Privacy information

adesso Finland Oy (hereinafter also we/us), Porkkalankatu 5, 00180 Helsinki, is responsible for the Internet platforms.

Below, we would like to inform you comprehensively and in detail about how we shall protect your privacy, and how personal data is processed within the framework of our websites and/or our online platforms. Personal data will be deleted as soon as possible and will never be used for advertising purposes, or be passed on, without your consent.

If the information provided below is insufficient or incomprehensible, please do not hesitate to contact our data protection officer under the contact details given in Section II.

Data controller

adesso SE
Adessoplatz 1
44269 Dortmund
Deutschland

Tel.: +49 231 7000-7000
E-Mail: info@adesso.de
Website: www.adesso.de

Data protection officer

Julius Hüttmann
adesso SE
Adessoplatz 1
44269 Dortmund
Deutschland

Tel.: +49 231 7000-7000
E-Mail: datenschutz@adesso.de
Website: www.adesso.de

Relevant supervisory authority

Landesbeauftragte für Datenschutz und Informationsfreiheit
Nordrhein-Westfalen
Kavalleriestr. 2-4
40213 Düsseldorf

Tel.: 0211/38424-0
Fax: 0211/38424-10
E-Mail: poststelle@ldi.nrw.de

The definitions of the terms used are governed by the Regulation (EU) 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter "General Data Protection Regulation" or "GDPR"). In particular, the definitions under Articles 4 and 9 GDPR apply.

1. “Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more special characteristics which express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person;

2."Processing" means any operation carried out with or without the aid of automated procedures or any such series of operations relating to personal data, such as the collection, conception, organisation, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of provision, reconciliation or linking, restriction, erasure or destruction;

3. "Restriction of processing" means the marking of stored personal data with the aim of restricting or blocking their future processing;

4. "Profiling" means any automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person;

5. "Pseudonymisation" means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

6. "Controller" means the natural or legal person, authority, institution or other body which, alone or in association with others, decides on the purposes and means of processing personal data; where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or the specific criteria for his appointment may be laid down by Union law or by the law of the Member States;

7. "Processor" means a natural or legal person, authority, institution or other body processing personal data on behalf of the data controller;

8. "Recipient" means any natural or legal person, authority, institution or other body to which personal data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union law or the law of the Member States under a particular investigation mandate shall not be considered recipients; the processing of such data by the said authorities is carried out in accordance with the applicable data protection rules and in accordance with the purposes of the processing;

9. "Third party" means any natural or legal person, authority, institution or other body, other than the data subject, the controller, the data processor and the persons authorised to process the personal data under the direct responsibility of the controller or the data processor;

10. "Consent" of the data subject means any voluntary declaration of intent, in an informed and unequivocal manner, in the form of a declaration or other clear affirmative act, in which the data subject indicates his or her consent to the processing of personal data concerning him or her;

1. Scope of the processing of personal data

In principle, we process personal data of our users only insofar as this is necessary for rendering and providing our services and for providing our web and online platforms (including mobile apps).

As a general rule, any collection and/or use of personal data for other purposes take place only

(i) with the user's prior consent,

(ii) if the processing is for the purpose of performing a contract, or

(iii) for the protection of legitimate interests, except where such interests are outweighed by the data subject's interests or basic rights or basic freedoms that necessitate the protection of personal data.

Moreover, an exception applies in cases where, for practical reasons, it is not possible to obtain prior consent, or in cases where processing of the data is permitted by statutory provisions.

2. Legal bases

Insofar as personal data is processed on the basis of the data subject's consent, Article 6 (1), letter a GDPR forms the legal basis for the processing.

In cases where personal data is processed for the performance of a contract to which the data subject is a party, Article 6 (1), letter b GDPR forms the legal basis; this also applies to processing necessary for the implementation of precontractual measures.

If personal data is processed in order to comply with a legal obligation to which we are subject, Article 6 (1), letter c GDPR forms the legal basis. If processing of personal data is necessary in order to protect vital interests of the data subject or any other natural person, Article 6 (1), letter d GDPR forms the legal basis.

If processing takes place in order to protect a legitimate interest of our company or a third party, and this interest is outweighed by the data subject's interests or basic rights or basic freedoms, Article 6 (1), letter f GDPR forms the legal basis of the processing.

3. Obtaining consent / Right to revoke

Generally, consent under Article 6 (1), letter a GDPR is obtained electronically. Consent is given by ticking a box in the corresponding field for the purpose of documenting the granting of consent. The content of the declaration of consent is recorded electronically.

Right to revoke: Please note that consent once given may be wholly or partly revoked at any time with effect for the future. The lawfulness of the processing that, on the basis of the consent given, has taken place until such revocation will remain unaffected hereby. If you wish to revoke your consent, please use the contact details given in Section II (data controller or data protection officer).

4. Possible recipients of personal data

In order to provide our web and/or online platforms, we shall sometimes use third-party service providers, who will, when rendering their services, operate on our behalf and in accordance with our directives (commissioned processor). These service providers may receive personal data or come into contact with personal data when rendering their services and will constitute third parties or recipients within the meaning of the GDPR.

