Privacy policy
Privacy Policy of InterNexum GmbH in accordance with the GDPR
The protection of your personal data (also referred to as "data") is an important concern for us. In the following, we would like to provide you with comprehensive information about the categories of data we process and for what purposes when you use our website and when registering domain names.
This privacy policy is based on the provisions of the EU General Data Protection Regulation (GDPR) and also takes into account the requirements of the NIS2 Directive, which brings additional security measures for registrars and registries. Please note that our privacy policy may change over time due to the implementation of new technologies or changes in legislation.
Our privacy policy is divided into the following sections:
- A. General Information
Information about the data controller, the data protection officer, your rights, the legal basis for data processing, the storage period, as well as information on children, recipients of data, transfers to third countries, data security, and automated decisions including profiling. - B. Processing of Specific Personal Data
Details on the processing of personal data during the technical provision of the website, for security and performance purposes, in commercial services, during contact and CRM processes, as well as in newsletters and social media integrations. - C. Statistics and Web Analysis – Use of Cookies
Information on the use of web analysis and statistics tools, as well as advertising based on tracking and retargeting. - D. Processing of Personal Data in Domain Name Registration
Specific information on the processing of your data in connection with domain registrations, including the requirements of the NIS2 Directive.
We recommend that you read the individual sections carefully to gain a comprehensive understanding of our data processing practices. Please note that this policy may change over time due to changes in the legal framework or technical developments.
A. General Information
1. Data Controller
The data controller according to Article 4(7) of the EU General Data Protection Regulation ("GDPR") is InterNexum GmbH, Blumenstraße 54, 02826 Görlitz, Germany.
InterNexum GmbH determines the purpose and means of processing your personal data on this website.
2. Data Protection Officer
You can reach our external data protection officer at:
IITR Datenschutz GmbH
Dr. Sebastian Kraska
Marienplatz 2, 80331 Munich
Germany
Email: email@iitr.de
Phone: 089-18917360
Affected individuals can also direct declarations and requests for information to the internal data protection office for prompt processing: datenschutz@internexum.de.
3. Your Rights
You can assert the following rights against the data controller free of charge in accordance with the legal provisions:
- Withdrawal of your consent (Article 7(3) GDPR);
- Right of access (Article 15 GDPR);
- Right to rectification or erasure (Article 16 and Article 17 GDPR);
- Right to restrict processing (Article 18 GDPR);
- Right to data portability (Article 20 GDPR);
- Right to object to processing (Article 21 GDPR).
To assert claims under the GDPR, please contact the data controller using the contact details above or alternatively contact the data protection officer. If you wish to contact us by email, please use an email address that is registered in our system so that we can identify you.
We cannot guarantee complete data security for email communication, so we recommend using postal services for confidential information.
If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a supervisory authority of your choice in accordance with Article 77(1) GDPR.
4. Legal Basis
We generally process data only if we have a legal basis to do so. We will go into more detail on the specific legal bases in individual processing operations. However, the following applies in general:
- Where we obtain consent from the data subject for processing personal data, Article 6(1)(a) GDPR serves as the legal basis.
- If the processing of personal data is necessary for the performance of a contract, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.
- If the processing is necessary to fulfill a legal obligation to which we are subject, Article 6(1)(c) GDPR serves as the legal basis for the processing.
- If the processing is necessary for the purposes of legitimate interests pursued by our company or a third party, and the interests, fundamental rights, and freedoms of the data subject do not override the first interest, Article 6(1)(f) GDPR serves as the legal basis for the processing.
5. Storage Period
We delete the data we process or restrict its processing in accordance with the legal requirements, particularly Articles 17 and 18 GDPR. Unless expressly stated in this privacy policy, we delete stored data as soon as it is no longer required for the intended purpose. Further storage may occur if required for other and legally permissible purposes or if the data must be retained due to legal retention obligations. In such cases, the processing will be restricted, meaning it will be locked and not processed for other purposes.
Legal retention obligations arise, for example, from Section 257(1) of the German Commercial Code (HGB) (6 years for accounting records, inventories, opening balances, annual financial statements, business letters, accounting vouchers, etc.) as well as from Section 147(1) of the German Fiscal Code (AO) (10 years for books, records, management reports, accounting vouchers, business and commercial letters, documents relevant to taxation, etc.).
6. Children
Our web offer is not aimed at children under 16 years of age.
