Each time our website is accessed, the following personal data is automatically collected by the web server from the system of the accessing computer or the user’s terminal device:

• Date and time of retrieval
• Surname of the retrieved file and the amount of data transmitted
• Browser type/version
• Operating system used by the user’s terminal device
• Referrer (URL of the previously visited page)
• IP address of the user’s terminal device

The legal basis for the requisited technical processing is Art. 6 (1) lit. f GDPR. Insofar as your IP address, the set language, the user-agent string with browser and operating system and its version, as well as the address of the accessed website are transmitted, then this processing is strictly required in accordance with § 25 (2) Nr. 2 TDDDG.

The data is deleted as soon as it is no longer required for the purpose for which it was collected, i.e. the session is ended or, if log files are stored, after 30 days.

You can contact us via a wide variety of channels. We process different personal data about you depending on which channel you use. 
The following channels are available for you to contact us: Telephone, fax, post, e-mail, contact form website, chat  or via the ‘Report security incident’ notification form.
We collect the content data of your request, regardless of which channel you use to contact us. In addition, depending on the contact channel used, we collect further personal data required to answer your request in a customer-friendly and competent manner via the channel you have chosen. 
If you contact us by post, this would be the postal address with the date of receipt. In the case of telephone or fax contact, the telephone or fax number and the date and time of contact. If you contact us by e-mail and contact form, the e-mail address, date and time of receipt of the e-mail are recorded. 

This data processing takes place on the basis of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR in order to be able to answer your request promptly and completely. Insofar as a contractual relationship results from your request, we process the data in accordance with Art. 6 (1) lit. b GDPR for the initiation and execution of the contract.

If your personal data listed above is no longer required to achieve the purpose of answering your request, it is deleted. As a rule, this is always done as soon as the contact request has been fully answered or it is clear from the circumstances that the associated facts have been clarified and the request has therefore been settled. We assume that a matter has been settled for you if you have not responded to our query regarding the contact within one year or have not contacted us again in this regard. 
We may store your personal data from the contact for quality assurance purposes. In this case, however, it is deleted no later than 3 years after answering/settling your request. Otherwise, all personal data is deleted immediately, unless it must be retained due to documentation obligations. If there was a contractual relationship and this resulted in tax retention obligations, the tax-relevant personal data is stored for 10 years.

As the data subject, you are entitled to assert your rights against the responsible controller. You can use the contact details provided under this Point 1.2 or send an e-mail to datenschutzbeauftragter@cenit.com by e-mail.  You are entitled to object to data processing and state your interest in not having your data processed and, if you have granted your consent, to revoke your consent at datenschutzbeauftragter@cenit.com. More information on your rights as a data subject is available here.

We offer you the opportunity to create and register a user account on our website at support.cenit.com in order to obtain the information and downloads you require on our products and services. Personal data is entered by you in the input mask, transmitted to us and stored by us. Your data is not transmitted to third parties. 

The following data is collected as part of the registration process: 
User name, first name, last name, e-mail address, title, telephone, fax, company, country, city
The following data is collected as part of the login process: 
Username, password, date and time of login

Any data you have already provided is merged with the master data in our CRM.
The legal basis for the above-mentioned data processing is the fulfilment of the contract or the fulfilment of pre-contractual measures with you in accordance with Art. 6 (1) lit. b GDPR in order to provide you with the products and services you require for your own support via MyCENIT. 

Your above-mentioned data is deleted as soon as the purpose of the data processing has been achieved. This is the case if the data is no longer required for the fulfilment of pre-contractual measures and for the fulfilment of the contract. There are exceptions to this, however, such as legal obligations to document and store data for tax purposes. Tax regulations may require that data be stored for a period of up to 10 years after the contract has been terminated. In addition, the user has the option of modifying the data in MyCENIT in self-service, up to and including closing the account, which deletes the personal data, with the exception of the data relevant for tax purposes. 
Log files for login are stored for security reasons in accordance with Art. 6 (1) lit. f GDPR for 30 days and then deleted. 

As the data subject, you are entitled to assert your rights against the responsible controller. You can make use of the contact details provided under Point 1.2 or send an e-mail to datenschutzbeauftragter@cenit.com. More information on your rights as a data subject is available here.

You can subscribe to individual newsletters on our website for various products, services, webinars and events. We use these to inform you about products (e.g. announcements and discontinuations, changes), services, promotions and developments 

• of CENIT AG,
• of its subsidiaries, see https://www.cenit.com/insights/about-us

The content of the individual newsletters is described as part of the registration process. 
If you register for a newsletter, the following personal data is collected, stored and processed by us: Referrer URL, date and time of access, description and type of browser used, IP address of the requesting computer: pseudonymized), e-mail address, date and time of the order.

We use the so-called double opt-in procedure for newsletter registrations to ensure that no mistakes have been made when entering the e-mail address and that you have actually requested the newsletter. After your registration, we send you an e-mail with a confirmation link to the e-mail address you provided and ask you to confirm your newsletter order, including the e-mail address used. Your e-mail address is only added to the mailing list when you click on the confirmation link. If you do not confirm your registration, your information is automatically deleted after 30 days. 

Your e-mail address is mandatory for receipt of the newsletter. The provision of further data is voluntary: This voluntary data is used to address you personally. After your confirmation, we store your e-mail address for the purpose of sending you the newsletter and until you revoke your consent. We also store your IP address used at the time of registration, the time of registration in order to be able to verify your registration and, if necessary, to clarify any misuse of your personal data. This data is stored until you unsubscribe.
If you subscribe to one of our newsletters, we evaluate your user behaviour during the subscription period in order to better adapt our offer to the needs of our readers. We use Microsoft Dynamics for this purpose and record the following data: Data on mail dispatch, delivery status and opening as well as further page views and form submissions.

The legal basis for the sending of the respective newsletter and its evaluation is your previously voluntary, informed consent, which you have granted us in accordance with Art. 6 (1) sentence 1 lit. a GDPR and which can be revoked at any time free of charge.

You can revoke your consent to the sending of the tracked newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the unsubscribe link provided in every newsletter e-mail or by sending an e-mail to datenschutzbeauftragter@cenit.com.
When you unsubscribe from the newsletter, your data relating to the newsletter subscription is deleted.

As the data subject, you are entitled to assert your rights against the responsible controller. You can make use of the contact details provided under Point 1.2 or send an e-mail to datenschutzbeauftragter@cenit.com.  More information on your rights as a data subject is available here.

We offer you the opportunity to register for events on our website. Participation in an event, whether online or on-website, is subject to you entering the personal data required for registration in an input mask. The data is then transmitted to us when you confirm the registration and processed for the organization and implementation of the event. After each event, we contact you once to ask for your feedback and provide you with further information on our products and services. 

If you register for a free on-website event without certification, we process your contact details, surname, first name, e-mail address, company and any other optional data you enter when registering.

If you register for a paid on-website event with certification, we process your contact details, surname, first name, company, billing and home address in order to be able to send you the certificate to your personal address afterwards. 

