Privacy Policy

§ 1 Information on the processing of personal data

Data protection is not only a legal obligation for us, but also a matter of principle. With the following information, we would like to inform you in accordance with the legal provisions about what happens to your personal data during your visit to our website. Personal data is all information that can be assigned to you as an identified or identifiable person. This privacy policy applies to the websites and services through which it is made available. Different privacy policies may apply to our other websites and services.

Data protection officer in accordance with Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is the responsible authority within the meaning of data protection law is

Comosoft GmbH
Hindenburgstraße 49
22297 Hamburg

Tel. +49 40 853318-0
Fax. +49 40 853318-99

You can contact our company data protection officer at the above address with the letter suffix “The Data Protection Officer” or by email at:

datenschutz@comosoft.de

You can find further contact options for us in our provider identification (“Imprint”).

§ 2 Your rights

(1) You have the following rights vis-à-vis us, in each case to the extent and under the conditions provided for by law, with regard to the personal data concerning you:

  • Right of access,
  • Right to rectification or erasure,
  • Right to restriction of processing,
  • right to data portability.

(2) You also have the right to complain to a data protection supervisory authority about violations of data protection regulations.

(3) If you have given your consent to the processing of your data, you can withdraw this at any time. Such a revocation affects the permissibility of the processing of your personal data after you have given it to us.

If we base the processing of your personal data on a balancing of interests, you can object to the processing. This is particularly the case if the processing is not necessary for the performance of a contract with you, which we describe in each case in the following description of functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data in the way we do. In the event of a justified objection, we will examine the facts of the case and either discontinue or adapt the data processing or explain to you our compelling legitimate grounds for continuing the processing. Of course, you can object to the processing of your personal data for the purposes of advertising and data analysis at any time. You can inform us of your objection to advertising using the contact details above.

§ 3 Collection of personal data when visiting our website

(1) When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):

  •  IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • amount of data transferred in each case
  • Website from which the request originates
  • browser
  • Operating system and its interface
  • Language and version of the browser software.

(2) Use of cookies:
Our websites use cookies and similar technologies. Cookies are small text files that are stored by the Internet browser on the user’s end device. A cookie usually contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
Cookies are used to make the website more user-friendly, to optimize the functions and services of the website and to provide you with content tailored to your needs.

The use of technically necessary cookies serves to enable and facilitate the use of the website and the functions offered. Some functions of this website cannot be offered without the use of cookies.
The user data collected by technically necessary cookies is not used to create user profiles.
In addition, with your separate consent, cookies can be used to provide external media, such as films and maps, as well as to analyze the use of the website and other functions.
You can deactivate or restrict the use of cookies by changing the settings of your Internet browser. Cookies that have already been set can be deleted at any time. This can also be done automatically. If cookies are deactivated for the website, it may no longer be possible to use all functions of the website to their full extent.
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR, whereby the legitimate interest of the controller is the secure, stable and efficient provision of the functions of the website and the information that can be accessed via it. Insofar as we fulfill a contractual obligation towards you with the respective function, the legal basis is Art. 6 para. 1 lit. b GDPR. The legal basis for the processing of personal data using cookies for analysis purposes and for other non-technically necessary processing purposes is Art. 6 para. 1 lit. a GDPR in conjunction with § 25 TDDDG if the user has given his or her consent.

§ 4 Communication
If you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name and telephone number if applicable, and the content of your message) will be stored by us and used for the purpose of processing your request, for further communication with you or in your matters, for processing the contracts concluded with you, for asserting and enforcing our claims and for maintaining and developing the business relationship with you or the company for which you work, and for the other business purposes listed below. We delete the data arising in this context as soon as storage is no longer required, or restrict processing if there are statutory retention obligations. The legal basis for the processing of your data in the context of communication with you is Art. 6 para. 1 lit. a GDPR if you have given your consent.

If the communication serves the fulfillment of a contract with you or the implementation of pre-contractual measures, the legal basis for the processing of your data is Art. 6 para. 1 lit. b GDPR, in all other cases our legitimate interest in an efficient, customer-friendly and targeted processing of your request, in documentation and evidence, the improvement of our customer service or the clarification and elimination of technical problems in connection with Art. 6 para. 1 lit. f GDPR and, in addition, any legal obligation incumbent on us which requires the storage and processing of your data in conjunction with Art. 6 para. 1 lit. c GDPR.

Customer area / Helpdesk (Art. 6 para. 1 lit. a, b EU GDPR)
On our website, we offer customers the opportunity to register for our customer area and our helpdesk by providing personal data. The principle of data minimization and data avoidance is observed here, as only the personal data required for registration, i.e. your email address in the case of our customer area and your name, email address and company in the case of our helpdesk, is collected.
If you do not provide us with the required mandatory information, you will unfortunately not be able to register in our customer area. An alternative contact option for the helpdesk is our support telephone number +49 40 85331840.
Once you have completed the registration process, your data will be stored with us for use in the protected areas. The passwords you enter are encrypted and cannot be accessed by us. If you have forgotten your password, please use the “Forgot password” function.

