Privacy Policy Statement

Each time our website is accessed, the following personal data is automatically collected by the web server from the system of the accessing computer or the user’s terminal device:

• Date and time of retrieval
• Surname of the retrieved file and the amount of data transmitted
• Browser type/version
• Operating system used by the user’s terminal device
• Referrer (URL of the previously visited page)
• IP address of the user’s terminal device

The legal basis for the requisited technical processing is Art. 6 (1) lit. f GDPR. Insofar as your IP address, the set language, the user-agent string with browser and operating system and its version, as well as the address of the accessed website are transmitted, then this processing is strictly required in accordance with § 25 (2) Nr. 2 TDDDG.

The data is deleted as soon as it is no longer required for the purpose for which it was collected, i.e. the session is ended or, if log files are stored, after 30 days.
 

You can contact us via a wide variety of channels. We process different personal data about you depending on which channel you use. 
The following channels are available for you to contact us: Telephone, fax, post, e-mail, contact form website, chat.
We collect the content data of your request, regardless of which channel you use to contact us. In addition, depending on the contact channel used, we collect further personal data required to answer your request in a customer-friendly and competent manner via the channel you have chosen. 
If you contact us by post, this would be the postal address with the date of receipt. In the case of telephone or fax contact, the telephone or fax number and the date and time of contact. If you contact us by e-mail and contact form, the e-mail address, date and time of receipt of the e-mail are recorded. 

This data processing takes place on the basis of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR in order to be able to answer your request promptly and completely. Insofar as a contractual relationship results from your request, we process the data in accordance with Art. 6 (1) lit. b GDPR for the initiation and execution of the contract.

If your personal data listed above is no longer required to achieve the purpose of answering your request, it is deleted. As a rule, this is always done as soon as the contact request has been fully answered or it is clear from the circumstances that the associated facts have been clarified and the request has therefore been settled. We assume that a matter has been settled for you if you have not responded to our query regarding the contact within one year or have not contacted us again in this regard. 
We may store your personal data from the contact for quality assurance purposes. In this case, however, it is deleted no later than 3 years after answering/settling your request. Otherwise, all personal data is deleted immediately, unless it must be retained due to documentation obligations. If there was a contractual relationship and this resulted in tax retention obligations, the tax-relevant personal data is stored for 10 years.

As the data subject, you are entitled to assert your rights against the responsible controller. You can use the contact details provided under this Point 1.2 or send an e-mail to datenschutzbeauftragter@cenit.com by e-mail.  You are entitled to object to data processing and state your interest in not having your data processed and, if you have granted your consent, to revoke your consent at datenschutzbeauftragter@cenit.com. More information on your rights as a data subject is available here.

We offer you the opportunity to create and register a user account on our website at support.cenit.com in order to obtain the information and downloads you require on our products and services. Personal data is entered by you in the input mask, transmitted to us and stored by us. Your data is not transmitted to third parties. 

The following data is collected as part of the registration process: 
User name, first name, last name, e-mail address, title, telephone, fax, company, country, city
The following data is collected as part of the login process: 
Username, password, date and time of login

Any data you have already provided is merged with the master data in our CRM.
The legal basis for the above-mentioned data processing is the fulfilment of the contract or the fulfilment of pre-contractual measures with you in accordance with Art. 6 (1) lit. b GDPR in order to provide you with the products and services you require for your own support via MyCENIT. 

Your above-mentioned data is deleted as soon as the purpose of the data processing has been achieved. This is the case if the data is no longer required for the fulfilment of pre-contractual measures and for the fulfilment of the contract. There are exceptions to this, however, such as legal obligations to document and store data for tax purposes. Tax regulations may require that data be stored for a period of up to 10 years after the contract has been terminated. In addition, the user has the option of modifying the data in MyCENIT in self-service, up to and including closing the account, which deletes the personal data, with the exception of the data relevant for tax purposes. 
Log files for login are stored for security reasons in accordance with Art. 6 (1) lit. f GDPR for 30 days and then deleted. 

As the data subject, you are entitled to assert your rights against the responsible controller. You can make use of the contact details provided under Point 1.2 or send an e-mail to datenschutzbeauftragter@cenit.com. More information on your rights as a data subject is available here.
 

You can subscribe to individual newsletters on our website for various products, services, webinars and events. We use these to inform you about products (e.g. announcements and discontinuations, changes), services, promotions and developments 

• of CENIT AG, 
• of its subsidiaries, see www.cenit.com/en_EN/about-cenit/cenit-group.html

The content of the individual newsletters is described as part of the registration process. 
If you register for a newsletter, the following personal data is collected, stored and processed by us: Referrer URL, date and time of access, description and type of browser used, IP address of the requesting computer: pseudonymized), e-mail address, date and time of the order.

We use the so-called double opt-in procedure for newsletter registrations to ensure that no mistakes have been made when entering the e-mail address and that you have actually requested the newsletter. After your registration, we send you an e-mail with a confirmation link to the e-mail address you provided and ask you to confirm your newsletter order, including the e-mail address used. Your e-mail address is only added to the mailing list when you click on the confirmation link. If you do not confirm your registration, your information is automatically deleted after 30 days. 

