Privacy notice of COCUS AG
We are pleased that you are visiting our website and thank you for your interest in our company, our services, our products and our website. The protection of your personal data and privacy is very important to us. Therefore, compliance with the provisions of the General Data Protection Regulation (GDPR) is a matter of course for us. The purpose of this law is to protect individuals from having their personal rights infringed by the handling of their personal data. In principle, you can access and view our website without being asked to provide us with your personal data.
We are pleased that you are visiting our website and thank you for your interest in our company, our services, our products and our website. The protection of your personal data and privacy is very important to us. Therefore, compliance with the provisions of the General Data Protection Regulation (GDPR) is a matter of course for us. The purpose of this law is to protect individuals from having their personal rights infringed by the handling of their personal data. In principle, you can access and view our website without being asked to provide us with your personal data.
Table of contents
1. scope of application and responsible body
2. collection and processing of personal data
3. passing on your data
4. data security
5. provision of the website and creation of log files
6. Integration of services and contents of third parties, as well as the use of analysis tools (web tracking, cookies and other technologies).
7. references and links to other websites
8. information and data correction / deletion of data
9. Further notes on data protection
10. reservation of right of modification
1. scope of application and responsible body
The data controller for websites (www.cocus.de, www.cocus.com) operated by us (hereinafter also “we”, “us” or similar) is:
COCUS AG (headquarter)
Frankfurter Straße 80-82
65760 Eschborn
+49 211 87 542-860
info@cocus.com
The controller decides alone or jointly with others on the purposes and means of the processing of personal data. The use of our website is generally possible without providing personal data. Insofar as personal data (e.g. name, address or e-mail addresses) is collected on our pages, this is always done, as far as possible, on a voluntary basis. This data will not be passed on to third parties without your express consent. Please note that our Internet pages sometimes contain links to pages of other providers to which this data protection declaration does not apply.
1.1. Data Protection Officer
We have appointed a data protection officer:
Matthias Edelmann
Prinzenallee 11
40549 Dusseldorf
T +49 211 87 542 860
datenschutz@cocus.com
2. collection and processing of personal data
The collection, storage and use of personal data via our websites is subject to your prior consent. This means that you alone decide whether you provide us with the data requested there, e.g. when requesting information or filling out an online form. An exception applies in those cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.
We use your personal information for problem diagnosis, website administration and demographic information. If you register, we will send you the requested information, news or promotional material. We forward the data from an online form to the relevant department and the respective specialist department responsible. After the process is finished, the data is deleted. Personal data will only be passed on to state institutions and authorities within the framework of mandatory legal provisions.
2.1. Legal basis for the processing of personal data
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) serves as the basis. 1 lit. b GDPR as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 Para. 1 lit. c GDPR as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (2) of the Data Protection Act shall apply. 1 lit. d DSGVO as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) of the Data Protection Act shall apply. 1 lit. f DSGVO as the legal basis for the processing.
2.2. Contact
Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.
In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.
2.2.1. Legal basis for data processing
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR.
2.2.2. Purpose of the data processing
The other personal data processed during the submission process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
2.2.3. Duration of storage
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
3. passing on your data
We only pass on personal data to third parties on the basis of strict German data protection regulations or with your express consent.
3.1. COCUS service provider
If service providers provide services on behalf of COCUS that are necessary for the processing of communications; strict contractual regulations are agreed within the scope of this so-called processing on behalf (Art. 28 DSGVO), technical and organisational measures as well as supplementary controls ensure the protection of your data.
Transfer to a third country or to an international organisation:
If a COCUS service provider is located in a third country, appropriate measures (in particular the use of EU standard contractual clauses) are taken to ensure that your rights as a data subject are protected.
4. data security
We use technical and organisational security measures to protect the data we have under our control against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. Our security measures are continuously improved.
4.1. SSL or TLS encryption
For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses an SSL or SSL protocol. TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the “https://” address line of your browser and the lock symbol in the browser line.
5. provision of the website and creation of log files
The following data is collected:
(1) Information about the browser type and version used
(2) The operating system of the user
(3) The Internet service provider of the user
(4) The anonymised IP address of the user
(5) Date and time of access
(6) Websites from which the user’s system accesses our website
(7) Websites that are accessed by the user’s system via our website
The log files contain IP addresses or other data that allow an assignment to a user. This data is not stored together with other personal data of the user. This data is not merged with other data sources. The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
5.1. Purpose of the data processing
The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also constitute our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.
