Pricacy policy

11.11.2020, Version 3.0

Preamble

It is generally possible to use our website without providing personal data.

Insofar as personal data is collected when you visit our website, we process it exclusively in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679; GDPR) and the Federal Data Protection Act of 30 July 2017 (BDSG-new), as well as the Telemedia Act (TMG). The processing of personal data takes place exclusively in accordance with this privacy policy.

This privacy policy applies to the use of the website at the address crosscan.com. For linked content from other providers, the data protection declaration on the linked website is authoritative.

We would like to point out that security gaps can occur in the context of data transmission via the Internet, which cannot be prevented by the technical design of this website. Complete protection of personal data is not possible when using the Internet.

The data controller pursuant to Art. 13 para. 1 lit. a) GDPR is

Crosscan GmbH
Axel Stephan
Ruhrstraße 48
58452 Witten

Phone: 02302 16929-0

Email: hello@crosscan.com


Data Protection Officer, Art. 13 para. 1 lit. b) GDPR

We have appointed the following data protection officer

Mr Dipl.-Inform. Olaf Tenti
GDI Company for Data Protection and Information Security mbH

Körnerstr 45, 58095 Hagen (NRW)

Telephone: +49 (0)2331/356832-0
E-mail: datenschutz(at)gdi-mbh.eu

Internet: www.gdi-mbh.eu

 

The reasons for data collection on our website

The purpose of collecting, processing and using your data on our website is the technical provision of our functions and the best possible provision of our services. Furthermore, a contact function is established by processing your data.

Security precautions

All employees of our company are obliged to maintain confidentiality. Our IT technical security precautions are continuously adapted to current circumstances and requirements.

Logging

Every time a user accesses a page from our website and every time a file is retrieved, access data about this process is stored in a log file on the server of our hosting provider.

  • IP address (anonymised):

IP addresses are stored in anonymised form. For this purpose, the last three digits are removed, i.e. 127.0.0.1 becomes 127.0.0.*. IPv6 addresses are also anonymised. The anonymised IP addresses are stored for 60 days. Details of the directory protection user used are anonymised after one day. The last octet is truncated.

  • Page from which the file was requested
  • Date, time

  • Browser type and browser settings    

  • operating system

  • the page you visited

  • amount of data transferred

  • Access status (file transferred, file not found, etc.)

The log files remain stored there for 60 days. The legal basis for data collection is Art. 6 para. 1 lit. f GDPR.

Hosting

The domain www.crosscan.com is hosted by Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany. The data (inventory data) and traffic data (connection data) collected when you visit our website on this domain are collected and processed by Mittwald CM Service GmbH & Co. KG in accordance with statutory provisions.

Purpose of collection by the hoster

The hoster uses the collected data to operate the website and to ensure IT security. If there are specific indications, the log data may be subsequently analysed.

Duration of storage by the hoster

  • The web server access logs record which pages have been accessed and when. They contain the following data: IP, directory protection user, date, time, pages accessed, logs, status code, data volume, referrer, user agent, host name accessed.
  • The IP addresses are stored in anonymised form. For this purpose, the last three digits are removed, i.e. 127.0.0.1 becomes 127.0.0.*. IPv6 addresses are also anonymised. The anonymised IP addresses are stored for 60 days. Details of the directory protection user used are anonymised after one day.
  • Error logs, which record incorrect page views, are deleted after seven days. In addition to the error messages, these contain the accessing IP address and, depending on the error, the website accessed.
  • Access via FTP is logged anonymously and stored for 60 days.
  • The mail logs for sending e-mails from the web environment are anonymised after one day and then retained for 60 days. During anonymisation, all data on the sender/recipient etc. is removed. Only the data on the time of dispatch and the information on how the e-mail was processed (queue ID or not sent) are retained.
  • Mail logs for dispatch via our mail servers are deleted after four weeks. The longer retention period is necessary to ensure the functionality of the mail services and to combat spam.
  • It is not possible to set an individual storage period.
  • Further information: FAQ article on the topic of GDPR www.mittwald.de/index.php

Collection of general information

When you access our website, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider and similar. This is exclusively information that does not allow any conclusions to be drawn about your person. This information is technically necessary in order to correctly deliver the website content requested by you and is mandatory when using the Internet. Anonymous information of this kind is statistically evaluated by us in order to optimise our website and the technology behind it.

