We (Citizen Systems Europe GmbH) value every visit to our website.
We take data protection and data security very seriously. Therefore, we treat users’ personally identifiable information (hereinafter referred to as “Data”) confidentially and in accordance with the statutory data protection regulations and this Privacy Statement.
1. General information regarding data processing and legal bases
1.1 This Privacy Statement describes the nature, scope and purpose of the data processing within our web presence and any webpages associated with the web presence. This Privacy Statement applies regardless of which devices the website is running on.
The data protection terms used in this Privacy Statement (for example, “personally identifiable information” or “processing”) can be looked up in the definition catalogue under Article 4 of the General Data Protection Regulation (hereinafter referred to as “GDPR").
1.2 Data processed by our website includes user data (e.g., first and last names or email addresses), usage data (e.g., for website visits or interest in our products), and content data (e.g., entries in the contact form).
The term “user” covers all categories of data subjects affected by data processing. These include our business partners, customers, interested parties and other visitors to our website.
1.3 Users' data is only processed with legal permission or the users’ consent. This means that we only process user data for the purpose of providing our online services on the basis of legal permission or on the basis of prior consent obtained from the user. In this context, we refer in particular to the basis for consent under Art. 6 (1) lit. f. GDPR, according to which processing may be necessary to safeguard our legitimate interests. A legitimate interest may arise in particular from the reach measurement, from the creation of profiles for advertising and marketing purposes as well as from the collection of access data and the use of third-party services. Conceivable scenarios are the analysis, optimisation, business operation and security of our website.
1.4 The consent is based on Art. 6 (1) lit. a. and Art. 7 GDPR, the processing for the fulfilment of a legal obligation is based on Art. 6 (1) lit. c. GDPR, the processing for the performance of a contract or a pre-contractual measure is based on Art. 6 (1) lit. b. GDPR and processing for the protection of legitimate interests is based on Art. 6 (1) lit. f. GDPR.
2. Security measures
All data sent to us via our website or in email traffic is secure. To prevent intentional manipulation, loss, destruction and to prevent access by unauthorised persons, we take extensive organisational, contractual and technical security measures, which are regularly reviewed and adapted as necessary. However, due to the structure of the internet, it is possible that data protection regulations and security arrangements will not be observed by other persons or institutions outside our area of responsibility. In particular, unencrypted data (for example, in an email) may be read by third parties. It is therefore the user’s responsibility to protect the data provided by them against misuse using encryption or by some other means.
3. Disclosure of data
3.1 Data is only transferred to third parties in accordance with legal requirements. We will only pass users' data to third parties if this is required, for example, for the economic and effective operation of our business based on legitimate interests pursuant to Art. 6 (1) lit. f. GDPR.
3.2 If we use subcontractors to provide our services, we will take appropriate legal precautions and relevant technical and organisational measures to protect the data in accordance with relevant data protection legislation.
3.3 If contents, tools or other assets of third-party providers with registered offices in third countries are covered by this Privacy Statement, it must be assumed that data will be transferred to third countries. Third countries are to be understood as countries in which the GDPR is not a directly applicable law, that is, principally countries outside the EU or the European Economic Area (EEA). Data is only transferred to third countries if an adequate level of data protection exists in the third countries or if suitable guarantees, separate consent or other legal authorisation exists.
4.1 When contacting us (via email or contact form), the user’s details are processed to handle the request and its processing. The data will be only stored for processing the request as well as for any related questions that may arise.
4.2 As soon as the user uses our email address to contact us, they automatically leave our website. The provision of data to us in the email is voluntary.
4.3 When contacting us using our contact form, we collect the user's first name, last name and email address in a manner that is earmarked and obligatory for the user. We also collect the company name. The provision of data to us in the free field of the contact form is voluntary.
4.4 Users can object to the processing of the data provided by them at any time. Users should send their objections in any form to the following email address: email@example.com
4.5 User information can be stored in our Customer Relationship Management System (“CRM System”) or comparable query organisation. We use a CRM system from the provider channelXperts GmbH, Ostbahnstr. 17, 76829 Landau, Germany, on the basis of our legitimate interests (efficient and fast processing of user requests). For this purpose, we have concluded an order data processing contract with channelXperts GmbH, which among other things obliges channelXperts GmbH to process data only in accordance with our instructions.
5. Collection of access data and log files
5.1 On the basis of our legitimate interests pursuant to Art. 6 (1) lit. f. GDPR, we collect data about every access to the server on which this service is located (server log files). The access data include the name of the retrieved web page, the file, the date and time of the retrieval, the amount of data transferred, the message about the successful retrieval, the browser type and version, the user’s operating system, the referrer URL (previously visited page), the IP address and the requesting provider.
