For CSP GmbH & Co. KG, CSP IT-Business GmbH and its subsidiaries (hereinafter referred to as “CSP”), the protection of your personal data is very important. In compliance with the applicable data protection regulations, we process personal data that is collected when you visit our website. We do not publish your data, nor do we pass it on to third parties without authorization. In the following, you will learn which data we collect during your visit to our website and how it is used:
1. Contact information
Responsible party in the sense of data protection law
CSP GmbH & Co. KG
Phone +49 (0) 9953 3006 – 0
Contact details of the data protection officer
WS Data Protection GmbH
Kemal Webersohn, LL.M.
Data Protection Officer
3. Data collection and data processing
When visiting our website, our web servers temporarily store all accesses in a log file. The following data is collected and stored until automated deletion: IP address of the requesting computer, name and URL of the retrieved data, website from which the access is made, date and time of access, amount of data transferred, message whether the retrieval was successful, name of your Internet access provider and identification data of the browser and operating system used.
This data is processed for the purpose of establishing the connection (to enable use of the website), technical administration of the network infrastructure, system security and stability, and optimization of the Internet offering. Only in the case of attacks on the network infrastructure of the CSP, the IP address is evaluated. The legal basis for the temporary storage of the data or the log files is Art. 6 para. 1 lit. f DSGVO.
Beyond that, personal data is not processed unless you expressly consent to further processing. According to the explanations on web analysis, pseudonymous usage profiles can be created (see below).
4. Contact form and contact via e-mail
If you send us inquiries via contact form or e-mail, your data from the inquiry form or your e-mail, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. Under no circumstances will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f DSGVO and, if applicable, Art. 6 (1) lit. b DSGVO, if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, unless there are legal obligations to retain data. Please note the data protection information for applicants when applying.
5. Newsletter and Newsletter Tracking
If you would like to receive the newsletter offered on the website with regular information about our offers and products, we require your e-mail address as mandatory information. For sending the newsletter, we use the so-called double opt-in procedure. This means that we will only send you our newsletter by e-mail if you have expressly confirmed that you consent to the sending of newsletters. In the first step, you will receive an e-mail with a link that you can use to confirm that you, as the owner of the corresponding e-mail address, want to receive newsletters in the future. With the confirmation, you give us your consent in accordance with Art. 6 para. 1 lit. a DSGVO that we may use your personal data for the purpose of the desired newsletter dispatch (via our mailing tool CleverReach).
When registering for the newsletter, we store, in addition to the e-mail address required for sending, the IP address through which you registered for the newsletter, as well as the date and time of registration and confirmation, in order to be able to track possible misuse at a later date.
You can unsubscribe from the newsletter at any time via the link included in each newsletter or by sending an e-mail to the responsible person named above. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to the continued use of the data collected or the continued processing is otherwise permitted by law.
Our e-mail newsletters are sent via the technical service provider CleverReach GmbH & Co. KG, Mühlenstr. 43, D-26180 Rastede (“CleverReach”), to whom we pass on your data provided during newsletter registration. This transfer takes place in accordance with Art. 6 Para. 1 lit. f DSGVO and serves our legitimate interest in using an effective advertising, secure and user-friendly newsletter system. The data you enter for the purpose of receiving newsletters (e.g. email address) is stored on CleverReach’s servers in Germany or Ireland.
CleverReach uses this information to send and statistically evaluate the newsletters on our behalf. For the evaluation, the sent emails contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. With the help of so-called conversion tracking, it can also be analyzed whether a predefined action (e.g. carrying out a download on our website) has taken place after clicking on the link in the newsletter. In addition, technical information is collected (e.g. time of download, IP address, browser type and operating system). The data is collected exclusively pseudonymously and is not linked to your other personal data, a direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
6. Use and disclosure of personal data
Any use of your personal data will only be for the stated purposes and only to the extent necessary. Your data will not be passed on to third parties. Personal data will only be transferred to state institutions and authorities within the framework of mandatory national legal provisions or if the transfer is necessary for legal or criminal prosecution in the event of attacks on our network infrastructure. There is no transfer for any other purpose.
Cookies are used on our website to store technical session control data in your browser’s memory. Depending on the configuration of your browser, your data will be deleted after you close your browser. If, in exceptional cases, we would also like to store personal data in a cookie (for example, a user ID), we will inform you of this separately.
If personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 (1) lit. b DSGVO either for the execution of the contract or in accordance with Art. 6 (1) lit. f DSGVO to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.
Of course, it is also possible to view our website without cookies. However, most browsers accept cookies automatically. You can prevent cookies from being stored by specifying this in your browser settings. The cookie settings can be managed under the following links for the respective browsers:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
If you do not accept cookies, this may lead to functional limitations of our website.
8.1 Description and scope of data processing
- Your anonymized IP address
- Browser type agent
- URL of the consent web page
- date and time of consent
- unique encrypted key.