If you register for a paid online event without certification, we process your e-mail address, surname, first name and company,

We may pass on your personal data to a provider of computer-based tests at certification events and, if necessary, to a service provider who operates the web meeting for us. The respective provider has been carefully selected by us, works in accordance with our instructions and has been contractually bound to confidentiality. We may also receive feedback from the provider on the tests/attendance so that we can issue the certificate for you. We name the respective provider in the information on the event; if we use providers from third countries, the EU standard contractual clauses, a transfer impact assessment if necessary, and additional technical and organizational measures have been taken with them. If we use service providers, you are informed of this in accordance with data protection regulations when you register.

The legal basis for this is Art. 6 (1) sentence 1 lit. b GDPR. We process the data for as long as is necessary to fulfil the contract, usually up to three years for quality assurance reasons. Only those documents which are relevant for tax purposes are stored for 10 years. 

As the data subject, you are entitled to assert your rights against the responsible controller. You can make use of the contact details provided under Point 1.2 or send an e-mail to datenschutzbeauftragter@cenit.com.  More information on your rights as a data subject is available here.

We offer you the opportunity to subscribe to white papers on our website. To register for the whitepaper subscription, we ask you to provide us with your personal data (e-mail address, surname, first name, company, country) as contractual consideration in order to be able to contact you with our responsible country-specific sales and distribution department in relation to the product and service you have selected for the whitepaper. Click here for our National companies. You receive the access link to the whitepaper after you have confirmed your e-mail address. 
This data is collected in accordance with Art. 6 (1) lit. b GDPR as contractual consideration for the whitepaper subscription. 

If you do not wish to be contacted after receiving the whitepaper from us and our national companies, please inform us at any time using the contact details under Point 1.2 or by e-mail at datenschutzbeauftragter@cenit.com. 

The notice you provide is retained for three years after the date of notification for documentation purposes.

Our website also offers the option of sending us information under the Whistleblower Protection Act. We have set up a Whistleblowing hotline for this purpose. Further information on data processing in the context of the whistleblowing procedure is available here.

Certain processing operations, such as customer support and shared services IT operations, are carried out by companies within the CENIT Group. In these cases, data may be transferred within the CENIT Group. This is done on the basis of a data processing agreement. 

If we pass on your data to recipients based outside the European Union or the European Economic Area, the data transfer is based on an adequacy decision by the EU Commission or on suitable safeguards, in particular the EU Commission's standard contractual clauses pursuant to Art. 44 ff GDPR, including a transfer impact assessment and supplementary technical and/or organisational measures, where necessary. 

We use a host to operate the website, which is provided by a company of the CENIT Group, KEONYS, 24 Qua Galieni, Bat A, 2e etage, 92158 Suresnes Cedex.

If we use subcontractors to provide our services, we take appropriate legal and contractual precautions as well as technical and organisational measures to protect personal data in accordance with the applicable legal provisions.

We use cookies and other technologies on our website (both hereinafter referred to as cookies). Some of these are technically essential (necessary) for the provision of the website and its functions or for the storage of and access to information in the terminal equipment and then do not require consent in accordance with § 25 (2) TDDDG and, in the case of personal data, in accordance with Art. 6 (1) (f) GDPR. You are, however, entitled to object to this processing (see the “Objection” section in this document). If you do so, it is possible that the functionalities of our website are no longer fully available. You are free to express your objection in writing by sending an e-mail to datenschutzbeauftragter@cenit.com or by revoking your consent or to object for example in the Cookie Consent Banner.

For the use of all other cookies to determine preferences, statistics and marketing purposes, we separately obtain your voluntary, active consent in accordance with Art. 6 (1) lit. a, 49 (1) lit. a GDPR in conjunction with § 25 (1) TDDDG in order to personalize content and advertisements, to offer functions for social media and to analyze access to our website or to be able to read information on the end device. This also includes the third-party providers used from countries outside the EU/EEA in which there is no level of data protection equivalent to that in the EU, which may restrict your rights (e.g. enforcement of rights). Some partners merge your personal data with other data that you have provided, e.g. in personal accounts or that is collected when using the partner services; we also obtain your consent for this.

You are free to revoke your consent at any time for the future without any disadvantage for you, whereby the data processing up to the revocation remains unaffected by this. If you do not give your consent, you suffer no disadvantage as a result; only individual functions of the website may not be available. 

Detailed information on cookies with the option of granular consent/rejection/revocation of individual cookies is available on the page Cookie declaration. Or click on the question mark after you have clicked the Individual settings button in the Consent banner. 
We make no use of automated decision-making or profiling. Further information, including on your rights, in particular to revoke your consent and to object to data processing on the basis of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR, is available in the Privacy policy notice under Data subject rights, Point 23.

Cookie Consent CCM 19

Our website uses the cookie consent technology ‘CCM19’ to obtain your consent for cookies and cookie-based applications that require consent and to document this in accordance with data protection regulations. This technology is provided by Papoo Software & Media GmbH - Dr. Carsten Euwens. Bornschein, Auguststr. 4, 53229 Bonn (hereinafter referred to as CCM19), with whom we have a data processing agreement.
When you visit our website, a banner is displayed via the integration of a corresponding JavaScript code, which you can use to give your consent for certain cookies and cookie-based applications. We obtain consent for this processing in accordance with Section 25 (1) TDDDG. As long as you do not give your consent, the aforementioned cookie consent tool blocks the setting of cookies that require consent. When you visit our website, the aforementioned cookie consent tool collects certain user information, including the IP address, so that page views can be assigned to individual users and, on the other hand, the consent settings made by the user can be individually recorded, logged and stored for the duration of a session. The cookie collects the following information:
•    Log file
•    Browser used by the user
•    Time stamp of consent, 
•    Processor ID and 
•    Controller ID

This data is not passed on to CCM19.
The data collected is stored until you request us to delete it, delete the CCM19 cookie yourself, or the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected.
CCM19 cookie consent technology is used to obtain the legally required consent for the use of cookies and cookie-based applications that require consent. The legal basis for this is Art. 6 (1) (c) GDPR and, for the setting of the CCM 19 cookie, consent in accordance with Section 25 (1) TDDDG.
Further information on data use by CCM19 is available at https://www.ccm19.de/datenschutzerklaerung.html .

You can also prevent cookies from being set by adjusting the settings under the ‘Privacy and Security’ menu item in the browser you are using. The exact procedure depends on the browser you are using. Please refer to their websites for more information. 

If you have granted your consent, the anonymized version of Google Analytics 4, a web analysis service of Google LLC, is used on this website. The responsible provider for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

11.1 Scope of processing

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and truncated there in exceptional cases. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data, but the information collected by means of cookies about your user behaviour is usually transmitted to a server in the USA and stored there.

The following data is recorded:

• Page views
• First visit to the website
• Start of the session
• Your “click path”, interaction with the website
• Scrolls (whenever a user scrolls to the end of the page (90%))
• Clicks on external links
• Internal search queries
• Interaction with videos
• Viewed / clicked ads

Also recorded:

• Your approximate location (region)
• Your IP address (in abbreviated form)
• Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
• Your internet provider
• The referrer URL ((the website/advertising medium used to reach this website)

Technical data; operating system used, browser type, browser version, device, date and time of access, are processed for the purpose of evaluating user behaviour.
The following behaviour-related data formsubmit, form submissions, contact form, newsletter registrations are processed.