Your e-mail address is mandatory for receipt of the newsletter. The provision of further data is voluntary: This voluntary data is used to address you personally. After your confirmation, we store your e-mail address for the purpose of sending you the newsletter and until you revoke your consent. We also store your IP address used at the time of registration, the time of registration in order to be able to verify your registration and, if necessary, to clarify any misuse of your personal data. This data is stored until you unsubscribe.
If you subscribe to one of our newsletters, we evaluate your user behaviour during the subscription period in order to better adapt our offer to the needs of our readers. We use Microsoft Dynamics for this purpose and record the following data: Data on mail dispatch, delivery status and opening as well as further page views and form submissions.

The legal basis for the sending of the respective newsletter and its evaluation is your previously voluntary, informed consent, which you have granted us in accordance with Art. 6 (1) sentence 1 lit. a GDPR and which can be revoked at any time free of charge.

You can revoke your consent to the sending of the tracked newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the unsubscribe link provided in every newsletter e-mail or by sending an e-mail to datenschutzbeauftragter@cenit.com.
When you unsubscribe from the newsletter, your data relating to the newsletter subscription is deleted.

As the data subject, you are entitled to assert your rights against the responsible controller. You can make use of the contact details provided under Point 1.2 or send an e-mail to datenschutzbeauftragter@cenit.com.  More information on your rights as a data subject is available here.
 

We offer you the opportunity to register for events on our website. Participation in an event, whether online or on-website, is subject to you entering the personal data required for registration in an input mask. The data is then transmitted to us when you confirm the registration and processed for the organization and implementation of the event. After each event, we contact you once to ask for your feedback and provide you with further information on our products and services. 

If you register for a free on-website event without certification, we process your contact details, surname, first name, e-mail address, company and any other optional data you enter when registering.

If you register for a paid on-website event with certification, we process your contact details, surname, first name, company, billing and home address in order to be able to send you the certificate to your personal address afterwards. 

If you register for a paid online event without certification, we process your e-mail address, surname, first name and company,

We may pass on your personal data to a provider of computer-based tests at certification events and, if necessary, to a service provider who operates the web meeting for us. The respective provider has been carefully selected by us, works in accordance with our instructions and has been contractually bound to confidentiality. We may also receive feedback from the provider on the tests/attendance so that we can issue the certificate for you. We name the respective provider in the information on the event; if we use providers from third countries, the EU standard contractual clauses, a transfer impact assessment if necessary, and additional technical and organizational measures have been taken with them. If we use service providers, you are informed of this in accordance with data protection regulations when you register.

The legal basis for this is Art. 6 (1) sentence 1 lit. b GDPR. We process the data for as long as is necessary to fulfil the contract, usually up to three years for quality assurance reasons. Only those documents which are relevant for tax purposes are stored for 10 years. 

As the data subject, you are entitled to assert your rights against the responsible controller. You can make use of the contact details provided under Point 1.2 or send an e-mail to datenschutzbeauftragter@cenit.com.  More information on your rights as a data subject is available here.
 

We offer you the opportunity to subscribe to white papers on our website. To register for the whitepaper subscription, we ask you to provide us with your personal data (e-mail address, surname, first name, company, country) as contractual consideration in order to be able to contact you with our responsible country-specific sales and distribution department in relation to the product and service you have selected for the whitepaper. Click here for our National companies. You receive the access link to the whitepaper after you have confirmed your e-mail address. 
This data is collected in accordance with Art. 6 (1) lit. b GDPR as contractual consideration (payment with data) for the whitepaper subscription. 

If you do not wish to be contacted after receiving the whitepaper from us and our national companies, please inform us at any time using the contact details under Point 1.2 or by e-mail at datenschutzbeauftragter@cenit.com. 

The notice you provide is retained for three years after the date of notification for documentation purposes.

Our website also offers the option of sending us information under the Whistleblower Protection Act. We have set up a Whistleblowing hotline for this purpose. Further information on data processing in the context of the whistleblowing procedure is available here.

We use cookies and other technologies on our website (both hereinafter referred to as cookies). Some of these are technically essential (necessary) for the provision of the website and its functions or for the storage of and access to information in the terminal equipment and then do not require consent in accordance with § 25 (2) TDDDG and, in the case of personal data, in accordance with Art. 6 (1) (f) GDPR. You are, however, entitled to object to this processing (see the “Objection” section in this document). If you do so, it is possible that the functionalities of our website are no longer fully available. You are free to express your objection in writing by sending an e-mail to datenschutzbeauftragter@cenit.com or by revoking your consent or to object for example in the Cookie Consent Banner.

For the use of all other cookies to determine preferences, statistics and marketing purposes, we separately obtain your voluntary, active consent in accordance with Art. 6 (1) lit. a, 49 (1) lit. a GDPR in conjunction with § 25 (1) TDDDG in order to personalize content and advertisements, to offer functions for social media and to analyze access to our website or to be able to read information on the end device. This also includes the third-party providers used from countries outside the EU/EEA in which there is no level of data protection equivalent to that in the EU, which may restrict your rights (e.g. enforcement of rights). Some partners merge your personal data with other data that you have provided, e.g. in personal accounts or that is collected when using the partner services; we also obtain your consent for this.

