Impressum

Data protection declaration

Data protection is of a particularly high priority for CovaSyn (owner Oliver Kraft) (hereinafter: provider). It is generally possible to use the provider's website without providing any personal data. However, if a data subject wishes to make use of special services offered by us via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to the provider. By means of this data protection declaration, our company would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this privacy policy.

As the controller, the provider has implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

1. Definitions

The data protection declaration of the provider is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

We use the following terms, among others, in this Privacy Policy:

1.1. Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.2. Data subject

Data subject is any identified or identifiable natural person whose personal data is processed by the controller.

1.3. Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1.4. Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.

1.5. Profiling

Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

1.6. Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

1.7. Controller or controller responsible for the processing

The controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

1.8. Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

1.9. Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

1.10. Third party

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

1.11. Consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is

CovaSyn

Naunhofer Straße 67

04299 Leipzig

Phone: +49 (0) 151/61683044

E-Mail: info@covasyn.com

Website: https://covasyn.com/

3. Cookies

The provider's Internet pages use cookies. Cookies are text files that are placed and stored on a computer system via an Internet browser.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters through which websites and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified via the unique cookie ID.

Through the use of cookies, the provider can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.

By means of a cookie, the information and offers on our website can be optimized for the benefit of the user. As already mentioned, cookies enable us to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter their access data each time they visit the website because this is taken over by the website and the cookie stored on the user's computer system. Another example is the cookie for a shopping basket in an online store. The online store remembers the items that a customer has placed in the virtual shopping cart via a cookie.

The data subject can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.

4. Collection of general data and information

The provider's website collects a series of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the server log files. The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites which are accessed via an accessing system on our website can be recorded, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information used for security purposes in the event of attacks on our information technology systems.

When using this general data and information, the provider does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. This anonymously collected data and information is therefore evaluated by the provider both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

5. Registration on our website

The data subject has the option of registering on the controller's website by providing personal data. Which personal data is transmitted to the controller is determined by the respective input mask used for registration. The personal data entered by the data subject is collected and stored exclusively for internal use by the controller and for the controller's own purposes. The controller may arrange for the data to be passed on to one or more processors, such as a parcel service provider, who will also use the personal data exclusively for internal use attributable to the controller.

By registering on the controller's website, the IP address assigned by the data subject's Internet service provider (ISP), the date and time of registration are also stored. This data is stored against the background that this is the only way to prevent the misuse of our services and, if necessary, to make it possible to investigate criminal offenses committed. In this respect, the storage of this data is necessary to safeguard the controller. This data is not passed on to third parties unless there is a legal obligation to pass it on or the passing on serves the purpose of criminal prosecution.

The registration of the data subject with voluntary provision of personal data serves the controller to offer the data subject content or services which, due to the nature of the matter, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have it completely deleted from the controller's database.

The controller shall provide any data subject at any time upon request with information about which personal data relating to the data subject is stored. Furthermore, the controller shall rectify or erase personal data at the request or indication of the data subject, insofar as this does not conflict with any statutory retention obligations. All of the controller's employees are available to the data subject as contact persons in this context.

6. Contact possibility via the website

The website of the controller contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purposes of processing or contacting the data subject. This personal data is not passed on to third parties.

7. Data protection for applications and in the application process

The controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits relevant application documents to the controller electronically, for example by email or via a web form on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests of the controller stand in the way of deletion. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

8. Routine erasure and blocking of personal data

The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.

If the storage purpose ceases to apply or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or erased in accordance with the statutory provisions.

9. Rights of the data subject

9.1. Right to confirmation

Each data subject shall have the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may, at any time, contact any employee of the controller.

9.2. Right of access

Any person affected by the processing of personal data has the right granted by the European legislator of directives and regulations to obtain, at any time and free of charge, information from the controller about the personal data stored about him or her and a copy of that information. Furthermore, the European legislator has granted the data subject access to the following information:

- the purposes of the processing

the categories of personal data undergoing processing

the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations

where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period

the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing

- The existence of the right to lodge a complaint with a supervisory authority

- if the personal data are not collected from the data subject: Any available information as to the source of the data

the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject

Furthermore, the data subject has a right to information as to whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.

If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact any employee of the controller.