In addition, we use Google Analytics 4 Audiences to collect specific group characteristics of users who exhibited similar characteristics and behaviours to those we defined. We have also established a link to Google Optimize in order to tailor the individual user experience to specific ads and keywords.  

11.2 Purposes of the processing

Google uses this data to evaluate your use of the website and to compile reports on website activity. 
The Google Analytics advertising functions implemented on this website include: 

• Reports on impressions in the Google Display Network;
• Google Analytics reports on performance by demographics and interests
• Integrated services for which data is collected in Google Analytics for advertising purposes, including the collection of data via cookies for ad preferences and anonymous identifiers 

11.3 Recipient

Recipients of the data are
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR), Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
The parent company of Google Ireland, Google LLC, is based in California, USA and is certified under the Transatlantic Data Privacy Framework. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be excluded. 

11.4 Storage period

The data sent by us and linked to cookies is automatically deleted after 14 months. Data that reaches the end of its retention period is automatically erased once a month.

11.5 Legal basis

The legal basis for this data processing is your consent in accordance with Art. 6 (1) sentence 1 lit. a, 49 (1) lit. a GDPR and § 25 (1) TDDDG.

11.6 Revocation

You can revoke your consent at any time with effect for the future by changing your cookie settings HERE and changing your selection there. The legality of the processing undertaken on the basis of the consent until the revocation remains unaffected.
Alternatively, you can prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may limit the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) as well as the processing of this data by Google by

1. not giving your consent to the setting of the cookie or
2. by setting the corresponding cookie
3. Download and install the browser add-on to deactivate Google Analytics HERE.

More information on the terms of use of Google Analytics and data protection at Google at marketingplatform.google.com/about/analytics/terms/de/ and at

https://policies.google.com. More information on data protection at Google at https://policies.google.com/privacy.

If you have granted your consent, we use the Google Tag Manager of the provider Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The responsible provider for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

This is a tag management system for managing JavaScript and HTML tags, which is used for the implementation of tracking and analysis tools. The Google Tag Manager itself does not collect any personal data. The Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements that are used, among other things, to measure traffic and visitor behaviour, record the impact of online advertising and social channels, set up remarketing and targeting, and test and optimize websites. If you have made a deactivation, this deactivation is taken into account by Google Tag Manager.
 

Recipients of the data are:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR), Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA 

This service may process data outside the European Union and the European Economic Area (EEA) and transfer it to a country that does not offer an adequate level of data protection. There is currently an adequacy decision with the USA and Google is certified under the Transatlantic Data Privacy Framework.  If the data is transmitted to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you having any legal recourse.

The legal basis for data processing using Google Tag Manager is Art. 6 (1) lit. a, 49 (1) lit. a GDPR and § 25 (1) TDDDG with regard to the setting of tags in the user’s end device and the comparison of cookies with the Google Tag Manager domain. The data collected (IP address) is analyzed using the following tool.  We have no influence on the data processing by Google Tag Manager and do not know how the data is used. 

You have the option of revoking your consent with effect for the future by changing your settings HERE. The legality of the data processing until the revocation remains unaffected.
For more information on Google Tag Manager, see: https://www.google.com/intl/de/tagmanager/use-policy.html

13.1 Google Ads Conversion

We use the Google Ads Conversion service to draw attention to our offers with the help of advertising material (so-called Google Ads) on external websites. This is an online advertising program from Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The responsible provider for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
A different cookie is assigned to each Ads customer. Cookies cannot be tracked via the websites of Ads customers When you click on an ad or visit our website, Google places a cookie on the user’s computer. This cookie has a duration of 30 days. The information collected by the respective cookie (date and time of the visit; IP address; referrer URL; browser type; browser language; cookie ID; user behaviour; ads clicked on; web request) is used to be able to address the visitor specifically in a subsequent search query. Further information on the cookie technology used can also be found in Google’s notes on website statistics and in its privacy policy. This technology provides Google and us, as the customer, with information about the fact that a user has clicked on an ad and been redirected to our website. The information obtained in this way is used exclusively for statistical analysis to optimize advertising. No information is received that enables visitors to be personally identified. Your IP address is transmitted to Google if you have granted us your prior consent. We use IP masking provided by Google. The statistics provided to us by Google include the total number of users who click on one of our ads and, if applicable, whether they are redirected to a page on our website with a conversion tag. These statistics enable us to determine which search terms are most often clicked on in our ad and which ads lead to users contacting us via the contact form. 
The integration of Adwords Conversion means that Google receives the information that you have accessed a specific part of our website or clicked on one of our ads. If you are registered with Google, Google associates you with your account. This also applies if you are not registered or logged into the account. Google may be able to ascertain the IP address and thereby identify you.

Insofar as data is processed outside the EU/EEA, where there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish a secure level of data protection and have taken further supplementary contractual, organizational and technical measures, whereby Google is certified in accordance with the Data Privacy Framework.

More information on data protection in the context of Google Ads at https://policies.google.com/technologies/ads and https://policies.google.com/privacy.

If you do not want your visit to be included in the user statistics, you can prevent this by preventing the storage of the cookie required for these technologies, for example via the settings of your browser or by deactivating the cookies for conversion tracking (www.google.de/settings/ads) or by self-regulating “About Ads” http://www.aboutads.info/choices  whereby this selection is deleted if you delete the cookies or manage the cookies https://policies.google.com/technologies/cookies#managing-cookies. 

You also have the option of using the Ad settings to select the types of Google ads or to deactivate interest-based ads on Google. Alternatively, you can deactivate the use of cookies by third-party providers by using the Deactivation help of the network advertising initiative to deactivate cookies.

However, we and Google continue to receive statistical information about how many users have visited this website and when. If you do not wish to be included in these statistics, you can prevent this with the help of additional programs for your browser (e.g. with the Ghostery add-on).

Data is only collected and stored with your express consent in accordance with Art. 6 (1) sentence 1 lit. a) 49 (1) lit. a GDPR, in conjunction with § 25 (1) TDDDG for the setting of cookies in the end device for conversion optimization, analysis of your customer behaviour in order to provide you with personalized product and service information. You can revoke your consent at any time for the future in the cookie consent banner or footer under cookie settings by changing your settings there. This does not affect the lawfulness of the data processing undertaken until the revocation.

13.2 Google Ads Remarketing

We use the remarketing function within the Google Ads service if you have previously granted us your consent for this, including for the transfer of data to the USA, for the use of cookies in the cookie consent banner. With the remarketing function, we can offer users of our website advertising on other websites within the Google advertising network (in Google Search or on YouTube, so-called“Google Ads” or on other websites) based on their interests. For this purpose, the interaction of users on our website is analyzed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to users on other websites even after they have visited our website. For this purpose, Google stores cookies on the end devices of users who visit certain Google services or websites in the Google Display Network. These cookies are used to record the visits of these users. Cookies are used to uniquely identify a web browser on a specific end device and not to identify a person. More information about cookies is available here: policies.google.com/technologies/types

Google Ads Remarketing allows you to be shown our advertisements when you subsequently use the internet after visiting our website. This is done by means of cookies stored in your browser, which are used by Google to record and evaluate your usage behaviour when you visit various websites. The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites you have visited, which content you are interested in and which offers you have clicked on, as well as technical information on the browser and operating system, referring websites, time of visit and other information on the use of the online offer. Your IP address is also recorded, whereby Google informs you that the IP address is truncated within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases is it transmitted in full to a Google server in the USA and truncated there. Google may combine the above-mentioned information with such information from other sources. If you subsequently visit other websites, you can be shown ads tailored to your interests.
 