You are free to revoke your consent at any time for the future without any disadvantage for you, whereby the data processing up to the revocation remains unaffected by this. If you do not give your consent, you suffer no disadvantage as a result; only individual functions of the website may not be available. 

Detailed information on cookies with the option of granular consent/rejection/revocation of individual cookies is available on the page Cookie declaration. Or click on the question mark after you have clicked the Individual settings button in the Consent banner. 
We make no use of automated decision-making or profiling. Further information, including on your rights, in particular to revoke your consent and to object to data processing on the basis of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR, is available in the Privacy policy notice under Data subject rights, Point 19.
 

If you have granted your consent, the anonymized version of Google Analytics 4, a web analysis service of Google LLC, is used on this website. The responsible provider for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

10.1  Scope of processing

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and truncated there in exceptional cases. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data, but the information collected by means of cookies about your user behaviour is usually transmitted to a server in the USA and stored there.

The following data is recorded:

• Page views
• First visit to the website
• Start of the session
• Your “click path”, interaction with the website
• Scrolls (whenever a user scrolls to the end of the page (90%))
• Clicks on external links
• Internal search queries
• Interaction with videos
• Viewed / clicked ads

Also recorded:

• Your approximate location (region)
• Your IP address (in abbreviated form)
• Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
• Your internet provider
• The referrer URL ((the website/advertising medium used to reach this website)

Technical data; operating system used, browser type, browser version, device, date and time of access, are processed for the purpose of evaluating user behaviour.
The following behaviour-related data formsubmit, form submissions, contact form, newsletter registrations are processed.

10.2  Purposes of the processing

Google uses this data to evaluate your use of the website and to compile reports on website activity. 
The Google Analytics advertising functions implemented on this website include: 

• Reports on impressions in the Google Display Network;
• Google Analytics reports on performance by demographics and interests
• Integrated services for which data is collected in Google Analytics for advertising purposes, including the collection of data via cookies for ad preferences and anonymous identifiers 

10.3  Recipient

Recipients of the data are
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR), Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
The parent company of Google Ireland, Google LLC, is based in California, USA and is certified under the Transatlantic Data Privacy Framework. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be excluded. 

10.4  Storage period

The data sent by us and linked to cookies is automatically deleted after 14 months. Data that reaches the end of its retention period is automatically erased once a month.

10.5  Legal basis

The legal basis for this data processing is your consent in accordance with Art. 6 (1) sentence 1 lit. a, 49 (1) lit. a GDPR and § 25 (1) TDDDG.

10.6  Revocation

You can revoke your consent at any time with effect for the future by changing your cookie settings HERE and changing your selection there. The legality of the processing undertaken on the basis of the consent until the revocation remains unaffected.
Alternatively, you can prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may limit the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) as well as the processing of this data by Google by

1. not giving your consent to the setting of the cookie or
2. by setting the corresponding cookie
3. Download and install the browser add-on to deactivate Google Analytics HERE.

More information on the terms of use of Google Analytics and data protection at Google at marketingplatform.google.com/about/analytics/terms/de/ and at

https://policies.google.com. More information on data protection at Google at https://policies.google.com/privacy.
 

If you have granted your consent, we use the Google Tag Manager of the provider Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The responsible provider for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

This is a tag management system for managing JavaScript and HTML tags, which is used for the implementation of tracking and analysis tools. The Google Tag Manager itself does not collect any personal data. The Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements that are used, among other things, to measure traffic and visitor behaviour, record the impact of online advertising and social channels, set up remarketing and targeting, and test and optimize websites. If you have made a deactivation, this deactivation is taken into account by Google Tag Manager.

Recipients of the data are:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR), Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA 

This service may process data outside the European Union and the European Economic Area (EEA) and transfer it to a country that does not offer an adequate level of data protection. There is currently an adequacy decision with the USA and Google is certified under the Transatlantic Data Privacy Framework.  If the data is transmitted to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you having any legal recourse.

The legal basis for data processing using Google Tag Manager is Art. 6 (1) lit. a, 49 (1) lit. a GDPR and § 25 (1) TDDDG with regard to the setting of tags in the user’s end device and the comparison of cookies with the Google Tag Manager domain. The data collected (IP address) is analyzed using the following tool.  We have no influence on the data processing by Google Tag Manager and do not know how the data is used. 