In such cases, we shall ensure that our service providers offer sufficient guarantees that suitable technical and organisational measures exist, and processing is carried out in a manner that is in keeping with the requirements of this Regulation and safeguards the protection of the data subject's rights (cf. Article 28 GDPR).

Insofar as personal data is transmitted to third parties and/or recipients outside of commissioned processing, we shall ensure that this occurs only in compliance with the requirements of the GDPR (e.g. Article 6 (4) GDPR) and only if a corresponding legal basis exists (e.g. Article 6 (4) GDPR; see also subsection IV.2).

5. Data deletion and storage period

The data subject's personal data will be deleted or blocked as soon as the purpose for which the data is being processed ceases to exist. After this purpose has ceased to exist, the data will continue to be stored only if such storage is provided for by the European or national legislator in ordinances, laws or other provisions under European Union law to which our company is subject (e.g. for compliance with statutory retention duties and/or if there are legitimate interests in such storage, e.g. in the course of limitation periods for the purpose of a legal defence against any claims). The data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless further storage of the data is necessary for the conclusion of a contract or for other purposes.

6. Rights of the data subject

A person whose personal data is processed is granted certain rights under the GDPR (so-called rights of the data subject, in particular Articles 12 to 22 GDPR). The data subject's individual rights are explained in greater detail in Section XI. If you wish to make use of one or more of these rights, you may contact us at any time. Please use the contact options specified under Section II.

Every time our website is accessed, our system collects data and information from the accessing computer's computer system in an automated manner. The following data is collected (hereinafter "Log Data"):

• information on the type of browser and the version used
• the user's operating system
• the user's IP address (not personal data)
• the date and time of access
• websites from which the user's system accesses our website
• websites accessed by the user's system via our website

It is not possible for us to identify you on basis of this data alone. For this purpose, we would additionally need the data stored by third parties, in particular by your Internet provider. They know which specific Internet connection was provided with the stored IP address at the time of the visit. If several persons use an Internet connection, it is not possible to determine the concrete person via the IP address alone. Your Internet provider is generally not authorized to provide us with the data available to him. Only in the case of illegal behaviour in connection with your IP address (e.g. attack on our systems via your IP address) would we forward the stored data to the law enforcement authorities if necessary, which can then determine your identity by adding the data of your Internet provider.

1. Purpose and legal basis

The collection and processing of Log Data, in particular the IP address, take place for the purpose of making available to the user the content contained on our website, i.e. for the purpose of communication between the user and our web or online platform. It is necessary to temporarily store the IP address for the duration of the respective communication process. This is needed for addressing the communication between the user and our web and/or online platform and/or for making use of our web and/or online platform. Article 6 (1), letter b and letter f GDPR and/or Section 96 TKG [Telecommunications Act] and/or Section 15 (1) TMG [Telemedia Act] will, for the duration of your website visit, form the legal basis for this data processing.

Any processing and storage of the IP address in log files beyond the communication process take place for the purpose of ensuring the functionality of our web and online platforms, optimising these platforms and ensuring the security of our IT systems. Article 6 (1), letter f GDPR (protection of legitimate interests) and/or Section 109 TKG form the legal basis for any storage of the IP address for these purposes beyond the communication process.

2. Data deletion and storage period

The data will be deleted as soon as it is no longer needed for attaining the purpose for which it was collected. If the data was collected for the purpose of providing the website, this will be the case when the respective session (the website visit) has ended. Any further storage of Log Data, including the IP address, for the purpose of system security will take place for a period of no more than seven days after the user's access to the website has ended. Further processing and/or storage of Log Data will be possible and permissible insofar as the users' IP addresses are, following the expiration of the aforementioned seven-day storage period, deleted or masked to such an extent that it is no longer possible to allocate the Log Data to an IP address.

3. Opt-out and removal option

The collection of Log Data for the provision of the website, including the storage of Log Data in log files within the aforementioned limits, is absolutely essential for the operation of the website. Therefore, the user has no possibility of opting out. This does not apply to the processing of Log Data for analysis purposes; this is - depending upon the respective web analysis tool used and the type of data analysis (personal / anonymous / pseudonymous) - governed by Section VIII.

Our website uses cookies. Cookies are text files stored in the Internet browser or by the Internet browser on the user's computer system. Cookies do not contain programmes and cannot place any malicious code onto your computer. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be clearly identified when the user accesses the website again. As our cookies do not contain any personal data, your privacy will be protected. Depending upon the respective type of cookie and the possibility of allocating a cookie to an IP address, it is, in principle, possible however that the user will be personally identifiable. We shall not carry out such allocation, and/or the IP address will be anonymised without delay in order to rule out such allocation (see under Section VIII for further details). If cookies are used, which enable a personal relationship to be established, we obtain your consent to such use within the framework of a cookie banner (see Section VI.3 below).

We differentiate between (i) technically essential cookies, (ii) analysis cookies and (iii) third-party providers' cookies:

(i) Technically essential cookies are used by us in order to make our web and/or online platform more user-friendly. The following data is stored in technically essential cookies and transmitted to our systems:

• "branch_id." This cookie is used to remember the industry when clicking on industries in the navigation and then permanently display this industry navigation point in the primary navigation until another industry is selected. The cookie expired at the end of the session.
• "adesso-saved-pages": This contains information on all saved pages (link, image, heading, description text) when the user presses the "Save page" button. This is currently valid for 30 days and will be extended if a new page is added or deleted during this time.