According to its own statements, Google does not merge the data collected as part of Google Remarketing with your personal data that may be stored by Google (e.g. when you register for a Google service such as GMail). According to Google, pseudonymization is used for remarketing. More information on data protection at Google policies.google.com/privacy.

We process your data pseudonymously as part of Google marketing services, i.e. Google does not store and process your name or e-mail address, for example, but processes the relevant data in relation to cookies within pseudonymous user profiles. The information collected by Google marketing services (including Google Ads Conversion) about users is transmitted to Google and stored on Google’s servers in the USA. There is currently an adequacy decision with the USA in the form of the EU-US Data Privacy Framework for which Google has certified itself.

Data is only collected and stored with your express consent in accordance with Art. 6 (1) sentence 1 lit. a, 49 (1) lit. a GDPR in conjunction with § 25 (1) TDDDG for setting the cookie in the end device in order to be able to send you interest-based advertising for our products.

You can revoke your consent at any time for the future without any disadvantages for you in the cookie consent banner or footer under Cookie and object to the use by Google ( https://policies.google.com/technologies/types?hl=en ), but this does not affect the lawfulness of the data processing until you revoke your consent.
Deletion/revocation: There are several options to prevent this tracking:

1. by setting your browser software accordingly, the suppression of third-party cookies in particular means that you will not receive any ads from third-party providers;
2. by installing the plug-in provided by Google under the following link: www.google.com/settings/ads/plugin;
3. by deactivating the interest-based ads of providers that are part of the “About Ads” self-regulation campaign via the link www.aboutads.info/choices whereby this setting is deleted when you delete your cookies;
4. by permanently deactivating it in your Firefox, Internet Explorer or Google Chrome browsers under the link http://www.google.com/settings/ads/plugin,
5. by means of a corresponding cookie setting. Please note that if you do so, you may not be able to use all the functions of this service to their full extent.

The storage period for cookies is 180 days.

This website uses features of the web analytics service Microsoft Clarity, a screen recording tool from Microsoft Inc., One Microsoft Way, Redmond, WA 98052-6399, USA, whereby the provider for the EU/EEA is the subsidiary Microsoft Ireland Operations Ltd. based at One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (hereinafter: Microsoft). 

Microsoft Clarity provides statistics on website usage, session recordings and heat maps, which are mainly created by tracking mouse movements. The screen recording tool records the user's activities on our web pages during a session and processes them in a way that is comprehensible to us.

The information collected is used to evaluate the use of our website, to compile reports on website activity and to provide other services related to website usage. We analyse user behaviour on our website in order to improve it regularly and, based on the statistics obtained, to make our offering more interesting and user-friendly for you as a user. 

In addition, your personal data is processed for the following purposes:

• Tracking (e.g. interest/behaviour-based profiling, use of cookies),
• Remarketing and conversion measurement (measuring the effectiveness of marketing measures),
• Interest-based and behaviour-based marketing,
• Profiling (creating user profiles),
• Reach measurement (e.g. access statistics, recognition of returning users) and  Cross-device tracking (cross-device processing of user data for marketing purposes).

Various types of personal information are collected when using Microsoft Clarity. This applies in particular to [add and indicate/insert masking if necessary]:

• Usage data (e.g. websites visited, interest in content, access times),
• Meta/communication data (e.g. information about page views, user ID, session ID),
• Location data (information about the geographical position of a device),
• Analysis data (information about user interactions on the website, e.g. clicks, scrolling, mouse movements) and Diagnostic data, e.g. script and image errors, faulty interactions with buttons (dead clicks).
  Further information on the data collected can be found on the following website: https://learn.microsoft.com/en-us/clarity/setup-and-installation/clarity-data.

Your usage data is collected via cookies that are set on your device and enable analysis of your website visit. 
We process the following data using Microsoft Clarity: 
 

• Usage data (e.g. websites visited, interest in content, access times)
• Meta/communication data (e.g. information about page views, user ID, session ID)
• Location data (information about the geographical position of a device)
• Analysis data (information about user interactions on the website, e.g. clicks, scrolling, mouse movements) and  Diagnostic data, e.g. script and image errors, faulty interactions with buttons (dead clicks).
   Further information on the information collected can be found on the following website: learn.microsoft.com/en-us/clarity/setup-and-installation/clarity-data.
   

According to Microsoft, the information collected may also be used for marketing purposes.
Data processing is carried out by Microsoft Corporation, based in the USA. An EU-US Transatlantic Data Privacy Framework is currently in place. Microsoft Corporation is certified under the Data Privacy Framework, meaning that data transfers to Microsoft Corporation are subject to an adequacy decision by the European Commission within the meaning of Art. 45 GDPR. The status of the certification can be accessed via the following website: www.dataprivacyframework.gov/s/. 

The legal basis for processing your personal data for the specified purposes is your consent (Section 25 TTDSG and Art. 6(1)(a) GDPR). You can withdraw your consent at any time with future effect. To withdraw your consent, simply adjust your cookie settings accordingly via our privacy policy. [Insert link/anchor to DSE and cookie settings] You can also revoke your consent to data processing by Microsoft at any time: choice.microsoft.com/de-DE/opt-out.
 

Further information on how the tool works can be found on the following website: clarity.microsoft.com/lang/de-de. Information on how Microsoft processes personal data can be found in Microsoft's privacy policy: privacy.microsoft.com/de-de/privacystatement.
 

After 13 months, the data processed at user level in Microsoft Clarity is deleted. Text fields, such as contact forms, surveys or search fields, are hidden in the screen recordings so that your entries are not recorded. Personal data that you enter in our online forms is therefore not processed by Microsoft Clarity. 

To draw attention to our services, we place Bing Ads (a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). These ads are displayed in the Bing, Yahoo! and MSN search engines after search queries via the Yahoo!-Bing network. This also allows us to combine our ads with specific search terms, ensuring our presence on all major search engines.

Bing Ads also uses cookies to analyse user behaviour. When a user clicks on an ad or visits our website, Bing Ads sets a cookie on the user's computer, provided that the user's consent has been documented. This information is used to target the visitor with a subsequent search query. 

Further information can be found in Microsoft's privacy policy and in the data security and privacy policy guidelines. https://www.microsoft.com/de-de/privacy/privacystatement 

In addition, we use Bing Ads Conversion Tracking within the framework of Bing Ads to display interest-based advertising. This requires an analysis of user behaviour. Bing only provides us with information that a user has clicked on an advertisement and been redirected to our websites. We use the information obtained in this way exclusively for statistical evaluation for the purpose of optimising our advertisements. We are not able to identify visitors from the data collected. The statistics provided to us by Bing include the total number of users who clicked on one of our advertisements. We also receive information about whether these visitors were redirected to a page on our website that has a conversion tag. These statistics enable us to track which search terms led to our ad being clicked on most often and which ads led to users contacting us via the contact form.

