COCUS Header orange

Privacy notice of COCUS AG

Welcome to COCUS AG

We are pleased that you are visiting our website and thank you for your interest in our company, our services, our products and our website. The protection of your personal data and privacy is very important to us. Therefore, compliance with the provisions of the General Data Protection Regulation (GDPR) is a matter of course for us. The purpose of this law is to protect individuals from having their personal rights infringed by the handling of their personal data. In principle, you can access and view our website without being asked to provide us with your personal data.
Welcome to COCUS AG

We are pleased that you are visiting our website and thank you for your interest in our company, our services, our products and our website. The protection of your personal data and privacy is very important to us. Therefore, compliance with the provisions of the General Data Protection Regulation (GDPR) is a matter of course for us. The purpose of this law is to protect individuals from having their personal rights infringed by the handling of their personal data. In principle, you can access and view our website without being asked to provide us with your personal data.

1. scope of application and responsible body

The data controller for websites (www.cocus.de, www.cocus.com) operated by us (hereinafter also “we”, “us” or similar) is:

COCUS AG (headquarter)
Frankfurter Straße 80-82
65760 Eschborn

+49 211 87 542-860
info@cocus.com

The controller decides alone or jointly with others on the purposes and means of the processing of personal data. The use of our website is generally possible without providing personal data. Insofar as personal data (e.g. name, address or e-mail addresses) is collected on our pages, this is always done, as far as possible, on a voluntary basis. This data will not be passed on to third parties without your express consent. Please note that our Internet pages sometimes contain links to pages of other providers to which this data protection declaration does not apply.

1.1. Data Protection Officer

We have appointed a data protection officer:

Matthias Edelmann
Prinzenallee 11
40549 Dusseldorf
T +49 211 87 542 860
datenschutz@cocus.com

2. collection and processing of personal data

In principle, you can visit the COCUS AG website without telling us who you are. We only learn the name of your internet service provider, the website from which you visit us, the duration of your visit and the web pages you visit on our site. This information is evaluated for statistical purposes.

The collection, storage and use of personal data via our websites is subject to your prior consent. This means that you alone decide whether you provide us with the data requested there, e.g. when requesting information or filling out an online form. An exception applies in those cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.

We use your personal information for problem diagnosis, website administration and demographic information. If you register, we will send you the requested information, news or promotional material. We forward the data from an online form to the relevant department and the respective specialist department responsible. After the process is finished, the data is deleted. Personal data will only be passed on to state institutions and authorities within the framework of mandatory legal provisions.

2.1. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) of the Data Protection Act shall apply. 1 lit. a EU General Data Protection Regulation (GDPR) as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) serves as the basis. 1 lit. b GDPR as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 Para. 1 lit. c GDPR as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (2) of the Data Protection Act shall apply. 1 lit. d DSGVO as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) of the Data Protection Act shall apply. 1 lit. f DSGVO as the legal basis for the processing.

2.2. Contact

A contact form is available on our website, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. These data are: Name, email address and company name.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

2.2.1. Legal basis for data processing

The legal basis for the processing of the data is Art. 6 (2) if the user has given his consent. 1 lit. a GDPR.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR.

2.2.2. Purpose of the data processing

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the submission process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

2.2.3. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

3. passing on your data

We only pass on personal data to third parties on the basis of strict German data protection regulations or with your express consent.

3.1. COCUS service provider

Purpose of transmission:

If service providers provide services on behalf of COCUS that are necessary for the processing of communications; strict contractual regulations are agreed within the scope of this so-called processing on behalf (Art. 28 DSGVO), technical and organisational measures as well as supplementary controls ensure the protection of your data.


Transfer to a third country or to an international organisation:

If a COCUS service provider is located in a third country, appropriate measures (in particular the use of EU standard contractual clauses) are taken to ensure that your rights as a data subject are protected.

4. data security

We use technical and organisational security measures to protect the data we have under our control against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. Our security measures are continuously improved.