7. Recipients, Transfers to Third Countries, Linked Third-Party Websites
Below, we would like to inform you about the third parties and processors to whom we may transfer personal data. On our website, we use various services from third parties with different purposes, which we will explain in more detail in the individual descriptions. In general, these services aim to make our website functional, secure, visually appealing, and content-rich while continuously optimizing it. We generally transfer personal data to the following categories of third parties:
Billing service providers, printing and postal service providers, insurance companies, telecommunications service providers, insurance brokers, and experts for the assessment and settlement of damages, authorities upon legitimate request, credit institutions and payment service providers for the processing of payments, external accountants, auditors, legal advisors, and auditors.
If personal data is transferred to a third country or an international organization, we will inform you of the transfer and the underlying legal basis separately. The transfer is secured by standard contractual clauses (Implementing Decision EU/2021/914) under Article 46 GDPR or other appropriate transfer safeguards under Articles 44 ff. GDPR.
If we engage processors for the processing of data, who are, of course, bound by our instructions, we select, commission, and regularly monitor them carefully. The engagements are based on data processing agreements in accordance with Article 28 GDPR. Processing for the processors' own purposes does not take place.
Among the processors is, for example, our cloud service provider, which is used for the storage of documents and files. In this context, we use the services of the following providers:
- Zoho Corporation Pvt. Ltd., Estancia IT Park, Chennai 600044, India. More information can be found at https://www.zoho.com/privacy.html. Zoho uses standard contractual clauses under Article 46 GDPR to ensure an adequate level of data protection.
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. More information can be found at https://www.google.com/policies/privacy, https://cloud.google.com/security/privacy. Standard contractual clauses have been concluded between Google Ireland Ltd. and the parent company to ensure a secure level of data protection in the third country USA.
- Service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; Website: http://microsoft.com/de-de; Privacy policy: https://privacy.microsoft.com/de-de/privacystatement, Security information: https://www.microsoft.com/de-de/trustcenter; Privacy Shield (ensuring data protection level when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active.
Our website may contain links to third-party websites. We would like to emphasize that we are not responsible for the processing of your personal data on these websites in the sense of Article 4(7) GDPR. Please refer to the privacy policies of the respective websites before disclosing any personal data.
8. Data Security
We apply technical and organizational measures to protect your personal data against loss, manipulation, destruction, or other attacks by unauthorized persons. We continuously improve our security measures according to the current state of technology. When transmitting your personal data via this website, we use transport encryption technology (TLS).
9. Automated Decision-Making Including Profiling
We use automated decision-making procedures, including profiling, to optimize our marketing efforts and provide you with relevant information and offers. These processes are carried out using the Zoho One service, which provides various modules for analyzing and segmenting leads.
As part of this processing, we analyze, for example, the pages you visit, the links you click, and other activities to better understand your interests and preferences. Based on this information, we can make automated decisions, such as categorizing you (e.g., "hot," "warm," "cold") to provide you with appropriate offers and content.
We use the following service provider:
- Zoho Corporation Pvt. Ltd., Estancia IT Park, Chennai 600044, India. More information can be found at https://www.zoho.com/privacy.html. Zoho uses standard contractual clauses under Article 46 GDPR to ensure an adequate level of data protection.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. If you object to this processing, you can contact us at any time and object to the use of your data for these purposes. In such cases, your data processing will be adjusted accordingly.
B. Collection and Processing of Your Personal Data
1. Technical Provision of the Website, Hosting
Each time you access content on the website, data is temporarily stored in so-called log files, which may allow identification. The following data is collected:
- Date and time of access
- IP address of the accessing computer
- Hostname of the accessing computer
- Website from which the website was accessed
- Websites accessed via the website
- Visited page on our website
- Transferred data volume
- Notification of whether the access was successful
- Information about the browser type and the version used
- Operating system
The temporary storage of data is necessary for the website visit process to enable the delivery of the website. Further storage of the log files occurs to ensure the functionality of the website and the security of information technology systems. In this context, your IP address will be truncated as soon as possible to prevent identification of your person. The legal basis for the temporary storage is Article 6(1)(b) GDPR. The legal basis for the further storage with a truncated IP address is Article 6(1)(f) GDPR. Our legitimate interest is to protect our information technology systems (particularly in the event of abusive attacks, so-called DDoS attacks). A personal evaluation of the data, particularly for marketing purposes, does not take place without prior consent.
The data will be deleted as soon as they are no longer required for the purpose of their collection. In the case of providing the website, this is the case when the respective session has ended. The log files are stored exclusively for administrators.