The purpose of Bing Ads conversion tracking is to show you interest-based advertising, make our website more interesting for you and achieve a more economical assessment of our advertising costs.

Information on the duration of storage can be found at: https://privacy.microsoft.com/de-de/privacystatement. 
Data processing is carried out by Microsoft Corporation, based in the USA. An EU-US Transatlantic Data Privacy Framework is currently in place. Microsoft Corporation is certified under the Data Privacy Framework, meaning that data transfers to Microsoft Corporation are subject to an adequacy decision by the European Commission within the meaning of Art. 45 GDPR. The status of the certification can be accessed via the following website: https://www.dataprivacyframework.gov/s/ . 

The legal basis for the data processing described is your consent, Section 25 (1) sentence 1 TTDSG, Article 6 (1) sentence 1 lit. a, Article 49 (1) lit. a GDPR. Once you have given your consent, you can revoke it at any time with future effect by changing your selection in the cookie settings. Alternatively, you can delete your cookies (all or only those from this website). 

The banner with the selection options will then be displayed again.
You also have the option of deactivating interest-based ads on Bing via the ad settings.

We use the Microsoft Dynamics 365 Cloud automation system for marketing from Microsoft Corporation (Microsoft Deutschland GmbH, Walter-Gropius-Straße 5, 80807 Munich, Germany) – hereinafter referred to as ‘Microsoft’ – to carry out marketing campaigns, for analysis purposes and to contact customers and interested parties in a target group-specific manner. The data is processed within the European Union.
In particular, we use the system to send email messages (e.g. in connection with the provision of downloads), to manage training participants and to provide landing pages and contact forms.
The use of Microsoft and the system, the collection and evaluation of statistics, and the logging of the registration process for communication by email are based on your consent to receive email communication via Microsoft Dynamics 365 Cloud for Marketing in accordance with Art. 6(1)(a) GDPR, in accordance with Art. 6 (1) lit. b GDPR when downloading white papers, and in accordance with § 25 (1) TDDDG with regard to the use of cookies. Consent can be revoked at any time for the future. 

System components integrated into our website (e.g. forms) use so-called ‘cookies’, which are stored on the user's computer and enable us to analyse the use of the website.
In particular, the following information is collected: client ID, geographical location, browser type, duration of visit and pages accessed.
Pseudonymised email tracking: The statistical information collected also includes whether the newsletter was opened, when it was opened and which links you clicked on. While this information can be technically assigned to individual newsletter recipients, the evaluation of personal data has been deactivated and information about newsletter recipients is only analysed pseudonymously and cannot be decrypted and assigned to individual users.

We use the double opt-in procedure for registration for our newsletter. This means that after registering for our newsletter, you will receive an email asking you to confirm your subscription. Such confirmation is necessary to ensure that individuals do not register using someone else's email address. The newsletter subscription is logged so that the registration process can be verified in accordance with legal requirements. This includes recording the date and time of the subscription and confirmation, as well as the IP address. Changes to your data stored by the email marketing service provider are also logged.

Unsubscribe: You can unsubscribe from the newsletter at any time, i.e. you can revoke your consent to receive it. There is an unsubscribe link at the end of each newsletter. Your personal data processed in connection with the sending of the newsletter will be deleted after you unsubscribe.
Further information on data protection can be found in the Microsoft privacy policy at privacy.microsoft.com/en-US/privacystatement. 
Further information on the use of cookies in connection with the system can be found at docs.microsoft.com/en-US/dynamics365/marketing/cookies.

We use the Microsoft Dynamics 365 CRM system from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA) – hereinafter referred to as Microsoft – as a cloud service, i.e. the data is processed in Microsoft data centres.
We use your data exclusively for the technical processing of enquiries and do not pass on the data to third parties.
In particular, we use the system to manage customers and prospects (leads) and to process user enquiries more quickly and efficiently. The use of the system is based on our legitimate interest in accordance with Art. 6 (1) lit. f GDPR.
Further information on data protection can be found in the Microsoft privacy policy at privacy.microsoft.com/de-DE/privacystatement.

We use ZoomInfo Technologies LLC Inc, at 805 Braodway, Suite 900 Vancouver WA 98660 on this website for marketing purposes to support campaigns and website analytics to fulfil customer requests. The following personal data is collected: website visited, activities on the website, IP address, time, device ID. 

Further information and the applicable provisions for protecting your data or deleting your data on ZoomInfo is available at https://www.zoominfo.com/about-zoominfo/privacy-policy available.

This website uses conversion tracking technology and the retargeting function of the LinkedIn network, LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. The provider of this service for Europe is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
This technology enables personalised advertisements to be displayed to visitors to this website on LinkedIn. To this end, the content, followers, visitors, keywords used when searching for the Cenit website, keywords for searching the website, comparisons with competitors and newsletter performance are analysed. 

Insight Tag is a conversion tracking and retargeting service. It provides us with information about our website users, enabling us to display personalised advertisements to these users on LinkedIn. We also receive pseudonymous reports on the performance of the advertisements and information on website interaction. When you visit our website, the LinkedIn Insight Tag establishes a connection to the LinkedIn server. If you visit this website while logged into your LinkedIn account, LinkedIn will know who you are. If you wish to prevent this, you must log out of LinkedIn before visiting the website. If you are logged into LinkedIn, you can deactivate data collection at any time by clicking on the following link: https://www.linkedin.com/psettings/enhanced-advertising.

The following data is collected using the Insight Tag:

• Device information,
• IP address,
• Referrer URL,
• timestamp,
• time zone,
• browser information,
• ad visibility,
• ad clicks, conversion tracking,
• user network,
• user agent,
• language, and
• website visited.

IP addresses are truncated or (if used to reach LinkedIn members across devices) hashed (pseudonymised). LinkedIn uses the data for its own advertising purposes. For details, please refer to LinkedIn's privacy policy at: www.linkedin.com/legal/privacy-policy.
The data is deleted after 90 days. LinkedIn member identifiers are deleted by LinkedIn after seven days.
The recipient of the data is: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

LinkedIn stores the personal data it collects on its servers in the United States. On 10 July, the European Commission adopted its adequacy decision for the EU-US Privacy Framework. LinkedIn Corporation is not yet certified under the EU-US Privacy Framework. Transfer to Singapore is possible. The legal basis for the transfer is the EU Standard Contractual Clauses (SCC).
 

The use of the LinkedIn Insight Tag is based on your consent. You can revoke your consent at any time with future effect by accessing the cookie settings HERE and changing your selection there. The lawfulness of data processing until revocation remains unaffected.
 

