Data protection declaration

1 Scope

The following data protection declaration shall apply for the processing of personal data by Axivion GmbH, Nobelstraße 15, 70569 Stuttgart, Germany, e-mail info (at) axivion.com as the controller according to Art. 4 paragraph 7 EU General Data Protection Regulation (“GDPR”). You can contact our data protection officer by e-mail at datenschutz (at) axivion.com or using our postal address, preceded by “F.A.O. the Data Protection Officer”.

The protection of your personal data is important to us and especially with regard to protecting your right to privacy during the processing and use of this information. Below, we will provide you with information about how we collect personal data when you use our website. Personal data is all information that can be related to your person , such as your name, address, e-mail addresses and user behaviour.

2 Automated data collection and processing via the browser

2.1 SERVER LOG FILES

As with any website, our server automatically and temporarily collects information in the server log files, which are transferred by the browser if you have not deactivated this. If you wish to view our website we collect the following data, which we require for technical reasons, in order to display our website and ensure stability and security (legal basis Art. 6 paragraph 1 (f) GDPR):

  • IP address of the requesting computer
  • File request of the client
  • http response code
  • The web page from which you are visiting us (referrer URL)
  • Time of the server request
  • Browser type and version
  • Operating system used on the requesting computer

The server log files are not analysed in a personally identifiable manner. This data cannot be linked by the provider to specific persons at any time. This data is not merged with other data sources.

2.2 Cookiebot

Our website uses the cookie consent technology of Cookiebot to obtain your consent to the storage of certain cookies on your terminal device and to document this in accordance with data protection law. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark, website: https://www.cookiebot.com/ (hereinafter “Cookiebot”).

When you enter our website, a connection is made to Cookiebot’s servers to obtain your consents and other statements regarding cookie use. Subsequently, Cookiebot stores a cookie in your browser in order to be able to assign the consents granted to you or their revocation. The data collected in this way will be stored until you request us to delete it, delete the Cookiebot cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 paragraph 1 (c) GDPR.

2.3 YOUTUBE

Our website uses plugins from the YouTube website. The site is operated by Google / YouTube (Gordon House, Barrow Street, Dublin 4, Irland)

We use YouTube in the privacy-enhanced mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, YouTube’s privacy-enhanced mode does not necessarily preclude the sharing of data with YouTube partners. YouTube connects to the Google DoubleClick network whether or not you actually watch a video. When you start a YouTube video on our website, it connects to YouTube’s servers. This will tell the YouTube server which of our pages you have visited. If you are logged in to your YouTube account, YouTube can associate your surfing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account. YouTube can also store various cookies on your device after you start a video. YouTube can use these cookies to obtain information about visitors to our website. This information is also used, for example, to collect video statistics, improve usability and prevent fraud. The cookies remain on your device until you delete them. Once a YouTube video has been started, further data processing operations may be triggered over which we have no control. YouTube is used in the interest of making our online services appealing. This constitutes a legitimate interest within the meaning of Art. 6 paragraph 1 (f) GDPR.

Further information on data protection at YouTube can be found in its Privacy Policy at http://www.youtube.com/t/privacy_at_youtube.

2.4 Matomo

Our website uses the open source web analytics service Matomo

Matomo is disabled when you visit our website. Only if you actively consent in the cookie consent manager, usage data will be collected anonymously.

Matomo uses so-called “cookies”, small text files that are stored on your computer and that allow an analysis of the use of the website by you. For this purpose, the information generated by the cookie about the use of this website is stored on our server. Your IP address is anonymized before it is stored. Matomo cookies have a preset expiration time of 13 months.

The storage of Matomo cookies is based on your consent according to Art. 6 paragraph 1 (a) GDPR. The consent can be withdrawn at any time.

The information generated by the cookies about your use of this website will not be disclosed to third parties.

You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, doing so may mean you may not be able to enjoy the full functionality of our website.

3 Data collection and processing of voluntarily provided data

3.1 General contact

If you provide us with personal data by e-mail or via our website (last name, first name, e-mail address, address), this generally takes place on a voluntary basis. This data is used in order to fulfill the contractual relationship, process your requests or orders, for our own market/opinion research and for our own advertising by post or e-mail. Any further use, in particular the forwarding of data to third parties for the purposes of advertising, market or opinion research, does not take place. We delete any data obtained in this way after it no longer needs to be stored, or we limit its processing, if statutory storage obligations exist. The legal basis is Art. 6 paragraph 1 (a) GDPR, Art. 6 paragraph 1 (b) GDPR or Art. 6 paragraph 1 (f) GDPR.

