Data Privacy Statement
We take the protection of your personal data very seriously, and observe the data protection provisions of the European Union General Data Protection Regulation (GDPR), which came into force on 25 May 2018. Below we want to provide you with information about how we handle your data.
This Data Privacy Statement will explain to you the nature, scope and purpose of the processing of personal data (referred to below in brief as “data”) within our website. We refer you to the definitions in Art. 4 of the General Data Protection Regulation (GDPR) in respect of the terms used, such as “processing” or “controller”.
Name and address of the controller
The person in charge within the meaning of the General Data Protection Regulation and other national data protection laws of the member states, and other data protection regulations, is:
Cido Research GmbH
Managing Directors: Michael Krämer, Markus Albrecht
Phone number: 02501 802 0
Fax number : 02501 802 100
Email address: firstname.lastname@example.org
Appointment of a data privacy officer
The data privacy officer at Cidoresearch GmbH is Silke Schulte-Uhr. Her task is to ensure that personal data are properly handled and protected.
Phone: +49 2501 802-207
General information about data processing
Extent of the processing of personal data
We strictly only collect and use personal data from our users insofar as this is necessary to provide a functional website and our content and services. The personal data of our users are collected and used regularly only after the user has consented. An exception applies in cases in which for factual reasons it is not possible to obtain their consent in advance and the processing of the data is permitted by legal provisions.
Legal basis for processing
Insofar as we obtain the data subject’s consent to the processing operations for personal data, Art. 6 Para. 1 (a) of the General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
For the processing of personal data that is necessary for the performance of a contract where the data subject is a party to the contract, Art. 6 Para. 1 (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 Para. 1 (c) GDPR serves as the legal basis.
If the processing is necessary for the protection of a legitimate interest of our company or a third party, and if the interests, basic rights and basic freedoms of the data subject do not override the first-mentioned interest, Art. 6 Para. 1 (f) GDPR serves as the legal basis for such processing.
Data deletion and data storage period
The personal data of the data subject are deleted or blocked in accordance with Art. 17 and 18 GDPR as soon as the purpose of storage no longer applies and no legal retention obligations oppose such deletion. If the data are not deleted because they are necessary for other purposes that are legally permitted, the processing of the data will be restricted, i.e. the data will be blocked and not processed for other purposes. This applies for example to data that has to be retained for reasons of commercial or tax law.
In accordance with the legal requirements in Germany, such retention takes place for 6 years in accordance with Section 257 Para. 1 HGB [Commercial Code] (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records, etc.) and for 10 years in accordance with Section 147 Para. 1 AO [Fiscal Code] (books, records, management reports, accounting records, commercial and business letters, documents of relevance for taxation, etc.).
Administration, financial accounting, office organisation, contact management
We process data within the context of administrative activities and the organisation of our business, financial accounting and compliance with our statutory duties, such as archiving. For this we process the same data as we process within the context of providing our contractual services. The bases of processing are Art. 6 Para. 1 (c) GDPR, Art. 6 Para. 1 (f) GDPR. This processing applies to customers, prospective customers, business partners and website visitors. The purpose of and our interest in such processing lie in the administration, financial accounting, office organisation and data archiving, in other words tasks that serve for maintaining our business activities, performing our duties and providing our services. The deletion of the data in respect of contractual services and contractual communication corresponds to the details mentioned in respect of these processing activities.
In this context we disclose or transmit data to the tax authorities, advisers such as tax advisers or auditors, and other payment offices and payment service providers.
Automated collection, processing and use of data
- Visits to our website
When you visit our website, only those data that are sent by your browser are automatically recorded. These are the following data:
- IP address of the enquiring computer
- Date and time of access
- Name and URL of the data retrieved
- Data volume transmitted
- Notification of whether the retrieval was successful
- Browser used and operating system
- Website from which the access takes place
- Name of your Internet access provider
These data are recorded for the following purposes:
- Enabling the use of our web pages (establishing a connection)
- System security
- Technical administration of the network infrastructure
- Optimisation of our Internet offering
After the use of our website has ended, these data are stored only to improve the quality of our services. These data do not permit any conclusion as to your identity.
Legal basis for recording these data:
- The legal basis for the temporary storage of the data and logfiles is Art. 6 Para. 1 (f) GDPR.
After you finish using our web pages, these data will only be stored in order to improve the quality of our services. These data do not permit any conclusion as to your identity.
- Making contact via the contact form
- When interested persons first contact us, contact details such as their name and email address are recorded.
These data are recorded for the following purposes:
- For you to make contact with us.
Legal basis for recording these data:
- The legal basis for processing and answering initial enquiries is Art. 6 Para. 1 (a) and (b) GDPR.