This is stored, logged and documented at the Cybot Cloud vendor's data center, Microsoft Ireland Operations Ltd. in Dublin, Ireland. Data processing is performed by: Cybot, Havnegade 39, 1058 Copenhagen, Denmark.
For more information about data processing, please visit: https://www.cookiebot.com/de/privacy-policy/
8.2 Legal Basis of data processing
The data processing is based on Art. 6 para. 1 p.1 lit. c) GDPR.
8.3 Purpose of data processing
The purpose coincides with our legitimate interest in data processing and ensuring the full function of our Internet offer in a legally secure manner.
8.4 Duration of storage
The data will only be stored as long as it is necessary for the verification, unless legal regulations require a longer storage of the data. On the part of Cookiebot, your consent will be deleted after 12 months.
8.5 Right to object and erasure
You can revoke the consents given via Cookiebot by deleting the corresponding cookie named "CookieConsent" or "CookieConsentBulkTicket".
9. Web analysis and advertising tracking
CSP does not create personal user profiles. § However, Section 15 (3) of the German Telemedia Act (TMG) allows the use of user profiles under a pseudonym for the purposes of market research, advertising and individual design of offers, unless the user objects to this.
Google Web Fonts
This site uses so-called web fonts provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) for the uniform display of fonts. Google Web Fonts enables us to use external fonts, so-called Google Fonts. When you access our website, the required Google Font is loaded into your browser cache by your web browser in order to display texts and fonts correctly. This is necessary so that your browser can also display a visually improved representation of our texts. If your browser does not support this function, a standard font will be used by your computer for display. The integration of these web fonts is done by a server call, usually a Google server in the USA. This transmits to the server which page of our website you have visited. Also, the IP address of the browser of the end device of the visitor is stored by Google.
We use Google Web Fonts for optimization purposes, in particular to improve the use of our website for you and to make its design more user-friendly. This is also our legitimate interest according to Art. 6 para. 1 lit. f DSGVO. Google has submitted to the Privacy Shield agreement concluded between the European Union and the USA and has certified itself. Google thereby undertakes to comply with the standards and regulations of European data protection law. You can find more detailed information in the entry linked below: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
Further information on Google Web Fonts can be found at https://fonts.google.com/, https://developers.google.com/fonts/faq?hl=de-DE&csw=1 and https://fonts.google.com/about.
We use Google Analytics, a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data obtained from this is used to optimize our website and advertising measures. Google processes the website usage data on our behalf and is contractually obligated to take measures to ensure the confidentiality of the processed data. During your visit to our website, the following data is recorded, among others: Pages viewed, your behavior on the pages, your approximate location, your IP address, technical information such as browser, Internet provider, terminal equipment and screen resolution, source of origin of your visit. This data is transferred to a Google server in the USA. Google Analytics stores cookies in your web browser for a period of two years since your last visit. In order to recognize you on future website visits, these cookies contain a randomly generated user ID. The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely. If you do not agree with the collection, you can prevent this by installing https://tools.google.com/dlpage/gaoptout?hl=de once.
CSP is active on the following additional social media platforms:
Facebook (privacy: https://www.facebook.com/privacy/explanation)
Instagram (privacy: https://www.facebook.com/help/instagram/155833707900388)
Xing (privacy: https://www.xing.com/privacy)
LinkedIn (Privacy: https://www.linkedin.com/legal/privacy-policy?trk=organization-guest_footer-privacy-policy)
CSP uses organizational and technical measures to secure and protect your personal data managed by us against accidental or intentional destruction, manipulation, loss or access by unauthorized third parties. In this respect, TÜV Süd regularly certifies us according to ISO/IEC 27001. We continuously improve our security measures in line with technological developments.
11. Duration of the storage of personal data
The duration of the storage of personal data is measured by the relevant statutory retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. If data is required for the fulfillment or initiation of a contract or if we have a legitimate interest in continuing to store it, the data will be deleted when it is no longer required for these purposes or when you exercise your right of revocation or objection.
12. Links to websites of other providers
13. Your rights
In the following, you will find information on which data subject rights the applicable data protection law grants you vis-à-vis the controller with regard to the processing of your personal data:
The right to request information about your personal data processed by us pursuant to Article 15 of the GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.
The right to request the correction of inaccurate or incomplete personal data stored by us without undue delay in accordance with Art. 16 DSGVO.
The right to request the erasure of your personal data stored by us in accordance with Article 17 of the GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.
The right to request the restriction of the processing of your personal data in accordance with Art. 18 DSGVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO.
The right, pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller.
The right to complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if applicable, that of your usual place of residence or workplace for this purpose.
Right to revoke consent given in accordance with Art. 7 (3) DSGVO: You have the right to revoke consent to the processing of data once given at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned, unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Right of objection
Insofar as your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, insofar as this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement to specify a particular situation. If you would like information about your personal data, its correction or deletion, or have further questions about its use, please contact us at firstname.lastname@example.org.
14. Up-to-dateness, validity and inclusion of the data protection declaration