To operate our websites, we use hosting providers to process the meta and communication data of our website users on our behalf and based on our legitimate interest in the efficient and secure provision of this website in accordance with Article 6(1)(f) and Article 28 GDPR. We conclude data processing agreements with these providers to ensure that your data is protected in accordance with legal requirements.
2. Security and Performance
Content Delivery Network and Web Application Firewall (CloudFlare)
We use the CloudFlare service (service provider: Cloudflare Inc., 101 Townsend Street, San Francisco, California 94107, USA) on the website to secure our web presence (Web Application Firewall) and to optimize loading times (Content Delivery Network).
When you access our site, your requests are routed through CloudFlare's server, and statistical access data about your visit to our web presence is collected, and a cookie is stored on your end device via CloudFlare's internet browser. The access data includes your IP address, the accessed website(s) of our web presence, the type and version of your browser, your operating system, the referrer URL (i.e., the page from which you reached us), your length of stay on our web presence, and the frequency of accessing our pages. The analysis based on this data is necessary to detect and prevent attacks. Cookies are used to recognize your device. No analysis for statistical evaluation or advertising purposes takes place.
CloudFlare guarantees to maintain EU data protection levels through standard contractual clauses.
The legal basis is our legitimate interest under Article 6(1)(f) GDPR. This is the secure operation of our web presence and its optimization.
Further information on the collection and use of the data can be found at https://www.cloudflare.com/privacypolicy.
Google reCAPTCHA
We use the "Google reCAPTCHA" service on our website (hereinafter "reCAPTCHA"). The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The purpose of reCAPTCHA is to check whether the data entry on our website (e.g., in a contact form) is performed by a human or an automated program. To this end, reCAPTCHA analyzes the behavior of website visitors based on various characteristics. This analysis begins automatically as soon as a visitor enters the website. In the course of the analysis, reCAPTCHA evaluates various information (e.g., IP address, the time the visitor spends on the website, mouse movements, or other behavioral signals). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run entirely in the background, and website visitors are not specifically informed that an analysis is taking place. The storage and analysis of this data are based on Article 6(1)(f) GDPR. Our legitimate interest lies in protecting our web offerings from abusive automated spying and SPAM. If appropriate consent was requested, the processing is carried out exclusively based on Article 6(1)(a) GDPR and Section 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time. Further information on Google reCAPTCHA, as well as Google's privacy policy and terms of use, can be found at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de. Google has certification under the "EU-US Data Privacy Framework" (DPF). This agreement between the European Union and the USA ensures compliance with European data protection standards for data processing in the USA. Further information can be found at the following link: https://www.dataprivacyframework.gov/participant/5780.
3. Commercial and Business Services
To provide pre-contractual and contractual services, to invoice, for customer support, to fulfill business and legal obligations, and for internal organization and administration, we must process the personal data you provide. During data collection, we will inform you which categories of data are required for this purpose. Typically, these are contact details, payment data (payment method, invoices, payment history), contract details (subject matter, contract duration, payment information).
Beyond the termination of contractual services (including ongoing obligations), there may be legal obligations to retain your personal data. Relevant in this context are, in particular, retention obligations under tax and commercial law. In addition, we must store personal data as long as warranty or guarantee periods are running.
a. Account Registration
You can register a customer account. Domain name registration or the use of other commercial services is only possible if you have a registered account. When registering, you must provide some personal data marked as "mandatory field." These are usually the following categories of data:
Contact name (first name, last name), address, city, postal code, country, phone number, email address.
In addition, the date and time of registration are stored, including your IP address.
Company/Organization, Tax number.
We use this data to identify customers and manage your account. Additionally, the data is used to pre-fill forms for the registration of your domain name. The legal basis for processing is the necessity to process personal data to fulfill a contract or to carry out pre-contractual measures according to Article 6(1)(b) GDPR.
You may voluntarily provide additional data categories. The processing of this data occurs based on our legitimate interest in additional verification and faster communication. The legal basis for processing is Article 6(1)(f) GDPR.
You will also choose a user ID and password to log in to your account. Please ensure that no unauthorized person gains access to the login data for your account.
