a right to rectification, blocking or erasure of this data. For this purpose as well as concerning other questions about personal data, you can contact us at any time.
Right to restriction of processing
You have the right to demand the restriction of processing concerning your personal data. For this purpose, you can contact us at any time. The right to restriction of processing exists in the following cases:
- If you object to the accuracy of your personal data that we have stored, we generally need time to review this. For the duration of this review, you have the right to demand the restriction of processing concerning your personal data.
- If the processing of your personal data occurs/occurred unlawfully, you can demand restriction of data processing instead of erasure.
- If we no longer require your personal data, but you need the data in order to exercise, defend against or assert legal claims, you also have the right to demand the restriction of processing concerning your personal data instead of erasure.
- If you have filed an objection in accordance with Art. 21 (1) GDPR, we must weigh your interests against ours. Until it has been determined whose interests are overriding, you have the right to demand the restriction of processing concerning your personal data.
If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the assertion, exercise or defense against legal claims, or to protect the rights of another natural or legal person or for reasons of substantial public interest in the European Union or a member state.
Objection to advertising emails
Use of the contact data published in the Legal Information in order to send advertisements and informational materials that have not been expressly requested, is not permitted. The website operators expressly reserve the right to take legal action against unrequested sending of advertising information, for instance spam emails.
4. Collection of data on this website
4.1. Cookies
Our website uses cookies. Cookies are small text files and do not cause any damage to your computer. They are saved on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself, or if your web browser deletes them automatically.
In some cases, cookies from third-party companies may be saved on your end device if you visit our website (third-party cookies). These enable us or you to use specific services of the third-party company (e.g. cookies for handling payment services).
Cookies have various functions. Many cookies are technically required, as certain website functions would not work without them (e.g. the shopping cart function or displaying videos). Other cookies are used to analyze user behavior or display ads.
Cookies that are required for implementing the electronic communication process (required cookies) or for providing specific functions of your choice (functional cookies, e.g. for the shopping cart function) or for optimization of the website (e.g. cookies to measure the website audience) are saved on the basis of Art. 6 (1)(f) GDPR unless a different legal basis is indicated. The website operator has a legitimate interest in the storage of cookies for technically faultless and optimized provision of its services. If consent to the storage of cookies was requested, the relevant cookies are stored exclusively on the basis of this consent (Art. 6 (1)(a) GDPR); this consent can be revoked at any time.
You can change your browser settings so that you will be informed when cookies are set, only allow cookies on a case-by-case basis, accept cookies for specific cases or prevent them as a rule, or activate the automatic deletion of cookies when your browser is closed. When cookies are disabled, the functionality of this website may be limited.
If cookies are used by third-party companies or for analysis purposes, you will be informed separately in this Privacy Policy and your consent will be requested where necessary.
4.2. Contact form
When you send inquiries to us via the contact form, we will process your details from the request form, including the contact details you provided, in order to handle the inquiry and in case subsequent questions arise. We will not forward this data without your consent.
The processing of this data occurs on the basis of Art. 6 (1)(b) GDPR insofar as your inquiry is associated with the performance of a contract or is required in order to carry out measures prior to entering into a contract. In all other cases, the processing is based in our legitimate interest in effective processing of the inquiries that are sent to us (Art. 6 (1)(f) GDPR) or on your consent (Art. 6 (1)(a) GDPR), if this was requested.
We will retain the data you enter in the contact form until you request its erasure, withdraw your consent to storage or once the purpose for data storage ceases to apply. Mandatory legal provisions, in particular retention periods, remain unaffected (e.g. after your request has been fully processed). Mandatory legal provisions, in particular retention periods, remain unaffected.
FRIENDLY CAPTCHA (BOT/SPAM PROTECTION)
Our website uses the "Friendly Captcha" service (www.friendlycaptcha.com).
This service is provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.
Friendly Captcha is an innovative, data protection-friendly protection solution to make it more difficult for automated programs and scripts (so-called "bots") to use our website.