9.3. Right to rectification

Any person affected by the processing of personal data has the right granted by the European legislator of directives and regulations to demand the immediate correction of incorrect personal data concerning them. Taking into account the purposes of the processing, the data subject shall also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact any employee of the controller.

9.4. Right to erasure (right to be forgotten)

Any person affected by the processing of personal data has the right, granted by the European legislator, to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies and insofar as the processing is not necessary:

- The personal data have been collected or otherwise processed for such purposes for which they are no longer necessary.

The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.

The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.

The personal data have been unlawfully processed.

The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by the provider, he or she may, at any time, contact any employee of the controller. An employee of the provider shall promptly ensure that the erasure request is complied with immediately.

If the provider has made the personal data public and our company is obliged to delete the personal data in accordance with Art. 17 para. 1 GDPR, the provider shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform other persons responsible for data processing who process the published personal data, that the person concerned has requested the deletion of all links to this personal data or of copies or replications of this personal data from these other persons responsible for data processing, insofar as the processing is not necessary. An employees of the provider will arrange the necessary measures in individual cases.

9.5. Right to restriction of processing

Any person affected by the processing of personal data has the right granted by the European legislator of directives and regulations to require the controller to restrict the processing if one of the following conditions is met:

The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.

The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.

The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.

The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by the provider, he or she may at any time contact any employee of the controller. The employee of the provider will arrange for the restriction of processing.

9.6. Right to data portability

Any person affected by the processing of personal data has the right, granted by the European legislator, to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising their right to data portability pursuant to Art. 20 (1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

In order to assert the right to data portability, the data subject may at any time contact any employee of the provider.

9.7. Right to object

Any person affected by the processing of personal data has the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.

The provider shall no longer process the personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.

If the provider processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This also applies to profiling insofar as it is associated with such direct advertising. If the data subject objects to the provider to the processing for direct marketing purposes, the provider will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by the provider for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

In order to exercise the right to object, the data subject may contact any employee of the provider or another employee directly. The data subject is also free, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise his or her right to object by automated means using technical specifications.

9.8. Automated decisions in individual cases including profiling

Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the controller or (2) is permissible on the basis of Union or Member State legislation to which the controller is subject and that such legislation contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject or (3) is taken with the express consent of the data subject.

If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject's explicit consent, the provider shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.

If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she may, at any time, contact any employee of the controller.

9.9. Right to withdraw consent under data protection law

Any person affected by the processing of personal data has the right granted by the European legislator to withdraw consent to the processing of personal data at any time.

If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee of the controller.

10. Special data protection provisions

10.1. Data protection provisions about the application and use of Calendly

On this website, the controller has integrated components of Calendly. Calendly is a subscription-based scheduling software in the form of an online calendar that allows meetings to be scheduled simply, quickly and easily. Calendly works with personal calendars and customizes schedules based on availability settings and time zone recognition. Calendly is designed to save time, control schedules and prevent last-minute meetings and scheduling conflicts through buffer times, daily limits and secret event types.

The operating company is Calendly LLC, BB&T Tower, 271 17th St NW #1000, Atlanta, GA 30363, USA.

When using the tool, personal data such as name, e-mail address and telephone number are requested. It is also possible to present various concerns and provide further information. If you use the tool, your details from the Calendly form, including the data you provide there, will be stored on this website and at Calendly for the purpose of processing the request and in the event of follow-up questions. The data of Calendly users and invitees are stored in data centers in the USA provided by Amazon Web Services ("AWS") and Google (selected back-ups). This data remains on this website and at Calendly until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. appointment has taken place). All connections from the browser to the Calendly platform are encrypted during transmission using TLS SHA-256 with RSA encryption. All data is encrypted at rest. Calendly user passwords are stored as encrypted password hashes. User passwords for the iCloud Calendar integration are stored with salted encryption. The data entered is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR).

The applicable data protection provisions of Calendly can be found at calendly.com/pages/privacy.

10.2. Data protection provisions about the application and use of Copecart

On this website, the controller has integrated the component of CopeCart. CopeCart is a store software that enables companies to sell digital and physical products and services. The platform is a so-called full-service provider, i.e. it supports sellers in all steps of the sales process. They can list and sell their products and services on CopeCart, have customers pay via the platform and analyze and evaluate their sales.

The operating company of CopeCart is CopeCart GmbH, Ufnaustraße 10, 10553 Berlin, phone: 04103-7003001, e-mail: info@copecart.com.