- The data will be deleted as soon as they are no longer required for achieving the purpose for which they were recorded.
These personal data will be deleted immediately after a withdrawal of consent.
Collection, processing and use of personal data after express consent
In addition, personal data are only collected, processed and used if you have issued your express consent to this, Art. 6 Para. 1 (a) BDSG [Federal Data Protection Act]. No use beyond this or disclosure to third parties will take place. We will ask you for your consent in the case below:
If you wish to subscribe to our newsletter, for this we require at least your email address to which the newsletter is to be sent. Further personal information is only optional in connection with sending the newsletter.
To register you for our newsletter service we use the so-called “double opt-in process”. This process requires the respective user to confirm their registration for our newsletter service by clicking on a link contained in an email we send to them after they have registered for our service to the address they have provided for this. The registration and confirmation are logged. This method aims to prevent unauthorised persons registering for our newsletter service by using another person’s email address.
You can retract any consent you have issued at any time with future effect. Please use the unsubscribe function in our newsletters for this.
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”)
You can prevent the acquisition of data by Google Analytics by clicking on the following link. An opt-out cookie will be placed on your browser that will prevent future collection of your data when you visit this website: deactivate Google Analytics.
Our website uses social plugins (“plugins”) from the social networks facebook.com, google.com (Google+), twitter.com, instagram.com, pinterest.com and LinkedIn (also referred to jointly below as “the providers”). The plugins are identified by the corresponding logos of the providers.
When you access our web pages, your browser establishes a direct connection with the providers’ servers. Through the integration of the plugin, the providers receive at least the information that you have accessed the website concerned, and as the case may be also further information depending on the respective plugin or service. If you are registered with and logged in with the respective provider, this provider can allocate your visit to your user account with them. If you interact with the plugin, for example by using the Facebook “Like” button or making a comment, the corresponding information will be transmitted directly from your browser to the provider and stored there, and also further processed if applicable.
You can find details of the purpose and scope of such data collection and the further processing and use of the data by the respective provider, and also your rights in this respect and options for adjusting the settings to protect your privacy, from the respective providers‘ data privacy statements:
Cooperation with commissioned processors and third parties
If within the context of our processing we disclose data to other persons and companies (commissioned processors or third parties), transmit data to them or grant them access to data otherwise, this only takes place on the basis of legal permission (e.g. if it is necessary to transmit the data to third parties or to payment service providers for the performance of a contract in accordance with Art. 6 Para. 1 (b) GDPR), if you have consented to this, if this is provided for by a legal obligation or on the basis of our legitimate interests (e.g. when using agents, web hosting provider, etc.).
If we instruct third parties to process data on the basis of a so-called “commissioned data processing agreement”, this takes place on the basis of Art. 28 GDPR.
Transmission to third countries
Insofar as we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this takes place within the framework of using the services of third parties or the disclosure or transmission of data to third parties, this only takes place if this is for the performance of our (pre-)contractual duties, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to any statutory or contractual permissions, we process data or have data processed in a third country only when the particular requirements of Art. 44 ff. GDPR are met. In other words, this processing takes place for example on the basis of particular guarantees, such as the official recognition that a level of data protection is achieved which corresponds to that of the EU (e.g. for the USA via the “Privacy Shield”) or when officially recognised special contractual obligations are observed (so-called “standard contractual clauses”).
Data subject’s right to information
In accordance with Art. 15 GDPR you have the right to ask for confirmation as to whether respective data are processed and information about these data, as well as to further information and copies of the data.
Right to correction
In accordance with Art. 16 GDPR you have the right to ask for the data concerning you to be completed, or the incorrect data concerning you to be corrected.
Right to deletion (“right to be forgotten”)
In accordance with Art. 17 GDPR you have the right to ask for data concerning you to be deleted immediately, or alternatively in accordance with Art. 18 GDPR for the processing of such data to be restricted.
Right to restriction of processing
In accordance with Art. 18 GDPR you have the right to restriction of the processing of your data.
Right to data portability
In accordance with Art. 20 GDPR you have the right to ask to receive the data concerning you that you have provided to us. Furthermore you can request that these data be transmitted to other controllers.
Right to complain to a supervisory authority
In accordance with Art. 77 GDPR you have the right to submit a complaint to the competent supervisory authority.
Right to withdraw consent
In accordance with Art. 7 Para. 3 GDPR you have the right to withdraw consents you have issued with future effect.
Right of objection
In accordance with Art. 21 GDPR you have the right to object at any time to the future processing of the data concerning you.
Phone +49 2501 802-207