3.2 Live-Chat

This website uses Userlike, live chat software produced by the company Userlike UG (haftungsbeschränkt), Probsteigasse 44-46, 50670 Cologne, Germany. You can use Userlike to chat with our employees in real-time. At the start of the chat, the following personal data is collected:

  • Date and time of the chat,
  • Browser type/version,
  • IP address,
  • Operating system used,
  • URL of the previously visited website,
  • Amount of data sent.
  • And if provided by you: first name, surname, and e-mail address.

Depending on the course of the conversation with our employees, further personal data may be provided by you in the chat. The nature of this information depends heavily on your request or the problem you are describing.
The purpose of processing all this data is to provide you with a fast and efficient way of contacting us and thus to improve our customer service.

All our employees have been trained in data protection and in the handling of customer data. All our employees are obliged to maintain confidentiality and have accordingly signed an addendum to their employment contracts which obliges them to maintain confidentiality and observe data protection.

By accessing the www.axivion.com web page, the chat widget is loaded as a JavaScript file from AWS Cloudfront. The chat widget technically represents the source code executed on your computer that enables the chat.

In addition, Axivion GmbH stores the history of live chats for 12 months. The purpose of this is to save our customers from having to go through a long history of requests, and for us to constantly monitor the quality of our live chat service. Processing is permitted pursuant to Art. 6 paragraph 1 (f) GDPR. If you do not wish your live chat history to be stored, please do not hesitate to contact us using the contact details listed below. Stored live chats and any other of your data will then be deleted by us immediately.

The storage of chat data also serves the purpose of ensuring the security of our information technology systems. This is also our legitimate interest, which is why processing is permitted under Art. 6 paragraph 1 (f) GDPR. The legal basis for the processing of the data provided in the chat is also Art. 6 paragraph 1 (b) and (f) GDPR.

Further information can be found in the Data processing terms of Userlike UG (haftungsbeschränkt).

3.3 Web requests

You can register via our website for a free demo, a price request, a callback, a free download of whitepapers and seminars and for free participation in online seminars and customer events. In addition to your name, your business email address is required. In addition, your telephone number is required for a callback, your company for online seminars and your company and customer number for our customer events. No data will be passed on to third parties in this context.

To participate in online seminars as well as in our customer event – if the latter takes place remotely – you must access the Zoom website. Please also note the additional data protection information under “4 Online meetings, conference calls and webinars via Zoom”.

The legal basis for the processing of the data is your prior consent in accordance with Art. 6 paragraph 1 (a) DSGVO that your data may also be used for advertising our offer by e-mail and telephone, our legitimate interest in processing your enquiry as an interested party in accordance with Art. 6 paragraph 1 (f) DSGVO and, if applicable, Art. 6 paragraph 1 (b) DSGVO if your enquiry is aimed at concluding a contract.

Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The collected personal data will be deleted as soon as the contact with you was unsuccessful. Continued processing takes place if it is necessary within the framework of the resulting initiation and processing of a contract or for the fulfilment of the resulting contractual purposes.

If you have given us consent to process your data, you can revoke this consent at any time. In the case of Art. 6 paragraph 1 (f) DSGVO, you can object to the processing of your personal data at any time. The following contact option, among others, is available for this purpose: info@axivion.com.

3.4 Newsletter

With your consent, you can subscribe to our newsletter, which we use to keep you informed of our latest attractive offers. The promoted goods and services are specified in the declaration of consent.

For registration for our newsletter, we use the “double opt-in” process. This means that, after you have registered, we send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to be sent the newsletter. If you do not confirm your registration within 24 hours, your information will be automatically deleted. In addition, we save the IP addresses that you use and the times of registration and confirmation. The purpose of this process is to keep evidence of your registration and, if necessary, to rectify any possible misuse of your personal data.

The only information required for the newsletter to be sent is your e-mail address. The provision of further, separately marked data is voluntary and used to address you personally. After you confirm, we save the data provided by you in order to send you the newsletter (Legal basis is Art. 6 paragraph 1 (a) GDPR).

You can withdraw your consent to be sent the newsletter at any time and cancel the newsletter. You can withdraw your consent by clicking on the link provided in every newsletter e-mail.

3.5 Application portal

On our careers page, you can apply speculatively or for actual job vacancies. For this purpose, we allow you to use our application portal. You can also register on our application portal. Your data (name, e-mail address, contact data, application documents) is only processed for the purposes of the applicable job advertisement (Art. 6 paragraph 1 (b) GDPR, § 26 BDSG (German Data Protection Law)) or subject to your consent for its use for further job vacancies (Art. 6 paragraph 1 (a) GDPR). If you have given us your consent to process your application data, you can withdraw your consent at any time.

Information concerning sensitive data: we expressly inform you that applications, in particular CVs, certificates and other data transferred to us by you, may contain particularly sensitive information concerning your mental and physical health, racial or ethnic origin, political opinions, religious or philosophical beliefs, membership of a trade union or political party or sex life.