If a user purchases a product or service from the controller, they conclude a purchase contract with the controller. However, it is not only the seller who receives the data for processing the purchase, but also the CopeCart platform. In this context, personal data such as names, addresses, e-mail addresses, payment data and telephone numbers are transmitted to a third party.

For this reason, the controller has concluded an order processing contract with CopeCart.

The collection of personal data via CopeCart takes place in order to ensure the smooth processing of purchase contracts, to be able to analyze and evaluate the sales behavior of users and thus to be able to continuously optimize the controller's offer and its website.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

The collection of personal data in the manner described is based on Art. 6 para. 1 lit. c, f GDPR.

Users have the option to object to data processing by CopeCart at any time. However, this does not apply to data that CopeCart absolutely needs in order to sell products and process payments.

Further information on the type and manner of processing can be found at https://www.copecart.com/features/details-list/<a38

CopeCart's privacy policy is available at https://www.copecart.com/datenschutz/.

10.3. Data protection provisions about the application and use of Elementor

On this website, the controller has integrated components of the service Elementor. Elementor Website Builder allows WordPress users to create and edit websites using drag & drop technology with integrated reaction mode.

The operating company of Elementor's services is Elementor Ltd, 2600 Flatbush Ave, Brooklyn, New York, 11234, United States.

Elementor collects information in three different ways: when users use the website, when users use the services and when users use the software. Among other things, Elementor collects payment information (for subscription purposes) and stores a token for recurring billing when users have purchased a subscription that cannot be used to re-identify their credit card. Elementor also collects aggregated data from third parties, such as social media sites and other services they use, as well as joint ventures that Elementor may establish. Elementor also collects the information that users provide to them through emails or other communications. Elementor collects information about how Users use its website, such as the pages Users have viewed, the links Users have clicked on, the websites that referred them to Elementor, device type, screen resolution, operating system and browser.

When Users use Elementor's Services, Elementor may automatically collect information from Users' devices, including, without limitation, information and statistics about their online/offline status, IP address, Internet service provider, browser type, hosting environment, web server, regional and language settings, and software and hardware attributes. Elementor's systems may automatically record and store technical information about the method and type of service usage.

Elementor collects the email of the website administrator using the Software and some of the following information depending on the specific usage by the users: the IP address of the said server, the license key and the following information: Server software & version, MySQL version, PHP settings & version, WordPress version, WordPress debug mode, WordPress storage limit, WordPress max upload size, WordPress settings (permalink structure, multisite, language, theme, plugins), site URL, number of custom templates stored in the library, number of posts using Elementor, and number of widgets used.

Elementor uses personal data to provide services and software to users. Elementor may conduct research on User demographics, interests and behavior based on Personal Data and other information collected by Elementor.

Elementor's servers may be hosted in different countries and jurisdictions, which may be located outside the country from which users access the Services and may be located outside their country of residence. Elementors may transfer personal data across multiple countries.

Some uses and disclosures may involve the transfer of Users' Personal Data to different countries around the world, which may have different levels of data protection than the country of the relevant User and may be transferred outside the European Economic Area. Elementor may share information as necessary to provide or maintain the Services. Elementor may also share information in accordance with a written legal request by a valid legal authority.

In order to collect the data described above, Elementor may use temporary cookies that remain on the browser for a limited period of time.

Users have the right to know what personal data is collected about them and have the right to ensure that this data is accurate and relevant to the purposes for which Elementor has collected it. Users may also request the deletion of data. Users can also revoke their consent to the collection of data at any time.

Further information and the applicable data protection provisions of Elementor can be found at elementor.com/about/privacy/.

10.4. Data protection provisions about the application and use of Facebook

On this website, the controller has integrated components of the enterprise Facebook. Facebook is a social network.

A social network is a social meeting place operated on the Internet, an online community that generally enables users to communicate with each other and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enable the Internet community to provide personal or company-related information. Among other things, Facebook enables users of the social network to create private profiles, upload photos and network via friend requests.

The operating company of Facebook is Facebook, Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the controller for the processing of personal data is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a Facebook component (Facebook plug-in) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding Facebook component from Facebook through the Facebook component. A complete overview of all Facebook plug-ins can be accessed at developers.facebook.com/docs/plugins/?locale=en_DE. During the course of this technical procedure, Facebook gains knowledge of what specific sub-page of our website was visited by the data subject.