You have the option of revoking your consent with effect for the future by changing your settings HERE. The legality of the data processing until the revocation remains unaffected.
For more information on Google Tag Manager, see: https://www.google.com/intl/de/tagmanager/use-policy.html
 

12.1   Google Ads Conversion

We use the Google Ads Conversion service to draw attention to our offers with the help of advertising material (so-called Google Ads) on external websites. This is an online advertising program from Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The responsible provider for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
A different cookie is assigned to each Ads customer. Cookies cannot be tracked via the websites of Ads customers When you click on an ad or visit our website, Google places a cookie on the user’s computer. This cookie has a duration of 30 days. The information collected by the respective cookie (date and time of the visit; IP address; referrer URL; browser type; browser language; cookie ID; user behaviour; ads clicked on; web request) is used to be able to address the visitor specifically in a subsequent search query. Further information on the cookie technology used can also be found in Google’s notes on website statistics and in its privacy policy. This technology provides Google and us, as the customer, with information about the fact that a user has clicked on an ad and been redirected to our website. The information obtained in this way is used exclusively for statistical analysis to optimize advertising. No information is received that enables visitors to be personally identified. Your IP address is transmitted to Google if you have granted us your prior consent. We use IP masking provided by Google. The statistics provided to us by Google include the total number of users who click on one of our ads and, if applicable, whether they are redirected to a page on our website with a conversion tag. These statistics enable us to determine which search terms are most often clicked on in our ad and which ads lead to users contacting us via the contact form. 
The integration of Adwords Conversion means that Google receives the information that you have accessed a specific part of our website or clicked on one of our ads. If you are registered with Google, Google associates you with your account. This also applies if you are not registered or logged into the account. Google may be able to ascertain the IP address and thereby identify you.

Insofar as data is processed outside the EU/EEA, where there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish a secure level of data protection and have taken further supplementary contractual, organizational and technical measures, whereby Google is certified in accordance with the Data Privacy Framework.

More information on data protection in the context of Google Ads at https://policies.google.com/technologies/ads and https://policies.google.com/privacy.

If you do not want your visit to be included in the user statistics, you can prevent this by preventing the storage of the cookie required for these technologies, for example via the settings of your browser or by deactivating the cookies for conversion tracking (www.google.de/settings/ads) or by self-regulating “About Ads” http://www.aboutads.info/choices  whereby this selection is deleted if you delete the cookies or manage the cookies https://policies.google.com/technologies/cookies#managing-cookies. 

You also have the option of using the Ad settings to select the types of Google ads or to deactivate interest-based ads on Google. Alternatively, you can deactivate the use of cookies by third-party providers by using the Deactivation help of the network advertising initiative to deactivate cookies.

However, we and Google continue to receive statistical information about how many users have visited this website and when. If you do not wish to be included in these statistics, you can prevent this with the help of additional programs for your browser (e.g. with the Ghostery add-on).

Data is only collected and stored with your express consent in accordance with Art. 6 (1) sentence 1 lit. a) 49 (1) lit. a GDPR, in conjunction with § 25 (1) TDDDG for the setting of cookies in the end device for conversion optimization, analysis of your customer behaviour in order to provide you with personalized product and service information. You can revoke your consent at any time for the future in the cookie consent banner or footer under cookie settings by changing your settings there. This does not affect the lawfulness of the data processing undertaken until the revocation.

12.2   Google Ads Remarketing

We use the remarketing function within the Google Ads service if you have previously granted us your consent for this, including for the transfer of data to the USA, for the use of cookies in the cookie consent banner. With the remarketing function, we can offer users of our website advertising on other websites within the Google advertising network (in Google Search or on YouTube, so-called“Google Ads” or on other websites) based on their interests. For this purpose, the interaction of users on our website is analyzed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to users on other websites even after they have visited our website. For this purpose, Google stores cookies on the end devices of users who visit certain Google services or websites in the Google Display Network. These cookies are used to record the visits of these users. Cookies are used to uniquely identify a web browser on a specific end device and not to identify a person. More information about cookies is available here: policies.google.com/technologies/types

Google Ads Remarketing allows you to be shown our advertisements when you subsequently use the internet after visiting our website. This is done by means of cookies stored in your browser, which are used by Google to record and evaluate your usage behaviour when you visit various websites. The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites you have visited, which content you are interested in and which offers you have clicked on, as well as technical information on the browser and operating system, referring websites, time of visit and other information on the use of the online offer. Your IP address is also recorded, whereby Google informs you that the IP address is truncated within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases is it transmitted in full to a Google server in the USA and truncated there. Google may combine the above-mentioned information with such information from other sources. If you subsequently visit other websites, you can be shown ads tailored to your interests.

According to its own statements, Google does not merge the data collected as part of Google Remarketing with your personal data that may be stored by Google (e.g. when you register for a Google service such as GMail). According to Google, pseudonymization is used for remarketing. More information on data protection at Google policies.google.com/privacy.

We process your data pseudonymously as part of Google marketing services, i.e. Google does not store and process your name or e-mail address, for example, but processes the relevant data in relation to cookies within pseudonymous user profiles. The information collected by Google marketing services (including Google Ads Conversion) about users is transmitted to Google and stored on Google’s servers in the USA. There is currently an adequacy decision with the USA in the form of the EU-US Data Privacy Framework for which Google has certified itself.

Data is only collected and stored with your express consent in accordance with Art. 6 (1) sentence 1 lit. a, 49 (1) lit. a GDPR in conjunction with § 25 (1) TDDDG for setting the cookie in the end device in order to be able to send you interest-based advertising for our products.