If you provide us with such information in your online application, you expressly declare that you consent to us processing this data for the purpose of processing your application. This data is processed according to this data protection declaration and the other relevant statutory requirements.

The transferred data is deleted if your application is declined or rejected, no sooner than three months after completion of the application process. This does not apply if statutory provisions prevent deletion or further storage is required for the purpose of evidence or you have consented to a longer storage period.

In order to provide our application portal, we use Prescreen International GmbH, Vienna, Austria. The legal basis for the use of the service provider is Art. 6 paragraph 1 (f) GDPR. Further information on data collection in the application process, in particular also by Prescreen, can be found in the data protection declaration at https://axivion.jobbase.io/policy/.

3.6 Right to object

In the context of you right to object, please note the following:

In the event that we process your data for the purpose of direct marketing, you may at any time object to this processing without giving reasons.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection is free of charge and can be made in any form, if possible to: datenschutz@axivion.com.

In the event that we process your data for the purpose of legitimate interest, you may at any time object to this processing on grounds relating to your particular situation.

We will then no longer process your personal data unless we are able to demonstrate grounds for processing, which override your interests, rights and freedoms, or if processing serves the establishment, in the defence of legal claims.

4 Online meetings, conference calls and webinars via Zoom

We would like to inform you in the following about the processing of personal data in connection with the use of Zoom.

4.1 Purpose of the processing

We use Zoom to perform telephone conferences, online meetings, video conferences and/or webinars (hereinafter: “Online Meetings”). Zoom is a service of Zoom Video Communications, Inc. which is based in the USA.

4.2 Controller

The controller directly related to the performance of “Online Meetings” is Axivion GmbH, Nobelstraße 15, 70569 Stuttgart, Germany.

Note: If you access the website of Zoom, the provider Zoom is responsible for the data processing.

Accessing the website of Zoom is only necessary to download the necessary software (“Zoom App”) from Zoom. The data protection information of Zoom can be found at: https://zoom.us/privacy.

You can also use Zoom if you enter the meeting ID and other access data for the meeting directly in the “Zoom App”.

If you do not want to or cannot use the “Zoom App”, the basic functions can also be used via a browser version, which you can also find on the Zoom website.

4.3 What data is processed?

When using Zoom, different types of data are processed. The scope of the data also depends on the data you enter before or during participation in an “online meeting”.

The following personal data are processed:

  • User details: first name, last name, telephone (optional), e-mail address, password (if “Single-Sign-On” is not used), profile picture (optional), department (optional)
  • Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information
  • For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
  • When dialing in by phone: information on incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.
  • Text, audio and video data: You may be able to use the chat, question or survey functions in an “online meeting”. To this extent, the text entries you make are processed in order to display and, if necessary, log them in the “online meeting”. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the “Zoom-App” or the browser version.

In order to participate in an “online meeting”, you must at least provide information about your name.

4.4 Scope of processing

We use Zoom to perform “Online Meetings”.

If we wish to record “Online Meetings”, we will inform you of our wish transparently in advance and – if necessary – ask for your consent. The fact of the recording will also be displayed in the “Zoom App”.

Should it be necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.

In the case of webinars, we may also process the questions asked by webinar participants for the purposes of recording and follow-up of webinars.

If you are registered as a user at Zoom, reports on “Online Meetings” (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored for up to one month at Zoom.

Automated decision making within the meaning of Art. 22 GDPR is not used.

4.5 Legal basis of the data processing

If personal data of Axivion GmbH employees are processed in Germany, § 26 BDSG are the legal basis for data processing. In other respects, the legal basis for data processing when conducting “Online Meetings” is Art. 6 paragraph 1 (f) GDPR. In these cases, our legitimate interest is to ensure that “Online Meetings” are performed effectively.

If personal data of Axivion GmbH employees is processed, Art. 6 paragraph 1 (b) GDPR is the legal basis for data processing, as long as the meetings are performed within the scope of a contractual relationship.

If no contractual relationship exists, the legal basis is Art. 6 paragraph 1 (f) GDPR. Here too, our legitimate interest is to ensure that “Online Meetings” are performed effectively.

4.6 Transfer of data / Recipients

Personal data processed in connection with participation in “Online Meetings” is generally not transferred to third parties, unless it is specificallyprovided for the purpose of transfer.

Please note that content from “Online Meetings” as well as personal meetings are often used to communicate information with customers, prospects or third parties and are therefore intended to be forwarded.

Other recipients: The provider of Zoom necessarily receives knowledge of the above mentioned data. This is only the case insofar as this is provided for in our “data processing agreement” with Zoom.

4.7 Data processing outside the European Union

Zoom is a service provided by a vendor from the USA. Processing of personal data therefore also takes place in a third country. Axivion has signed a contract with the provider of Zoom which meets the requirements of Art. 28 GDPR.