If the data subject is logged in at the same time on Facebook, Facebook recognizes with each call-up to our website by the data subject and for the entire duration of their stay on our Internet site, which specific sub-page of our Internet page was visited by the data subject. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated on our website, for example the "Like" button, or if the data subject makes a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.

Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is logged in to Facebook at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook, they can prevent the transmission by logging out of their Facebook account before accessing our website.

The data policy published by Facebook, which is available at en.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains the setting options Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.

10.5. Data protection provisions about the application and use of Facebook Pixel

On this website, the controller has integrated components of the enterprise Facebook Pixel of Facebook. The Facebook pixel is a snippet of JavaScript code that loads a collection of functions with which Facebook can track your user actions if you have come to the user's website via Facebook ads.

The operating company of Facebook Pixel is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

With the help of Facebook pixels, the advertising measures of users can be better tailored to their wishes and interests. This means that Facebook users (provided they have allowed personalized advertising) see suitable advertising. Facebook also uses the data collected for analysis purposes and its own advertisements.

The data policy published by Facebook, which is available at en.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains the settings options Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.

Further information regarding the data protection provisions of Facebook Pixel can be found at en-de.facebook.com/business/gdpr.

10.6. Data protection provisions about the application and use of Google Drive

The controller has integrated Google Drive on this website. Google Drive is an online file hosting service that allows you to save, share and edit documents in the cloud. Google Drive includes Google Docs, Sheets, Slides and Forms.

The purpose of Google Drive is the storage of files and the direct editing of text documents, spreadsheets and presentations.

The operating company of the Google Drive component is Alphabet Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

A cookie is a short text snippet that is sent to your browser by a website you visit. It stores information about your last visit.

The cookie is used to store personal information, such as the access time, the location from which access was made and the frequency of visits to our website by the data subject. Each time our website is visited, this personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.

The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Alphabet Inc. from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Alphabet Inc. can be deleted at any time via the Internet browser or other software programs.

Google Drive is explained in more detail under this link https://www.google.com/intl/de/drive/.

Further information and the applicable data protection provisions of Google can be found at www.google.de/intl/de/policies/privacy/ and at www.google.com/analytics/terms/de.html.

10.7. Data protection provisions about the application and use of Hotjar

On this website, the controller has integrated components of Hotjar. Hotjar is a behavioral analytics company that analyzes the use of websites and provides feedback via tools such as heatmaps, session recordings and surveys.

The operating company of Hotjar is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe.

By using Hotjar, the needs of our users can be better understood and the offer on this website can be optimized. Hotjar makes it possible to track which buttons are clicked, the history of the mouse, how far the user scrolls, the screen size of the device, device type and browser information, geographic location (country only) and preferred language. This allows the website's offering to be tailored to user feedback. Hotjar works with cookies and other technologies to collect information about the behavior of users and their end devices, in particular the IP address of the device (is only recorded and stored in anonymized form), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language for displaying our website). Areas of the websites in which personal data about you or third parties is displayed are automatically hidden by Hotjar and are therefore not traceable at any time. IP addresses are only stored and processed in anonymized form in order to prevent them from being directly linked to individuals. However, Hotjar uses various third-party services such as Google Analytics and Optimizely. It may therefore be the case that these services collect data that is transmitted by your browser as part of web page requests. This would be cookies or your IP address, for example. In these exceptional cases, this processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the basis of the consent you have given for the purpose of statistical analysis of user behavior for optimization and marketing purposes.

Hotjar offers every user the option of using a "Do Not Track header" to prevent the use of the Hotjar tool so that no data about the visit to the respective website is recorded. This is a setting that is supported by all standard browsers in current versions. For this purpose, your browser sends a request to Hotjar with the instruction to deactivate the tracking of the respective user. If you use our websites with different browsers/computers, you must set up the "Do Not Track header" separately for each of these browsers/computers. When visiting a Hotjar-based website, you can prevent Hotjar from collecting your data at any time by going to the Hotjar opt-out page www.hotjar.com/legal/compliance/opt-out and clicking Disable Hotjar. Hotjar's applicable privacy policy can be found at www.hotjar.com/legal/policies/privacy.

10.8. Data protection provisions about the application and use of Hubspot

On this website, the controller has integrated components of the service Hubspot.