(ii) Analysis cookies (also so-called session cookies) are used by us in order to analyse the surfing behaviour of the users on our web and/or online platforms for the purpose of advertising and/or market research or for tailoring the design our platforms to the needs. The following data is collected via analysis cookies and transmitted to our systems:

• Frequency of page views
• Use of website functions such as forms
• Visiting hours
• Entered search terms
• Number of sessions
• Origin of visitors
• Bounce rate
• Pages per session
• Browser and operating system

The user data collected in this manner is anonymised by technical means. It is then no longer possible to allocate the data to the accessing user.

(iii) Third-party providers' cookies are cookies provided not by our web servers, but by third-party providers. This includes, for example, integration of the "Like" button. When this button is clicked, Facebook places a cookie of its own onto the user's browser. We can never search for or evaluate third-party providers' cookies.

The third-party providers are solely responsible for the use of such cookies; we have no possibility of influencing the use or processing of such cookies; you can prevent the placement of third-party providers' cookies by taking the measure described in subsection VII.3 and Section VIII.

1. Purpose and legal basis

The purpose of using technically essential cookies is to simplify website usage for the users. Without the use of these cookies, it would not be possible to offer some of our website features. These features necessitate that the browser be recognised following a site change. We require technically essential cookies for the following applications:

• Target group-oriented display of information and navigation control
• For the use of the "Saved pages" function

The user data collected by means of technically essential cookies is not used for creating user profiles. Article 6 (1), letter b GDPR forms the legal basis for the use of technically essential cookies insofar as the user is possibly personally identifiable, and such use is necessary for the purpose of providing our web and/or online platforms in the interest of the performance of a contract, otherwise Article 6 (1), letter f GDPR, as such use also takes place in order to protect legitimate interests for the purpose of providing web and/or online platforms.

The use of analysis cookies takes place for the purpose of improving the quality of our website and its content. As a result of analysis cookies, we learn how the website is used, which thus enables us to continually optimise our platform (see above). Insofar as the user is possibly personally identifiable, Article 6 (1), letter a GDPR forms the legal basis for the processing of personal data using analysis cookies, if the user has given its consent. If analysis cookies are used for the creation of pseudonymous evaluations, Article 6 (1), letter f GDPR (protection of legitimate interests) or Section 15 (3) Telemediengesetz (TMG) forms the legal basis.

2. Data deletion and storage period

Cookies are deposited onto the respective terminal device of the user (smart device / PC) and transmitted to our websites from there. A distinction is made between so-called permanent cookies and session cookies. Session cookies are stored during the duration of a browser session and deleted when the browser is closed. Permanent cookies are not deleted when the respective browser session ends, but are stored on the user's terminal device for a longer period.

You will find an overview of the cookies used under "VI. Use of cookies".

3. Opt-out and removal option

When accessing our websites, users are, by means of an info banner, informed of the use of cookies and referred to this Data Privacy Statement. In the process thereof, the user's consent to the processing of its personal data used in this connection is also obtained via the banner.

As a user, you have full control over the use and storage of cookies. By changing the settings in your Internet browser, you can generally deactivate or limit the transfer of cookies. You can at any time delete cookies already stored. This can also take place in an automated manner. If cookies are deactivated for our website, it may no longer be possible to fully use all the website features. Further information on the use of cookies can be found at http://www.meine-cookies.org/ or youronlinechoices.com.

You may at any time, with effect for the future, opt out of the use of cookies for the creation of pseudonymous user profiles (see above in the case of analysis cookies; you may exercise your opt-out right via the info banner or via your browsers' setting options.

In order to optimise our websites and adapt to the changing habits and technical requirements of our users, we use tools for so-called web analysis. In the process thereof, we measure, for example, which elements are visited by the users, whether the information searched for is easy to find, etc. This information is only interpretable and meaningful at all if a relatively large group of users is analysed. To this end, the data collected is aggregated, i.e. combined into relatively large units.

This enables us to adapt the design of websites or optimise content in cases where, for example, we discover that a relevant portion of the visitors uses new technologies or fails to find, or has difficulty finding, an existing piece of information.

On our web and online platforms, we carry out the following analyses and use the following web analysis tools:

1. Analysis of Log Data

Use of Log Data for analysis purposes takes place exclusively on an anonymous basis. In particular, Log Data is not linked to user data that could be used to identify the user; nor is Log Data linked to an IP address or a cookie. Therefore, such analysis of Log Data is not subject to the provisions of the GDPR under data protection law.