If you are logged in to LinkedIn, you can deactivate data collection at any time at the following link: www.linkedin.com/psettings/enhanced-advertising.
In LinkedIn's privacy policy at de.linkedin.com/legal/privacy-policy, you will find further information on data collection and data use, as well as the options and rights available to you to protect your privacy. If you are logged in to LinkedIn, you can deactivate data collection at any time by clicking on the following link: www.linkedin.com/psettings/ 

Under the URL www.facebook.com/CENITAG we operate a so-called “fan page” on the social network Facebook. Facebook is a service of Meta Platforms, Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (hereinafter referred to as “Facebook”).
We expressly draw your attention to the fact that Facebook stores the data (e.g. IP address, preferences and personal interests, behaviour on Facebook pages, any personal information stored on Facebook, etc.) of users and uses it for business purposes.
We have no influence on the processing and further use of this data, as Facebook alone determines the processing. It is currently not clear to us to what extent, where and for how long the data is stored, to what extent the data is linked and analyzed and to whom the data is passed on. We also have no insight or influence with regard to deletion periods, i.e. whether and to what extent deletion periods are observed.
Information from Facebook itself about what information is collected is available in Facebook’s privacy policy, which can be viewed here: https://www.facebook.com/about/privacy/
If you are a Facebook member and logged into your Facebook user account, Facebook can assign your visit to our website to your user account. If you want to prevent Facebook from linking data about your visit to our fan page with your member data stored on Facebook, you must

• log out of Facebook before each visit to our fan page
• delete the cookies present on the device
• and close and restart your browser.

In this way, according to Facebook, all information that can be used by Facebook to identify you is deleted.
 

19.1 Scope of data collection and storage

There is no need to be a Facebook member to view the content on our Facebook fan page. However, Facebook collects, stores and uses data every time you visit our website. The moment you visit our fan page, your browser establishes a connection with a Facebook server. Data may be transmitted to countries outside the European Union. In any case, regardless of whether you are registered with Facebook or not, your IP address is transmitted and cookies are set. If you are a Facebook member and logged into your Facebook user account, Facebook can assign your visit to our website to your user account.

The cookies used include session cookies, which are deleted when the browser is closed, and persistent cookies, which remain on the end device until they expire or are deleted by the user. A cookie is a tiny text file that enables a website to recognize a browser. Cookies are stored on the computer when a website is accessed and are retrieved and read the next time the web server is accessed. Insofar as the cookies are stored on your end device, we obtain your consent for this in accordance with Art. 6 (1) lit. a GDPR, 49 (1) lit. a, § 25 (1) TDDDG. You can use your browser settings to decide whether and which cookies you want to allow, block or delete. Instructions for a range of browsers are available here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile. Alternatively, you can also use so-called ad blockers, such as Ghostery can be installed.

Facebook states that the cookies used by Facebook are used for authentication, security, website and product integrity, advertising and measurement, website functions and services, performance, analysis and research. Details of the cookies used by Facebook (e.g. names of cookies, duration of function, content recorded and purpose) are available here: https://www.facebook.com/policies/cookies/ by following the links provided there. The configuration of settings for the display or non-display of advertisements by Facebook is available at https://www.facebook.com/about/basics/advertising and at http://www.youronlinechoices.com.

You can manage your preferences regarding usage-based online advertising under the aforementioned link. If you object to usage-based online advertising with a specific provider using the preference manager, this only applies to the specific business data collection via the web browser you are currently using. Preference management is cookie-based. If you delete all browser cookies, the preferences you have set with the preference manager are also be removed.

19.2 Legal basis

Insofar as cookies are set on your end device and information is retrieved in the process, we obtain consent for this in accordance with § 25 (1) TDDDG  ( https://www.cenit.com/en_EN/cookieconsent.html ) and insofar as personal data is collected and transmitted to a third country (see USA), we obtain consent in accordance with Art. 6 (1) sentence 1 lit. a, 49 (1) lit. a GDPR. 
Automated decision-making including profiling in accordance with Art 22 GDPR does not take place.

We generally only store personal data until the purpose for which the data was collected has been achieved. As part of a business relationship with you, we store your personal data for as long as the business relationship lasts; this also includes the initiation and execution of a contract as well as the regular limitation period. In addition, we store the data if and to the extent that we are subject to statutory retention obligations. These may arise, for example, from the German Commercial Code (HGB) or the German Fiscal Code (AO).

If you have granted us your consent for a processing operation, the data associated with the granting of consent is stored until revoked or at the latest for the duration of the processing operation and after termination of the same within the scope of the statute of limitations.

19.3 Facebook Insights

We use the Facebook Insights function for statistical analysis purposes. In this context, we receive anonymized data about the users of our Facebook fan page. It is therefore not possible for us to draw any conclusions about your person. For further information, please refer to Meta’s cookie policy.

https://www.facebook.com/about/privacy/legal_bases
https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0 

We see our legitimate interest in data processing via the Facebook fan page in the presentation of our company and our products and services for your information and the best possible direct customer contact. 

19.4 Disclosure and use of personal data

If you interact with Facebook, Meta has accordingly also access to your data. Meta is located in a third country, the USA, for which an adequacy decision currently exists and is certified with regard to the Transatlantic Data Privacy Framework. The data transfer is also based on the so-called standard data protection clauses. More information is available HERE.

19.5 Joint controllership

CENIT AG, Industriestrasse 52-54, 70565 Stuttgart, Germany
and
Meta Platforms Ireland Limited
4 Grand Canal Square, Grand Canal Harbor,
D2 Dublin
Ireland
The European Court of Justice (ECJ) has ruled that we are jointly responsible with Meta for the processing of your personal data. More information on the ECJ’s decision of 05.06.2018 is available here.
In accordance with joint responsibility, we provide the following information regarding the essence of the joint responsibility agreement between us and Meta in line with Art. 26 GDPR: https://www.facebook.com/legal/terms/page_controller_addendum 

Meta assumes the responsibility for the processing of Insights data on the fan page: https://www.facebook.com/legal/terms/page_controller_addendum 

Meta alone decides on the purposes and means of data processing. 

Further information is available here: https://www.facebook.com/about/privacy/update/printable 

We are accountable for the data processing, excluding the Insights data. 

19.6 Meta Pixel

We use the Meta Pixel service from Meta Platforms, Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA (hereinafter referred to as ‘Facebook’) for usage-based online advertising. For this purpose, we use Facebook Ads Manager to define target groups of users based on certain characteristics, who will then see advertisements within the Facebook network. Users are selected by Facebook based on the profile information they have provided and other data provided through their use of Facebook. If a user clicks on an advertisement and is then directed to our website, Facebook receives information via the Facebook pixel integrated into our website that the user has clicked on the advertising banner.
In principle, a non-reversible and non-personal checksum (hash value) is generated from your usage data and transmitted to Facebook for analysis and marketing purposes. A Facebook cookie is set for this purpose. This cookie collects information about your activities on our website (e.g. surfing behaviour, subpages visited, etc.). Your IP address is also stored and used for the geographical targeting of advertising.
We do not use Facebook Custom Audiences via the customer list or the ‘advanced matching’ function.