The operating company of the Hubspot services is HubSpot, Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141 USA.

Hubspot uses its own subscription services to create websites where visitors can learn more about HubSpot. The data collected and managed by Hubspot using the subscription service for its own marketing belongs to Hubspot and is used, disclosed and protected in accordance with its privacy policy.

Users are free to visit Hubspot's websites without sharing any personal data with Hubspot. When users visit the websites or register for the subscription service, Hubspot requires users to share their personal data with Hubspot and Hubspot collects navigation data. Hubspot collects the personal data when users submit web forms or interact with the website, such as when users subscribe to a HubSpot blog, sign up for a webinar, or contact customer support for assistance. Hubspot also collects personal data when users register for a HubSpot account. Personal data includes navigation data or payment data if such information directly or indirectly serves or can contribute to the identification of a person. "Sensitive Data" includes credit or debit card numbers, bank account or wire transfer information, government-issued identification numbers (such as social security numbers or passport/ID card numbers), biometric information, personal health information (or other information subject to applicable health privacy laws), personal data of children subject to child privacy laws, and any other information or combination of information that falls into the category of "special categories of personal data" under the GDPR or other applicable privacy laws.

When users view content provided by Hubspot, Hubspot automatically collects data about the user's hardware and software. This data may include the IP address, browser type, domain name, Internet service provider (ISP), files viewed on our website (e.g. HTML pages and graphics), operating system, clickstream data, access times and addresses of websites from which users accessed our website. HubSpot uses this data to compile general statistics on the use of HubSpot websites. For this purpose, Hubspot links this automatically collected data with other personal data such as name, e-mail address, address and telephone number.

Sometimes Hubspot receives personal data about the person from external sources, including partners with whom Hubspot offers co-branding services or conducts joint marketing activities.

The data collected is used by Hubspot in particular to improve and further develop its own products and services, to communicate with users, to make the service more accessible and to provide other companies with statistical data on usage.

Hubspot's websites contain links to third-party websites.

How long Hubspot stores the information collected from users depends on the type of information. After the appropriate period of time, Hubspot either deletes or anonymizes the information. If neither is possible, Hubspot will securely store the information and block it from any further use until deletion is possible.

Hubspot will retain personal information that users provide to it for as long as it has a legitimate business interest (for example, to comply with our legal obligations, resolve disputes and enforce our contractual rights).

If Hubspot no longer has a legitimate business interest in processing the personal data, Hubspot will securely delete or anonymize the data. If neither is possible, Hubspot will store the personal data in a secure manner and exclude it from any further data processing until deletion is possible. If users request Hubspot to do so, Hubspot will delete this data at an earlier date.

Hubspot may, among other things, share data with trusted partners so that they can contact users after they have requested to receive such communications, as well as for statistical analysis or customer service.

Users have the right to request the deletion of their data. Users can also obtain access to the data collected or revoke any consent they have given.

Further information and the applicable data protection provisions of Hubspot can be found at legal.hubspot.com/en/privacy-policy.

10.9. Data protection provisions about the application and use of Instagram

On this website, the controller has integrated components of the Instagram service. Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos and also to redistribute such data in other social networks.

The operating company of the Instagram services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which an Instagram component (Insta button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to the download of a display of the corresponding Instagram component of Instagram. As part of this technical process, Instagram receives information about which specific subpage of our website is visited by the data subject.

If the data subject is logged in at the same time on Instagram, Instagram detects with every call-up to our website by the data subject-and for the entire duration of their stay on our Internet site-which specific sub-page of our Internet page was visited by the data subject. This information is collected by the Instagram component and assigned by Instagram to the respective Instagram account of the data subject. If the data subject clicks on one of the Instagram buttons integrated on our website, the data and information transmitted with it is assigned to the personal Instagram user account of the data subject and stored and processed by Instagram.

Instagram always receives information via the Instagram component that the data subject has visited our website if the data subject is logged in to Instagram at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the Instagram component or not. If the data subject does not want this information to be transmitted to Instagram, they can prevent the transmission by logging out of their Instagram account before accessing our website.

Further information and the applicable data protection provisions of Instagram may be retrieved under help.instagram.com/155833707900388 and www.instagram.com/about/legal/privacy/.