2. Piwik PRO Marketing Suite

Piwik PRO Marketing Suite is an analysis and customer data platform. We use Piwik to collect first-party information about website visitors based on cookies, IP numbers and browser fingerprints; we create user profiles based on browser history and calculate metrics related to website usage such as bounce rate, intensity of visits, page views, etc. We also use Piwik to help us understand the usage of our website and how we use it. Piwik is hosted on the Microsoft Azure infrastructure in the Netherlands and the data is stored in reports for a period of 2 years for raw data and 3 years for aggregated data. (Purpose of data processing: analysis, conversion tracking on the basis of your consent, legal basis: Art. 6 para. 1 letter a) DS-GVO)

We offer a variety of services on our website that require registration using a form. These include:

1. Newsletter

a) Registration

If you would like to receive our newsletter, we need a valid e-mail address from you. To verify whether you are the owner of the e-mail address provided and/or whether the owner agrees to receiving the newsletter, once you have completed the first stage of registration we will send an automated e-mail to the e-mail address provided (so-called double opt-in). The e-mail address provided will only be added to our mailing list after the newsletter subscription has been confirmed by clicking a link provided in the confirmation e-mail. We will not collect any additional data beyond the e-mail address and the details required to confirm registration. Registrations are logged so that we can provide evidence of our process in accordance with legal requirements. As part of this logging the date and time of initial registration and confirmation will be stored, along with the shipping service provider’s IP address.

b) Shipping with Inxmail

The double opt-in process and the system for dispatching newsletters are managed using software from Inxmail GmbH (Wentzingerstr. 17, 79106 Freiburg, Germany, www.inxmail.de). Inxmail is a service that can be used for a variety of purposes, including organising and analysing the dispatch of newsletters. The data provided by you for the purpose of receiving the newsletter is stored on Inxmail’s servers in Germany. Details provided voluntarily, such as your title, first name and surname, are only used to personalise the newsletter. We use so-called newsletter tracking in our newsletters for analysis purposes. This tracking method records the reactions of recipients (opening of messages, clicking on text and image links, downloading images using an e-mail program). This data is saved in anonymised form for statistical purposes. The stored data cannot be attributed to individual users.

We have concluded an order processing contract with Inxmail, in which we oblige Inxmail to protect our customers’ data and not to disclose it to third parties.

Your data is processed exclusively for the purpose of sending the newsletter requested by you. The legal basis for this processing is Art. 6 (1) (a) GDPR. You may unsubscribe from the newsletter at any time – i.e you can withdraw your consent to your data being processed. A link allowing you to unsubscribe from the newsletter is provided at the bottom of each newsletter. The provisions regarding the right of revocation of your consent under Section IV.3 also apply.

2. Downloading informational material

On our website we offer numerous documents, e.g. white papers or studies, that you may download free of charge. We need your e-mail address to send you any documents you request. You may also provide additional voluntary information, such as your first name, surname and company. If you consent on the form to us contacting you by e-mail, telephone or fax, we will send an automated e-mail to the e-mail address provided after initial registration has been completed (so-called double opt-in). The information provided will only be saved in our system after the contact information has been confirmed via a link provided in the confirmation e-mail. You may withdraw your consent at any time by e-mailing info@adesso.de. Registrations are logged so that we can provide evidence of our process in accordance with legal requirements. As part of this logging the date and time of initial registration and confirmation will be stored, along with the shipping service provider’s IP address. If you do not consent to us contacting you, your data will be automatically deleted after 60 days.

The shipping of materials and the aforementioned double opt-in process are handled by the following service provider:

Inxmail

Inxmail (Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany, www.inxmail.de) is a service that can be used for a variety of purposes, including organising and analysing the dispatch of newsletters. The data provided by you for the purpose of downloading materials is stored on Inxmail servers in Germany.

We have concluded an order processing contract with Inxmail, in which we oblige Inxmail to protect our customers’ data and not to disclose it to third parties.

Salesforce Pardot

Pardot is a cloud-based service provided by Salesforce.com (Salesforce.com Germany GmbH, Erika-Mann-Str. 63, 80636 Munich, Germany), which is used for purposes including campaign management and marketing automation. The data collected in the form is only used by salesforce for the technical processing of the downloads, and is not disclosed to third parties.

Salesforce is certified under the Privacy Shield Agreement, which provides an additional guarantee of compliance with European privacy laws when data is processed in the United States (https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK&status=Active). You can find additional information on data protection at https://www.salesforce.com/de/company/privacy/.

Your data will be processed exclusively for the purpose of sending you the requested materials. The legal basis for this processing is Art. 6 para. 1 lit a GDPR. You can revoke your consent at any time. In addition, the explanations on the right of revocation of consent in section IV.3 apply.

3. Registration for events

On our website we offer the possibility to register for our events. For registration we need your first and last name, company name and e-mail address. The data is used, among other things, to provide interested parties with information about the event before, during and after the event.

Your personal data will be processed on the basis of Art. 6 Para. 1 lit. as of GDPR. You can revoke your consent at any time. In addition, the explanations on the right of revocation of consent in section IV.3 apply. Participation in the events is not possible without consent.

1. Use of personal data for advertising and marketing purposes / Customer surveys

Your personal data will be used for advertising and/or marketing purposes and for carrying out customer satisfaction surveys only if you have consented thereto, or if there is some other legal basis that allows advertising and/or marketing even without your consent.

2. Google AdWords

We use the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, (‘Google’) on the basis of our legitimate interests (i.e., our interest in the analysis, optimisation and economic operation of our Internet presence pursuant to Article 6(1) point (f) of the GDPR).