Further information about the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your settings options for protecting your privacy, can be found in Facebook's privacy policy. You can adjust your settings for which advertisements are displayed to you on Facebook via this link and in your Facebook account settings.
We only use the Meta Pixel if you have previously consented to its use in accordance with Art. 6 (1) (a) GDPR, 49 (1) (a) GDPR and § 25 (1) TDDDG; only then will the script required for the Meta Pixel be loaded. The IP address, the address of the page visited and information about the browser and operating system used are transmitted. When Meta Pixel is initialised, cookies containing unique identifiers are stored, which can be used to recognise your browser. The cookie is only valid for our site and cannot be used to track your activities on third-party sites. Each time you visit a page on our website where Meta Pixel is used, the following data is transmitted to a Meta server in the USA and stored there: 

• Address of the page from which you accessed a page on our website
• Address of the page accessed
• Date and time of access
• Browser and operating system
• IP address
• The pixel ID assigned to our website by Meta
• Identifier from Meta cookie
• Button click data (information about buttons that the user has clicked and the page to which the user was redirected)

We do not perform any extended user matching. If you have a user account with Meta and the Meta cookie is stored in your browser with a user ID, Meta can assign the data we transmit to your Meta user account and thus to you personally. Meta uses the collected data – regardless of whether you have a user account – to create interest profiles that serve as the basis for creating target groups. Meta may add you to such a target group so that you are shown personalised advertisements when you visit pages belonging to Meta. For us, the data on visitors and target groups is only available in the form of anonymised statistics.

Further information on data processing when using the pixel can be found at Meta:
•    Meta's data policy: www.facebook.com/privacy/explanation
•    Data collected with the Meta pixel: developers.facebook.com/docs/Meta-Pixel/implementation/gdpr

The following cookies may be stored and read in your browser for Meta pixels. For further information, please refer to www.facebook.com/privacy/explanation above.

Name    Duration    Accessibility to third-party sites    Domain    Type
_fbp       3 months    yes                                                                 First-party cookie

We use Meta Pixel to advertise our services on Meta's pages in a way that is tailored to the target group.

If Meta also processes your data in third countries, according to Meta, this is done either on the basis of adequacy decisions by the EU Commission within the meaning of Art. 45(1) of the GDPR or on the basis of standard contractual clauses with the recipients, which oblige them to ensure that European data protection law is also complied with in the third country and thus offer an appropriate guarantee for the protection of personal data within the meaning of Art. 46(2)(c) of the GDPR.

Persons who have been added to a target group will be removed from the target group after 180 days, unless they have been added again in the meantime by visiting the site. We do not store any personal data. Otherwise, the storage of personal data is governed by Meta's data protection regulations.

You can prevent data collection by the Facebook pixel by clicking on the following link: www.facebook.com/login.php
An opt-out cookie (persistent HTML5 storage object) will be set, which will prevent the future collection of your data when you visit this website.
You can also prevent the storage of cookies altogether by adjusting your browser software settings accordingly. However, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent. Further options for deactivating cookies from third-party providers can be found at www.networkadvertising.org/managing/opt_out.asp or on the Digital Advertising Alliance opt-out platform at http://optout.aboutads.info/?c=2&lang=en.

You are entitled to object to our data processing on the fan page as a whole or in relation to individual processing operations as described above under Point 1.2. Even if you wish to object to data processing by Meta, you can do so using the contact details provided under Point 1.2. We forward your objection to Meta immediately. If you want to object to the processing of Insights data, you can also do this at Meta. 

We have integrated YouTube videos into our online service, which are stored on http://www.youtube.com/ and can be played directly from our website. When you access a page with embedded videos, your IP address is sent to YouTube/Google and cookies are installed on your computer.  However, we have integrated our videos in “extended data protection mode”, i.e. no data about you as a user is transmitted to YouTube/Google if you do not play the videos. The following data is only transmitted when you click 

 to play the video: 

• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• Amount of data transmitted in each case
• Website from which the request comes
• Browser
• Operating system and its interface
• Language and version of the browser software.
• Hardware used (PC, smartphone, etc.)
• Location (if Google Maps is activated) 

We have no control over this data transfer. As website operators who embed YouTube videos, we collect the IP address and, via Google Analytics, the number of video clicks and the duration of the playback time.

By visiting our website and playing the videos, YouTube/Google receives the information that you have accessed the corresponding subpage of our website. If you are logged in to Google or Meta or use the single sign-on function, this data is assigned directly to your account, i.e. photos, interests, end device, IP address, etc.If you do not wish to be linked to your YouTube account, you need to log out before clicking the button. In addition, YouTube/Google also stores data if you do not have a Google user account: IP address, search queries, browser and operating system version. 
YouTube/Google stores the aforementioned data as user profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. This evaluation is undertaken in particular (even for users who are not logged in or who do not have a corresponding account) to provide customized advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, in which case you need to contact YouTube to assert this right. 
Third-party service provider information: YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, : https://policies.google.com/technologies/product-privacy and https://policies.google.com/privacy. 
The information collected by the cookies from this provider is generally sent to a server in the USA and stored there. In the case of the transfer of data to the USA, the data transfer is currently based on the existing adequacy decision and the existence of standard contractual clauses. 

As soon as you click on the Play button, you give your consent to the transfer of data to an insecure third country in accordance with Art. 6 (1) lit. a GDPR, 49 (1) sentence 1 lit. a GDPR and for the setting of cookies in your browser in accordance with Section 25 (1) TDDDG. You can revoke your consent at any time for the future in the cookie consent banner or footer under Cookie and object to its use.
 

Some of our internet services contain hyperlinks to other websites that are not operated by CENIT AG. We do not monitor these websites and are not responsible for their content or their handling of personal data. Only when you as a user click on this link marked as external and access the link service destination, i.e. receive and take note of its data, is data transmitted to the link destination in the form of the user’s IP address and, if applicable, other data from the Internet Protocol (TCP). The link destinations listed below (e.g. Meta, X, Youtube, Linkedin, Xing, glassdoor) are located in unsafe third countries that do not ensure an EU level of data protection. 

The social plug-ins offer you the opportunity to share content from the service via your personal social media account. However, when you use this feature on the CENIT AG website, no personal data is processed.
The social media provider can assign the visit to our website to your user account if you are logged into the corresponding social media account (e.g. Google, Meta). We would like to point out that CENIT AG has no influence on this and has no knowledge of the content of the transmitted data or its use by the social media provider.

If you click on the hyperlink marked as external, you therefore consent to your personal data being transmitted to a recipient in a possibly unsafe third country in accordance with Art. 6 (1) lit. a GDPR, 49 (1) sentence 1 lit. a GDPR, whereby an adequacy decision currently exists for the USA. In addition, the transmission of the IP address information is technically necessary in accordance with Section 25 (2) No. 2 TDDDG in order to access the desired link destination.
The link provider, i.e. the party responsible for the website containing the link, is not responsible for the data processing undertaken by the link destination itself. We as the link provider do not process any data.