10.9. Data protection provisions about the application and use of Instagram

The operating company of the Instagram services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

Further information and the applicable data protection provisions of Instagram may be retrieved under help.instagram.com/155833707900388 and www.instagram.com/about/legal/privacy/.

10.11. Data protection provisions about the application and use of STRATO

On this website, the controller has integrated components of STRATO as a web hosting program.

The operating company of STRATO is STRATO AG, Pascalstraße 10, 10587 Berlin, Germany.

STRATO collects, processes and stores the data that users provide when they place an order with STRATO. This includes, for example, the user's IP address. STRATO also stores and processes data about the order and payment history. STRATO collects, processes and stores the data that users themselves store when they use our services. This includes the creation of backup copies in STRATO's backup systems. When users visit STRATO's website or use the services, the device with which they access the site automatically transmits log data (connection data) to STRATO's server. This is particularly the case when users place orders, when they log in or when they upload or download data. Log data is also collected by STRATO's servers when visitors access their websites. The following log data is collected during this process: Customer domain, anonymized client IP, request line, timestamp, status code, size of the response body, referer sent by the client, user agent sent by the client, remote user.

STRATO uses cookies, pixels and similar technologies at various points on the website. Some of the cookies used process data in third countries. If users consent to the processing by these cookies, they also consent to the transfer and processing of their data in these third countries in accordance with Art. 49 I lit. a GDPR.

If a user leaves a comment in the blog published on the STRATO website, information on the time of the comment entry and, if applicable, the user name (pseudonym) chosen by the data subject will be stored and published in addition to the comments. In the event that the user leaves an e-mail address, it will also be stored but not published. This collected personal data will not be passed on to third parties, unless such a transfer is required by law or serves the legal defense of the controller.

STRATO processes and uses users' data in order to perform the contract and provide its services, to improve its services and websites and adapt them to usage requirements, to provide updates and upgrades and to send notifications relating to the service, as well as to prepare invoices and collect receivables.

For domain registrations, certain personal data is forwarded to registrars and registries by STRATO. STRATO forwards various personal data to its processors as the controller within the framework of commissioned data processing. STRATO has ensured the security of users' data by concluding agreements on commissioned data processing. We process and store personal data only for the period of time required to achieve the purpose of storage or if required by law. The purpose of processing is generally achieved upon termination of your contract. Users can change and delete data that they store in the services themselves. After termination of the contract, STRATO deletes the data stored in the services within 4 months. Backup copies in STRATO's backup systems are automatically deleted with a time delay. The processing of contract data is restricted after the end of the contract; it is deleted after expiry of the 10-year statutory retention period in accordance with § 257 HGB and § 147 AO. Daten, die Nutzer im Rahmen des Bewerbungsprozesses eingeben, werden maximal sechs Monate gespeichert. Daten, die STRATO im Zusammenhang mit Domaininhaberanfragen erhebt, werden bis zum Ablauf des ersten vollen Kalenderjahres nach Antragsstellung gespeichert. Log- und Accountdaten werden bei STRATO mit Login für maximal 6 Monate gespeichert. Nach Vertragsbeendigung werden die Accountdaten innerhalb von 2-4 Monaten gelöscht. Für Kundenkorrespondenz, Auftrags- und Zahlungsverlauf gilt die gesetzliche Aufbewahrungsfrist von 6 Jahren gemäß § 257 HGB und § 147 AO.

Users have the right to receive free information and confirmation from STRATO at any time about the personal data stored about them and a copy of this information. Users have the right to demand the immediate correction of incorrect personal data concerning them. Users also have the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing. Users have the right to object at any time to the processing of personal data concerning them that is carried out on the basis of Article 6(1)(e) or (f) GDPR. In the event of an objection, STRATO will no longer process the personal data unless STRATO can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of users or for the establishment, exercise or defense of legal claims. Users have the right to object at any time to the processing of personal data for the purpose of direct marketing. Users can revoke their consent to the processing of personal data at any time. The applicable data protection provisions can be found at https://www.strato.de/datenschutz/.

10.12. Data protection provisions about the application and use of Trustpilot

On this website, the controller has integrated components of the service Trustpilot. Trustpilot.com is a Danish website for consumer reviews, which was founded in Denmark in 2007 and contains reviews of companies worldwide. Almost 1 million new reviews are published every month. The website offers companies freemium services.