A registered account is necessary to register domain names and use other services. For the processing of your personal data during domain name registration, please refer to our privacy policy for domain name registration.
b. Webinars
We offer our customers the opportunity to participate in webinars. To do this, we process your email address (to send invitations and appointment reminders, and to register with the service provider), your name, possibly your billing address, and information about your company. For the technical provision, we also process the data categories listed under server log files. After the event, we process your email address to send additional information. The processing is necessary for the performance of the contract. To conduct webinars, we use the following processors:
- WebinarGeek B.V., Chroomstraat 12, Zoetermeer, Netherlands. Further privacy information for Webinargeek: https://www.webinargeek.com/privacy, https://www.webinargeek.com/cookies
- Zoho Corporation Pvt. Ltd., Estancia IT Park, Chennai 600044, India. Further privacy information for Zoho: https://www.zoho.com/privacy.html
c. Direct Marketing
We have a legitimate interest (direct marketing, Recital 47 GDPR) in sending marketing communications to customers (people with whom we have a business relationship) via email or post under Article 6(1)(f) GDPR. In particular, we may send you news about our company or group companies, information about events, and invitations to evaluate our services and products.
For this purpose and for sending newsletters, we use the following processors:
- Zoho Corporation Pvt. Ltd., Estancia IT Park, Chennai 600044, India. Further privacy information for Zoho: https://www.zoho.com/privacy.html
- Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin. Further privacy information for Sendinblue: https://www.brevo.com/de/legal/privacypolicy/
Where personal data is transferred to Zoho, Zoho guarantees compliance with EU data protection levels through standard contractual clauses. Further information can be found at https://www.zoho.com/privacy.html.
d. Payment
We use various payment methods from third-party payment service providers. If you choose one of these payment methods, your payment data will be forwarded to the respective payment service provider for payment processing. These third parties process your personal data as independent controllers in accordance with their privacy policies. The transfer is based on the fulfillment of the contract under Article 6(1)(b) GDPR and our legitimate interest in secure payment processing and fraud prevention under Article 6(1)(f) GDPR.
Please note the terms and conditions, usage policies, and privacy policies of the respective payment provider.
- PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_DE
- SOFORT, Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany. https://www.sofort.com/datenschutz.html
- Stripe Payments Europe, Limited (SPEL), 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, D02 H210. https://stripe.com/de/privacy
When selecting the payment methods "purchase on account" and "installment purchase," the following personal data, in particular, is processed by us or the payment service provider as the data controller for the purpose of payment processing and, in this context, for identity and credit checks:
- Contact and identification information: Name, date of birth, national identification number, title, billing and delivery address, email address, mobile phone number; nationality, income, etc.
- Payment information: Debit and credit card data (card number, expiration date, and CVV code), account number, etc.
- Information about the processing of the order, such as product type, product number, price, etc.
When choosing the payment methods "purchase on account" or "installment purchase," we reserve the right to process personal data and information about the user's previous payment behavior and probability scores for the user's future payment behavior (so-called scoring) to decide whether the payment method can be offered to the user. Scoring is calculated based on scientifically recognized mathematical-statistical procedures.
4. Contact, CRM, and Ticket System
You can contact us via email, fax, phone, and our contact forms to request a quote or to engage in other correspondence. To process your request, we process names, email addresses, possibly your company's name, position, and mandatory information necessary for creating an offer. The processing of your data in the context of contacting us via email, contact form, or phone is based on our legitimate interest in providing good customer service under Article 6(1)(f) GDPR or Article 6(1)(b) GDPR if the contacts are related to contractual obligations, such as applying for a dispute entry.
Contacting us for abuse and complaint management requires you to log into your account. In addition, the data categories listed under "log files" are processed. If you want to request a dispute entry, we also need your additional contact details (name, first name, address, company name) and a description of your request with reference to the relevant domain.
We delete your contact requests immediately after processing unless legal retention periods require further storage. After answering your request, we promptly archive your request. Access is possible only to a very limited extent. Purely informative inquiries, i.e., those that do not lead to a contract or do not contain other content subject to retention, are deleted at the end of the year in which the inquiry was made. See "Retention Periods" for more information.
When using our contact form and our website, we also process data about your interactions to process your request and provide you with tailored information. These data may be stored in a Customer Relationship Management system ("CRM System") if a business relationship exists or a business relationship can be expected based on prior communication. We use the CRM system "Zoho" provided by Zoho Corporation Pvt. Ltd., Estancia IT Park, Chennai 600044, India. Zoho offers tracking features to analyze user behavior on our website, personalize interactions, and provide targeted content or offers. This identification is carried out only after your explicit consent under Article 6(1)(a) GDPR. You can withdraw this consent at any time.