4.1. SSL or TLS encryption

For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses an SSL or SSL protocol. TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the “https://” address line of your browser and the lock symbol in the browser line.

5. provision of the website and creation of log files

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:
(1) Information about the browser type and version used
(2) The operating system of the user
(3) The Internet service provider of the user
(4) The anonymised IP address of the user
(5) Date and time of access
(6) Websites from which the user’s system accesses our website
(7) Websites that are accessed by the user’s system via our website

The log files contain IP addresses or other data that allow an assignment to a user. This data is not stored together with other personal data of the user. This data is not merged with other data sources. The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

5.1. Purpose of the data processing

The temporary storage of the anonymised IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the anonymised IP address of the user must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also constitute our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.

5.2. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.

6. INTEGRATION OF THIRD-PARTY SERVICES AND CONTENT, AS WELL AS THE USE OF ANALYSIS TOOLS (WEB TRACKING, COOKIES AND OTHER TECHNOLOGIES)

Information about our customers is very important to us and helps us to constantly improve the offers on our website according to the needs of our customers. For this reason, we use analysis tools on our Internet pages. An analytics tool is software developed by a third party provider that helps us to see where a visitor to a website is coming from, which areas on a website are visited and how often and for how long which sub-pages and categories are viewed. On our Internet pages, we use the technologies of the provider Google Inc.

6.1. WEB ANALYSIS, MONITORING AND OPTIMISATION

Web analytics (also referred to as “reach measurement”) is used to evaluate the flow of visitors to our online offering and may include behaviour, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of the reach analysis, we can, for example, recognise at what time our online offer or its functions or contents are most frequently used or invite re-use. Likewise, we can understand which areas need optimisation.

In addition to web analysis, we may also use testing procedures, e.g. to test and optimise different versions of our online offer or its components.

Unless otherwise stated below, profiles, i.e. data summarised for a usage process, can be created for these purposes and information can be stored in a browser or in a terminal device and read from it. The information collected includes, in particular, websites visited and elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If users have agreed to the collection of their location data from us or from the providers of the services we use, location data may also be processed.

The IP addresses of the users are also stored. However, we use an IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored in the context of web analysis, A/B testing and optimisation, but pseudonyms. This means that we as well as the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective procedures.

  • Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); profiling with user-related information (creation of user profiles); tracking (e.g. interest/behaviour-related profiling, use of cookies); provision of our online offer and user-friendliness.
  • Security measures: IP masking (pseudonymisation of the IP address).
  • Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR).

6.2. Google Analytics

Google Analytics:Web analysis, reach measurement and measurement of user flows;
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland;

Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR);

Website: to the website;

Privacy policy: to the privacy policy;

Order processing contract: To the order processing contract;

Standard contractual clauses (guaranteeing the level of data protection in the case of processing in third countries): On standard contractual clauses;

Opt-out option: Opt-out plugin, settings for the display of advertisements:

Further information: Click here (types of processing and data processed).

Google Analytics 4:

We use Google Analytics to measure and analyse the use of our online offer on the basis of a pseudonymous user identification number. This identification number does not contain any unique data, such as names or email addresses. It is used to assign analysis information to an end device in order to recognise which content users have accessed within one or various usage processes, which search terms they have used, have accessed again or have interacted with our online offer. The time of use and its duration are also stored, as well as the sources of the users referring to our online offer and technical aspects of their end devices and browsers. In the process, pseudonymous profiles of users are created with information from the use of various devices, whereby cookies may be used. In Analytics, higher level geographic location data is provided by collecting the following metadata based on IP search: “city” (and the derived latitude and longitude of the city), “continent”, “country”, “region”, “subcontinent” (and the ID-based equivalents). To ensure the protection of user data in the EU, Google receives and processes all user data via domains and servers within the EU. Users’ IP addresses are not logged and are truncated by the last two digits by default. The shortening of the IP address takes place on EU servers for EU users. In addition, all sensitive data collected from users in the EU is deleted before it is collected via EU domains and servers.