The operating company of Trustpilot's services is Trustpilot A/S, Pilestraede 58, 5th floor, 1112 Copenhagen K, Denmark.

When users create a user account with Trustpilot, submit a review, set up a business account on behalf of a company or use the portal in any other way, Trustpilot may collect and process the following personal data, among others: Names, email addresses as well as other contact information, IP addresses, browser settings, locations, usernames, passwords, photos and preferred language.

Users can link their Trustpilot profile to profiles on social media, such as Facebook ("social networks"). When such a link is made, Trustpilot automatically collects certain information about users from their social network, depending on what information has been made available on the social network in question and what privacy settings have been set on that social network to share the information.

Trustpilot primarily collects the processed personal data directly from the user when users provide this information to create an account with Trustpilot or when users interact with the portal, for example when they submit reviews or publish responses to reviews.

Trustpilot sometimes also receives information about users from third parties. For example, when they register for a Trustpilot account via Facebook. In this case, the account is automatically filled in with the information that Trustpilot receives from Facebook. Even if Trustpilot sends users a review invitation on behalf of a company, Trustpilot receives the name, e-mail address and a reference number of the users, such as an order number or similar, from this company.

In addition, Trustpilot automatically generates or collects information from the user's computer or device when they use the services, such as IP address, location or information about the device and browser used to access Trustpilot.

The personal data collected is used by Trustpilot for various purposes, including to provide services, display reviews and provide access to the user account and the portal or to grant access to a company's business account and the website. Data is also used to identify users. The data is also collected to carry out various internal business measures, such as data analysis, controls, monitoring and preventive measures to protect against attempted fraud, development of new products and services, improvements or changes to the portal or services, including TrustBoxes, identification of usage trends, determination of the effectiveness of advertising campaigns and implementation and expansion of business activities. However, the data is primarily used to verify the authenticity of a review, among other things.

Trustpilot shares personal data with selected third parties (including Trustpilot's subsidiaries and other companies within the Trustpilot Group) who provide various services for Trustpilot and thus support the technical operation of the portal and the provision of the services ("processors"). These third parties are processors of personal data for which Trustpilot is the data controller. Trustpilot has entered into data processing agreements with these processors under which the processors may only act in accordance with Trustpilot's instructions.

We only store your data for as long as we need it or are legally obliged to do so. We then delete or anonymize your data so that you can no longer be identified from it. Depending on the purpose of use, we handle certain data differently. However, you can delete your personal data at any time or ask us to delete this data for you (see the "Your rights" section below for more information).

Trustpilot retains the personal data provided by users, including their reviews, for as long as users have a Trustpilot account or as required to provide the services. If users delete the user account, Trustpilot only stores a log with the following data: Name, e-mail address and the date the account was deleted. Trustpilot keeps this log for three years. All other data is deleted, including user reviews.

In certain cases, even if users delete their account, Trustpilot retains certain data in anonymized or aggregated form (such as visits to the portal).

Trustpilot retains personal data that Trustpilot receives from companies that use Trustpilot's services for three years. Trustpilot uses cookies and similar technologies to provide, optimize, personalize and analyze its services as well as for advertising purposes.

If users have a Trustpilot user account, they can access the most important personal data associated with their profile at any time and edit, download or delete this data by logging into their account. You can also manage your subscription and marketing settings from there. Users can access the stored data, request deletion and correction and have the right to object to the processing of their personal data and to restrict the processing of their personal data.

Further information and the applicable data protection provisions of Trustpilot can be found at en.legal.trustpilot.com/for-reviewers/end-user-privacy-terms.

10.13. Data protection provisions about the application and use of Typeform

On this website, the controller has integrated components of Typeform. Typeform is an online software-as-a-service (SaaS) company based in Barcelona that specializes in the creation of online forms and online surveys. Its main software creates dynamic forms based on user requirements.

The operating company of Typeform is Typeform S.L., Carrer Bac de Roda, 163, 08018 Barcelona.

The data entered is stored by this service and forwarded to us or made accessible to us. Typeform does not use this data itself.

The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR (legitimate interests of the controller).

There is a legitimate interest in the targeted and customized presentation of contact forms on specific topics and questions and the possibility of adapting them quickly and cost-effectively.

This personal data is not passed on to third parties.

Further information and the applicable data protection provisions can be found at typeform.com.