Advertising purposes for existing customers (Art. 6 para. 1 lit. f EU GDPR)
Comosoft GmbH is interested in maintaining the customer relationship with you and sending you information and offers about our products / services (newsletter, product data sheets). We therefore process your data in order to send you relevant information and offers by e-mail.
If you do not wish this, you can object to the use of your personal data for the purpose of direct advertising at any time; this also applies to profiling insofar as it is associated with direct advertising. If you object, we will no longer process your data for this purpose.
The objection can be made free of charge and without giving reasons and should preferably be sent by email to datenschutz@comosoft.de. Alternatively, you can contact us by telephone on +49 40 8533180.

§ 5 Web tracking and tools

1. Google Analytics
This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), to help the website analyze how users use the site.
By default, Google Analytics sets 4 cookies when you visit the website, which are stored as small text files on your computer and which collect certain information. This information also includes your IP address, which, however, is shortened by Google by the last digits in order to exclude a direct personal reference.

The information is transferred to Google servers and processed there. It may also be transferred to Google LLC, based in the USA, as a technical service provider.
Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity for us and to provide us with other services relating to website activity and internet usage. The abbreviated IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. The data collected as part of the use of Google Analytics 4 is stored for a period of two months and then deleted.
All of the aforementioned processing, in particular the setting of cookies on the end device used, only takes place if you have given us your express consent to do so in accordance with Art. 6 Para. 1 lit. a GDPR in conjunction with. § 25 TDDSG have given. Google Analytics 4 will not be used during your visit to our website without your consent. You can withdraw your consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service via the cookie manager provided on the website.

We have concluded an order processing agreement with Google that ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties. For data transfers to the USA, the provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission. Further information is available at the following link: https://www.dataprivacyframework.gov/list
Further legal information on Google Analytics 4 can be found at https://business.safety.google/intl/de/privacy/, https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com/technologies/partner-sites.

Demographic characteristics
Google Analytics 4 uses the special function “demographic characteristics” and can thus create statistics that make statements about the age, gender and interests of site visitors. This is done by analyzing advertising and information from third-party providers. This allows target groups to be identified for marketing activities. However, the data collected cannot be assigned to a specific person and is deleted after a storage period of two months.

Google Signals
As an extension to Google Analytics 4, Google Signals can be used on this website to create cross-device reports. If you have activated personalized ads and linked your devices to your Google account, Google may, subject to your consent to the use of Google Analytics in accordance with Art. 6 para. 1 lit. a GDPR, analyze your usage behavior across devices and create data patterns, including cross-device conversions. We do not receive any personal data from Google, only statistics. If you wish to stop the cross-device analysis, you can deactivate the “Personalized advertising” function in the settings of your Google account. To do this, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=de You can find more information about Google Signals at the following link: https://support.google.com/analytics/answer/7532985?hl=de

User IDs
As an extension to Google Analytics 4, the “UserIDs” function can be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Art. 6 para. 1 lit. a GDPR, have set up an account on this website and log in with this account on different devices, your activities, including conversions, can be analyzed across devices.

Google Tag Manager
This website uses Google’s Tag Manager. This service enables us to manage website tags via an interface. This Google tool only sets tags. This means that no cookies are used and no personal data is regularly collected. However, other tags may be triggered, which in turn may collect data. The Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags if they are implemented with Google Tag Manager.

2. YouTube
This website contains videos from YouTube. The operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to the website before they watch the video. However, the extended data protection mode does not necessarily exclude the transfer of data to YouTube partners. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video or not.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
In addition, YouTube can store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to compile video statistics, improve user-friendliness and prevent attempted fraud.

If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no influence. The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Further information on data protection at YouTube can be found in YouTube’s privacy policy: https://policies.google.com/privacy?hl=de.
When using YouTube, personal data may be transferred to the United States of America. We would like to point out that the level of protection for personal data in the United States of America may be lower than in the European Union. When using YouTube, the protection of personal data transferred to the United States of America is guaranteed in accordance with the European Standard Contractual Clauses: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc
Google is also certified in accordance with the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA which is intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information is available at the following link: https://www.dataprivacyframework.gov/list

§6 Social networks

LinkedIn
We maintain an online presence on LinkedIn to present our company and our services and to communicate with customers/prospects. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

If you visit or follow our LinkedIn company profile, LinkedIn processes personal data that gives us an insight into the number of visitors via anonymous statistics. These statistics enable us to evaluate the interactions of visitors in anonymized form (so-called Page Insights). To compile these statistics, LinkedIn uses data that you as a user have provided in your LinkedIn profile, e.g. data on your function, country, industry, seniority, company size and employee status. When viewing visitor statistics, LinkedIn does not provide us with any personal data, but only aggregated and therefore anonymous data. We cannot draw any conclusions about individual members from this data.