An appropriate level of data protection is guaranteed by the “EU standard contractual clauses”.

5 Cryptshare Data transfer

Cryptshare is an application installed on our servers to enable the encrypted exchange of data. The data is not passed on to third parties.

5.1 What personal data is processed in Cryptshare?

Sender Data:

  • In order to inform recipients of a transfer the name, phone number and email address of the sender are collected when the sender performs a verification. This information is stored on the client computer of the sender. In addition, this information is used in email notifications to all recipients of a transfer.
  • The email address of the sender as well as the IP address of the sender at the time of an upload are stored in the server-side system-log and transfer-log for each upload being made.

Recipient Data:

  • Email addresses of all recipients as well as their IP addresses at the time of a download are stored in the system-log and transfer-log for each download being made.
  • The recipient email addresses typed in by a sender in the user interface are stored on server-side in a database.

5.2 Why is personal data processed?

Cryptshare is a communication solution based on email communication. In order to provide a comfortable way to communicate with each other, this minimum amount of personal information is stored:

  • The name and phone number of a sender is stored on client-side so the user does not have to re-enter this information with every use of the system.
  • Sender contact details are provided to the recipient to inform them where the information comes from and how to contact the sender.
  • Email addresses for senders and recipients are stored on server-side as a technical prerequisite (Meta-Information of a Transfer).
  • IP addresses for senders and recipients are stored on server-side for audit trail and troubleshooting purposes.
  • Email addresses of recipients are stored in a server-side database in order to provide senders a comfortable way of selecting addresses previously used.

5.3 How long is personal data kept?

Web User Interface:

  • Name and phone number of a sender are stored in Browser Cookies. By default, these cookies expire after 30 days.
  • Besides from the automatic expiration of a browser cookie, the user can delete these cookies manually at any time by either using the built-in function for deleting cookies in the browser, or by using the deletion function in the Cryptshare User Interface.
  • Email addresses of recipients addressed by the sender are stored in a server-side database. This address book stores a maximum amount of addresses per sender. If the maximum is exceeded the addresses which have not been used for the longest time will be removed automatically.

Server-Side Logging:

  • Email/IP Addresses: All email addresses and IP addresses are stored in the Cryptshare System Log and as meta-information as part of a Cryptshare Transfer. The retention period for transfer-log data is 90 days.

5.4 Deletion of personal data

  • The registration data (name, phone number and e-mail address) will be automatically deleted after 365 days from the last registration or 30 days from the last transfer, depending on which case comes earlier.
  • The payload of expired transfers is deleted after 10 days.

6 Transfer to third parties

If you have provided us with personal data, the latter will not be transferred to third parties. Data is only transferred:

  • If you have given your consent. When data is collected, you will be informed of the recipients or categories of recipient.
  • For the processing of your requests, your orders and the use of our services, the required data will be transferred to authorised subcontractors, which will only receive and use it for the fulfilment of this contract.
  • For processing in accordance with Art. 28 GDPR, to external service providers. The latter are carefully selected and appointed by us, bound by our instructions and the provisions of the GDPR and regularly monitored.
  • For the fulfilment of statutory obligations to entitled authorities.

7 Cookies

7.1 The website uses cookies.

Cookies are small text files, which are saved locally in the cache memory of your browser. The following types of cookies, the scope and function of which are explained below, are used on this website:

  • Transient cookies
  • Persistent cookies

7.2 Transient cookies

Transient cookies are automatically deleted when you close the browser. In particular, they include session cookies. The latter save a “session ID”, with which various requests from your browser can be assigned to the joint session. It enables your computer to be recognised if you return to our website. The session cookies are deleted if you log out or close the browser.

7.3 Persistent cookies

Persistent cookies are automatically deleted after a set period, which may vary depending on the cookie. You can delete the cookies at any time in your browser’s security settings.

7.4 Browser Settings

You can configure your browser setting as you wish and, for example, refuse to accept third-party cookies or any cookies. We inform you that if you do so, you may not be able to use all the functions of this website.

8 Duration of storage

Your data is only used for as long as it is required for the existing customer relationship, unless you have given us your consent or we have a legitimate interest in its further processing. In such cases, we process your data until you revoke your consent or until you violate our legitimate interests. Nevertheless, we are required, by virtue of commercial and tax requirements, to store your address, payment and order data for the period of ten years.

9 Your rights

You have the following rights in relation to us and with regard to the personal data concerning you:

  • Right to be informed
  • Right to rectification or erasure
  • Right to restriction of processing
  • Right to object to processing
  • Right to data portability

Please send a written request to Axivion GmbH, Nobelstraße 15, 70569 Stuttgart, Germany, or by e-mail to info (at) axivion.com.

You also have the right to complain to the data protection supervisory authority about our processing of your personal data.