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland;

Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR);

Website: to the website;

Privacy policy: to the privacy policy;

Order processing contract: To the order processing contract;

Standard contractual clauses (guaranteeing the level of data protection in the case of processing in third countries): On standard contractual clauses;

Opt-out option: Opt-out plugin, settings for the display of advertisements

Further information: Click here (types of processing and data processed).

Google Tag Manager:

Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus integrate other services into our online offer (please refer to further information in this data protection declaration). The Tag Manager itself (which implements the tags) does not create user profiles or store cookies. Google only learns the user’s IP address, which is necessary to run the Google Tag Manager.

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland;

Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a) GDPR);

Website: to the website;

Privacy policy: to the privacy policy;

Order processing contract: To the order processing contract;

Standard contractual clauses (guaranteeing the level of data protection in the case of processing in third countries): On the standard contractual clauses

IP anonymisation

We use Google Analytics in conjunction with the IP anonymisation function. It ensures that Google truncates your IP address within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before transferring it to the USA. There may be exceptional cases where Google transfers the full IP address to a server in the USA and truncates it there. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity and internet usage. The IP address transmitted by Google Analytics is not merged with other Google data.

Job processing

In order to fully comply with the legal data protection requirements, we have concluded an order processing contract with Google.

6.3. GOOGLE ADWORDS UND GOOGLE CONVERSION-TRACKING

Our website uses Google AdWords. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

AdWords is an online advertising programme. As part of the online advertising programme, we work with conversion tracking. After a click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that your web browser stores on your terminal device. Google AdWords cookies lose their validity after 30 days and are not used to personally identify users. The cookie allows Google and us to recognise that you have clicked on an ad and have been redirected to our website.

Each Google AdWords customer receives a different cookie. The cookies are not trackable via AdWords customers’ websites. Conversion cookies are used to create conversion statistics for AdWords customers who use conversion tracking. Adwords customers learn how many users clicked on their ad and were redirected to pages with the conversion tracking tag. However, AdWords customers do not receive any information that enables personal identification of users. If you do not wish to participate in tracking, you can object to its use. Here, the conversion cookie must be deactivated in the user settings of the browser. In this way, there is also no inclusion in the conversion tracking statistics.

The storage of “conversion cookies” is based on Art. 6 para. 1 lit. f GDPR. As the website operator, we have a legitimate interest in analysing user behaviour in order to optimise our website and our advertising.

Details on Google AdWords and Google Conversion Tracking can be found in Google’s privacy policy. With a modern web browser, you can monitor, restrict or prevent the setting of cookies. Deactivating cookies may result in limited functionality of our website.

6.4. PERSONALISED ADVERTISING

The above-mentioned cookies are not used to generate personalised advertising on this website and/or advertising tailored to you by COCUS on third-party websites.

6.5. Hubspot

For marketing and sales purposes, the COCUS Group uses the Hubspot service.

HubSpot is a software company from the USA with a branch in Ireland.

Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telefone: +353 1 5187500.

Hubspot is an integrated software solution that covers various aspects of our online marketing. These include, among others:
Email marketing, social media publishing & reporting, reporting, contact management (e.g. user segmentation & CRM), landing pages and contact forms.
Our sign-up service allows visitors to our website to learn more about our company, download content and provide their contact information and other demographic information. This information as well as the content of our website is stored on HubSpot servers. They may be used by us to contact visitors to our website and to determine which of our company’s services are of interest to them. All information we collect is subject to this privacy policy. We use all information collected exclusively to optimise our marketing measures.
More information about HubSpot’s privacy policy
More information from HubSpot regarding EU data protection regulations

You can find more information about the cookies used by HubSpot here & here

As part of the optimisation of our marketing measures, the following data may be collected and processed via Hubspot:

– Geographical position
– Browser-Type
– Navigation information
– Performance data
– Information about how often the application is used

– Reference URL
– Mobile Apps-Data
– Login information for the HubSpot subscription service
– Files displayed on site
– Domain Names
– Viewed Pages
– Aggregated usage
– Operating system version
– Internet service provider
– IP-Address
– Device identifier
– Duration of the visit
– Where the application was downloaded from
– Operating system
– Events that occur within the application
– access times
– Clickstream-Data
– Device model and version

In addition, we also use Hubspot to provide contact forms. You can find more information in this regard in subsection 7 of this privacy policy.