In this respect, we would like to point out that there is a possibility that user data may be processed outside the European Union, in particular in the USA. The basis for third country transfers is the Data Privacy Framework (DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en).
You can find LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy
The legal basis for processing is our legitimate interest in increasing the reach of our awareness and content, the development and maintenance of our contact network and the recruitment of specialists in connection with Art. 6 para. 1 lit. f) GDPR or, if you have given your consent, Art. 6 para. 1 lit. a) GDPR.

Facebook
This section applies to our processing of personal data via our Facebook presence: Meta Platforms Ireland Limited Facebook Ireland Limited (“Facebook”) is generally responsible for the collection and further processing of personal user data on Facebook websites. Please note that Facebook collects and processes certain information about your visit to our Facebook page even if you do not have a Facebook user account or are not logged in to Facebook. For information on the processing of personal data by Facebook, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

As the operator of this Facebook page, we can only view your public profile on Facebook. Which information is visible here depends on your settings in your profile. In addition, we process your personal data (such as your name and the content of your messages, inquiries or other communications to us) if you contact us via our Facebook page or if you publish content via our Facebook presence, e.g. in the form of a comment. We then process this data for the purpose of processing your posts accordingly and, if necessary, responding to them. These purposes also constitute our legitimate interests within the meaning of the legal basis of Art. 6 para. 1 f) of the European General Data Protection Regulation (GDPR). We store your personal data on our systems, i.e. outside of Facebook, if and for as long as it is required for the purposes for which it was collected or if there are statutory retention obligations.

Instagram
This privacy policy applies to our Instagram presence:
Instagram is part of the Facebook group of companies and shares infrastructure, systems and technology with Facebook and other Facebook companies https://www.facebook.com/help/111814505650678?ref=dp).
We expressly point out that Facebook stores the data of users of its services (e.g. personal information, IP address, etc.) and may also use this data for business purposes. You can find more information on Facebook’s data processing at Instagram in Instagram’s privacy policy at https://help.instagram.com/155833707900388?cms_id=155833707900388.
We have no influence on data collection and further processing by Facebook/Instagram. Furthermore, it is not clear to us to what extent, where and for how long the data is stored, to what extent Facebook/Instagram complies with existing deletion obligations, which evaluations and links are made with the data and to whom the data is passed on. Insofar as personal data is processed in connection with our Instagram page and Facebook alone decides on the purposes and means of processing, the following applies
Meta Platforms Ireland Limited Facebook Ireland Limited (also: “Facebook/Instagram”), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is the sole controller of the processing.

You can contact the company data protection officer for Instagram at the following address: https://www.facebook.com/help/contact/540977946302970 using the contact form provided. The Instagram Privacy Policy (http://instagram.com/legal/privacy/) specifies the categories of personal data that are processed when using Facebook products (https://www.facebook.com/help/1561485474074139?ref=dp), describes in general terms the purposes for which this data is used and specifies the categories of recipients to whom this data may be disclosed. In the Data Policy, you will also find information about the legal basis for the processing of this data and information about how you can withdraw your consent to the processing of personal data. Further information on the respective legal basis can be found at https://www.facebook.com/about/privacy/legal_bases.

In the Data Policy, you will also find information on how you can exercise your rights of access, rectification, portability and erasure vis-à-vis Facebook. Under this point you will also find information about your right to object to certain processing of personal data. You can find more information about your control options here: https://www.facebook.com/help/2069235856423257. In the Data Policy you will also find information about the duration for which personal data is stored and information about the criteria for determining this duration and the possibility of blocking or deleting Instagram accounts. The data policy refers to the intention of Facebook/Instagram to transfer data to third countries if necessary. Please note that if personal data is processed in the United States of America, the level of protection for your data may be lower than if it is processed within the EU.

If you visit our Instagram page and your browser allows cookies to be stored, Facebook/Instagram stores information in the form of small text files in your browser’s memory (hereinafter referred to as “cookies”) and can access this information when you visit the Instagram platform or a website that integrates Instagram technologies. You can find more information on the purpose of the cookies used, the integration of these cookies by other websites and your control options in this regard here: https://help.instagram.com/1896641480634370?ref=ig.
Cookies enable Instagram/Facebook to track your user behavior (for registered users across devices) on other websites beyond the Instagram platform and also to create profiles of your behavior. This applies both to persons registered with the Instagram platform and to persons not registered there. If you want to prevent your behavior from being tracked in this way, you should log out of Facebook or Instagram or deactivate the “stay logged in” function, delete the cookies on your device and close and restart your browser.