5.2. Duration of storage
In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.
6. INTEGRATION OF THIRD-PARTY SERVICES AND CONTENT, AS WELL AS THE USE OF ANALYSIS TOOLS (WEB TRACKING, COOKIES AND OTHER TECHNOLOGIES)
Information about our customers is very important to us and helps us to constantly improve the offers on our website according to the needs of our customers. For this reason, we use analysis tools on our Internet pages. An analytics tool is software developed by a third party provider that helps us to see where a visitor to a website is coming from, which areas on a website are visited and how often and for how long which sub-pages and categories are viewed. On our Internet pages, we use the technologies of the provider Google Inc.
6.1. WEB ANALYSIS, MONITORING AND OPTIMISATION
In addition to web analysis, we may also use testing procedures, e.g. to test and optimise different versions of our online offer or its components.
Unless otherwise stated below, profiles, i.e. data summarised for a usage process, can be created for these purposes and information can be stored in a browser or in a terminal device and read from it. The information collected includes, in particular, websites visited and elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If users have agreed to the collection of their location data from us or from the providers of the services we use, location data may also be processed.
The IP addresses of the users are also stored. However, we use an IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored in the context of web analysis, A/B testing and optimisation, but pseudonyms. This means that we as well as the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective procedures.
- Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
- Data subjects: Users (e.g. website visitors, users of online services).
- Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); profiling with user-related information (creation of user profiles); tracking (e.g. interest/behaviour-related profiling, use of cookies); provision of our online offer and user-friendliness.
- Security measures: IP masking (pseudonymisation of the IP address).
- Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR).
6.2. Google Analytics
Google Analytics:Web analysis, reach measurement and measurement of user flows;
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland;
Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR);
Website: to the website;
Privacy policy: to the privacy policy;
Order processing contract: To the order processing contract;
Standard contractual clauses (guaranteeing the level of data protection in the case of processing in third countries): On standard contractual clauses;
Opt-out option: Opt-out plugin, settings for the display of advertisements:
Further information: Click here (types of processing and data processed).
Google Analytics 4:
We use Google Analytics to measure and analyse the use of our online offer on the basis of a pseudonymous user identification number. This identification number does not contain any unique data, such as names or email addresses. It is used to assign analysis information to an end device in order to recognise which content users have accessed within one or various usage processes, which search terms they have used, have accessed again or have interacted with our online offer. The time of use and its duration are also stored, as well as the sources of the users referring to our online offer and technical aspects of their end devices and browsers. In the process, pseudonymous profiles of users are created with information from the use of various devices, whereby cookies may be used. In Analytics, higher level geographic location data is provided by collecting the following metadata based on IP search: “city” (and the derived latitude and longitude of the city), “continent”, “country”, “region”, “subcontinent” (and the ID-based equivalents). To ensure the protection of user data in the EU, Google receives and processes all user data via domains and servers within the EU. Users’ IP addresses are not logged and are truncated by the last two digits by default. The shortening of the IP address takes place on EU servers for EU users. In addition, all sensitive data collected from users in the EU is deleted before it is collected via EU domains and servers.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland;
Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR);
Website: to the website;
Privacy policy: to the privacy policy;
Order processing contract: To the order processing contract;
Standard contractual clauses (guaranteeing the level of data protection in the case of processing in third countries): On standard contractual clauses;
Opt-out option: Opt-out plugin, settings for the display of advertisements
Further information: Click here (types of processing and data processed).
Google Tag Manager:
Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus integrate other services into our online offer (please refer to further information in this data protection declaration). The Tag Manager itself (which implements the tags) does not create user profiles or store cookies. Google only learns the user’s IP address, which is necessary to run the Google Tag Manager.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland;
Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR);
Website: to the website;
Privacy policy: to the privacy policy;
Order processing contract: To the order processing contract;
Standard contractual clauses (guaranteeing the level of data protection in the case of processing in third countries): On the standard contractual clauses
IP anonymisation
We use Google Analytics in conjunction with the IP anonymisation function. It ensures that Google truncates your IP address within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before transferring it to the USA. There may be exceptional cases where Google transfers the full IP address to a server in the USA and truncates it there. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity and internet usage. The IP address transmitted by Google Analytics is not merged with other Google data.