We use the online advertising program ‘Google AdWords’ and conversion tracking as part of Google AdWords on our website. ‘Google Conversion Tracking’ is an analysis service provided by Google Inc. When you click on an ad placed by Google, a conversion tracking cookie is placed on your computer. These cookies are valid for a limited time, do not contain any personal data and are therefore not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, we and Google will be able to determine that you clicked the ad and were redirected to this page. Each Google AdWords customer receives a different cookie. This means that it is not possible to track cookies through the websites of AdWords customers.

The information which is collected with the aid of the conversion cookie is used to create conversion statistics. We use these to determine the total number of users who have clicked our ads and were redirected to a page with a conversion tracking tag. However, we do not receive any information that could be used to identify you. Processing takes place on the basis of our legitimate interest in targeted advertising and the analysis of the impact and effectiveness of this advertising pursuant to Article 6(1) point (f) of the GDPR.

You have the right to object to the processing of your personal data pursuant to Article 6(1) point (f) of the GDPR at any time. You can also prevent cookies from being stored by selecting the corresponding technical settings in your browser software. However, we would point out that you may not be able to make full use of all functions of this website in this case. This also means that you will not be recorded in our conversion tracking statistics.

Furthermore, you can also deactivate personalised ads in your Google Ads settings. You can find instructions on how to do so here: support.google.com/ads/answer/2662922?hl=en

You can also find more information about Google, as well as its Privacy Policy, under the following links:

https://www.google.de/policies/privacy/

https://policies.google.com/technologies/ads

https://adssettings.google.com/authenticated

3. Youtube

On our websites we use the provider YouTube for the integration of videos. YouTube is operated by YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. based in 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. On some pages we also use a YouTube plug-in. When you access a page with such a plug-in, a connection to the YouTube servers is automatically established and the plug-in is displayed. The YouTube server receives information about which of our Internet pages you have visited. If you are a YouTube member and logged in to YouTube at the same time as you visit our site, YouTube may associate this information with your personal user account. When using the plug-in, such as clicking the start button of a video, this information is also assigned to your user account.

If you do not wish to have such an assignment, you can prevent this by logging out of your YouTube account and other YouTube LLC and/or Google Inc. user accounts before using our pages; alternatively, you can delete the corresponding cookies of these companies (see section VI.3 in detail). Further information on data processing and privacy protection by YouTube (Google) can be found at www.google.de/intl/de/policies/privacy/.

4. Facebook Pixel and Facebook Custom Audience (Remarketing)

On our website we use the so-called "Facebook pixel" of the company "Facebook" (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). The Facebook pixel enables us to classify visitors to our website into specific target groups in order to display appropriate advertising ("ads") to you on Facebook. The data collected (e.g. IP addresses, information on the web browser, the location of the website, buttons clicked, pixel IDs if applicable and other characteristics) are not visible to us ourselves, but can only be used in the context of displaying certain advertisements. So-called cookies are also set as part of the use of the Facebook pixel code.

If you have a Facebook account and are logged in, your visit to this website will be assigned to your Facebook user account.

In part, we also use the remarketing function "Custom Audiences" of the company "Facebook". This enables users of the website to be shown interest-based advertisements ("Facebook ads") when visiting Facebook or other websites that also use this procedure. In this way, we pursue the interest of showing you advertisements that correspond to your interests in order to make our website more interesting for you.

In order to exchange the respective data, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Facebook Custom Audiences, Facebook receives the information that you have called up the corresponding web page of our website or clicked on an advertisement from us. If you are registered with a "Facebook" service, "Facebook" can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider may obtain and store your IP address and other identifying features.

If you have consented to this, we may pass on your telephone number or e-mail address to "Facebook" in order to be able to show you advertisements that correspond to your interests.

You can find out how the Facebook pixel is used for advertising campaigns at https://www.facebook.com/business/learn/facebook-ads-pixel

For more information on Facebook's data policy, please visit https://www.facebook.com/policy.php

For more information on Facebook's data processing, please visit https://www.facebook.com/about/privacy

We use these features to provide you with advertising offers that are relevant to your interests.

We process your data because you have consented to this or we have a legitimate interest in processing the data, Art. 6 para. 1 lit. a. and f DSGVO.

We store your data as long as we need them for the respective purpose (display of interest-based advertising) or you have not objected to the storage of your data or revoked your consent.

Deactivating the "Facebook Custom Audiences" function is possible for logged-in users at https://www.facebook.com/settings/?tab=ads#

You can change your settings for Facebook advertisements at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen , provided you are logged into Facebook.

5. Bing Ads

On our website we use technologies from Bing Ads (bingads.microsoft.com), which are provided and operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). Microsoft sets a cookie on your terminal device if you have accessed our website via a Microsoft Bing ad. In this way, Microsoft and we can recognise that someone has clicked on an advertisement, been redirected to our website and reached a previously determined target page ("conversion site"). We only learn the total number of users who clicked on a Bing ad and were then directed to the conversion site. Microsoft collects, processes and uses information via the cookie, from which usage profiles are created using pseudonyms. These usage profiles are used to analyse visitor behaviour and are used to display advertisements. No personal information about the identity of the user is processed.

