Data Privacy Declaration
Information on the collection of personal information and contact data of the responsible party
We are glad you’re visiting our website and thank you for your interest. In the following document, we will be informing you how we handle your personal information when you use our website. Personal information includes all data that can be used to personally identify you.
The individual responsible for data processing on this website in the sense of the European General Data Privacy Regulation (GDPR) and German “Datenschutz-Grundverordnung (DSGVO)” is certgate GmbH, Kaiserswerther STrasse 45, 40477 Dusseldorf, Germany, Tel.: +49 (0911) 93 52 30, e-mail: firstname.lastname@example.org.
Please Note: The following Privacy Declaration refers to the German DSGVO, which is in full compliance with the European GDPR.
The individual responsible for processing personal information is the natural or legal person who makes a decision regarding the means by which, and purposes for which, personal information is processed, either solely or alongside others. The responsible person can be reached at the following contact information: Mr. Jan Wendenburg, Merianstrasse 26, 90409 Nuremberg, E-Mail: privacy (at) certgate.com
For security reasons, and to protect transmitted personal information and other confidential content (such as orders or inquiries to the responsible persons), this website uses SSL and/or TLS encryption. You can recognize an encrypted connection because your browser line will start with “https://” and a lock symbol.
Data recorded when you visit our website
If you are using our website simply for informational purposes, meaning that you do not register for the website or provide us with information in any other manner, we only collect the data transmitted to our server by your browser (“server log files”). When you access our website, we collect the following data. This data is technically required to display our website to you:
- Our website visited
- Date and time of access
- Quantity of data transmitted in bytes
- Source/reference from which you accessed the page
- Browser used - operating system used
- IP address used (in anonymized form if possible)
Data is processed in accordance with Art. 6 para. 1 lit. f DSGVO to fulfill our justifiable interests and in order to improve the stability and function of our website. Data is not transmitted to others or used in any other manner. However, we reserve the right to review server log files subsequently if we have concrete reasons to believe illegal usage has occurred.
In some cases, cookies save settings to simplify the ordering process (for instance to note the contents of a virtual shopping basket and save them for the next time you visit our website). If individual cookies implemented by us also process personal information, this information is processed in accordance with Art. 6 para. 1 lit. b DSGVO either to carry out the Agreement or in accordance with Art. 6 para. 1 lit. f DSGVO to safeguard our justifiable interests in ensuring the best possible functioning of the website and a customer-friendly and effective design for your site visit.
In some cases, we work alongside advertising partners who help us make our web presence more interesting to you. Cookies from partner companies may also be saved on your hard drive (cookies from third party providers) for this purpose when you visit our website. If we collaborate with the aforementioned advertising partners, you will be informed separately and individually regarding the use of such cookies and the scope of information collected in the following paragraphs.
Please note that you can change your browser settings in such a way that you are informed when cookies are sent, so that you may make individual decisions regarding their acceptance, or you may set a preference to generally accept or reject cookies in certain cases. Each browser manages cookie settings in a different way. This is described in the help menu of each browser, which explains how you can change your cookie settings.
You can find these explanations for specific browsers at the following links:
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Please note that if you choose not to accept cookies, some website functions may be restricted.
Contacting our company
When you contact us (for instance using the contact form or via e-mail), we collect your personal information. The specific data collected is indicated on each specific contact form. We save and use this data only for the purpose of answering your inquiry or to contact you, and for associated technical administrative purposes. Data is processed on the legal basis of our justifiable interest in answering your inquiry in accordance with Art. 6 para. 1 lit. f DSGVO. If the purpose of your contact is to conclude an agreement, Art. 6 para. 1 lit. b DSGVO also serves as a legal basis for processing. Your data is deleted after we have finished processing your inquiry. Your inquiry is considered complete if circumstances indicate that the matter in question has been clarified and we are not subject to any statutory retention periods.
Data processing when opening an online shop customer account and for contract processing
According to Art. 6 para. 1 lit. b DSGVO, personal information is furthermore collected and processed if you provide it to us to carry out an agreement or open a customer account. The specific data collected is clear from the input form. You can delete your customer account at any time by sending a message to the aforementioned responsible party's address. We save and use data provided by you to process your contract. After we have fully processed your contract or deleted your customer account, your data is blocked in accordance with tax and commercial law retention periods and then deleted after this period unless you have expressly consented to the further use of your data or if we have reserved the right to carry out further legally allowed data processing, of which we will inform you accordingly thereafter.