Job processing
In order to fully comply with the legal data protection requirements, we have concluded an order processing contract with Google.
6.3. GOOGLE ADWORDS UND GOOGLE CONVERSION-TRACKING
Our website uses Google AdWords. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
AdWords is an online advertising programme. As part of the online advertising programme, we work with conversion tracking. After a click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that your web browser stores on your terminal device. Google AdWords cookies lose their validity after 30 days and are not used to personally identify users. The cookie allows Google and us to recognise that you have clicked on an ad and have been redirected to our website.
Each Google AdWords customer receives a different cookie. The cookies are not trackable via AdWords customers’ websites. Conversion cookies are used to create conversion statistics for AdWords customers who use conversion tracking. Adwords customers learn how many users clicked on their ad and were redirected to pages with the conversion tracking tag. However, AdWords customers do not receive any information that enables personal identification of users. If you do not wish to participate in tracking, you can object to its use. Here, the conversion cookie must be deactivated in the user settings of the browser. In this way, there is also no inclusion in the conversion tracking statistics.
The storage of “conversion cookies” is based on Art. 6 para. 1 lit. f GDPR. As the website operator, we have a legitimate interest in analysing user behaviour in order to optimise our website and our advertising.
Details on Google AdWords and Google Conversion Tracking can be found in Google’s privacy policy. With a modern web browser, you can monitor, restrict or prevent the setting of cookies. Deactivating cookies may result in limited functionality of our website.
6.4. PERSONALISED ADVERTISING
The above-mentioned cookies are not used to generate personalised advertising on this website and/or advertising tailored to you by COCUS on third-party websites.
6.5. Hubspot
For marketing and sales purposes, the COCUS Group uses the Hubspot service.
HubSpot is a software company from the USA with a branch in Ireland.
Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telefone: +353 1 5187500.
Hubspot is an integrated software solution that covers various aspects of our online marketing. These include, among others:
Email marketing, social media publishing & reporting, reporting, contact management (e.g. user segmentation & CRM), landing pages and contact forms.
Our sign-up service allows visitors to our website to learn more about our company, download content and provide their contact information and other demographic information. This information as well as the content of our website is stored on HubSpot servers. They may be used by us to contact visitors to our website and to determine which of our company’s services are of interest to them. All information we collect is subject to this privacy policy. We use all information collected exclusively to optimise our marketing measures.
More information about HubSpot’s privacy policy
More information from HubSpot regarding EU data protection regulations
You can find more information about the cookies used by HubSpot here & here
As part of the optimisation of our marketing measures, the following data may be collected and processed via Hubspot:
– Geographical position
– Browser-Type
– Navigation information
– Performance data
– Information about how often the application is used
– Reference URL
– Mobile Apps-Data
– Login information for the HubSpot subscription service
– Files displayed on site
– Domain Names
– Viewed Pages
– Aggregated usage
– Operating system version
– Internet service provider
– IP-Address
– Device identifier
– Duration of the visit
– Where the application was downloaded from
– Operating system
– Events that occur within the application
– access times
– Clickstream-Data
– Device model and version
In addition, we also use Hubspot to provide contact forms. You can find more information in this regard in subsection 7 of this privacy policy.
The legal basis of the processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. If you do not want Hubspot to collect and process the aforementioned data, you can refuse your consent or revoke it at any time with effect for the future.
The personal data shall be kept for as long as necessary to fulfil the purpose of the processing. The data shall be deleted as soon as they are no longer necessary to achieve the purpose.
Within the scope of processing via HubSpot, data may be transmitted to the USA. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, your consent may be withdrawn in accordance with Art. 49 Para. 1 lit. a GDPR serve as the legal basis for the transfer to third countries. Please refer to the subsection “7. Forms”.
6.6. ONLINEMARKETING
We process personal data for online marketing purposes, which may include, but are not limited to, marketing advertising space or displaying promotional and other content (collectively, “Content”) based on users’ potential interests and measuring its effectiveness.
For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar procedures are used, by means of which the information about the user relevant for the presentation of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times and functions used. If users have consented to the collection of their location data, this may also be processed.
The IP addresses of the users are also stored. However, we use available IP masking procedures (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored within the framework of the online marketing process, but pseudonyms. This means that we as well as the providers of the online marketing procedures do not know the actual identity of the users, but only the information stored in their profiles.