You can revoke your consent at any time for the future without any disadvantages for you in the cookie consent banner or footer under Cookie and object to the use by Google ( https://policies.google.com/technologies/types?hl=en ), but this does not affect the lawfulness of the data processing until you revoke your consent.
Deletion/revocation: There are several options to prevent this tracking:

1. by setting your browser software accordingly, the suppression of third-party cookies in particular means that you will not receive any ads from third-party providers;
2. by installing the plug-in provided by Google under the following link: www.google.com/settings/ads/plugin;
3. by deactivating the interest-based ads of providers that are part of the “About Ads” self-regulation campaign via the link www.aboutads.info/choices whereby this setting is deleted when you delete your cookies;
4. by permanently deactivating it in your Firefox, Internet Explorer or Google Chrome browsers under the link http://www.google.com/settings/ads/plugin,
5. by means of a corresponding cookie setting. Please note that if you do so, you may not be able to use all the functions of this service to their full extent.

The storage period for cookies is 180 days. 
 

This website uses the Google Maps map service via an API, which is integrated into the website by means of a two-click solution. You can only use Google Maps, a map service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;) if you have previously granted your specific consent in accordance with Art. 6 (1) lit. a, 49 (1) lit. a GDPR, paragraph 25 Abs. 1 TDDDG for the use of Google Maps, i.e. you have explicitly clicked the layered Google Maps button “Unblock” and thereby granted your consent. The Google Maps data is not loaded until you click on it. 
When using the functions of Google Maps, information, including the IP address and the address or location data entered as part of the route function, may be transmitted to the provider’s servers. This information is typically transmitted to a Google server in the USA and stored there. There is currently an adequacy decision with the USA and Google is certified under the Transatlantic Data Privacy Framework, but your data may still be disclosed by Google to government authorities or third parties. More information on data protection at Google on the website: https://policies.google.com/privacy?hl=en; Privacy policy: https://policies.google.com/privacy; Possibility of objection (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=en settings for the display of advertisements.

As soon as you click on the Google Maps service “Unblock Google Maps” on our website and thereby 

1. have granted your consent to the transfer of your personal data to a recipient in a third country, in this case the USA, which may not have the same level of protection for your personal data as the EU and at the same time 
2. if you have granted your consent to the use of this service, a direct connection to Google’s servers is established and your personal data is forwarded to Google, whereby the map content is sent to your browser which integrates it. The provider of this website (CENIT) has no influence on this data transmission and storage. Based on currently available knowledge, this includes the following data:

• Date and time of the visit to the website in question,
• Internet address or URL of the website accessed,
• IP address, (start) address entered during route planning
   

We use ZoomInfo Technologies LLC Inc, at 805 Braodway, Suite 900 Vancouver WA 98660 on this website for marketing purposes to support campaigns and website analytics to fulfil customer requests. The following personal data is collected: website visited, activities on the website, IP address, time, device ID. 

Further information and the applicable provisions for protecting your data or deleting your data on ZoomInfo is available at https://www.zoominfo.com/about-zoominfo/privacy-policy available.

Under the URL www.facebook.com/CENITAG we operate a so-called “fan page” on the social network Facebook. Facebook is a service of Meta Platforms, Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (hereinafter referred to as “Facebook”).
We expressly draw your attention to the fact that Facebook stores the data (e.g. IP address, preferences and personal interests, behaviour on Facebook pages, any personal information stored on Facebook, etc.) of users and uses it for business purposes.
We have no influence on the processing and further use of this data, as Facebook alone determines the processing. It is currently not clear to us to what extent, where and for how long the data is stored, to what extent the data is linked and analyzed and to whom the data is passed on. We also have no insight or influence with regard to deletion periods, i.e. whether and to what extent deletion periods are observed.
Information from Facebook itself about what information is collected is available in Facebook’s privacy policy, which can be viewed here: https://www.facebook.com/about/privacy/
If you are a Facebook member and logged into your Facebook user account, Facebook can assign your visit to our website to your user account. If you want to prevent Facebook from linking data about your visit to our fan page with your member data stored on Facebook, you must

• log out of Facebook before each visit to our fan page
• delete the cookies present on the device
• and close and restart your browser.

In this way, according to Facebook, all information that can be used by Facebook to identify you is deleted.
 

15.1    Scope of data collection and storage

There is no need to be a Facebook member to view the content on our Facebook fan page. However, Facebook collects, stores and uses data every time you visit our website. The moment you visit our fan page, your browser establishes a connection with a Facebook server. Data may be transmitted to countries outside the European Union. In any case, regardless of whether you are registered with Facebook or not, your IP address is transmitted and cookies are set. If you are a Facebook member and logged into your Facebook user account, Facebook can assign your visit to our website to your user account.

The cookies used include session cookies, which are deleted when the browser is closed, and persistent cookies, which remain on the end device until they expire or are deleted by the user. A cookie is a tiny text file that enables a website to recognize a browser. Cookies are stored on the computer when a website is accessed and are retrieved and read the next time the web server is accessed. Insofar as the cookies are stored on your end device, we obtain your consent for this in accordance with Art. 6 (1) lit. a GDPR, 49 (1) lit. a, § 25 (1) TDDDG. You can use your browser settings to decide whether and which cookies you want to allow, block or delete. Instructions for a range of browsers are available here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile. Alternatively, you can also use so-called ad blockers, such as Ghostery can be installed.