If you do not want Microsoft to use information about your behaviour as described above, you can refuse the setting of cookies required for this purpose - for example, by selecting a browser setting that generally disables the automatic setting of cookies. You can also prevent the collection of data generated by the cookie and related to your use of the website, as well as the processing of this data by Microsoft, by declaring your objection under the following link https://choice.microsoft.com/de-DE/opt-out. Further information on data protection and the cookies used by Microsoft and Bing Ads can be found on the Microsoft website https://privacy.microsoft.com/de-de/privacystatement

For the functionality of FirstSpirit ICE we use the services of Dynamic Yield GmbH, Theodor-Stern-Kai 1, 60596 Frankfurt am Main ("Dynamic Yield"). Dynamic Yield is used to optimise our web offer in order to turn your website visit into a personal experience by providing tailor-made recommendations and content. For example, we use the content of the pages you call up to recommend equivalent or thematically related or other content relevant to you. Dynamic Yield collects pseudonymous information about your usage activities on our website. Cookies are used to store only pseudonymised information under a randomly generated ID (pseudonym). Your IP-addresses are only stored anonymously. A direct personal reference is not possible.

You can find more information on the tracking technology used under the following link: https://www.dynamicyield.com/privacy-policy/

Privacy policy

For the purpose of implementing the live chat/chatbot, we collect, process and use only data necessary to establish the requested contact or provide the requested information.

A chatbot solution uses software with an ‘artificial intelligence’-based algorithm that is constantly improving itself.

Chatbot users expressly acknowledge that this is new technology, which means it cannot be expected or guaranteed that data is correctly linked.

The user is therefore not entitled to a specific linking of data or the generation of specific responses.

The transfer of data to third-parties is excluded.

Who is responsible for my personal data in the live chat/chatbot?

Our website uses Onlim’s live chat/chatbot functions (Onlim GmbH, Michael-Gaismair-Strasse 13,

6410 Telfs, Austria, hereafter ‘Onlim’). A direct connection to the Onlim servers is established when using the live chat/chatbot functions. Data is transmitted to the Onlim servers through your chat entries.

What is the purpose of storing data?

Saving the chat history

The chat history is stored in order to be forwarded to the specialist department and/or for the continuous improvement of service quality after the chat has been concluded. The chatbot solution uses software with an “artificial intelligence’-based algorithm that is constantly improving itself. To achieve this and to train the chatbot, chat messages from chatbot users are stored and processed.

Which data is stored and for how long? Can it be altered?

The conversations are assigned a randomly generated pseudonym, which cannot be assigned to live chat/chatbot users and thus guarantees the user’s anonymity.

The live chat/chatbot’s messages from the conversations are stored. The stored data includes the text and/or attachments, the date the messages were created and which intents/answers have triggered them.

The duration and the time of communication are stored anonymously for statistical purposes, in particular, to optimise the service .

How is my data secured?

Onlim GmbH has taken appropriate technical and organisational measures to protect the live chat/chatbot data against loss, manipulation and unauthorised access. The measures taken are subject to regular reviews and are continuously adapted to meet current technological standards.

The live chat/chatbot data is hosted by certified and highly available data centres in Germany. You can find more information about our privacy policy at https://onlim.com/en/privacy-policy.

Are cookies used for live chat/chatbot?

If so, what are they used for?

Cookies are used for the following purposes:

a) Caching of the live chat/chatbot user’s settings (e.g., sound on/off).

b) To determine if the live chat/chatbot user has seen/closed the welcome message.

c) To know which conversation has already been started by the live chat/chatbot user when they revisit the website.

Which cookies are used?

In order to track user information, the following data is stored in the browser’s LocalStorage/SessionStorage.

In LocalStorage

Keys and their functions:

• onlimChat.chatwidget-{Widget-ID}-sender : This contains a reference to the user in our system.
• onlimChat.chatwidget-{Widget-ID}-room : This contains the reference to the conversation the user was last active in.
• onlimChat.chatwidget-{Widget-ID}-autoMessage : This contains information regarding the welcome message (e.g., whether the user has already seen it or closed it).
• onlimChat.chatwidget-{Widget-ID}-timestamp : When the user last visited the website.
• onlimChat.chatwidget-{Widget-ID}-widgetInfo : Contains basic information on how to display the widget so that the user does not have to download it from the server every time they visit the website.
• onlimChat.chatwidget-{Widget-ID}-sound : The user can turn the sound on and off. This is stored here.

Duration: If the user returns to the website after 7 (seven) days, this information is ignored and then recreated. The data in ‘widgetInfo’ is valid for 5 (five) minutes, after which the server will request it again when the website is revisited.

In SessionStorage

Keys and their functions:

• onlimChat.config : Basic presentation information for the widget.
• onlimChat.messages : The user’s conversation messages.
• onlimChat.unread : Number of unread messages.
• onlimChat.preview : The number of messages for which a preview will be displayed

This data is mainly used to exchange information between the different I-frames.

Duration: SessionStorage data remains stored until the user closes the tab.

If you open the chat again after a few days, the last conversation is displayed. Can this be turned off?

If live chat/chatbot users visit the website again within 7 (seven) days, they will see this conversation again. Currently, this cannot be turned off by Onlim customers. If a live chat/chatbot user sets up their browser in such a way that we cannot access cookies, then these cookies will not be stored.