Use of your data for direct advertising
Registration for our e-mail newsletter: If you register for our e-mail newsletter, we will send you information on our services regularly. Only your e-mail address is required for us to send you the newsletter. Any further data is provided voluntarily and is used to contact you personally. We use a double opt-in process to send out our newsletter. This means we will only send you an e-mail newsletter if you have expressly confirmed your consent to receive the newsletter. We will then send you an e-mail confirmation which will ask you to click a link to confirm you would like to receive the newsletter in the future.
When you activate your confirmation link, you grant us your consent to use your personal information in accordance with Art. 6 para. 1 lit. a DSGVO. When you register for our newsletter, we save the IP address entered by your internet service provider (ISP), as well as the date and time of your registration so we can track any potential misuse of your e-mail address at a later date if necessary. Data we collect to register you for our newsletter is only used for advertising purposes through the newsletter. You can cancel your newsletter subscription at any time by clicking the provided link in the newsletter, or by sending a message to this effect to the responsible individual named above. After the cancellation, we will promptly delete your e-mail address from our newsletter distribution list unless you have expressly consented to further use of your data or unless we reserve the right to process your information further in accordance with the law as indicated in this declaration.
Data processing when opening a customer account and for order processing
NOTE: In general, orders can only be processed through the certgate online shop for commercial customers, e.g. companies. The ordering party expressly confirms this at the start of the ordering process – meaning the recording of personal information, orders, further processing, and delivery to non-commercial customers is excluded.
We work with the following service providers to process your order; they support us in whole or in part in carrying out agreements once they are concluded. Certain personal information is transmitted to these service providers as stated in the following. We provide personal information we collect during order processing to the following commissioned service providers if necessary to process your order or to process and deliver goods. The legal basis for data transmission is Art. 6 para. 1 lit. b DSGVO.
- Data recording and order processing through external online shop service provider:
Order processing through the certgate online shop is only available to commercial customers, e.g. companies. The certgate online shop is provided as a service by an external operator, Shopify Inc., 150 Elgin Street, Suite 800, Ottawa, ON K2P 1L4, Canada. If personal information such as names and addresses are recorded during a commercial ordering process, this information is transmitted to Shopify alongside other information on the order for processing purposes, and is saved on the service provider's systems. Further details on data privacy and contract data processing by Shopify as a service provider are available here: https://www.shopify.com/legal/terms.
- Payment processing and transmission of personal information to payment service providers:
If personal information such as names, addresses, and payment information are recorded during a commercial payment process, this information is transmitted to external payment services provider Stripe and is saved alongside other information from the order for processing purposes on the service provider's systems. Payment processing through the certgate online shop is provided as a service by an external operator, Stripe, Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107, USA. Further details on data privacy and contract data processing by Stripe as a service provider are available here: https://stripe.com/de/privacy. Additionally,we are processing payments through the external operator PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. Further details on data privacy and contract data processing by Stripe as a service provider are available here: https://www.paypal.com/privacy
- Automated recurring billing through billing service provider:
In general, orders in the certgate online shop are billed only to commercial customers, e.g. companies. In case of recurring billing, invoices are processed by an external service provider, Bold Commerce, 50 Fultz Blvd, Winnipeg, MB R3Y 0L6, Canada. If personal information such as names and addresses of a recipient, order details are recorded during a commercial ordering process, this information is transmitted to Bold for further processing in the service provider's systems. Further details on data privacy and contract data processing by Bold as a service provider are available here: https://boldcommerce.com/privacy/
- Billing and transmission of personal information to billing service provider:
In general, orders in the certgate online shop are billed only to commercial customers, e.g. companies. Invoices are processed by an external service provider, Billomat GmbH & Co. KG, Barbiergasse 6, 90443 Nuremberg, Germany. If personal information such as names and addresses of a recipient are recorded during a commercial ordering process, this information is transmitted to Billomat alongside other information on the order and billing for proper invoicing and further processing in the service provider's systems. Further details on data privacy and contract data processing by Billomat as a service provider are available here: https://www.billomat.com/datenschutz/.
- Transmission of personal information to IT infrastructure service providers:
certgate's services are generally directed only towards commercial customers. If personal information such as names, addresses, and contact data are recorded when contacting customers, this may be transmitted to external IT infrastructure service provider Microsoft as part of business communications, such as e-mails, letters, etc. and saved on the service provider's systems. The certgate IT infrastructure (Office 365) is partially provided as a service by an external operator, Microsoft Ireland Operations Limited, The Atrium Building, Block B, Carmanhall Road, Sandyford Business Estate, Dublin 18. Further details on data privacy and contract data processing by Microsoft as a service provider are available here: https://privacy.microsoft.com/en-gb/privacystatement.