We also use Zoho for our ticket management system to process customer inquiries efficiently. Your contact details, inquiries, and all communication are systematically recorded and stored to ensure seamless processing and follow-up. We have concluded a data processing agreement with Zoho, in which Zoho commits to processing user data only in accordance with our instructions. The legal basis for this is Article 6(1)(f) GDPR based on our legitimate economic interest in systematically managing customer and prospect contact data. For personal data in the CRM system, a review is conducted at the end of the respective calendar year after two years to determine whether further storage is necessary. If no necessity or further legal retention obligations exist, the data will be deleted. Where personal data is transferred to Zoho, Zoho guarantees compliance with EU data protection levels through standard contractual clauses. Further information can be found at https://www.zoho.com/privacy.html.
5. Newsletter
With your consent, we use your personal data to send you our newsletters, informing you about news from our company, new services and products, and events tailored to your interests. This includes information about current or future service and product offerings and events and events involving our company or group companies (e.g., trade fairs). To send you the newsletter, we need your email address. The legal basis for processing is your consent under Article 6(1)(a), Article 7 GDPR. We use the personal data you provide during registration solely for sending our newsletter. After registering your email address, you will receive an email from us, in which you must confirm by clicking a link that you wish to receive the newsletter. If confirmation via hyperlink does not occur within 7 days, your data will be locked and deleted after one month. We are also entitled to store your IP addresses, registration, and confirmation times to verify your registration and appropriately clarify any possible misuse of your personal data.
We use the service provider Zoho Corporation Pvt. Ltd., Estancia IT Park, Chennai 600044, India, for the sending and analysis of our newsletters. We have concluded a data processing agreement with Zoho to ensure that your data is processed only according to our instructions. Zoho's data processing is conducted in compliance with the standard contractual clauses to ensure an adequate level of data protection under the EU GDPR. Further information can be found at https://www.zoho.com/privacy.html.
We may analyze our newsletter campaigns. When you open an email, a file (so-called web beacon) contained in the email connects to our newsletter server, operated by Zoho. This allows us to determine whether a newsletter message was opened and which links, if any, were clicked. Additionally, technical information is recorded (e.g., time of retrieval, IP address, browser type, and operating system). This information cannot be directly associated with the respective newsletter recipient but serves for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of the recipients.
Since we base the processing on your consent, this means that you have the right to withdraw your consent at any time or object to the processing of your personal data for newsletter purposes. In such a case, we will promptly remove you from our newsletter distribution list to comply with your request. You can withdraw your consent at any time by sending an email to our data protection officer or by following the instructions at the end of a promotional/newsletter email. If you send us an email, please let us know what your withdrawal relates to so that we can allocate your request.
6. Social Media Integration
Unless otherwise stated, we process your data based on our legitimate interests under Article 6(1)(f) GDPR to improve content and make it more comfortable for you to use. The described purposes align with our legitimate interests. If cookies are used when embedding social media content, this is based on your consent under Article 6(1)(a), Article 7 GDPR.
a. Links to Social Media Profiles
We also link to our presences on various social networks on our website. The integration is done through a linked graphic of the respective network. This prevents a connection to the server of the respective network from automatically occurring when our website is accessed; instead, only when clicking on the corresponding graphic will the user be forwarded to the service of the respective social network.
After the redirection, information will be collected by the respective network, and it cannot be ruled out that the processing of the data collected will take place in the USA.
The collected data includes IP address, date, time, and visited page. However, if you are logged into your user account of the respective network, the network operator may be able to assign the collected information about the specific visit to your personal account. If you interact via a "share" button on the respective network, this information may be stored in your personal account and, if necessary, published. If you wish to prevent the collected information from being immediately assigned to your user account, you must log out before clicking on the graphic or the "share" button.
The following social networks are embedded in our site through linking:
Facebook
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.
Privacy policy: https://www.facebook.com/policy.php
Instagram
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.
Privacy policy: https://www.instagram.com/legal/privacy/
Twitter
Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA
Privacy policy: https://twitter.com/privacy
LinkedIn
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA.
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Xing
New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany
Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
YouTube
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).
Privacy policy: https://policies.google.com/privacy
b. YouTube
We integrate videos from YouTube, a service of Google (service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) on our website.
The integration improves our online presence by introducing our company or explaining our business model through short videos.