For this purpose, we have integrated a program code from Friendly Captcha into our website (e.g. for contact forms) so that the visitor's end device can establish a connection to the Friendly Captcha servers in order to receive a calculation task from Friendly Captcha. The visitor's end device solves the calculation task, which requires certain system resources, and sends the calculation result to our web server. This contacts the Friendly Captcha server via an interface and receives a response as to whether the puzzle has been solved correctly by the end device. Depending on the result, we can assign security rules to requests via our website and, for example, process or reject them.
The data is used exclusively to protect against spam and bots as described above.
Friendly Captcha does not set or read any cookies on the visitor's end device.
IP addresses are only stored in hashed (one-way encrypted) form and do not allow us or Friendly Captcha to draw any conclusions about an individual person.
If personal data is collected, it will be deleted after 30 days at the latest.
The legal basis for the processing is our legitimate interest in protecting our website from abusive access by bots, i.e. spam protection and protection against attacks (e.g. mass requests), Art. 6 para. 1 lit. f GDPR.
Further information on data protection when using Friendly Captcha can be found at https://friendlycaptcha.com/legal/privacy-end-users/.
4.3. Inquiry via email, phone or fax
If you contact us by email, phone or fax, your inquiry including all personal data derived therefrom (name, inquiry) will be saved and processed for the purpose of responding to your inquiry. We will not forward this data without your consent.
The processing of this data occurs on the basis of Art. 6 (1)(b) GDPR insofar as your inquiry is associated with the performance of a contract or is required in order to carry out measures prior to entering into a contract. In all other cases, the processing is based in our legitimate interest in effective processing of the inquiries that are sent to us (Art. 6 (1)(f) GDPR) or on your consent (Art. 6 (1)(a) GDPR), if this was requested.
We will retain the data you enter in the contact form until you request its erasure, withdraw your consent to storage or once the purpose for data storage ceases to apply. Mandatory legal provisions, in particular retention periods, remain unaffected (e.g. after your request has been fully processed). Mandatory legal provisions, in particular legal retention periods, remain unaffected.
4.4 Usercentrics Consent Management Platform
Date and time of visit; consent or rejection of individual cookies and services as well as device information. The data is saved for 1 year since the last modification of your consent.
In order to obtain and manage consent for the use of cookies and services on our website, we use a service provided by Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich as our contract processor. Consent data is understood to mean the following data: Date and time of visit and consent/rejection, device information. The processing of data occurs for the purpose of compliance with legal obligations (documentation obligation in accordance with Art. 7(1) GDPR) and the associated documentation of consents and therefore on the basis of Art. 6 (1)(c) GDPR. If you have not granted your consent, Art. 6 (1)(f) GDPR is also the legal basis; our legitimate interest in this case is to not show you the form field for obtaining consent every time the website reloads and to ensure convenient usability of our website for you. Local storage is used for the storage of data. The consent data is stored for a period of 1 year. The data is saved in the European Union. You can find more information about the collected data and contact options at https://usercentrics.com/privacy-policy/.
5. Analysis tools and advertising
5.1 Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool which helps us to integrate tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not save any cookies and does not conduct any independent analysis. It is only used for management and provisions of the tools integrated using it. However, Google Tag Manager collects your IP address, which may also be transferred to Google’s parent company in the United States.
The use of Google Tag Manager occurs on the basis of Art. 6 (1)(f) GDPR. The website operator has a legitimate interest in rapid and straightforward integration and management of various tools on the website. If corresponding consent was requested, processing occurs exclusively on the basis of Art. 6 (1)(a) GDPR; this consent can be revoked at any time.