Facebook states that the cookies used by Facebook are used for authentication, security, website and product integrity, advertising and measurement, website functions and services, performance, analysis and research. Details of the cookies used by Facebook (e.g. names of cookies, duration of function, content recorded and purpose) are available here: https://www.facebook.com/policies/cookies/ by following the links provided there. The configuration of settings for the display or non-display of advertisements by Facebook is available at https://www.facebook.com/about/basics/advertising and at http://www.youronlinechoices.com.

You can manage your preferences regarding usage-based online advertising under the aforementioned link. If you object to usage-based online advertising with a specific provider using the preference manager, this only applies to the specific business data collection via the web browser you are currently using. Preference management is cookie-based. If you delete all browser cookies, the preferences you have set with the preference manager are also be removed.

15.2    Legal basis

Insofar as cookies are set on your end device and information is retrieved in the process, we obtain consent for this in accordance with § 25 (1) TDDDG  ( https://www.cenit.com/en_EN/cookieconsent.html ) and insofar as personal data is collected and transmitted to a third country (see USA), we obtain consent in accordance with Art. 6 (1) sentence 1 lit. a, 49 (1) lit. a GDPR. 
Automated decision-making including profiling in accordance with Art 22 GDPR does not take place.

We generally only store personal data until the purpose for which the data was collected has been achieved. As part of a business relationship with you, we store your personal data for as long as the business relationship lasts; this also includes the initiation and execution of a contract as well as the regular limitation period. In addition, we store the data if and to the extent that we are subject to statutory retention obligations. These may arise, for example, from the German Commercial Code (HGB) or the German Fiscal Code (AO).

If you have granted us your consent for a processing operation, the data associated with the granting of consent is stored until revoked or at the latest for the duration of the processing operation and after termination of the same within the scope of the statute of limitations.

15.3    Facebook Insights

We use the Facebook Insights function for statistical analysis purposes. In this context, we receive anonymized data about the users of our Facebook fan page. It is therefore not possible for us to draw any conclusions about your person. For further information, please refer to Meta’s cookie policy.

https://www.facebook.com/about/privacy/legal_bases
https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0 

We see our legitimate interest in data processing via the Facebook fan page in the presentation of our company and our products and services for your information and the best possible direct customer contact. 

15.4  Disclosure and use of personal data

If you interact with Facebook, Meta has accordingly also access to your data. Meta is located in a third country, the USA, for which an adequacy decision currently exists and is certified with regard to the Transatlantic Data Privacy Framework. The data transfer is also based on the so-called standard data protection clauses. More information is available HERE.

15.5  Joint controllership

CENIT AG, Industriestrasse 52-54, 70565 Stuttgart, Germany
and
Meta Platforms Ireland Limited
4 Grand Canal Square, Grand Canal Harbor,
D2 Dublin
Ireland
The European Court of Justice (ECJ) has ruled that we are jointly responsible with Meta for the processing of your personal data. More information on the ECJ’s decision of 05.06.2018 is available here.
In accordance with joint responsibility, we provide the following information regarding the essence of the joint responsibility agreement between us and Meta in line with Art. 26 GDPR: https://www.facebook.com/legal/terms/page_controller_addendum 

Meta assumes the responsibility for the processing of Insights data on the fan page: https://www.facebook.com/legal/terms/page_controller_addendum 

Meta alone decides on the purposes and means of data processing. 

Further information is available here: https://www.facebook.com/about/privacy/update/printable 

We are accountable for the data processing, excluding the Insights data. 

You are entitled to object to our data processing on the fan page as a whole or in relation to individual processing operations as described above under Point 1.2. Even if you wish to object to data processing by Meta, you can do so using the contact details provided under Point 1.2. We forward your objection to Meta immediately. If you want to object to the processing of Insights data, you can also do this at Meta. 

We have integrated YouTube videos into our online service, which are stored on http://www.youtube.com/ and can be played directly from our website. When you access a page with embedded videos, your IP address is sent to YouTube/Google and cookies are installed on your computer.  However, we have integrated our videos in “extended data protection mode”, i.e. no data about you as a user is transmitted to YouTube/Google if you do not play the videos. The following data is only transmitted when you click 

 to play the video: 

• IP address 
• Date and time of the request 
• Time zone difference to Greenwich Mean Time (GMT) 
• Content of the request (specific page) 
• Access status/HTTP status code 
• Amount of data transmitted in each case 
• Website from which the request comes 
• Browser 
• Operating system and its interface 
• Language and version of the browser software. 
• Hardware used (PC, smartphone, etc.) 
• Location (if Google Maps is activated) 

We have no control over this data transfer. As website operators who embed YouTube videos, we collect the IP address and, via Google Analytics, the number of video clicks and the duration of the playback time.

