1. Principles
Data protection and data security for our contractual partners as well as for consumers have always been a high priority for our company. Therefore, the protection of your personal data during our entire business processes is also very important to us and a special concern. Respecting this personal right is a matter of course for us. In general, it is not necessary for you to provide personal data in order to use our website. However, in order for us to be able to provide our services, we may need your personal data. In doing so, we collect, process and use personal data insofar as this is legally permissible and necessary for processing or you have consented.
2. Name and contact details of the controller and the company data protection officer
As the data controller, we, ClariLab GmbH & Co. KG, Platz der Einheit 2, 20327 Frankfurt am Main, take all legally required measures to protect your personal data. Our company data protection officer can be reached at the above address, at the attention of the Data Protection Department or by e-mail at datenschutz@clarilab.de.
3. purposes of data processing, legal basis and legitimate interests pursued by ClariLab GmbH & Co. KG, as well as categories of personal data and categories of recipients.
3.1 Calling up our website
When you access our website, the browser used on your terminal device automatically sends information to the server of our website and temporarily stores it in a so-called log file. We have no influence on this. The following information is collected without your intervention and stored until automatic deletion:
the IP address of the requesting Internet-capable device
the date and time of access
the name and URL of the file accessed
the website/application from which the access was made (referrer URL)
the browser you use and, if applicable, the operating system of your Internet-capable computer as well as the name of your access provider.
The IP address of your terminal device and the other data listed above are used by us for the following purposes:
Ensuring a smooth connection setup,
Ensuring a comfortable use of our website,
evaluation of system security and stability.
The data is stored for a period of 31 days and then automatically deleted. Furthermore, we use so-called cookies, tracking tools, as well as social media plug-ins for our website. The exact procedures involved and how your data is used for this purpose are explained in more detail in chapter 7.
3.1.1 ClariLab Journal
If you have agreed, we will inform you monthly in our journal about ClariLab, updates on the KYCnow platform, industry events and fraud prevention. To send you the newsletter, we only need your e-mail address. The legal basis for the processing is your consent pursuant to Article 6 (1) (a) DS-GVO. The consent can be revoked at any time.
Zoho
The dispatch of our journal is carried out with the help of the software Zoho, 4141 Hacienda Drive, Pleasanton, CA 94588, USA. The e-mail addresses are stored there for sending and analyzing the newsletters.
Consent to receive
If you would like to receive our journal, we require your consent as part of the registration process. When you register, you will receive an e-mail confirming your registration (opt-in). You can then unsubscribe at any time via a link in the respective journal (opt-out). Once you have given your consent, your personal data will be processed until you revoke it.
We use your personal data exclusively for sending our newsletter. Your data will be stored in an electronic newsletter system for the duration of the subscription. If you revoke your consent, we will immediately remove you from our newsletter distribution list to comply with your request.
Right of withdrawal
You can object to the use of your personal data for advertising purposes at any time, either as a whole or for individual measures. If you object, the contact address concerned will be blocked for further data processing for advertising purposes. We would like to point out that in exceptional cases, advertising material may still be sent temporarily after receipt of your objection. This is technically due to the necessary lead time of advertisements and does not mean that we will not implement your objection. Thank you for your understanding.
3.2 Data processing for online inquiries from data subjects
Personal data is collected, processed and used by us to the extent necessary to process your request.
3.3 Data processing when using the contact forms for interested
Companies’ Personal data is collected, processed and used by us insofar as this is necessary to process your request and to transfer it to our CRM system.
3.4 Data processing of media contacts
Personal data is collected, processed and used by us to the extent necessary to provide the information published by our company or to contact you as requested. We also use your data to inform you about company news by e-mail or telephone, for example to send out press releases. When we contact you, we are guided by the relevance of our message and the thematic focus of your journalistic work.
3.5 Data processing of applicant data (e.g. when using our application form or at career fairs, etc.)
Personal data is collected, processed and used by us insofar as this is necessary to process your application and to contact you as requested.
4. legal basis
ClariLab processes personal data on the basis of the provisions of the General Data Protection Regulation (also with the help of service providers). Processing is carried out on the basis of consents as well as on the basis of Art. 6 (1) (b) as well as (f) DS-GVO, insofar as the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures, or insofar as the processing is necessary for the protection of the legitimate interests of the controller or a third party and the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, are not overridden. Processing operations carried out by ClariLab in the context of a legal obligation concerning it are carried out on the basis of Art. 6 (1) c) DS-GVO. On the basis of Art. 6 para. 1 letter f)DS-GVO, we process your address data and criteria of advertising selection in order to send you such information and offers from us and other companies. If you do not wish this, you can object to the use of your data for advertising purposes with us at any time. Consents can be revoked at any time vis-à-vis ClariLab. This also applies to consents that were already given before the DS-GVO came into force. The revocation of consent does not affect the lawfulness of the personal data processed until the revocation.
5 Categories of personal data
5.1 Within the scope of data processing when using the contact forms for interested companies, registration forms for ClariLab events and contact forms within the scope of marketing campaigns, we process the data required for this purpose. This includes the following categories:
– Personal master data (title, first name, last name, address, function holder status in the company, company master data)
– Communication data
Usage data
Processing data
Marketing data (e.g. consent)
5.2 Within the scope of applicant management, we process the following data:
Personal master data (surname, first name, address)
communication data
other data from the application documents (e.g. enrollment certificates, references, information on marital status, etc.)