If you are logged into YouTube or Google, your data will be directly associated with your account; otherwise, the data will be associated with an advertising ID separate from your account.
We use YouTube in "enhanced privacy mode" to display these videos to you. According to YouTube, this means that data is only transmitted to YouTube's server if you start a video.
If Google Ireland Limited transfers personal data to the US parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, Google guarantees compliance with EU data protection levels through standard contractual clauses.
The legal basis is your consent under Article 6(1)(a) GDPR, which can be granted when you first visit the website. This consent can be revoked at any time in the cookie settings by deleting the cookies of this site in your browser.
YouTube stores cookies on your device permanently. If you do not agree with this, you have the option to prevent the storage of cookies by adjusting your browser settings.
Detailed information on the purpose and scope of data collection and storage duration by Google can be found in the provider's privacy policy at https://policies.google.com/privacy.
C. Statistics and Web Analysis – Use of Cookies
In some cases, we or our partners use cookies or process your data in a way that requires your consent. Cookies are small text files that can be stored on your device when you visit our website. Tracking is possible with various technologies such as pixel technology or logfile analysis. Consent is given via the so-called cookie banner, which must be actively clicked. Our cookie policy explains how you can disable individual functions to which you have agreed. There you will find information about when cookies expire, how to delete cookies, and how to withdraw your consent.
Unless otherwise stated, the processing described in this section is based on your consent under Article 6(1)(a), Article 7 GDPR. Further information on how to withdraw your consent can be found in our cookie policy, which is linked in the footer of our website.
1. Web Analysis, Statistics Tools
To determine which content on our website is most interesting to you, we continuously measure the number of visitors and the most viewed content. For this purpose, we process your data:
- to record the number of visitors to our websites,
- to record the respective visit times of our website visitors, and
- to record the visit sequence of various websites and product pages to optimize our website.
a. Zoho
We use the Zoho Analytics service provided by Zoho Corporation Pvt. Ltd., Estancia IT Park, Chennai 600044, India, on this website to analyze the use of our web offering and for tracking/marketing purposes to provide you with the advertising that really interests you. For analysis purposes and as part of optimizing our marketing activities, the following data may be collected and processed via Zoho:
- Geographical location
- Browser type
- Navigation information
- Referral URL
- Performance data
- Login information for the Zoho service
- Files displayed on-site
- Domain names
- Viewed pages
- Aggregate usage
- Version of the operating system
- Internet service provider
- IP address
- Device identifier
- Duration of visit
- Operating system
- Access times
- Clickstream data
- Device model and version
For the purpose of web analysis, so-called "web beacons" are used, and "cookies" are also set, which are stored on your computer and allow us to analyze your use of the website. Further information about the use of cookies by Hubspot can be found at https://knowledge.hubspot.com/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser.
The legal basis for processing is your consent, which can be withdrawn at any time with effect for the future, under Article 6(1)(a), Article 7 GDPR, which you have given via the cookie settings. You can withdraw your consent at any time with effect for the future through the cookie settings.
b. Matomo/Piwik
We use the open-source software tool Matomo (formerly PIWIK) on our website to analyze the surfing behavior of our users. This serves the analysis of visitor flows on our website. This allows us to recognize which subpages are most frequently used. The evaluation of the collected data enables us to compile information about the use of our website. This helps us to continuously improve our website and its user-friendliness.
For this purpose, pseudonymous user profiles are created, which can be assigned to the browser you use by means of a cookie stored on your computer. When individual pages of our website are accessed, the following data is stored:
- The visited website
- The website from which the user accessed the visited website (referrer)
- The subpages accessed from the visited website
- The length of time spent on the website
- The frequency of visits to the website
The software runs exclusively on the servers of our website. The personal data of users is only stored there. There is no transfer of data to third parties. When using Matomo, we deliberately refrain from processing your full IP address.
The legal basis for processing user data is your revocable consent under Article 6(1)(a), Article 7(3) GDPR. To withdraw your consent, please use the settings banner at the end of this privacy policy. In this way, a cookie will be set on your system, signaling our system not to store the user's data.
The data will be deleted after 60 days. Further information can be found at https://matomo.org/privacy/
2. Advertising Based on Tracking and Retargeting
We want to show you only the advertising that really interests you - even on the websites of our advertising partners. Therefore, we use tracking and retargeting technologies for advertising tailored to your interests on our website. In general, cookies are used for this purpose, but other technologies, such as "fingerprinting," may also be used. The cookies temporarily stored for this purpose enable our retargeting partners to recognize visitors to our website under a pseudonym and to show you only products that you are likely to be interested in. Fingerprinting involves recognizing your device based on your computer hardware, software, add-ons, and browser settings.