5.2 Google Analytics 4
On this website, we use the services of “Google Analytics”, operated by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or if you have your company headquarters or place of residence in the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Google Analytics uses cookies. Cookies are text files that are stored on your computer which make it possible to differentiate between individual users and individual visits of one user. During your website visit, your user behavior is recorded and saved by Google Analytics in the form of “Events”. The saved events can include: Website access, first visit of the website, start of session, interactions with the website (including scrolling on the page), clicks on external links, internal search requests, interaction with videos, file downloads, viewed/clicked ads as well as language settings. In addition to the events, Google Analytics saves the approximate location (region), the IP address (in anonymized form), technical information about the browser and end device you are using (such as language selection and screen resolution) along with the Internet provide and referrer URL.
Based on the data mentioned above, Google analyzes your use of our website and generates reports about the website activity which help us to analyze your website use.
We only use Google Analytics after receiving your consent, which you may have given us when first visiting this website using our Consent Management Tool. The legal basis for data processing is therefore Art. 6 (1) Sentence 1 (a) GDPR. You may withdraw your consent at any time with future effect. To do so, please contact our data protection officer using the indicated contact details or use the link to manage your consents which you can find in the “Cookies” section of this Privacy Policy. The lawfulness of the data processing that has occurred up until withdrawal will be unaffected by this withdrawal of consent. The data is automatically erased after 14 months.
You can prevent the storage of cookies by changing the browser settings accordingly. In this case, it is possible that you may not be able to use all functions of our website to their full extent.
You have the option to deactivate “Personalized ads” in the settings of your Google account and thus switch off cross-device analysis. To do so, follow the instructions on this page:
https://support.google.com/ads/answer/2662922?hl=de
The legal basis for the transfer of personal data to the USA is either standard data protection clauses established with Google in line with Art. 46 (2)(c) GDPR or an adequacy decision of the EU Commission in line with Art. 45 GDPR, such as the EU-U.S. Data Privacy Framework (DPF) under which Google is certified, which can therefore be invoked as a legal basis for the transfer of data to the USA. You can find more information about this under the contact details listed in Clause 3.
You can find Google’s Privacy Policy under the following link:
https://policies.google.com/privacy?hl=de
You can find Google’s Cookies Policy under the following link:
https://policies.google.com/technologies/cookies?hl=de
5.3 Matomo (formerly Piwik)
This website uses the open source web analysis service Matomo. Matomo uses technologies that enable cross-website recognition of the user for analysis of user behavior (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of this website is saved on our server. The IP address is anonymized before storage.
With the help of Matomo, we are able to collect and analyze data about the use of our website by the website visitors. This enables us to find out information such as when which pages were accessed and from what region this occurred. We also record various log files (e.g. IP address, referred, browser and operating system) and are able to measure whether visitors to our website carry out specific actions (e.g. clicks, purchases etc.).
The use of this analysis tool occurs on the basis of Art. 6 (1)(f) GDPR. The website operator has a legitimate interest in anonymized analysis of user behavior in order to optimize the website as well as marketing. If corresponding consent was requested (e.g. consent to the storage of cookies), processing occurs exclusively on the basis of Art. 6 (1)(a) GDPR; this consent can be revoked at any time.
You have the option of preventing actions which you take here from being analyzed and linked. This will protect your privacy as well as preventing the owner from learning from your actions and improving ease of use for you and other users.
Your visit to this website is currently recorded by Matomo web analysis. Uncheck this checkbox in order to opt out.
IP anonymization
For analysis with Matomo, we use IP anonymization. In this process, your IP address will be truncated before analysis so that it can no longer be attributed clearly to you.
Hosting
We host Matomo with the following third-party provider:
Weber eBusiness Service GmbH
Bahnhofstr. 16
72336 Balingen, Germany
5.4 Google Conversion Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google Conversion Tracking, we and Google can identify whether the user performed specific actions. For example, we can analyze which buttons on our website were clicked with what frequency and which products were viewed or purchased particularly frequently. This information is used to generate conversion statistics. We learn the total number of users who clicked on our ads and which actions they performed. We do not obtain any information with which we could personally identify the user. Google itself only uses identification cookies or comparable recognition technologies.