The information in the profiles is usually stored in the cookies or by means of similar procedures. These cookies can later generally also be read on other websites that use the same online marketing procedure and analysed for the purpose of displaying content as well as supplemented with further data and stored on the server of the online marketing procedure provider.
Exceptionally, clear data may be associated with the profiles. This is the case if, for example, the users are members of a social network whose online marketing procedures we use and the network links the users’ profiles with the aforementioned data. We ask you to note that users can make additional agreements with the providers, e.g. by giving their consent as part of the registration process.
In principle, we only receive access to summarised information about the success of our advertisements. However, in the context of so-called conversion measurements, we can check which of our online marketing methods have led to a so-called conversion, i.e., for example, to a conclusion of a contract with us. The conversion measurement is used solely to analyse the success of our marketing measures.
Some cookies are “session cookies”. Such cookies are deleted automatically at the end of your browser session. On the other hand, other cookies remain on your terminal device until you delete them yourself. Such cookies help us to recognise you when you return to our website.
With a modern web browser, you can monitor, restrict or prevent the setting of cookies. Many web browsers can be configured so that cookies are deleted automatically when the programme is closed. Deactivating cookies may result in limited functionality of our website.
The setting of cookies, which are necessary for the exercise of electronic communication processes or the provision of certain functions desired by you (e.g. shopping cart), is carried out on the basis of Art. 6 Para. 1 lit. f GDPR. As the operator of this website, we have a legitimate interest in storing cookies for the technically error-free and smooth provision of our services. If other cookies are set (e.g. for analysis functions), these are dealt with separately in this data protection declaration.
Here you will find a detailed list of all cookies used on the website:
Cookie Directive (EU)
Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.
- Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
- Data subjects: Users (e.g. website visitors, users of online services).
- Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); tracking (e.g. interest/behaviour-related profiling, use of cookies); marketing; profiling with user-related information (creation of user profiles).
- Security measures: IP masking (pseudonymisation of the IP address).
- Opt-out: We refer to the data protection notices of the respective providers and the opt-out options given for the providers. If no explicit opt-out option has been specified, you have the option of switching off cookies in your browser settings. However, this may restrict the functions of our online offer. We therefore recommend the following additional opt-out options, which are offered in summary for the respective areas:
a) Europe
b) Canada
c) USA
d) Cross-territorial
This Cookie Policy was last updated on 10 February 2023 and applies to citizens and legal permanent residents of the European Economic Area and Switzerland.
1. Introduction
Our website, https://www.cocus.com/en/ (hereinafter: “the website”) uses cookies and other related technologies (for convenience all technologies are referred to as “cookies”). Cookies are also placed by third parties we have engaged. In the document below we inform you about the use of cookies on our website.
2. What are cookies?
A cookie is a small simple file that is sent along with pages of this website and stored by your browser on the hard drive of your computer or another device. The information stored therein may be returned to our servers or to the servers of the relevant third parties during a subsequent visit.
3. What are scripts?
A script is a piece of program code that is used to make our website function properly and interactively. This code is executed on our server or on your device.
4. What is a web beacon?
A web beacon (or a pixel tag) is a small, invisible piece of text or image on a website that is used to monitor traffic on a website. In order to do this, various data about you is stored using web beacons.
5. Cookies
5.1 Technical or functional cookies
Some cookies ensure that certain parts of the website work properly and that your user preferences remain known. By placing functional cookies, we make it easier for you to visit our website. This way, you do not need to repeatedly enter the same information when visiting our website and, for example, the items remain in your shopping cart until you have paid. We may place these cookies without your consent.
5.2 Statistics cookies
We use statistics cookies to optimize the website experience for our users. With these statistics cookies we get insights in the usage of our website. We ask your permission to place statistics cookies.
5.3 Advertising cookies
On this website we use advertising cookies, enabling us to personalize the advertisements for you, and we (and third parties) gain insights into the campaign results. This happens based on a profile we create based on your click and surfing on and outside https://www.cocus.com/en/. With these cookies you, as website visitor are linked to a unique ID, so you do not see the same ad more than once for example.
5.4 Marketing/Tracking cookies
Marketing/Tracking cookies are cookies or any other form of local storage, used to create user profiles to display advertising or to track the user on this website or across several websites for similar marketing purposes.
Because these cookies are marked as tracking cookies, we ask your permission to place these.