5.2 Log file information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of seven days and then deleted. Data whose further retention is required for evidential purposes is exempted from deletion until final clarification of the incident.
6. Cookies and reach measurement
6.1 Cookies are information transmitted by our web server or third-party web servers to the users' web browsers, which are stored there for later retrieval. Cookies can be small files or other types of information storage.
6.2 We use session cookies, which are only stored for the duration of the visit to our website (for example, to enable storage of the login status and thus the use of our website in the first place). In a session cookie, a randomly generated unique identification number is stored, which is know as a session ID. In addition, a session cookie contains information about its origin and the retention period. Session cookies cannot save other data. Session cookies are deleted when the use of our website is ended (for example, by logging out or closing the browser).
6.3 If users do not want cookies stored on their device, they are asked to disable the option in the browser's system settings. Saved cookies can be deleted in the browser’s system settings. The exclusion of cookies can restrict functions of our website.
7. Google Analytics
7.2 Google is certified under the Privacy Shield Agreement, which provides a guarantee of compliance with European privacy legislation https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
7.3 Google will use the information obtained on our behalf to evaluate the use of our website, to compile reports regarding activities within our website and to provide us with additional services related to the use of our website and internet usage. In the process, pseudonymous user profiles can also be created from the processed data.
7.4 We only use Google Analytics with IP anonymisation activated. This mean the user’s IP address will be abridged by Google within the Member States of the European Union or in other states parties to the Agreement on the European Economic Area. The full IP address is only sent to a Google server in the U.S. and truncated there in exceptional cases.
7.5 Google will not merge the IP address provided by your browser with other data. Users may prevent cookies from being stored by making relevant settings in their browser software; Users can also prevent the recording of the data generated by the cookie and relating to their use of the website by Google as well as the processing of these data by Google, by downloading and installing the browser plug in available at the following link. http://tools.google.com/dlpage/gaoptout?hl=de
7.6 More information about Google's data usage, settings and opt-out options is generally available on Google's websites at https://www.google.com/intl/en/policies/privacy/partners (“How Google uses data when you use our partners' sites or apps”), http://www.google.com/policies/technologies/ads (“Advertising”), http://www.google.com/settings/ads (“Make the ads you see more useful to you”).
8.1 On the basis of our legitimate interests (interest in the analysis, optimisation and economic operation of our website within the meaning of Art. 6 (1) lit. f. GDPR), we use social plug-ins (“plug-ins”) from the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”). The plug-ins can comprise interaction elements or contents (e.g. videos, graphics or text contributions) and can be recognised by one of the Facebook logos (e.g. white "f" on a blue tile, the terms “Like”, or a thumbs up sign) or are marked with the phrase “Facebook Social Plug-In”. The list and appearance of the Facebook social plug-ins can be viewed at https://developers.facebook.com/docs/plugins/.
8.2 Facebook is certified under the Privacy Shield Agreement, and thus provides a guarantee to comply with European privacy legislation https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
8.3 When a user loads a function of our website that includes a plug-in, their device establishes a direct connection to the Facebook servers. The content of the plug-in is transmitted directly to the user’s device by Facebook and incorporated by them directly into the website. In the process, user profiles can be created from the processed data. We have no control over the scope of the data that Facebook collects with the help of this plug-in and therefore inform users to the best of our knowledge.
8.4 By integrating the plug-ins, Facebook receives the information that a user has accessed the corresponding page of our website. If the user is logged in to Facebook, Facebook can assign the visit to the user’s Facebook account. When users interact with plug-ins, e.g. press the “Like” button or leave a comment, the corresponding information is transmitted from the device of the user directly to Facebook, stored there and, if the user is logged in to their Facebook account, linked to their Facebook profile. If a user is not a member of Facebook, there is still the possibility that Facebook will discover and save their IP address. According to Facebook, only an anonymised IP address is stored in Germany.
8.5 The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the related rights and settings options for protecting users’ privacy can be found in Facebook’s privacy statement at https://www.facebook.com/about/privacy/.
8.6 If a user is a Facebook member and would like to avoid that Facebook collects data about them via our website and links this with their member data stored on Facebook, they must log out of Facebook before using our website and delete their cookies. Additional settings and opt-outs regarding the use of data for promotional purposes are available within the Facebook profile settings at https://www.facebook.com/settings?tab=ads or via the US page http://www.aboutads.info/ choices/ or via the EU page http://www.youronlinechoices.com/. The settings are platform independent. This means they will be used for all types of devices.
9.1 With the following information, we inform users regarding the contents of our newsletter, the registration, dispatch and statistical evaluation procedures and the right of objection. By subscribing to our newsletter, the user agrees to the receipt and the procedures described.