The use of Google Conversion Tracking occurs on the basis of Art. 6 (1)(f) GDPR. The website operator has a legitimate interest in analysis of user behavior in order to optimize the website as well as marketing. If corresponding consent was requested (e.g. consent to the storage of cookies), processing occurs exclusively on the basis of Art. 6 (1)(a) GDPR; this consent can be revoked at any time.
You can find more information about Google Conversion Tracking in Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.
6. Hubspot Marketing Automation
We use HubSpot as a comprehensive platform for marketing services. This includes, in particular, website tracking, the provision of newsletter forms and the sending of newsletters. The provider is HubSpot Germany GmbH, HubSpot Ireland Limited - One Sir John Rogerson’s Quay, Dublin 2, Ireland. Your data is processed exclusively on servers within the European Union. The legal basis for the processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR and our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in effective customer communication and optimization of our offers. Further information on data processing by HubSpot can be found at: https://legal.hubspot.com/de/privacy-policy
HubSpot cookies and tracking technologies
HubSpot uses cookies and similar technologies to analyze user behavior. These technologies help us to measure the success of our marketing measures and to optimize our offer. Cookies are only set with your active consent via the Consent Management Tool (Usercentrics) and consent for services that fall under the “Marketing” section in Consent Management. The following data is analyzed via the HubSpot tracking pixel IP addresses, device and browser information, pages visited and interactions, timestamp and session duration, referrer URL, geographic locations, form data entered. The retention period for which the collected data is stored is up to 13 months. The data must be deleted as soon as it is no longer required for the specified purposes.
Newsletter dispatch with HubSpot
We use HubSpot to send our newsletter. The data you provide when registering will be stored on HubSpot's EU servers. If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the “Unsubscribe” link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose no longer applies. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
HubSpot uses this information to send and evaluate the newsletter exclusively on our behalf, but not for its own purposes. This processing is based on your consent pursuant to Art. 6 para. 1 lit.a, which can be revoked at any time for the future. HubSpot Inc. has a contract for order processing in which our shipping service provider assures the comprehensive protection of your personal data against unauthorized access or GDPR-compliant data processing in compliance with the protection and rights of the persons concerned.
7. Plugins und Tools
7.1 Online CRM Software System - Salesforce
When you fill out a sales or support request (form) on our website, agree to the data agreement and submit the form, the data you enter in the form is automatically stored in our company's own account with the world's leading cloud-based online CRM (customer relationship management) software system Salesforce (salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany).
We use this service in order to be able to process user inquiries faster and more efficiently (legitimate interest pursuant to Art. 6 para. 1 lit. f. GDPR ).
All stored data is available for use by DESKO alone. Data protection is a high priority at Salesforce and Salesforce is committed to complying with all relevant data protection principles and regulations. Salesforce is certified under the Privacy Shield Agreement and thus offers an additional guarantee of compliance with European data protection law if data is processed in the USA. Salesforce also holds numerous certifications, including from TÜV Rheinland. In addition, Salesforce stores data exclusively on servers in Germany and France.
If users do not agree to the collection of data via and storage of data in the Salesforce cloud system, we offer these users alternative contact options for submitting service requests by email, telephone, fax or post.
Users can find further information in Salesforce's privacy policy: https://www.Salesforce.com/de/company/privacy.
7.2 Webportal Repairline
To process and monitor our repair cases, we use the services of initPRO GmbH (Franz-Mayer-Strasse 1, 93053 Regensburg, Germany) and their Repairline web portal. If you start a repair request on our website in the after-sales support section, you will be redirected to www.repairline.de after selecting your region. We have our own protected customer area on the web portal to which you will be forwarded directly.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest arises from the aforementioned purposes.
In order to process your repair request, you must enter the following data here: serial number of the damaged device, its accessories, error report, customer data (title, name, email, telephone number, street, zip code, city), delivery address and different billing address if desired. All data collected here is for the sole use of DESKO.
If users do not agree to the collection of data via and storage of data in the Repairline web portal, we offer these users alternative contact options for submitting repair inquiries by email (repair@desko.de) or telephone (+49 921 / 79279 -0).