5.3 In the context of media contacts, we process the following data:
Personal master data (surname, first name)
Company data (medium, address)
Communication data (e-mail address, telephone, department, position)
6. categories of recipients of personal data
All information that you provide to us by entering it on these web pages is stored on a server located in a country in the European Union (“EU”) and forwarded to the relevant departments within the company to process your inquiries and requests.
Service providers used by us may also receive data from us to fulfill the prescribed purposes.
7. online presence and website optimization
7.1 Cookies – General information
Cookies are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware. In the cookie, information is stored that arises in each case in connection with the specific end device used.
The use of cookies can be consent-free and consent-requiring. Cookies that do not require consent are those that are necessary to make use of our online offer or that serve IT security (necessary cookies). The legal basis for data processing is Article 6(1)(f) DS-GVO. Cookies requiring consent, on the other hand, serve on the one hand to make the use of our offer more pleasant for you (preference cookies). For example, we use cookies to recognize that you have already visited individual pages of our website or that you have already logged into your customer account. In addition, we also use temporary cookies for the purpose of user-friendliness, which are stored on your terminal device for a certain specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you, as well as to display information tailored specifically to you (marketing and statistics cookies). The legal basis of data processing for cookies requiring consent is Article 6(1)(a) DS-GVO. This data includes, among other things, page views, length of stay, origin, country, etc., We analyze this statistical information in order to improve our offer and to check the acceptance of individual web pages. Invisible GIFs are only used for positioning elements on the website. Further functions are not connected with the used Invisible GIFs. These cookies are stored by your browser and are usually deleted when you close the browser. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website. The storage period of cookies depends on their purpose and is not the same for everyone.
We recommend that if you use shared computers that are set to accept cookies, you always log out completely when finished.
You can view which cookies we currently use at any time here, as well as quickly and easily manage any consents you may have given.
8. duration of data storage
We generally only store your data for as long as is necessary for the respective purpose of data processing (e.g. processing your request or legal retention periods).
We store the data collected for the processing of the contract until the expiry of the legal or possible contractual warranty and guarantee rights. After expiration of this period, we retain the information of the contractual relationship required by commercial and tax law for the periods determined by law. For this period (regularly ten years from the conclusion of the contract), the data is processed again solely in the event of an audit by the tax authorities.
All data in connection with the implementation of a conciliation procedure is generally stored for up to ten years.
The duration of data storage for advertising purposes does not follow any rigid principles and is based on the question of whether storage is necessary for the advertising approach. In addition, we follow the principle of deleting data for advertising use after 4 years after the end of the contract or after 4 years after the end of the marketing efforts. Advertising objections are not deleted.
We store the data we process as part of the recruitment process for up to 6 months after completion of the application process.
In particularly justified cases, we also store data for longer periods, for example if a public authority requires this or if the data is needed for legal reasons, e.g. to provide evidence in a court case.
9. recipients outside the EU
We transfer your data to recipients in further third countries (if a corresponding adequacy decision of the European Commission exists regarding them) based contract and business partners. When conducting the arbitration process, no transfer of personal data collected in this context to third countries takes place. ClariLab is also subject to the legal powers of intervention of state authorities.
10. your rights
10.1 Overview
In addition to the right to revoke the consent you have given to us, you have the following additional rights if the respective legal requirements are met:
– Right to information about your personal data stored by us in accordance with Art. 15 EU-DSGVO,
– Right to correct incorrect data or to complete correct data in accordance with Art. 16 EU-DSGVO,
– Right to have your data stored by us deleted according to Art. 17 EU-DSGVO,
– Right to restrict the processing of your data according to Art. 18 EU-DSGVO,
– Right to data portability according to Art. 20 EU-DSGVO.
It is possible to contact the supervisory authority responsible for ClariLab, the Hessian Data Protection Commissioner.
10.2 Right of objection
Under the conditions of Article 21 (1) DS-GVO, the processing of data may be objected to for reasons arising from the particular situation of the data subject.
The above general right of objection applies to all processing purposes described in this Privacy Notice, which are processed on the basis of Article 6(1)(f) DS-GVO. Unlike the specific right of objection directed at data processing for promotional purposes, we are only obliged under the GDPR to implement such a general objection if you provide us with reasons of overriding importance for doing so (e.g., a possible risk to life or health). In addition, you have the option of contacting the supervisory authority responsible for ClariLab, the Hessian Data Protection Commissioner.
11. data security
All data transmitted by you personally will be transferred using the generally accepted and secure standard SSL (Secure Socket Layer). SSL is a secure and proven standard that is also used, for example, in online banking. You can recognize a secure SSL connection, among other things, by the appended s at the http (i.e. https://…) in the address bar of your browser or by the lock symbol in the lower area of your browser.
12. Analysis Tools and advertising
Matomo (formerly called Piwik)
This website uses the open-source web analysis service Matomo. Matomo uses technologies that make it possible to recognize the user across multiple pages with the aim of analyzing the user patterns (e.g. cookies or device fingerprinting). The information recorded by Matomo about the use of this website will be stored on our server. Prior to archiving, the IP address will first be anonymized.
Through Matomo, we are able to collect and analyze data on the use of our website-by-website visitors. This enables us to find out, for instance, when which page views occurred and from which region they came. In addition, we collect various log files (e.g. IP address, referrer, browser, and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).
The use of this analysis tool is based on Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.
IP Anonymization
For analysis with Matomo we use IP anonymization. Your IP address is shortened before the analysis, so that it is no longer clearly assignable to you.
Hosting
We host Matomo exclusively on our own servers, so all analytics data remains with us and is not shared.
[matomo_opt_out language=en]
Stand: November 2020