By visiting our website and playing the videos, YouTube/Google receives the information that you have accessed the corresponding subpage of our website. If you are logged in to Google or Meta or use the single sign-on function, this data is assigned directly to your account, i.e. photos, interests, end device, IP address, etc.If you do not wish to be linked to your YouTube account, you need to log out before clicking the button. In addition, YouTube/Google also stores data if you do not have a Google user account: IP address, search queries, browser and operating system version. 
YouTube/Google stores the aforementioned data as user profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. This evaluation is undertaken in particular (even for users who are not logged in or who do not have a corresponding account) to provide customized advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, in which case you need to contact YouTube to assert this right. 
Third-party service provider information: YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, : https://policies.google.com/technologies/product-privacy and https://policies.google.com/privacy. 
The information collected by the cookies from this provider is generally sent to a server in the USA and stored there. In the case of the transfer of data to the USA, the data transfer is currently based on the existing adequacy decision and the existence of standard contractual clauses. 

As soon as you click on the Play button, you give your consent to the transfer of data to an insecure third country in accordance with Art. 6 (1) lit. a GDPR, 49 (1) sentence 1 lit. a GDPR and for the setting of cookies in your browser in accordance with Section 25 (1) TDDDG. You can revoke your consent at any time for the future in the cookie consent banner or footer under Cookie and object to its use.
 

Some of our internet services contain hyperlinks to other websites that are not operated by CENIT AG. We do not monitor these websites and are not responsible for their content or their handling of personal data. Only when you as a user click on this link marked as external and access the link service destination, i.e. receive and take note of its data, is data transmitted to the link destination in the form of the user’s IP address and, if applicable, other data from the Internet Protocol (TCP). The link destinations listed below (e.g. Meta, X, Youtube, Linkedin, Xing, glassdoor) are located in unsafe third countries that do not ensure an EU level of data protection. 

The social plug-ins offer you the opportunity to share content from the service via your personal social media account. However, when you use this feature on the CENIT AG website, no personal data is processed.
The social media provider can assign the visit to our website to your user account if you are logged into the corresponding social media account (e.g. Google, Meta). We would like to point out that CENIT AG has no influence on this and has no knowledge of the content of the transmitted data or its use by the social media provider.

If you click on the hyperlink marked as external, you therefore consent to your personal data being transmitted to a recipient in a possibly unsafe third country in accordance with Art. 6 (1) lit. a GDPR, 49 (1) sentence 1 lit. a GDPR, whereby an adequacy decision currently exists for the USA. In addition, the transmission of the IP address information is technically necessary in accordance with Section 25 (2) No. 2 TDDDG in order to access the desired link destination.
The link provider, i.e. the party responsible for the website containing the link, is not responsible for the data processing undertaken by the link destination itself. We as the link provider do not process any data.

17.1    Meta

For the Facebook network. These are provided by Meta Inc. Platforms, 1601 S. California Ave, Palo Alto, CA 94304, USA. We have placed a link to Meta on our website. You are only redirected to the external website when you click on it. The related Data processing is not our responsibility.

https://www.facebook.com/privacy/policy/

17.2    X

For the network of X. These are offered and operated by X Corp, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. We have placed a link to X on our website. You are only redirected to the external website when you click on it. The related Data processing is not our responsibility.
https://x.com/en/privacy 

17.3   YouTube

For the YouTube network. These are offered and operated by YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. We have placed a link to YouTube on our website. You are only redirected to the external website when you click on it. Data processing is not our responsibility.
https://policies.google.com/privacy

17.4    LinkedIn

For the LinkedIn network. These are offered and operated by LinkedIn Corporation, 599 N Mathilda Ave, Sunnyvale, CA 94085, USA. We have placed a link to LinkedIn on our website. You are only redirected to the external website when you click on it. The related Data processing is not our responsibility.
https://de.linkedin.com/legal/privacy-policy

17.5    XING

For the XING network. These are offered and operated by New Work SE at Strandkai 1, 20457 Hamburg, Germany. 
We have placed a link to XING on our website. You are only redirected to the external website when you click on it. The related Data processing is not our responsibility.
https://privacy.xing.com/de/datenschutzerklaerung

17.6    Glassdoor

For the Glassdoor network. These are offered and operated by Glassdoor Inc, 100 Shoreline Highway, Building A, Mill Valley, California, 94941, USA. We have placed a link to Glassdoor on our website. You are only redirected to the external website when you click on it. The related Data processing is not our responsibility.
Glassdoor is certified under the Transatlantic Data Privacy Framework. 
https://hrtechprivacy.com/de/brands/glassdoor#privacypolicy 

18.1    Information on the processing of personal data in the application process

As part of your online application, our company processes the data you provide (contact data, qualification data, content data (e.g. name, address, marital status, age, nationality, qualifications, CV, professional experience, certificates, etc.)) insofar as this is necessary for the application process. In detail, these are
Contact information: Name, address, telephone, e-mail address
Qualification data: Training/studies, previous employment, professional development, professional qualifications/certificates, references
Content data: Cover letter, interview information
 
If you inform us of this, further voluntary information, such as the characteristic of a severe disability, equality with a severely disabled person or other special categories of personal data in connection with your application, is also stored, e.g. if you submit a motivational video to us. The resulting video file is added to your application. You also have the option of sending us your CV that you have published on LinkedIn/Xing. The transmitted data is stored together with your application. A so-called pre-employment screening of your person is only undertaken, if at all, in job-oriented networks such as XING or LinkedIn and insofar as this is necessary for special positions (increased need for confidentiality).
If we use recruitment agencies or you apply via a recruitment agency, we receive your application data from them. In this case, information on data processing is provided by the recruitment agency.