Our website contains a contact form that the user can use to electronically contact us. If the user makes use of this option, the data entered in the input mask is transmitted to us and stored. These details are:

• company name*
• fleet size
• first name*
• surname*
• availability times
• telephone number*
• email*
• field for notifications*
• post code*
• country

*Mandatory details needed for the purpose of registration are marked as a mandatory field by means of an asterisk (also in the input mask).

When a message is sent, the following data is additionally processed and stored:

• the user's IP address
• the date and time of sending

Alternatively, it is possible to contact us via the email address given on our website. In this case, the user's personal data transmitted by email will be stored. In no event will the data be passed on to third parties, unless we need to fall back on third parties for handling the enquiry.

1. Purpose and legal basis

The data will be processed exclusively for the purpose of handling the respective enquiry or the respective user request. The other data collected during the transmission process will serve to prevent misuse of the contact form and safeguard the security of our IT systems.

Insofar as data processing takes place for the purpose of fulfilling a customer order or a customer enquiry, Article 6 (1), letter b GDPR forms the legal basis for the processing of the data, regardless of whether we are contacted via the contact form or by email. If the user has given its consent, Article 6 (1), letter a GDPR forms the legal basis for the processing. Article 6 (1) f GDPR forms the legal basis for the collection of additional data during the transmission process; the legitimate interest lies here in the prevention of misuse and the safeguarding of system security (cf. subsection VI.1).

2. Data deletion and storage period

In principle, the data will be deleted as soon as it is no longer needed for attaining the purpose for which it was collected. In respect of the personal data from the input mask on the contact form, and the personal data sent by email, this will be the case when the respective communication with the user has ended, and/or the user's enquiry has been definitively answered. The communication will be deemed ended, or the enquiry definitively answered, if it is evident from the circumstances that the matter concerned has been definitively cleared up. Instead of being deleted, the data will be stored and blocked insofar as continued storage of the data is necessary for the reasons specified in subsection III.4.

The personal data additionally collected during the transmission process will likewise be deleted as soon as it is no longer needed for attaining the purpose for which it was collected.

3. Opt-out and removal option

The user has the option of at any time discontinuing the communication with us and/or withdrawing its enquiry and opting out of corresponding use of its data. In such case, continued communication will not be possible. All personal data stored in the course of contact with the user will, in this case, be deleted, except where storage of the data continues for the reasons specified in subsection IV.6.

4. Use of Google reCAPTCHA

In certain cases we use the service reCAPTCHA of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland to ensure sufficient data security during the transmission of forms. This is mainly used to distinguish whether the entry is made by a natural person or abusively by machine and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google. For more information about Google Inc.'s privacy policy, please visit http://www.google.de/intl/de/privacy.

There is an application form on our website which the user can use for the electronic application. If the user makes use of this possibility, the data entered in the input mask will be transmitted to us and stored.

The data protection regulations for the application procedure can be found here. (onyl in german)

Name and contact details of the responsible person:

adesso SE
Adessoplatz 1
44269 Dortmund
T 0231 7000 7000

Contact data of the data protection officer of adesso SE:

datenschutz@adesso.de

Purpose and legal basis of data processing:

Art. 6 para. 1 f DSGVO

Legitimate interests pursued by the surveillance:

• Security burglary
• Hazard prevention Vandalism

Storage time of the recordings:

11 days

Under the GDPR, the user is, in particular, entitled to the following rights as the data subject:

1. Right to information (Article 15 GDPR)

You have the right to request information on whether or not we process personal data concerning you. If our company processes personal data concerning you, you are entitled to information on

• the purposes for which the data is processed;
• the categories of personal data (type of data) processed;
• the recipients, or categories of recipients, to whom your data has been disclosed or is yet to be disclosed; this particularly applies, if data has been disclosed, or is to be disclosed, to recipients in third countries outside of the application of the GDPR;
• the planned storage period, insofar as possible; if it is not possible to specify the storage period, the criteria for defining the storage period (e.g. statutory retention periods or the like) will in any case be communicated;
• your right to correction and deletion of the data concerning you, including the right to have processing restricted and/or the option of opting out (see also the following subsections in this respect);
• the existence of a right to complain to a supervisory authority;
• the origin of the data in the case of personal data not collected directly from you.

Furthermore, you are entitled to information on whether your personal data is the subject-matter of an automated decision as defined by Article 22 GDPR, and, if so, what decision-making criteria are taken as a basis for such automated decision (logic), and what effects and implications this automated decision could have for you.

If personal data is transmitted to a third country outside of the scope of application of the GDPR, you are entitled to information on whether and, if so, under what guarantees an adequate level of protection, within the meaning of Articles 45 and 46 GDPR, has been safeguarded at the data recipient in the third country.

You have the right to demand a copy of your personal data. In principle, data copies will be made available by us in electronic form, unless you have specified otherwise. The first copy will be free of charge; an appropriate fee may be requested for further copies. The data requested will be provided only insofar as no rights or freedoms of other persons could be impaired as a result of the sending of a copy of this data.

2. Right to correction (Article 16 GDPR)

You have the right to request that we correct your data insofar as your data is incorrect, inapplicable and/or incomplete; this right to correction includes the right to make your data complete by means of supplementary statements or notifications. Correction and/or supplementation will take place promptly, i.e. without culpable delay.