21.1 Meta

For the Facebook network. These are provided by Meta Inc. Platforms, 1601 S. California Ave, Palo Alto, CA 94304, USA. We have placed a link to Meta on our website. You are only redirected to the external website when you click on it. The related Data processing is not our responsibility.

https://www.facebook.com/privacy/policy/

21.2 X

For the network of X. These are offered and operated by X Corp, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. We have placed a link to X on our website. You are only redirected to the external website when you click on it. The related Data processing is not our responsibility.
https://x.com/en/privacy 

21.3 YouTube

For the YouTube network. These are offered and operated by YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. We have placed a link to YouTube on our website. You are only redirected to the external website when you click on it. Data processing is not our responsibility.
https://policies.google.com/privacy

21.4 LinkedIn

For the LinkedIn network. These are offered and operated by LinkedIn Corporation, 599 N Mathilda Ave, Sunnyvale, CA 94085, USA. We have placed a link to LinkedIn on our website. You are only redirected to the external website when you click on it. The related Data processing is not our responsibility.
https://de.linkedin.com/legal/privacy-policy

21.5 XING

For the XING network. These are offered and operated by New Work SE at Strandkai 1, 20457 Hamburg, Germany. 
We have placed a link to XING on our website. You are only redirected to the external website when you click on it. The related Data processing is not our responsibility.
https://privacy.xing.com/de/datenschutzerklaerung

21.6 Glassdoor

For the Glassdoor network. These are offered and operated by Glassdoor Inc, 100 Shoreline Highway, Building A, Mill Valley, California, 94941, USA. We have placed a link to Glassdoor on our website. You are only redirected to the external website when you click on it. The related Data processing is not our responsibility.
Glassdoor is certified under the Transatlantic Data Privacy Framework. 
https://hrtechprivacy.com/de/brands/glassdoor#privacypolicy 

22.1 Information on the processing of personal data in the application process

As part of your online application, our company processes the data you provide (contact data, qualification data, content data (e.g. name, address, marital status, age, nationality, qualifications, CV, professional experience, certificates, etc.)) insofar as this is necessary for the application process. In detail, these are
Contact information: Name, address, telephone, e-mail address
Qualification data: Training/studies, previous employment, professional development, professional qualifications/certificates, references
Content data: Cover letter, interview information
 
If you inform us of this, further voluntary information, such as the characteristic of a severe disability, equality with a severely disabled person or other special categories of personal data in connection with your application, is also stored, e.g. if you submit a motivational video to us. The resulting video file is added to your application. You also have the option of sending us your CV that you have published on LinkedIn/Xing. The transmitted data is stored together with your application. A so-called pre-employment screening of your person is only undertaken, if at all, in job-oriented networks such as XING or LinkedIn and insofar as this is necessary for special positions (increased need for confidentiality).
If we use recruitment agencies or you apply via a recruitment agency, we receive your application data from them. In this case, information on data processing is provided by the recruitment agency.

22.2 Purpose and legal basis

The purpose of data processing is to complete the application procedure and to establish any subsequent employment relationship.
The legal basis for this is Art. 6 (1) lit. b GDPR. Your data is not used for any other purpose. The necessity of data collection and processing arises from the specific position applied for; for positions with a higher level of confidentiality or higher financial/personnel responsibility, further data collection may be required from you or from authorities if a certificate of good conduct should be required. Data minimization considerations cause us to collect and process such data only after the selection of applicants for the position has been completed, i.e. immediately before or shortly after the appointment.
In some cases, we process your personal data on the basis of your specific and voluntary consent in relation to a processing purpose specified therein, for example, if you wish to be included in the applicant pool; in these cases, you are informed about the data processing in the specific form of use. The legal basis for data processing is then the consent you have voluntarily granted in an informed manner for the specific case prior to data processing in accordance with Art. 6 (1) lit. a GDPR in conjunction with Section 26 para. 2 BDSG.
In particular, we have also informed you of your right to revoke your consent at any time and free of charge for the future, whereby the data processing remains lawful until you revoke your consent.
We process your personal data in our legitimate interest or in the legitimate interest of a third party if your interests in the omission of data processing do not take precedence. This is the case if we process your data in order to defend legal claims, for example under the General Equal Treatment Act (AGG), or for evidence purposes in a legal dispute.

22.3 Recipient

Only those departments within our company that absolutely need your data to complete the application process have access to it. These are primarily the responsible employee in the HR department and the responsible managers, who receive access rights to relevant applications on an ad hoc basis. All our employees who have access to application data are also obliged to maintain confidentiality and have received special training.
Our company uses the support of external service providers for certain technical processes of data processing, who may have access to your personal data as part of the provision of the service owed or may be able to view it in the event of support, e.g. maintenance and hosting service providers, disposal service providers for files or data. We have concluded order processing contracts with them. All our processors are carefully selected and meet high data protection and data security standards. They are also obliged to maintain confidentiality and only process data on behalf of and in accordance with the instructions of our company. They are subject to our regular checks.

Data is only transmitted to countries outside the EU/EEA (so-called third countries) or to international organizations if this is necessary for the execution of existing employment or training contracts, is required by law or if you have granted us your consent. If service providers in third countries are used, they are obliged in accordance with Art. 44 et seq. GDPR to comply with European data protection standards within the framework of a written contract based on the EU standard contracts or the Binding Corporate Rules, unless there is an adequacy decision by the EU Commission.

22.4 Duration of data storage

If CENIT AG concludes an employment or training contract with you, the data transmitted is stored for the purpose of processing the employment relationship in compliance with the statutory provisions. The legal basis for data processing is Art. 6 (1) lit. b GDPR. If no employment or training contract is concluded with you as an applicant, the application documents are deleted no later than 6 months after completion of the application process, provided that deletion does not conflict with any other legitimate interests of our company that permit longer data processing, e.g. defend legal claims. Furthermore, we only process and use your data beyond this if you have granted us your explicit consent to do so and for the period specified. If you have granted your consent to be included in the applicant pool, your data is stored for a period of 12 months after you have granted your consent. After expiry of this period, the data is deleted.

22.5 Obligation to provide data

The application process requires you to provide the personal data that is necessary for the application process or that we are legally obliged to collect. Failure to provide this data generally means that we are unable to invite you for an interview and be obliged to decline the conclusion of an employment or training contract.

22.6 Automated decision-making (profiling)

In principle, a fully automated decision-making process in accordance with Art. 22 GDPR is not used to complete the application process. Profiling is not used by our company either in the application process nor in the employment relationship.

You have the following rights, which you can assert against the contact details listed under Point 1.1 “Controlling body” and Point 1.2 “Data protection officer”, provided that the requirements specified in the law are met:

• Information, Art. 15 DSGVO
• Correction, Art. 16 DSGVO
• Deletion, Art. 17 DSGVO
• Blocking/restriction of processing, Art. 18 DSGVO
• Contradiction, Art. 21 DSGVO
• Data portability, Art. 20 DSGVO
• Right to lodge a complaint with a supervisory authority, Art. 77 DSGVO
• Right of revocation with effect for the future if consent has been granted, Art. 7(3) DSGVO 

You can exercise your rights at any time free of charge by sending an email to datenschutzbeauftragter@cenit.com (Germany) and in Switzerland  datenschutzbeauftragter-ch@cenit.com 

You have the right in accordance with Article 21 GDPR to object, on grounds relating to your particular situation, at any time to processing of personal data concerning your person which is based on lit. (e) or (f) of Article 6 (1) GDPR. As a precaution, we would like to point out that this also applies to profiling based on these provisions. 

Where personal data are processed for direct marketing purposes, you also have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

With regard to data processing via our Facebook page, you have the option of asserting your data subject rights both against us, for example directly to the responsible controller named under Point 1.1 or under Point 1.2 to the data protection officer, and against Meta.

We revise this data protection information in the event of changes to this website or other occasions that make this necessary. You always find the latest version on this website. You should therefore visit this website regularly to check the current status of the data protection declaration.