9.2 Content of the newsletter: We only send newsletters, emails and other electronic notifications containing advertising information (hereinafter “newsletter”) on the basis of the recipient’s (user’s) consent within the meaning of Art. 6 (1) (a) GDPR or any other legal permission. If the contents of the newsletter are outlined specifically upon registration, these are authoritative for users’ consent. In all other cases, our newsletters contain information regarding our products, offers, promotions and our company.
9.3 Double opt-in and logging: Registration for our newsletter is performed using a double opt-in procedure. This means that after signing up, the user will receive an email to their email address asking them to confirm their registration. This confirmation is necessary so that nobody can register with third-party email addresses. The registration for the newsletter will be logged in order to prove that the registration process complies with legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address. Changes in the data stored with the shipping service provider are also logged.
9.4 The newsletter is distributed via “MailChimp”, a marketing automation platform belonging to the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave #5000, Atlanta, GA 30308, USA. The marketing automation service provider’s privacy statement can be viewed here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection standards (see https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).
9.5 According to its own statements, the marketing automation service provider may use the data in a pseudonymised form, meaning without assignment to a user, for the optimisation or improvement of their own services (e.g., for the technical optimisation of mailouts and the display of newsletters or for statistical purposes to determine which countries the recipients come from). However, the marketing automation service does not use the newsletter recipients’ data to write to them itself or pass this data on to third parties.
9.6 Registration data: To sign up for the newsletter, the user only needs to provide their email address. We request the user to optionally provide their name so that they may be addressed personally in the newsletter.
9.7 Statistical survey and analyses: The newsletters contain a web beacon, in other words a pixel-sized file, which is retrieved from the marketing automation service provider’s server when the newsletter is opened. This retrieval collects technical information, such as information about the user's browser and system, as well as the user's IP address and the time of retrieval. The information is used to technically improve the services, to determine target groups and individual user’s reading behaviour, with identification of the call location (which can be determined with the help of the IP address) as well as the respective access time. Statistical surveys also include determination of whether the newsletters are opened, when they are opened and which links are clicked on. This information can be assigned to the individual newsletter recipients for technical reasons. However, neither we nor the marketing automation provider endeavour to monitor individual users. On the contrary, the evaluations are intended to identify the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.
9.8 The use of the marketing automation provider, the performance of statistical surveys and analyses and the logging of the registration process are based on our legitimate interests in pursuant to. Art. 6 (1) lit. f GDPR. Our interest lies in maintaining a user-friendly and secure newsletter system that serves both our business interests and meets users' expectations.
9.9 Termination/revocation: The user may unsubscribe our newsletter at any time, which means revoking consent. This also revokes consent to its dispatch by the marketing automation provider and ends the statistical analyses. Separate revocation of dispatch or statistical evaluations by the marketing automation service provider is unfortunately not possible. A link to terminate/revoke the newsletter can be found at the end of each newsletter. The data stored with us or with the marketing automation service will be deleted after termination.
10. Third-party services and contents
10.1 On the basis of our legitimate interests (interest in the analysis, optimisation and economic operation of our website within the meaning of Art. 6 (1) lit. GDPR), contents and service offers from third parties are used within our website to integrate their contents and services, such as videos or fonts (hereinafter collectively referred to as “Content”). This always assumes that the third-party providers can see the users’ IP addresses, since they cannot send the contents to users’ browser without the IP address. The IP address is therefore required in order to display the contents. However, we endeavour to only use contents from providers who only use the IP addresses to deliver the respective contents. Third-party providers may also use pixel tags (invisible graphics, also known as web beacons) for statistical or marketing purposes. Pixel tags allow information, such as our website’s traffic, to be evaluated. In addition, the pseudonymous information may be stored in cookies on the user's device and may include, but is not limited to, technical information about the browser and the operating system, referring websites, time of visit, and other information regarding the use of our website and be linked to such information from other sources.
10.2 The following statement provides an overview of third-party providers as well as their contents and links to their privacy statements, which contain further information on the processing of data as well as opt-out options:
External fonts from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, www.google.com/fonts (“Google Fonts”). The integration of the Google fonts is performed with a server call to Google (normally in the USA). Privacy Statement: https://www.google.com/policies/privacy/. Opt-out: https://www.google.com/settings/ads/.
Maps provided by the Google Maps service of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Statement: https://www.google.com/policies/privacy/. Opt-out: https://www.google.com/settings/ads/.
Videos from the “YouTube” platform of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Statement: https://www.google.com/policies/privacy/. Opt-out: https://www.google.com/settings/ads/.