18.2    Purpose and legal basis

The purpose of data processing is to complete the application procedure and to establish any subsequent employment relationship.
The legal basis for this is Art. 6 (1) lit. b GDPR. Your data is not used for any other purpose. The necessity of data collection and processing arises from the specific position applied for; for positions with a higher level of confidentiality or higher financial/personnel responsibility, further data collection may be required from you or from authorities if a certificate of good conduct should be required. Data minimization considerations cause us to collect and process such data only after the selection of applicants for the position has been completed, i.e. immediately before or shortly after the appointment.
In some cases, we process your personal data on the basis of your specific and voluntary consent in relation to a processing purpose specified therein, for example, if you wish to be included in the applicant pool; in these cases, you are informed about the data processing in the specific form of use. The legal basis for data processing is then the consent you have voluntarily granted in an informed manner for the specific case prior to data processing in accordance with Art. 6 (1) lit. a GDPR in conjunction with Section 26 para. 2 BDSG.
In particular, we have also informed you of your right to revoke your consent at any time and free of charge for the future, whereby the data processing remains lawful until you revoke your consent.
We process your personal data in our legitimate interest or in the legitimate interest of a third party if your interests in the omission of data processing do not take precedence. This is the case if we process your data in order to defend legal claims, for example under the General Equal Treatment Act (AGG), or for evidence purposes in a legal dispute.

18.3    Recipient

Only those departments within our company that absolutely need your data to complete the application process have access to it. These are primarily the responsible employee in the HR department and the responsible managers, who receive access rights to relevant applications on an ad hoc basis. All our employees who have access to application data are also obliged to maintain confidentiality and have received special training.
Our company uses the support of external service providers for certain technical processes of data processing, who may have access to your personal data as part of the provision of the service owed or may be able to view it in the event of support, e.g. maintenance and hosting service providers, disposal service providers for files or data. We have concluded order processing contracts with them. All our processors are carefully selected and meet high data protection and data security standards. They are also obliged to maintain confidentiality and only process data on behalf of and in accordance with the instructions of our company. They are subject to our regular checks.

Data is only transmitted to countries outside the EU/EEA (so-called third countries) or to international organizations if this is necessary for the execution of existing employment or training contracts, is required by law or if you have granted us your consent. If service providers in third countries are used, they are obliged in accordance with Art. 44 et seq. GDPR to comply with European data protection standards within the framework of a written contract based on the EU standard contracts or the Binding Corporate Rules, unless there is an adequacy decision by the EU Commission.

18.4   Duration of data storage

If CENIT AG concludes an employment or training contract with you, the data transmitted is stored for the purpose of processing the employment relationship in compliance with the statutory provisions. The legal basis for data processing is Art. 6 (1) lit. b GDPR. If no employment or training contract is concluded with you as an applicant, the application documents are deleted no later than 6 months after completion of the application process, provided that deletion does not conflict with any other legitimate interests of our company that permit longer data processing, e.g. defend legal claims. Furthermore, we only process and use your data beyond this if you have granted us your explicit consent to do so and for the period specified. If you have granted your consent to be included in the applicant pool, your data is stored for a period of 12 months after you have granted your consent. After expiry of this period, the data is deleted.

18.5    Obligation to provide data

The application process requires you to provide the personal data that is necessary for the application process or that we are legally obliged to collect. Failure to provide this data generally means that we are unable to invite you for an interview and be obliged to decline the conclusion of an employment or training contract.

18.6    Automated decision-making (profiling)

In principle, a fully automated decision-making process in accordance with Art. 22 GDPR is not used to complete the application process. Profiling is not used by our company either in the application process nor in the employment relationship.
 

You have the following rights, which you can assert against the contact details listed under Point 1.1 “Controlling body” and Point 1.2 “Data protection officer”, provided that the requirements specified in the law are met:

• Information, DSGVO Art. 15
• Correction, DSGVO Art. 16
• Deletion, DSGVO Art. 17
• Blocking/restriction of processing, DSGVO Art. 18
• Contradiction, DSGVO Art. 21
• Data portability, DSGVO Art. 20
• Right to lodge a complaint with a supervisory authority, DSGVO Art. 77
• Right of revocation with effect for the future if consent has been granted, DSGVO Art. 7(3)

You can assert your rights at any time free of charge by e-mail at datenschutzbeauftragter@cenit.com.

You have the right in accordance with Article 21 GDPR to object, on grounds relating to your particular situation, at any time to processing of personal data concerning your person which is based on lit. (e) or (f) of Article 6 (1) GDPR. As a precaution, we would like to point out that this also applies to profiling based on these provisions. 

Where personal data are processed for direct marketing purposes, you also have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

With regard to data processing via our Facebook page, you have the option of asserting your data subject rights both against us, for example directly to the responsible controller named under Point 1.1 or under Point 1.2 to the data protection officer, and against Meta. 

We revise this data protection information in the event of changes to this website or other occasions that make this necessary. You always find the latest version on this website. You should therefore visit this website regularly to check the current status of the data protection declaration.