The legal basis of the processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. If you do not want Hubspot to collect and process the aforementioned data, you can refuse your consent or revoke it at any time with effect for the future.

The personal data shall be kept for as long as necessary to fulfil the purpose of the processing. The data shall be deleted as soon as they are no longer necessary to achieve the purpose.

Within the scope of processing via HubSpot, data may be transmitted to the USA. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, your consent may be withdrawn in accordance with Art. 49 Para. 1 lit. a GDPR serve as the legal basis for the transfer to third countries. Please refer to the subsection “7. Forms”.

6.6. ONLINEMARKETING

We process personal data for online marketing purposes, which may include, but are not limited to, marketing advertising space or displaying promotional and other content (collectively, “Content”) based on users’ potential interests and measuring its effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar procedures are used, by means of which the information about the user relevant for the presentation of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times and functions used. If users have consented to the collection of their location data, this may also be processed.

The IP addresses of the users are also stored. However, we use available IP masking procedures (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored within the framework of the online marketing process, but pseudonyms. This means that we as well as the providers of the online marketing procedures do not know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in the cookies or by means of similar procedures. These cookies can later generally also be read on other websites that use the same online marketing procedure and analysed for the purpose of displaying content as well as supplemented with further data and stored on the server of the online marketing procedure provider.

Exceptionally, clear data may be associated with the profiles. This is the case if, for example, the users are members of a social network whose online marketing procedures we use and the network links the users’ profiles with the aforementioned data. We ask you to note that users can make additional agreements with the providers, e.g. by giving their consent as part of the registration process.

In principle, we only receive access to summarised information about the success of our advertisements. However, in the context of so-called conversion measurements, we can check which of our online marketing methods have led to a so-called conversion, i.e., for example, to a conclusion of a contract with us. The conversion measurement is used solely to analyse the success of our marketing measures.

Some cookies are “session cookies”. Such cookies are deleted automatically at the end of your browser session. On the other hand, other cookies remain on your terminal device until you delete them yourself. Such cookies help us to recognise you when you return to our website.

With a modern web browser, you can monitor, restrict or prevent the setting of cookies. Many web browsers can be configured so that cookies are deleted automatically when the programme is closed. Deactivating cookies may result in limited functionality of our website.
The setting of cookies, which are necessary for the exercise of electronic communication processes or the provision of certain functions desired by you (e.g. shopping cart), is carried out on the basis of Art. 6 Para. 1 lit. f GDPR. As the operator of this website, we have a legitimate interest in storing cookies for the technically error-free and smooth provision of our services. If other cookies are set (e.g. for analysis functions), these are dealt with separately in this data protection declaration.

Here you will find a detailed list of all cookies used on the website:
Cookie Directive (EU)

Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.

  • Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); tracking (e.g. interest/behaviour-related profiling, use of cookies); marketing; profiling with user-related information (creation of user profiles).
  • Security measures: IP masking (pseudonymisation of the IP address).
  • Opt-out: We refer to the data protection notices of the respective providers and the opt-out options given for the providers. If no explicit opt-out option has been specified, you have the option of switching off cookies in your browser settings. However, this may restrict the functions of our online offer. We therefore recommend the following additional opt-out options, which are offered in summary for the respective areas:
    a) Europe
    b) Canada
    c) USA
    d) Cross-territorial

6.7. PLUGINS AND EMBEDDED FUNCTIONS AND CONTENT

We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These can be, for example, graphics, videos or city maps (hereinafter uniformly referred to as “content”).

The integration always requires that the third-party providers of this content process the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is thus required for the display of this content or function. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offering, as well as being linked to such information from other sources.

  • Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses); inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of the processing: Provision of our online offer and user-friendliness.
  • Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).