Our website includes functions of the Google+ service. These functions are offered by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Each time you visit our website, which includes functions of Google+, you will be connected to Google's servers. This notifies Google that the user has visited our website using their IP address. If the user is logged in to their Google+ account, they can link the contents of our website to their Google+ profile by clicking on the Google+ button. This allows Google to allocate the visit to our website with the user’s account. We would like to point out that we have no knowledge regarding the content of the data transmitted to Google and its use by Google+. Privacy Statement: https://www.google.com/policies/privacy/. Opt-out: https://www.google.com/settings/ads/.
Our website uses functions of the LinkedIn network. The provider is LinkedIn Corp., 2029 Stierlin Court, Mountain View, CA 94043, United States. Each time you visit our website, which includes functions from LinkedIn, you will be connected to LinkedIn’s servers. This notifies LinkedIn that the user has visited our website using their IP address. If the user clicks LinkedIn's “Recommend” button and is logged in to LinkedIn, LinkedIn will be able to allocate the user’s online visit to their LinkedIn profile. We would like to point out that we have no knowledge regarding the content of the data transmitted and its use by LinkedIn. Privacy Statement: https://www.linkedin.com/legal/privacy-statement. Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Our website uses functions of the Twitter service. These functions offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Each time you visit our website, which includes functions from Twitter, you will be connected to Twitter's servers. This notifies Twitter that the user has visited our website using their IP address. By using Twitter and the “Retweet” function, the websites visited by the user are linked to their Twitter account and made known to other users. This data is also transmitted to Twitter. If the user clicks Twitter's “Share” button and is logged in to Twitter, Twitter will be able to allocate the user’s online visit to their Twitter profile. We would like to point out that we have no knowledge regarding the content of the data transmitted and its use by Twitter. Privacy Statement: http://twitter.com/privacy. The privacy settings can be changed by the user in their account settings at https://twitter.com/account/settings.
Our website uses functions of the Instagram service. These functions are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025. Each time you visit our website, which includes functions from Instragram, you will be connected to Instragram’s servers. This notifies Twitter that the user has visited our website using their IP address. If the user is logged in to their Instragram account, clicking the “Insta” button links the contents of our online offer to their Instagram profile. This allows Instagram to allocate the visit to our website to the user’s account. We would like to point out that we have no knowledge regarding the content of the data transmitted and its use by Instagram. Privacy Statement: https://instagram.com/about/legal/privacy/
10.3 In order to prevent third-party providers from allocating the visit to our website to their existing user account, the user must log out of their respective account before visiting our website.
11. Integration of links to third-party websites
We integrate links to third-party websites in our website under the tab partnerships/cooperations and other places. We assume no responsibility or liability for the confidential handling of users' data by providers of other websites, as we neither know their privacy statement nor have any influence over compliance. Information regarding the handling of users' data by providers of other websites can be found in the privacy statement of the respective provider.
12. Partner Area
By entering the registered email address and the assigned password, our distributors can register as users in the Partner Area to, for example, download the latest firmware for our products. The registration data of our distributors (name and email address of the respective employee) are only processed by us for the implementation of the login and the provision of our services relating to the Partner Area.
13. Users' rights
13.1 Users have the right, upon request, to obtain information about the data that we store about them free of charge.
13.2 Users have the right to the correction of inaccurate data, the restriction of processing and deletion of their data, and, if applicable, to assert their rights to data portability and, in the event of unlawful data processing, to file a complaint with the relevant data protection supervisory authority.
13.3 Users can revoke their consent at any time, regardless of in which form, with effect for the future.
14. Deletion of data
The data stored with us is deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory storage requirements. If users' data is not deleted because it is required for other, legally permitted processing purposes, its processing will be restricted. This means that the data will be blocked for inadmissible processing and processed only to the extent permitted by law.
15. Right of objection
We would like to point out that users can object to the future processing of their data at any time in accordance with legal requirements. The objection may be made in particular against processing for the purpose of direct advertising – if this is performed by us. Users should send their objections in any form to the following email address: firstname.lastname@example.org.
16. Changes to the Privacy Statement
We reserve the right to change this Privacy Statement for the purpose of adapting it to any changes in the legal situation or any changes in services or data processing. However, this only applies to statements regarding services and data processing. If users' consent is required or elements of the Privacy Statement contain provisions of the contractual relationship with the users, the changes will only be made with the users’ consent. Users are requested to regularly keep themselves informed regarding the content of the Privacy Statement.
Citizen Systems Europe GmbH
D-70329 Stuttgart Germany
Commercial register: District Court Stuttgart, HRB 213626
Managing director: Mark Moore
Tel.: +49 (0)711 - 49032-0
Data Protection Officer:
attn. Peter Rappold