7.3 YouTube
YouTube videos are integrated on our website in such a way that the content is saved on https://www.youtube.com and can be played directly from our website. No data will be transferred to YouTube unless you have consented to showing videos. When you visit our website, YouTube receives the information that you accessed a particular page on our website. The transferred data includes the IP address,
date and time of request, time zone difference from Greenwich Mean Time (GMT), content of request (specific page), access status/http status code, transferred volume of data, the website from which the request comes (referrer), type and version of browser used along with language version used as well as the type and version of the operating system and interface used.
This occurs independently of whether you have a YouTube account and are logged in, or whether you do not have a user account. If you are logged in to Google, your data is attributed directly to your account. If you do not want your profile to be associated with your YouTube visit, you have to log out of YouTube and Google before activating videos on our website.
YouTube saves your data as usage profiles and uses it for the purpose of advertising, market research and/or needs-based design of the website. Such analysis occurs particularly (even for users who are not logged in) to provide targeted advertising and to inform other users on the social network regarding your activities on our website. You have the right to object against the creation of these user profiles; to exercise this right, you must contact Google. The legal basis for the collection and processing of data is your consent in line with Art. 6 (1) Sentence 1 (a) GDPR which you may have provided us when you first visited our website. You may withdraw your consent to data processing at any time after granting it with future effect. To do so, please contact our data protection officer using the indicated contact details or use the link to manage your consents which you can find in the “Cookies” section of this Privacy Policy. The lawfulness of the data processing that has occurred up until withdrawal will be unaffected by this withdrawal of consent.
The legal basis for the transfer of personal data to the USA is either standard data protection clauses established with Google in line with Art. 46 (2)(c) GDPR or an adequacy decision of the EU Commission in line with Art. 45 GDPR, such as the EU-U.S. Data Privacy Framework (DPF) under which Google is certified, which can therefore be invoked as a legal basis for the transfer of data to the USA. You can find more information about this under the contact details listed in Clause 1.
You can find Google’s Privacy Policy under the following link:
https://policies.google.com/privacy?hl=de
You can find Google’s Cookies Policy under the following link:
https://policies.google.com/technologies/cookies?hl=de
7.4 Google Web Fonts (local hosting)
For uniform display of typefaces, this website uses Web Fonts, a service provided by Google. Google Fonts are installed locally. No connection is established with Google servers in the process.
You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
7.5 Gstatic
On our website, we use the Gstatic service provided by the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, Email: support-deutschland@google.com, Website: http://www.google.com/. Gstatic is a background service used by Google to retrieve static content in order to reduce bandwidth use and load required catalog files in advance. In particular, the service loads background data for Google Fonts and Google Maps.
In the course of contract processing, personal data may be transferred to the servers of the company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. The certification under the EU-US Data Privacy Framework can be accessed at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.
The legal basis for the processing of personal data is your consent in accordance with Art. 6 (1)(a) GDPR which you provided on our website.
You may withdraw your consent at any time. You can find more information about withdrawing consent either from the consent request itself or in this Privacy Policy.
You can find more information about how the transmitted data is handled in Google’s Privacy Policy, which you can find at the following link:
https://policies.google.com/privacy?hl=de
Google also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.
8. Ecommerce and payment providers
Data processing (customer and contract data)
We collect, process and use personal data only if this is required for establishing, arranging the content or modifying the legal relationship (inventory data). This processing is based on Article 6 (1)(b) GDPR, which allows data processing for the performance of a contract or the implementation of pre-contractual measures. We only collect, process and use personal concerning the use of this website (usage data) if this is necessary in order to enable or bill the user for using the service.
The collected customer data is erased after the termination of the contract or the end of the business relationship. Legal retention periods remain unaffected.
9. Audio and video conferences
9.1 Data processing
For communication with our customers, we use online conference tools in part. The specific tools we use are listed below. If you communicate with us over the Internet via video or audio conference, your personal data will be collected and processed by us and the provider of the specific conference tool.