Further guidance on processing operations, procedures and services:

  • Integration of third-party software, scripts or frameworks (e.g. jQuery): We integrate software into our online offer that we retrieve from servers of other providers (e.g. function libraries that we use for the purpose of presentation or user-friendliness of our online offer). In doing so, the respective providers collect the IP address of the user and may process this for the purpose of transmitting the software to the user’s browser and for security purposes, as well as for the evaluation and optimisation of their offer. – We integrate software into our online offer that we retrieve from servers of other providers (e.g. function libraries that we use for the purpose of presentation or user-friendliness of our online offer). The respective providers collect the IP address of the user and may process this for the purpose of transmitting the software to the user’s browser and for security purposes, as well as for the evaluation and optimisation of their offer;

Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR).

  • YouTube videos: Video content;

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland;

Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR);

Website: to the website;

Privacy policy: to the privacy policy;

Opt-out option: Opt-out plugin, settings for the display of advertisements.

6.8. Google Maps

On some websites, COCUS uses the Google Maps service from Google (Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043 USA), with whom we have concluded an order processing agreement and the so-called standard contractual clause of the EU Commission. By using Google Maps, information about the use of the websites called up, including their IP address and the start address entered as part of route planning, can be transmitted to Google. When you visit a website that contains Google Maps, your browser establishes a direct connection to Google’s servers. The map content is transmitted directly from Google to your browser, which then integrates it into the website. We have no influence on the scope of the data collected by Google in this way.

Purpose of processing:
Display of an interactive map with route planner.

Legal basis:
Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR);

Duration of storage, deletion, possibility of objection and removal:
If you do not agree to the collection of data through the use of Google Maps, you can deactivate JavaScript in your browser. However, you cannot use the map display and route planning in this case.

6.9. MICROSOFT 365 – BOOKINGS

We use Microsoft Bookings for online appointment booking, a service provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521.

The software enables you to book an appointment with a COCUS AG employee. The connection to the service is only established when you call up the online booking function via a link or button on our website, in an e-mail or in the newsletter. For the appointment booking, your entries in the appointment booking form are transferred to Microsoft

The connection to the Microsoft Bookings service is only established when you call up the online booking function via the button.

The legal basis for the processing of your data in relation to the “Microsoft Bookings” service is Art. 6 (1) sentence 1 letter f) GDPR (legitimate interest in data processing). The legitimate interest results from our claim to offer you a user-friendly website with a wide range of functions and to give you the opportunity to quickly and easily make a telephone appointment with our staff at any time if required.

Please note that you are not obliged to use Microsoft Bookings to make an appointment. If you do not wish to use the service, please use another of the contact options offered to make an appointment.

Bookings processes personal data in this context to ensure the function. This data includes the data provided by you: Name, contact option (telephone, email address), calendar data (the appointment you have selected), as well as any further comments / notes you have provided. In addition, Bookings processes technical data such as your IP address, the browser fingerprint (aggregated hardware and software data to recognise the device). The legal basis for this type of data processing is your consent, Art. 6 Para. 1 lit. a) GDPR.

Please note: Microsoft Bookings is part of the Office 365 cloud application and Microsoft reserves the right to process customer data for its own business purposes. This poses a data protection risk for Microsoft Bookings users. We have entered into data protection agreements and EU standard contracts with Microsoft to guarantee a minimum level of data protection. Please note that we have no control over Microsoft’s data processing activities. To the extent that Microsoft Bookings processes personal data in connection with Microsoft’s legitimate business operations, Microsoft is an independent data controller for such use and, as such, is responsible for compliance with all applicable laws and obligations of a data controller.

For more information on the handling of user data, please see Microsoft’s privacy policy. You can access the EU standard contractual clauses here.

6.10. Webinars via "Zoom"

We use a service provided by Zoom, 55 Almaden Boulevard 6th Floor, San Jose, California 95113, USA, to conduct webinars.