5.5 Social media
On our website, we have included content from LinkedIn to promote web pages (e.g. “like”, “pin”) or share (e.g. “tweet”) on social networks like LinkedIn. This content is embedded with code derived from LinkedIn and places cookies. This content might store and process certain information for personalized advertising.
Please read the privacy statement of these social networks (which can change regularly) to read what they do with your (personal) data which they process using these cookies. The data that is retrieved is anonymized as much as possible. LinkedIn is located in the United States.
6. Placed cookies
7. Consent
When you visit our website for the first time, we will show you a pop-up with an explanation about cookies. As soon as you click on “Save settings”, you consent to us using the categories of cookies and plug-ins you selected in the pop-up, as described in this Cookie Policy. You can disable the use of cookies via your browser, but please note that our website may no longer work properly.
7.1 Manage your consent settings
8. Enabling/disabling and deleting cookies
You can use your internet browser to automatically or manually delete cookies. You can also specify that certain cookies may not be placed. Another option is to change the settings of your internet browser so that you receive a message each time a cookie is placed. For more information about these options, please refer to the instructions in the Help section of your browser.
Please note that our website may not work properly if all cookies are disabled. If you do delete the cookies in your browser, they will be placed again after your consent when you visit our website again.
9. Your rights with respect to personal data
You have the following rights with respect to your personal data:
- You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
- Right of access: You have the right to access your personal data that is known to us.
- Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
- If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
- Right to transfer your data: you have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
- Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.
To exercise these rights, please contact us. Please refer to the contact details at the bottom of this Cookie Policy. If you have a complaint about how we handle your data, we would like to hear from you, but you also have the right to submit a complaint to the supervisory authority (the Data Protection Authority).
10. Contact details
For questions and/or comments about our Cookie Policy and this statement, please contact us by using the following contact details:
COCUS AG
Frankfurter Straße 80-82, 65760 Eschborn
Germany
Website: https://www.cocus.com/en/
Email: moc.sucoc@ztuhcsnetad
This Cookie Policy was synchronized with cookiedatabase.org on 22 May 2023.
6.7. PLUGINS AND EMBEDDED FUNCTIONS AND CONTENT
We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These can be, for example, graphics, videos or city maps (hereinafter uniformly referred to as “content”).
The integration always requires that the third-party providers of this content process the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is thus required for the display of this content or function. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offering, as well as being linked to such information from other sources.
- Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses); inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms).
- Data subjects: Users (e.g. website visitors, users of online services).
- Purposes of the processing: Provision of our online offer and user-friendliness.
- Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).
Further guidance on processing operations, procedures and services:
- Integration of third-party software, scripts or frameworks (e.g. jQuery): We integrate software into our online offer that we retrieve from servers of other providers (e.g. function libraries that we use for the purpose of presentation or user-friendliness of our online offer). In doing so, the respective providers collect the IP address of the user and may process this for the purpose of transmitting the software to the user’s browser and for security purposes, as well as for the evaluation and optimisation of their offer. – We integrate software into our online offer that we retrieve from servers of other providers (e.g. function libraries that we use for the purpose of presentation or user-friendliness of our online offer). The respective providers collect the IP address of the user and may process this for the purpose of transmitting the software to the user’s browser and for security purposes, as well as for the evaluation and optimisation of their offer;
Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).
- YouTube videos: Video content;
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland;
Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR);
Website: to the website;
Privacy policy: to the privacy policy;
Opt-out option: Opt-out plugin, settings for the display of advertisements.
6.8. Google Maps
Purpose of processing:
Display of an interactive map with route planner.
Legal basis:
Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR);
Duration of storage, deletion, possibility of objection and removal:
If you do not agree to the collection of data through the use of Google Maps, you can deactivate JavaScript in your browser. However, you cannot use the map display and route planning in this case.
6.9. MICROSOFT 365 – BOOKINGS
The software enables you to book an appointment with a COCUS AG employee. The connection to the service is only established when you call up the online booking function via a link or button on our website, in an e-mail or in the newsletter. For the appointment booking, your entries in the appointment booking form are transferred to Microsoft
The connection to the Microsoft Bookings service is only established when you call up the online booking function via the button.