In addition to the content you submit, information about your profile, your likes and your posts will be visible to us depending on your privacy settings. You can find out how to change your privacy settings here: https://de-de.facebook.com/help/instagram/116024195217477.
The processing of your personal data when contacting or interacting with us via our Instagram presence is carried out by us on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest within the meaning of the legal basis is to respond to your request and to communicate with you appropriately and for the intended purpose. If your contact is aimed at the conclusion of a contract (for example in the context of participation in competitions), the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

Xing
We have a profile on XING. The provider is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. Details on how they handle your personal data can be found in XING’s privacy policy:
https://privacy.xing.com/de/datenschutzerklaerung.
We collect the data that you transmit to us via XING, e.g. by contacting us, as well as the information in accordance with XING’s terms of use to the extent permitted in each case, in order to communicate with you, initiate or execute contractual relationships, establish employment relationships or provide you with information about our company, our products or job offers. The aforementioned purposes also constitute our legitimate interests within the meaning of the legal basis of Art. 6 para. 1 lit. f GDPR. Insofar as we process the data transmitted via Xing for the establishment, execution or termination of a contractual relationship, the legal basis is Art. 6 para. 1 b) GDPR, if you have given your consent, Art. 6 para. 1 lit. a) GDPR.

§ 7 Linked content / sharing functions
Our website contains links to third-party websites. The respective data protection declarations and data protection notices of the respective operators of the linked websites apply. We would like to point out that we are not responsible for data processing practices on third-party platforms outside our own sphere of influence.

§ 8 Data protection for applications and in the application process
We process personal data of applicants for the purpose of carrying out the application process.
If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be automatically deleted four months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests of the controller. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG). The legal basis for the processing of applicants’ personal data is Art. 6 Para. 1 lit. b, 88 GDPR in conjunction with Art. 26 BDSG. § Section 26 BDSG and, insofar as the processing is carried out to fulfill legal obligations, Art. 6 para. 1 lit. c GDPR and, insofar as the processing is based on the consent of the data subject, Art. 6 para. 1 lit. a GDPR i.V.m. § SECTION 26 BDSG. On our careers page (https://www.comosoft.eu/de/karriere/), applicants have the opportunity to communicate with us in encrypted form via the address career@comosoft.com set up for this purpose.
Only we are able to decrypt this data. It is also possible to use alternative communication channels (e.g. by post).

§ 9 Email messages and newsletter
On our website, we offer you the opportunity to subscribe to our newsletter via a registration form. To receive the newsletter, we need your e-mail address. The data you provide for this purpose will be processed exclusively for sending our newsletter.
We use the double opt-in procedure to subscribe to our newsletter. This means that after using the registration form, you must expressly consent to receiving the newsletter. For this purpose, you will receive an e-mail with a separate activation link after registration. This confirmation is necessary to prevent misuse. If the activation link is not confirmed within 30 days, all data and information previously collected for the newsletter will be deleted.
The newsletter is sent and your data is processed for this purpose on the basis of your voluntary consent. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. We store the data collected for the newsletter for the duration of your registration.
You can unsubscribe from the newsletter free of charge at any time with effect for the future and revoke your consent. A revocation leads to the deletion of the data collected by us for the newsletter dispatch, as far as they are not needed for other purposes.

Use of the e-mail address for sending direct advertising

We may use your e-mail address, which we have received as part of the sale of a product or service, to send you electronic advertising for our own product offers that are similar to those that you have already purchased from us, unless you have objected to this use.
The legal basis for the use of your e-mail address for advertising for our own similar products is Section 7 (3) UWG in conjunction with Art. 6 (1) lit. f GDPR from the legitimate interest in direct advertising. You can object to the use of your e-mail address at any time by sending a message to our contact details above or by using the unsubscribe function provided in every advertising e-mail from us. This will not incur any costs other than the transmission costs according to the basic tariffs of the respective means of communication you use.

§ 10 Recipients
Your data will only be passed on to third parties if and insofar as this is necessary to fulfill our contractual obligations to you (Art. 6 para. 1 sentence 1 lit. b GDPR), e.g. passing on your address as a delivery address to a logistics partner or to a shipping company for the delivery of postal/parcel shipments.
In some cases, we use external service providers (processors) to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are appropriately monitored.
If our service providers or partners are based in a country outside the European Economic Area (EEA), we draw attention to the consequences of this circumstance in the description in this privacy policy.

§ 11 Deletion
Unless otherwise stated in the respective individual information, the controller processes personal data in accordance with the statutory provisions for the purposes described here and only for as long as personal identification of the data subject is required for the respective purpose. The data will then be erased or neutralized/anonymized in accordance with data protection regulations.