Note: If you access the “Zoom” website, the provider of “Zoom” is responsible for data processing. However, calling up the website is only necessary for the use of “Zoom” in order to download the software for the use of “Zoom”.

You can also use “Zoom” if you enter the respective meeting ID and, if applicable, further access data for the meeting directly in the “Zoom” app.

If you do not want to or cannot use the “Zoom” app, the basic functions can also be used via a browser version, which you can also find on the “Zoom” website.


Purpose of processing:
We use the tool “Zoom” to conduct webinars. “Zoom” is a service of Zoom Video Communications, Inc. which is based in the USA.


Types of data processed:
Various types of data are processed when using “Zoom”. The scope of the data also depends on the data you provide before or during participation in a webinar.

The following personal data are subject to processing:


User details:
First name, last name, telephone (optional), e-mail address, password (if “Single-Sign-On” is not used), profile picture (optional), department (optional)


Meeting metadata:
Subject, description (optional), participant IP addresses, device/hardware information


For recordings (optional):
MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.


When dialling in with the telephone:
Information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.


Text, audio and video data:
You may have the option of using the chat, question or survey functions in a webinar. In this respect, the text entries you make are processed in order to display them in the webinar and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device as well as from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the “Zoom” applications.

In order to participate in a webinar or to enter the “meeting room”, you must at least provide information about your name.


Scope of processing:
We use “Zoom” to conduct webinars. If we want to record webinars, we will inform you transparently in advance and – where necessary – ask for consent. The fact of the recording will also be displayed to you in the “Zoom” app.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.

In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and following up webinars.

If you are registered as a user at “Zoom”, then reports on webinars (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored at “Zoom” for up to 12 months.

Automated decision-making within the meaning of Art. 22 GDPR is not used.


Legal basis:
Insofar as personal data of COCUS AG employees are processed, Section 26 BDSG is the legal basis for data processing. If, in connection with the use of “Zoom”, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of “Zoom”, the legal basis for data processing is Art. 6 (1) lit. f) GDPR. In these cases, our interest lies in the effective implementation of webinars.

Furthermore, the legal basis for data processing when conducting webinars is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.

If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too, our interest lies in the effective implementation of webinars.


Recipient / disclosure of data:
Personal data processed in connection with participation in webinars will not be disclosed to third parties unless it is intended for disclosure. Please note that content from webinars, as well as from face-to-face meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended for disclosure.

Other recipients: The provider of “Zoom” necessarily receives knowledge of the above-mentioned data insofar as this is provided for in the context of our order processing agreement with “Zoom”.


Data processing outside the European Union:
“Zoom” is a service provided by a provider from the USA. A processing of personal data therefore also takes place in a third country. We have concluded an order processing agreement with the provider of “Zoom” that complies with the requirements of Art. 28 GDPR.

An adequate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses. As additional protective measures, we have also configured our Zoom so that only data centres in the EU, the EEA or secure third countries such as Canada or Japan are used for the implementation of webinars.


Further information on the handling of user data can be found in Zoom’s Privacy Statement. You can access the EU Standard Contractual Clauses here.

6.11. FACEBOOK PIXEL, CUSTOM AUDIENCES AND FACEBOOK CONVERSION Within our online offer

Within our online offer, the so-called “Facebook pixel” of the social network Facebook, which is operated by Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland (“Facebook”), is used due to our legitimate interests in the analysis, optimisation and economic operation of our online offer and for these purposes.

With the help of the Facebook pixel, it is possible for Facebook to determine the visitors to our online offer as a target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have the certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).

The processing of data by Facebook takes place within the framework of Facebook’s data usage policy. Accordingly, general information on the display of Facebook ads, in Facebook’s data usage policy. Specific information and details about the Facebook Pixel and how it works can be found in Facebook’s help section.

You can object to the collection by the Facebook pixel and use of your data to display Facebook ads. To adjust which types of ads are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

You can further opt out of the use of cookies used for reach measurement and advertising purposes via the Network Advertising Initiative opt-out page and additionally the US website or the European website.