3. Right to deletion (Article 17 GDPR)

You have the right to demand that we delete your personal data insofar as

• your personal data is no longer needed for the purposes for which it was collected and processed;
• the data is being processed on the basis of consent given by you, and you have revoked your consent, unless there is some other legal basis for processing the data;
• you have opted out of data processing in accordance with Article 21 GDPR, and no overriding legitimate reasons for continued processing exist;
• you have opted out of data processing for the purpose of direct advertising in accordance with Article 21 (2) GDPR;
• your personal data has been processed unlawfully;
• the data concerned is a child's data collected in connection with information society services in accordance with Article 8 (1) GDPR.

No right to delete personal data exists insofar as

• the right to freely express an opinion, or the right to information, conflicts with the request for deletion;
• the processing of personal data is (i) necessary for compliance with a legal obligation (e.g. statutory retention duties), (ii) for the performance of public tasks, or the protection of public interests, under European Union law and/or the law of its Member States (this includes interests in the field of public health) or (iii) for archiving and/or research purposes;
• the personal data is necessary for asserting, exercising or defending legal claims.

Deletion will take place promptly, i.e. without culpable delay. If we have made personal data public (e.g. on the Internet), we shall, insofar as this is technically possible and can be reasonably expected, ensure that third-party data processors are also informed of the deletion request, including the deletion of links, copies and/or replications.

4. Right to restriction of processing (Article 18 GDPR)

You have the right to have the processing of your personal data restricted in the following cases:

• If you have disputed the accuracy of your personal data, you may request of us that, whilst the accuracy is being checked, your data not be used for other purposes and be restricted in this respect.
• If your data is unlawfully processed, you may request that, instead of your data being deleted in accordance with Article 17 (1), letter d GDPR, use of your data be restricted in accordance with Article 18 GDPR.
• If you need your personal data for asserting, exercising or defending legal claims, but your personal data is otherwise no longer needed, you may request that we limit processing to the aforementioned legal defence purposes.
• If you have opted out of data processing in accordance with Article 21 (1) GDPR, and it has not yet been established whether our interests in processing outweigh your interests, you may request that, whilst this is being checked, your data not be used for other purposes and be restricted in this respect.

Personal data whose processing has been restricted at your request will, except for storage, be processed only (i) with your consent, (ii) for asserting, exercising or defending legal claims, (iii) for protecting the rights of other natural persons or legal entities or (iv) for reasons of important public interest. If a processing restriction is lifted, you will be informed thereof.

5. Right to data portability (Article 20 GDPR)

Subject to the following provisions, you have the right to request that the data concerning you be surrendered in a commonly used electronic, machine-readable data format. The right to data transfer includes the right to transmit the data to another data controller. On request, we shall therefore - insofar as technically possible - transmit data directly to a data controller designated, or yet to be designated, by you. The right to data transfer applies only to data provided by you and requires that the processing take place on the basis of consent or for the implementation of a contract and be carried out with the aid of automated procedures. The right to data transfer under Article 20 GDPR does not affect the right to data deletion under Article 17 GDPR. The data will be transferred only insofar as no rights or freedoms of other persons could be impaired as a result of the data transfer.

6. Right to opt out (Article 21 GDPR)

If personal data is processed for the performance of tasks that are in the public interest (Article 6 (1), letter e GDPR) or for the protection of legitimate interests (Article 6 (1), letter f GDPR), you may at any time, with effect for the future, opt out of the processing of personal data concerning you. If you exercise your right to opt out, we shall refrain from all further processing of your data for the aforementioned purposes, unless

• the reasons for processing are compelling and worthy of protection and outweigh your interests, rights and freedoms, or
• processing is necessary for asserting, exercising or defending legal claims.

You may at any time, with effect for the future, opt out of having your data used for the purpose of direct advertising; this also applies to profiling, insofar as it relates to direct advertising. If you exercise your right to opt out, we shall refrain from all further processing of your data for the purpose of direct advertising.

7. Legal protection options / Right to complain to the supervisory authority

If you have any complaints, you may at any time turn to the relevant supervisory authority of the European Union or its Member States. For our company, the supervisory authority specified in Section II is the relevant supervisory authority.

PIWIK Consent Manger

We use the PIWIK Consent Manger to obtain, manage and document the consent of the users according to Art. 6 para. 1 lit. a DSGVO, as soon as it is required by law.

Operator of the PIWIK Consent Manger is the Piwik PRO GmbH, Lina-Bommer-Weg 6, 51149 Köln. Click here to read the data processor's privacy policy.

Here’s how we use your data when you give us the following consents:

Analytics

Purpose: improve site user interface, optimize sales and marketing content
Personal data used: browser cookie, browsing behavior on piwik.pro, device information, IP address
First party involved: Piwik PRO, Google Analytics
Third parties involved: Hotjar, HubSpot, Google Ads (Conversion Pixel)

Marketing automation

Purpose: send marketing materials relevant to your interests
Personal data used: browser cookie, browsing behavior on piwik.pro, IP address, other data you give us will be added to your visitor profile
Third parties involved: Salesforce Pardot

Remarketing

Purpose: display our advertisements on other websites
Personal data used: browser cookie, browsing behavior on piwik.pro, IP address
Third parties involved: Google Ads

Consent to receive marketing information