Unless otherwise stated, the processing described in this section is based on your consent under Article 6(1)(a), Article 7 GDPR. You can find out how to withdraw your consent in our cookie privacy settings. There you will also find out the functional duration of the individual cookies and how they can be deleted.
We use the collected data for statistical and advertising purposes and, in detail:
- for targeted advertising, also via advertising networks in cooperation with partners,
- for the success measurement and billing of advertising measures between advertising partners and us,
- to track which advertising you have already seen to prevent you from seeing the same advertisement again, and
- to assess which parts of our website need to be optimized.
Unless otherwise stated, we use the following services as processors and contractually require them to process data only on our behalf.
LinkedIn Insights Tag
We use the LinkedIn Insights Tag, a service of the LinkedIn Corporation, as a tool to analyze your behavior on our website and to offer you interest-based and behavior-oriented marketing. This includes conversion tracking to increase the effectiveness of our marketing activities. This is a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, https://www.linkedin.com. Further information can be found at https://www.linkedin.com/legal/privacy-policy.
The Insight Tag will collect and transfer the following information about you to LinkedIn: URL; referrer URL, IP address, device and browser data, and a timestamp. In exceptional cases, profile data may be processed along with the above data categories. This is the case if you are a member of LinkedIn. In this context, we would like to point out the setting options within your LinkedIn profile.
LinkedIn will provide us with an analysis of the use of our website in an aggregated form, allowing us to improve our website and its content for our users. Additionally, this data will be used for targeted measures for ads on the LinkedIn platform.
We are jointly responsible with LinkedIn Corp. for the collection and transfer of data to LinkedIn; however, any processing of data after the transfer is solely the responsibility of LinkedIn.
The Insight Tag collects and transfers data only after your explicit consent in the cookie banner displayed when you access our website.
LinkedIn will encrypt your data, truncate IP addresses, and remove direct identifiers within seven days to pseudonymize the data. The remaining pseudonymized data will then be deleted within 90 days.
The legal basis for this process is your consent, Article 6(1)(a), Article 7 GDPR. Further information can be found at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
D. Processing of Personal Data in Domain Name Registration
1. Data Collected and Purposes of Processing
In the context of domain name registration, we collect the following personal data:
- Name
- Address
- Email address
- Phone number
- IP address
Depending on the requirements of the respective registries and the NIS2 Directive, additional personal data may be required. This may include, in individual cases, information such as your ID number, date of birth, or other identification data. These additional data are used to ensure the security of domain registrations, comply with legal obligations, and detect potential misuse cases.
Some of this data may be publicly accessible in the context of WHOIS queries unless specific data protection regulations prevent this.
2. Legal Basis for Processing
The processing of the above-mentioned personal data is based on the following legal grounds:
- Article 6(1)(b) GDPR: Contract performance – The processing is necessary to fulfill the contract for domain registration and management.
- Article 6(1)(c) GDPR: Legal obligation – The processing is necessary to comply with legal obligations, such as the requirements of registries and the NIS2 Directive.
- Article 6(1)(f) GDPR: Legitimate interest – In certain cases, processing may be necessary to detect misuse cases or ensure the security of our IT systems.
3. Data Sharing
Your personal data will be shared with the relevant registries to carry out the domain registration. Additionally, data may be shared with authorities or other authorized entities in compliance with the NIS2 Directive, particularly in the event of security-related incidents. Furthermore, data may be shared with service providers who assist us in operating and managing the domain, such as registrars and hosting providers.
4. Data Transfer to Third Countries
In cases where the registry is located outside the EU/EEA, a transfer of personal data to third countries may occur. These transfers are based on appropriate safeguards, such as standard contractual clauses, to ensure the protection of your data.
5. Storage Duration
The personal data will be stored for the duration of the contractual relationship. After the end of the contractual relationship, the data will be deleted unless legal retention obligations exist or the data is still necessary to protect legitimate interests. Additional retention periods may apply in the context of the NIS2 Directive, particularly in connection with the traceability of security-related incidents.
6. Security Measures
To comply with the NIS2 Directive, we have implemented extensive technical and organizational measures to ensure the security of your personal data. This includes encryption technologies, regular security audits, and measures for rapid response to security incidents.