The legal basis for the processing of your data in relation to the “Microsoft Bookings” service is Art. 6 (1) sentence 1 letter f) GDPR (legitimate interest in data processing). The legitimate interest results from our claim to offer you a user-friendly website with a wide range of functions and to give you the opportunity to quickly and easily make a telephone appointment with our staff at any time if required.
Please note that you are not obliged to use Microsoft Bookings to make an appointment. If you do not wish to use the service, please use another of the contact options offered to make an appointment.
Bookings processes personal data in this context to ensure the function. This data includes the data provided by you: Name, contact option (telephone, email address), calendar data (the appointment you have selected), as well as any further comments / notes you have provided. In addition, Bookings processes technical data such as your IP address, the browser fingerprint (aggregated hardware and software data to recognise the device). The legal basis for this type of data processing is your consent, Art. 6 Para. 1 lit. a) GDPR.
Please note: Microsoft Bookings is part of the Office 365 cloud application and Microsoft reserves the right to process customer data for its own business purposes. This poses a data protection risk for Microsoft Bookings users. We have entered into data protection agreements and EU standard contracts with Microsoft to guarantee a minimum level of data protection. Please note that we have no control over Microsoft’s data processing activities. To the extent that Microsoft Bookings processes personal data in connection with Microsoft’s legitimate business operations, Microsoft is an independent data controller for such use and, as such, is responsible for compliance with all applicable laws and obligations of a data controller.
For more information on the handling of user data, please see Microsoft’s privacy policy. You can access the EU standard contractual clauses here.
6.10. Webinars via "Zoom"
Note: If you access the “Zoom” website, the provider of “Zoom” is responsible for data processing. However, calling up the website is only necessary for the use of “Zoom” in order to download the software for the use of “Zoom”.
You can also use “Zoom” if you enter the respective meeting ID and, if applicable, further access data for the meeting directly in the “Zoom” app.
If you do not want to or cannot use the “Zoom” app, the basic functions can also be used via a browser version, which you can also find on the “Zoom” website.
Purpose of processing:
We use the tool “Zoom” to conduct webinars. “Zoom” is a service of Zoom Video Communications, Inc. which is based in the USA.
Types of data processed:
Various types of data are processed when using “Zoom”. The scope of the data also depends on the data you provide before or during participation in a webinar.
The following personal data are subject to processing:
User details:
First name, last name, telephone (optional), e-mail address, password (if “Single-Sign-On” is not used), profile picture (optional), department (optional)
Meeting metadata:
Subject, description (optional), participant IP addresses, device/hardware information
For recordings (optional):
MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
When dialling in with the telephone:
Information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.
Text, audio and video data:
You may have the option of using the chat, question or survey functions in a webinar. In this respect, the text entries you make are processed in order to display them in the webinar and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device as well as from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the “Zoom” applications.
In order to participate in a webinar or to enter the “meeting room”, you must at least provide information about your name.
Scope of processing:
We use “Zoom” to conduct webinars. If we want to record webinars, we will inform you transparently in advance and – where necessary – ask for consent. The fact of the recording will also be displayed to you in the “Zoom” app.
If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.
In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and following up webinars.
If you are registered as a user at “Zoom”, then reports on webinars (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored at “Zoom” for up to 12 months.
Automated decision-making within the meaning of Art. 22 GDPR is not used.
Legal basis:
Insofar as personal data of COCUS AG employees are processed, Section 26 BDSG is the legal basis for data processing. If, in connection with the use of “Zoom”, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of “Zoom”, the legal basis for data processing is Art. 6 (1) lit. f) GDPR. In these cases, our interest lies in the effective implementation of webinars.
Furthermore, the legal basis for data processing when conducting webinars is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too, our interest lies in the effective implementation of webinars.
Recipient / disclosure of data:
Personal data processed in connection with participation in webinars will not be disclosed to third parties unless it is intended for disclosure. Please note that content from webinars, as well as from face-to-face meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended for disclosure.
Other recipients: The provider of “Zoom” necessarily receives knowledge of the above-mentioned data insofar as this is provided for in the context of our order processing agreement with “Zoom”.
Data processing outside the European Union:
“Zoom” is a service provided by a provider from the USA. A processing of personal data therefore also takes place in a third country. We have concluded an order processing agreement with the provider of “Zoom” that complies with the requirements of Art. 28 GDPR.
An adequate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses. As additional protective measures, we have also configured our Zoom so that only data centres in the EU, the EEA or secure third countries such as Canada or Japan are used for the implementation of webinars.