- Transmission of personal information to CRM infrastructure service providers:
certgate's services are generally directed only towards commercial customers. If personal information such as names, addresses, and contact data are recorded when contacting customers, this may be transmitted to external CRM infrastructure service provider Microsoft as part of business communications, such as e-mails, letters, etc. and saved on the service provider's systems. The certgate CRM infrastructure is provided as a service by an external operator, Citrix Systems UK Limited, Building 3, Chalfont Park House, Gerrards Cross, SL9 0DZ, United Kingdom. Further details on data privacy and contract data processing by Citrix as a service provider are available here: https://www.citrix.com/about/legal/privacy/ .
- Systemintegration, Webshop, Billing, Newsletter
certgate's services are generally directed only towards commercial customers. If personal information such as names, addresses, contact data and order details are recorded when contacting customers or processing orders, this may be transmitted to external IT service provider Zapier systems for further processing and storage. A seamless integration of the online shop, billing, sales and newsletter services, is provided as a service by the external operator, Zapier, 243 Buena Vista Avenue, Suite 508, Sunnyvale, CA 94086, United States. Further details on data privacy and contract data processing by Zapier as a service provider are available here: https://zapier.com/privacy/.
- Transmission of personal information to shipping service providers:
If goods are sent via package, they are shipped by transportation service provider DHL Express Germany GmbH, Heinrich-Brüning-Str. 5, zip code / city: 53113 Bonn. The recipient's name, address, e-mail, and if applicable telephone number are transmitted before goods are delivered in accordance with Art. 6 para. 1 lit. a DSGVO for the purpose of setting a delivery date or to announce the delivery and provision to DHL, if you have selected this shipping method during the order process. Data is only transmitted if necessary to deliver goods. Further details on data privacy for service provider DHL are available here: http://www.dhl.com/en/legal.html#privacy .
If goods are delivered as a letter or small package, shipping is handled by the transportation service provider Deutsche Post AG, Charles-de-Gaulle-Straße 20, zip code / city: 53113 Bonn, Germany. The recipient's name and address are transmitted before goods are delivered in accordance with Art. 6 para. 1 lit. a DSGVO for the purpose of delivery, if you have selected this shipping method during the order process. Data is only transmitted if necessary to deliver goods. Further details on data privacy for service provider Deutsche Post AG are available here: https://www.deutschepost.com/en/f/footer/data-protection-and-cookies.html.
- Recording and transmission of personal information to the newsletter system:
certgate's services are generally directed only towards commercial customers. The certgate newsletter system is provided as a service by an external operator, Mailerlite UAB, Paupio g. 28, LT-11341 Vilnius, Lithuania, Registered 302942057, VAT No. LT100007448516. If a company, or employee of a company, consents to receive current market and company information, the name and e-mail address of the recipient are transmitted to Mailerlite and saved on the service provider's systems for further processing. Further details on data privacy and contract data processing by Mailerlite as a service provider are available here: https://www.mailerlite.com/privacy-policy
Use of Google AdWords conversion tracking:
This website uses the online advertising program "Google AdWords" and conversion tracking under Google AdWords from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We use Google's services to make you aware of our attractive services on external websites using advertisements (called Google AdWords). We can determine how successful our individual advertising measures are in relation to data from advertising campaigns. Our purpose in doing so is to show you ads that are of interest to you, to make our website more interesting for you, and to calculate advertising costs fairly. A cookie is saved for conversion tracking when a user clicks on an AdWords advertisement placed by Google. Cookies are small text files saved on your computer system. These cookies typically become invalid after 30 days and are not used to personally identify you. If the user visits certain parts of this website, and the cookie has not yet expired, we and Google can see that the user clicked on the ad and was transferred to this page. Each Google AdWords customer receives a unique cookie. Therefore, cookies cannot be tracked through AdWords customer websites. Information obtained using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ads and were transferred to a page with a conversion tracking tag. However, they do not receive any information that could be used to personally identify users. If you do not want to take part in tracking, you can block this use by deactivating the Google conversion tracking cookie using the user settings on your web browser. Afterwards, you will no longer be included in conversion tracking statistics. We use Google AdWords based on our justifiable interest in targeted advertisement under Art. 6 para. 1 lit. f DSGVO.