10.14. Data protection provisions about the application and use of Zapier

On this website, the controller has integrated components of Zapier. Zapier is used to integrate various databases and tools.

The operating company is Zapier Inc, 548 Market St #62411, San Francisco, California 94104, USA.

Customer data, with the exception of payment data, may be transmitted. Zapier collects user information. This includes information provided by the user such as name, email address and address. In addition, Zapier automatically collects information from users when a new account is created, such as payment information. Zapier receives information about users from other sources such as third-party service providers, public databases and our business and distribution partners. This information may include business contact information, address, job title, e-mail address and phone number. Zapier may combine this information with information collected in other ways. Zapier collects users' information in particular to improve its own services, to respond to users' queries and to protect the integrity or security of the company, the website, the services or third-party applications. The data may also be used to fulfill obligations, enforce rights, comply with a legal obligation (including assisting customers in complying with their legal obligations), if necessary for the legitimate interests or to fulfill any other purpose for which you have provided the data. Information that Zapier collects from the Site will be transferred to, and processed in, the United States and any other country in which Zapier or its affiliates, subsidiaries or third party service providers maintain facilities or personnel. Zapier takes reasonable steps to protect users' personal data from loss, misuse and unauthorized access, disclosure, alteration or destruction, taking into account the risks involved in the processing and the nature of the personal data. However, no application, Internet or email transmission is ever completely secure or error-free and Zapier does not guarantee the security of personal data.

Further information and the applicable privacy policy can be found at zapier.com/help/account/data-management/data-privacy-at-zapier

10.15. Data protection provisions about the application and use of Zoom

On this website, the controller has integrated components of Zoom.

The operating company is Zoom Video Communications, Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA.

Zoom collects the following information, among other things, when users register for a free Zoom account: Date of birth (only as proof of age), first and last name and telephone numbers. For users who create a paid Zoom account, Zoom stores in particular user data in connection with a Zoom account, telephone number for billing and the billing address. Zoom automatically stores technical information from Zoom software or systems that host the services, as well as from systems, applications and devices used to access the services when the Zoom services are used. Location data is also collected automatically.

Zoom shares personal data with companies, organizations and individuals outside of Zoom and third parties if the user's personal consent has been obtained (if required). If Zoom has received the personal data through a partner of Zoom and the user becomes a customer, Zoom may share selected personal data with the respective partner or its representative under the partner agreement in order to reward a referral partner of a jointly sponsored event. Zoom's partners have contractually agreed to comply with appropriate privacy and security obligations. Zoom provides personal information to suppliers and service providers to assist Zoom in providing the Services and for Zoom's business purposes.

If users wish to correct or update information they have provided to Zoom, users must contact Zoom directly at www.zoom.us and update their profile. If users are located in the European Economic Area, users may have the right to exercise certain data protection rights available to them under applicable law. Zoom will process requests from such users in accordance with applicable data protection laws. Zoom may need to retain certain information for record-keeping purposes or to complete transactions that users initiated prior to requesting deletion.

Zoom operates globally, which means that personal data may be stored and processed in any country in which Zoom or its service providers have facilities or hold events. Zoom will retain collected personal data for as long as necessary, unless a longer retention period is required by law.

The applicable data protection provisions can be found at zoom.us/en/privacy.html.

10.16. Legal basis of the processing

Art. 6 I lit. a GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may become necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. The processing would then be based on Art. 6 I lit. d GDPR. Finally, processing operations could be based on Art. 6 I lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 GDPR).

10.17. Legitimate interests in the processing pursued by the controller or by a third party

Where the processing of personal data is based on Article 6 I lit. f GDPR our legitimate interest is to carry out our business in favor of the well-being of all our employees and our shareholders.

10.18. Duration for which the personal data will be stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. After this period has expired, the corresponding data is routinely deleted, provided that it is no longer required for contract fulfillment or contract initiation.

10.19. Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision

We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.

10.20. Existence of automated decision-making

As a responsible company, we do not use automated decision-making or profiling.

10.21. Creation of this privacy policy

This Privacy Policy has been generated by SYLVENSTEIN Rechtsanwälte in cooperation with DGD Deutsche Gesellschaft für Datenschutz GmbH.

Smart Chemistry, Green Future

Legal

Contact

If you are interested in working with us please leave your email and we will get back to you.

info@covasyn.com