Further information on the handling of user data can be found in Zoom’s Privacy Statement. You can access the EU Standard Contractual Clauses here.
6.11. FACEBOOK PIXEL, CUSTOM AUDIENCES AND FACEBOOK CONVERSION Within our online offer
With the help of the Facebook pixel, it is possible for Facebook to determine the visitors to our online offer as a target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have the certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).
The processing of data by Facebook takes place within the framework of Facebook’s data usage policy. Accordingly, general information on the display of Facebook ads, in Facebook’s data usage policy. Specific information and details about the Facebook Pixel and how it works can be found in Facebook’s help section.
You can object to the collection by the Facebook pixel and use of your data to display Facebook ads. To adjust which types of ads are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
You can further opt out of the use of cookies used for reach measurement and advertising purposes via the Network Advertising Initiative opt-out page and additionally the US website or the European website.
7. references and links to other websites
COCUS AG is not responsible for any contents linked or referred to from his pages – unless COCUS AG has full knowledge of illegal contents and would be able to prevent the visitors of his site from viewing those pages.
COCUS AG hereby expressly declares that at the time the links were created, no illegal content was discernible on the linked pages. COCUS AG has no influence on the current and future design, content or authorship of the linked pages. Therefore, it hereby expressly dissociates itself from all contents of all linked pages that were changed after the link was set. This statement applies to all links and references set within the own Internet offer as well as to external entries in link directories set up by COCUS AG, mailing lists and in all other forms of databases to whose content external write access is possible. For illegal, incorrect or incomplete content and in particular for damages arising from the use or non-use of such information, the provider of the page to which reference is made shall be solely liable, and not the party who merely refers to the respective publication via links.
8. information and data correction / deletion of data
If you have registered for one or more of our websites and would like to delete the data transmitted during registration, you will find corresponding information in the terms of use / general terms and conditions of the respective website. We would like to ask you to read the relevant information there and, if you have any questions or problems, to contact our company data protection officer, Mr Matthias Edelmann, who is of course also available at any time to answer any further questions you may have on the subject of data protection at COCUS AG. You can reach Mr Edelmann at the following e-mail address: datenschutz (at) cocus.com.
8.1. Your rights
– You have the right to request information about your personal data stored by us free of charge.
– You have the right to request the rectification, erasure (“right to be forgotten”) or restriction of the processing of your personal data.
– You have the right to object to data processing that is necessary to protect the legitimate interests of COCUS or a third party, or that is carried out for the purpose of direct advertising, within the framework of the legal provisions.
– You have the right to receive the data concerning you in a structured, common and machine-readable format (so-called “right to data portability”).
If you wish to exercise any of these rights, please contact us as described in section 1.1 . If you consider that the processing of personal data concerning you by COCUS is contrary to relevant legal provisions, you may also contact a supervisory authority, in particular in the member state of your residence or of the place of the alleged infringement.
8.2. Withdrawal of your consent to data processing
Only with your explicit consent are some data processing operations possible. Revocation of your consent already given is possible at any time. An informal communication by e-mail is sufficient for the revocation. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
8.3. Retention period for business letters (e.g. letter post, emails)
8.4. Right to complain to the competent supervisory authority
As a data subject, you have a right of appeal to the competent supervisory authority in the event of a data protection breach. The competent supervisory authority with regard to data protection issues is the State Data Protection Commissioner of the federal state in which our company’s registered office is located. The following link provides a list of data protection officers and their contact details.
8.5. Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to third parties. The provision shall be in a machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
8.6. Right to information, correction, blocking, deletion
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, the origin of the data, its recipients and the purpose of the data processing and, if applicable, a right to correction, blocking or deletion of this data. In this regard and also for further questions on the subject of personal data, you can contact us at any time via the contact options listed in the imprint.
9. Further notes on data protection
With regard to the use of publicly accessible areas offered on our Internet pages, in which you can also voluntarily post personal information (forums, comment functions, etc.), we would like to point out at this point that the information you voluntarily post can be viewed, collected, stored and used by other users. We therefore recommend that you exercise due caution when posting personal information in these areas and always act responsibly to prevent misuse of this data by third parties.
10. reservation of right of modification
We reserve the right to change this privacy policy at any time within the framework of the applicable laws.
Version 1.9, as of May 2023.