Google LLC, headquartered in the USA, is certified for the US European “Privacy Shield” data privacy convention, which ensures compliance with the same level of data privacy applicable in the EU. The following address provides further information on Google’s data privacy provisions: http://www.google.de/policies/privacy/
You can permanently deactivate cookies used to display ads by changing the settings in your browser software to prevent cookies, or by downloading and installing the browser plug-in available at the following link:
Web analytics services
Google (Universal) Analytics:
This website uses Google Analytics, a web analytics service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses so-called “cookies,” text files saved on your computer that facilitate an analysis of your use of our website. The information provided by these cookies regarding your use of our website (including your abbreviated IP address) is generally transferred to a Google server in the USA and stored there.
This website uses Google Analytics only with the extension “_anonymizeIp(),” which ensures your IP address is anonymized through an abbreviation and makes it impossible to directly connect data with you personally. The extension means your IP address will be abbreviated within the member states of the European Union or in other contracting states in the Agreement on the European Economic Area before this transfer. Only in exceptional cases will your full IP address be transferred to a Google server in the USA, where it will be shortened. In these exceptional cases, processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO based on our justifiable interest in statistically analyzing user behavior for optimization and marketing purposes.
Google will use this information under contract by us to evaluate your site usage, create reports regarding website activity, and complete additional services associated with your internet usage on our behalf. The IP addresses transferred by your browser as part of Google Analytics are not associated with other data from Google. You can prohibit the storage of cookies by changing the settings in your browser software accordingly; we would, however, like to inform you that in this case you will not be able to use the full extent of all functions on our website. You can, additionally, prohibit the collection of the data created by cookies and related to your use of the website (incl. your IP address) by Google and Google’s processing of this data by downloading and installing the browser plug-in available at the following link.
Google LLC, headquartered in the USA, is certified for the US European “Privacy Shield” data privacy convention, which ensures compliance with the same level of data privacy applicable in the EU. This website also uses Google Analytics to analyze user traffic via a user ID across different devices. You can deactivate cross-device analysis of your usage in your customer account under “My data,” “Personal information.”
More information on how user data is handled by Google Analytics is provided in the Google Data Privacy Declaration: https://support.google.com/analytics/answer/6004245?hl=de
Retargeting/ Remarketing/ Recommendation Advertising
Google AdWords Remarketing:
This website uses the functions of Google AdWords Remarketing, which allows us to advertise this website in Google search results and on third party websites. The service provider is Google LLC., 1600 Amphitheatre Parkway Mountain View, CA 94043 USA (“Google”). Google saves a cookie in your device’s browser for this purpose that automatically uses a pseudonymized cookie ID and the pages you visit to show you an interest-based advertisement. Data is processed based on our justifiable interest in optimal marketing for our website in accordance with Art. 6 para. 1 lit. f DSGVO.
Any further data processing is only carried out if you have given Google your consent that Google may link your internet and app browser behavior to your Google account, and that information from your Google account can be used to personalize ads you see online. If you are logged in to Google while visiting our website, Google will use your data alongside Google Analytics data to create and define target audience lists for cross-device remarketing purposes. Google will temporarily link your personal information with Google Analytics data to form target audiences.
You can permanently deactivate saving cookies for advertising purposes by downloading and installing the browser plug-in available at the following link: https://www.google.com/settings/ads/onweb/ Alternatively, you can learn about how cookies are saved from the Digital Advertising Alliance at the website www.aboutads.info and change your settings accordingly. Finally, you can set your browser in such a way that you are informed when cookies are sent so you may make individual decisions regarding their acceptance, or you may set a preference to generally accept or reject cookies in certain cases. If you choose not to accept cookies, the functions of our website may be limited. Google LLC, headquartered in the USA, is certified for the US European “Privacy Shield” data privacy convention, which ensures compliance with the same level of data privacy applicable in the EU.