7. references and links to other websites

Our websites also contain links to third-party websites. COCUS AG is not responsible for the data protection precautions or the content of other websites.

COCUS AG is not responsible for any contents linked or referred to from his pages – unless COCUS AG has full knowledge of illegal contents and would be able to prevent the visitors of his site from viewing those pages.

COCUS AG hereby expressly declares that at the time the links were created, no illegal content was discernible on the linked pages. COCUS AG has no influence on the current and future design, content or authorship of the linked pages. Therefore, it hereby expressly dissociates itself from all contents of all linked pages that were changed after the link was set. This statement applies to all links and references set within the own Internet offer as well as to external entries in link directories set up by COCUS AG, mailing lists and in all other forms of databases to whose content external write access is possible. For illegal, incorrect or incomplete content and in particular for damages arising from the use or non-use of such information, the provider of the page to which reference is made shall be solely liable, and not the party who merely refers to the respective publication via links.

8. information and data correction / deletion of data

If you have registered for one or more of our websites and would like to delete the data transmitted during registration, you will find corresponding information in the terms of use / general terms and conditions of the respective website. We would like to ask you to read the relevant information there and, if you have any questions or problems, to contact our company data protection officer, Mr Matthias Edelmann, who is of course also available at any time to answer any further questions you may have on the subject of data protection at COCUS AG. You can reach Mr Edelmann at the following e-mail address: datenschutz (at) cocus.com.

8.1. Your rights

In the following, we would like to inform you of the rights available to you under the law. We would like to draw your attention to the rights to which you are entitled under Art. 15 GDPR with regard to the processing of your personal data:

– You have the right to request information about your personal data stored by us free of charge.
– You have the right to request the rectification, erasure (“right to be forgotten”) or restriction of the processing of your personal data.
– You have the right to object to data processing that is necessary to protect the legitimate interests of COCUS or a third party, or that is carried out for the purpose of direct advertising, within the framework of the legal provisions.
– You have the right to receive the data concerning you in a structured, common and machine-readable format (so-called “right to data portability”).

If you wish to exercise any of these rights, please contact us as described in section 1.1 . If you consider that the processing of personal data concerning you by COCUS is contrary to relevant legal provisions, you may also contact a supervisory authority, in particular in the member state of your residence or of the place of the alleged infringement.

8.2. Withdrawal of your consent to data processing

Only with your explicit consent are some data processing operations possible. Revocation of your consent already given is possible at any time. An informal communication by e-mail is sufficient for the revocation. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

8.3. Retention period for business letters (e.g. letter post, emails)

6 years, beginning with the end of the calendar year in which the business letter was received or sent. Where data is not affected by this, the data will be deleted when the purposes for which it was collected cease to apply or when you withdraw consent on which data processing is based. In the event that deletion is not possible or only possible with disproportionate effort for legal, technical or organisational reasons, the processing of your data will be restricted.

8.4. Right to complain to the competent supervisory authority

As a data subject, you have a right of appeal to the competent supervisory authority in the event of a data protection breach. The competent supervisory authority with regard to data protection issues is the State Data Protection Commissioner of the federal state in which our company’s registered office is located. The following link provides a list of data protection officers and their contact details.

8.5. Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to third parties. The provision shall be in a machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

8.6. Right to information, correction, blocking, deletion

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, the origin of the data, its recipients and the purpose of the data processing and, if applicable, a right to correction, blocking or deletion of this data. In this regard and also for further questions on the subject of personal data, you can contact us at any time via the contact options listed in the imprint.

9. Further notes on data protection

With regard to the use of publicly accessible areas offered on our Internet pages, in which you can also voluntarily post personal information (forums, comment functions, etc.), we would like to point out at this point that the information you voluntarily post can be viewed, collected, stored and used by other users. We therefore recommend that you exercise due caution when posting personal information in these areas and always act responsibly to prevent misuse of this data by third parties.

10. reservation of right of modification

We reserve the right to change this privacy policy at any time within the framework of the applicable laws.
Version 1.9, as of May 2023.