The conference tools collect all data which you provide/enter in order to use the tool (email address and/or your phone number). Furthermore, the conference tools process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other “context information” associated with the communication process (metadata).
In addition, the tool provider processes all technical data that is required for managing online communication. In particular, this encompasses IP addresses, MAC addresses, advice IDs, device type, operating system type and version, client version, camera type, microphone or speaker as well as type of connection.
If content is exchanged, uploaded or provided in another way within the tool, this is also saved on the servers of the tool provider. Such content particularly includes cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information that is shared while using the service.
Please note that we do not have full influence over the data processing operations for the tools that are used. Our options are determined predominantly by the company policy of the specific provider. You can find more information about data processing with the conference tools from the data protection information concerning the specific tools that we have listed below this text.
Purpose and legal bases
The conference tools are used to communicate with prospective or existing contract partners or to offer particular services to our customers (Art. 6 (1) Sentence 1 (b) GDPR). Furthermore, the tool is used for general simplification and facilitation of communication with us and our company (legitimate interest within the meaning of Art. 6 (1)(f) GDPR). If consent was requested, the use of the corresponding tools is based on this consent; this consent can be withdrawn at any time with future effect.
Duration of storage
The data collected directly by us using the video and conference tools will be deleted from our systems once you request its erasure, withdraw your consent to storage or once the purpose for data storage ceases to apply. Saved cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected.
We have no influence regarding the duration of storage of your data which is saved by the operators of the conference tools for their own purposes. For details in this regard, please request information directly from the operators of the conference tools.
9.2 Conference tools used
We use the following conference tools:
TeamViewer
We use TeamViewer. The provider is TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göppingen, Germany. You can find details regarding data processing in TeamViewer’s Privacy Policy: https://www.teamviewer.com/de/datenschutzerklaerung/.
Microsoft Teams
We use Microsoft Teams. The provider is the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. You can find details regarding data processing in the Privacy Policy for Microsoft Teams: https://privacy.microsoft.com/de-de/privacystatement.
10. Internal services
Handling applicant data
We offer you the option of applying for a job with us (e.g. by email, mail or online applicant form). In the following, we will inform you about the scope, purpose and use of your personal data collected during the application process. We ensure that the collection, processing and use of your data occurs in line with applicable data protection laws and all other legal provisions and that your data is treated as strictly confidential.
Scope and purpose of data processing
If you send us an application, we process your related personal data (e.g. contact and communication data, application documents, notes in the context of interviews etc.) as long as this is necessary in order to make a decision concerning the establishment of an employment relationship. The legal basis for this is Section 26 BDSG new pursuant to German law (taking steps to establish an employment relationship), Art. 6 (1)(b) GDPR (general steps taken prior to establishing a contract) and – if you have given your consent – Art. 6 (1)(a) GDPR. This consent can be withdrawn at any time. Your personal data is forwarded within our company exclusively to people who are involved in processing your application.
If your application is successful, the data you provided will be stored in our data processing systems on the basis of Section 26 BDSG new and Art. 6 (1)(b) GDPR for the purpose of implementing the employment relationship.
Duration of data retention
If we are unable to offer you a job, you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6 (1)(f) GDPR) for up to 6 months after the end of the application process (rejection or withdrawal of application). Afterwards, the data will be erased and the physical application documents will be destroyed. In particular, retention serves the purpose of providing evidence in the event of a legal dispute. If it is evident that the data will be necessary after the end of the 6-month period (e.g. due to threatened or pending legal dispute), this will only be erased when the purpose for further retention has ceased to apply.
Retention for longer periods may also occur if you have given corresponding consent (Art. 6 (1)(a) GDPR) or if statutory retention obligations prevent erasure.
Disclaimer: This is a translation of terms and conditions originally written in German. In the event of legal proceedings, the original German terms and conditions apply, as does German law.