Further information and data privacy provisions related to advertising and Google are available here:
Social Network Recommendations
This website uses functions of the LinkedIn network. The service provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time you access one of our pages that includes LinkedIn functions, the page creates a connection to LinkedIn servers. LinkedIn is informed that you have visited our website with your IP address. If you click the LinkedIn “Recommend button” and are logged into your account at LinkedIn, LinkedIn can associate your visit to our website with you and your user account. We would like to note that we, as the page provider, are not aware of the content of data transferred, nor of how it is used by LinkedIn. Further information is provided in the LinkedIn Data Privacy Declaration at: https://www.linkedin.com/legal/privacy-policy
This website uses functions of the XING network. The service provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Every time you access one of our pages that includes XING functions, the page creates a connection to XING servers. To our knowledge, no personal information is saved. In particular, no IP addresses are saved, and user behavior is not evaluated. Further information on data privacy and the XING share button is available in the XING Data Privacy Declaration at: https://www.xing.com/app/share?op=data_protection
Rights of affected parties
- Applicable data privacy law grants you comprehensive rights (informational rights and rights to intervene) towards the individuals responsible for processing your personal information, as indicated in the following section:
- Right to information in accordance with Art. 15 DSGVO: In particular, you have the right to receive information on your personal information processed by us, the purpose of processing, the categories of personal information processed, the recipients or categories of recipients to whom your data is or was disclosed, the planned duration of storage, and the criteria for determining the duration of storage, the right to have your data corrected or deleted, to restrict processing, to object to processing, to submit complaints to a supervising authority, the origin of your data if we did not collect it from you, the use of automated decision-making, including profiling, and any information regarding the logic involved and the scope and intended effects of such processing insofar as they relate to you, as well as your right to information on the guarantees that apply in accordance with Art. 46 DSGVO if your data is transmitted to third party countries;
- Right to correction in accordance with Art. 16 DSGVO: You have the right to promptly correct any data on you which is incorrect, and/or to supplement incomplete data we have saved;
- Right to deletion in accordance with Art. 17 DSGVO: You have the right to request your personal information be deleted if the requirements of Art. 17 para. 1 DSGVO apply. However, this right does not exist if data processing is required to exercise the right to freedom of speech and information, to fulfill a legal obligation, for reasons of the public interest, or to assert, exercise, or defend against legal claims;
- Right to restrict processing in accordance with Art. 18 DSGVO: You have the right to request that processing of your personal information be restricted for the review period if you have disputed the correctness of your data, if you have rejected the deletion of your data due to inadmissible data processing, and instead request a restriction of processing for your data, if you require your data to assert, exercise, or defend against legal claims, after we no longer need this data to achieve a specific purpose, or if you have submitted an objection for reasons related to your specific situation, as long as it is not yet clear whether our justifiable grounds outweigh these considerations;
- Right to information in accordance with Art. 19 DSGVO: If you have asserted your right to correction, deletion, or restriction of processing towards the responsible person, this individual is obligated to inform all recipients to whom your personal information was disclosed of this correction or deletion of data, or of the restriction of processing, unless this proves to be impossible or would be associated with an unreasonable amount of work. You have the right to be informed of these recipients.
- Right to transfer data in accordance with Art. 20 DSGVO: You have the right to receive your personal information you have provided to us in a structured, current, and machine-readable format or to request it be transmitted to another responsible party, insofar as this is technically possible;
- Right to revoke granted consent in accordance with Art. 7 para. 3 DSGVO: You have the right to revoke your consent to process data at any time with future effect. If we receive a revocation, we will promptly delete the data in question unless further processing is carried out on some legal basis that does not require your consent. A revocation of consent will not affect the legality of processing completed based on the consent up until the time it was revoked; - Right to complaint in accordance with Art. 77 DSGVO: Apart from any other administrative law or legal remedy, you have the right to submit a complaint to a supervising authority, in particular in the member state in which your domicile or workplace are located, or the place of the alleged violation, if you believe that processing of your personal information violates the DSGVO.
- RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL INFORMATION BASED ON OUR OVERWHELMING JUSTIFIABLE INTEREST, HAVING WEIGHED THE INTERESTS OF THE VARIOUS PARTIES, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH FUTURE EFFECT FOR REASONS RELATED TO YOUR SPECIFIC SITUATION. IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING YOUR DATA. HOWEVER, WE RESERVE THE RIGHT TO PROCESS DATA FURTHER IF WE CAN SHOW MANDATORY PROTECTED GROUNDS FOR PROCESSING THAT OUTWEIGH YOUR INTERESTS, BASIC RIGHTS, AND BASIC FREEDOMS, OR IF SUCH DATA IS PROCESSED TO ASSERT, EXERCISE, OR DEFEND AGAINST LEGAL CLAIMS. IF WE PROCESS YOUR PERSONAL INFORMATION FOR THE PURPOSE OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO PROCESSING OF YOUR PERSONAL INFORMATION FOR SUCH ADVERTISING PURPOSES AT ANY TIME. YOU CAN EXERCISE THIS RIGHT TO OBJECT AS DESCRIBED ABOVE. IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING YOUR DATA FOR DIRECT ADVERTISING PURPOSES.
Duration of storage for personal information
The duration of time for which personal information is saved is determined based on the applicable statutory retention periods (e.g. commercial and tax law retention periods). After the end of the period, the relevant data is deleted through a routine process if it is no longer required to fulfill or initiate a contract, and/or if we have no further justifiable interest in continuing to save it.