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

Contact options on our website via forms, e-mail and widget

On our website, you have the option of contacting us by e-mail, contact form or widget. In this context, your personal data is stored and processed for the purpose of communication. The data collected for this purpose (name, surname, company, telephone number, e-mail address, IP address) will not be passed on to third parties. The data will not be merged with other data collected on this website. The data may be stored as part of customer relations management (CRM) if you are already a customer of our company.

The contact form is sent encrypted using TLS technology. The encryption serves to prevent unauthorised access to your personal data by third parties.

The basis for data collection in accordance with Art. 6 para. 1 sentence 1 GDPR is: the consent you have given (lit. a); if applicable, the processing of the information for the fulfilment of a contract or the initiation of a contract (lit. b), as well as the legitimate interest of our company in the communication you have initiated (lit. f).

The data will be deleted as soon as the purpose of the communication has been achieved.

Ordering/requesting PDF files

If you order/request brochures in PDF format and other digital print media from Crosscan by e-mail via this website, it is necessary to process your personal data to carry out pre-contractual measures and to fulfil the contract (provision of the products) in accordance with Article 6(1)(b) GDPR. The following personal data must be provided to process the enquiry

  • Company
  • First name
  • Surname
  • e-mail address

This information is stored and processed as part of the order/request as well as for sales follow-up and internal statistical purposes, e.g. how many copies of a medium have been ordered.

Fanpage on Facebook

Our presence on social networks and platforms, such as Facebook, serves the purpose of active and up-to-date communication with our customers and interested parties. We use these platforms to provide information about our services, products and interesting special offers relating to our company. When you visit our online presence on social media, your data may be automatically collected and stored for market research and advertising purposes. This data is used to create so-called user profiles using pseudonyms. These can be used, for example, to place adverts within and outside the platforms that presumably correspond to your interests. Cookies are generally used on your end device for this purpose. The function of cookies is explained in our privacy policy, so please refer to the relevant information there. Visitor behaviour and user interests are stored in these cookies. This serves to safeguard our legitimate interests in an optimised presentation of our services and offers and effective communication with customers and interested parties, which predominate in the context of a balancing of interests. The legal basis for the processing is therefore Art. 6 para. 1 lit. f) EU GDPR. If you are asked by the respective social media platform operators for consent (agreement) to data processing, e.g. with the help of a checkbox, the legal basis for data processing is Art. 6 para. 1 lit. a) EU GDPR.

If you in the cookie banner of this website - crosscan.com -

  • select the checkbox "Facebook Pixel" and click on "Accept selection" or
  • click on "Accept all",

you give your consent in accordance with Art. 6 para. 1 sentence 1 lit. a i.V.m. Art. 49 para. 1 a) GDPR that your personal data may be processed in the USA.

For detailed information on the processing and use of data by the providers on their pages as well as a contact option and your rights and setting options in this regard to protect your privacy, in particular opt-out options, please refer to the providers' data protection notices linked below:

Facebook: www.facebook.com/about/privacy/

You can find the opt-out option as follows:

Facebook: www.facebook.com/settings

If you have any further questions in this regard, you can also contact us (contact details can be found above).

Data processing is carried out on the basis of an agreement between jointly responsible parties in accordance with Art. 26 GDPR, which you can view here:

www.facebook.com/legal/terms/page_controller_addendum

 

Deletion or blocking of data

We adhere to the principles of data avoidance and data minimisation. We therefore only store your personal data for as long as is necessary to fulfil the purposes stated here or for the various storage periods stipulated by law. Once the respective purpose no longer applies or these periods have expired, the corresponding data is routinely blocked or deleted in accordance with the statutory provisions.

The criteria for the erasure of personal data for the purposes of contacting us via the contact form or contact widget are as follows:

Contacting for the purpose of requesting a callback, requesting a quote, requesting a partnership or information about our offer or other enquiry about our company or our products: The personal data in this context will be deleted after the end of the joint communication if no further information is requested or deletion of the personal data is requested.

Use of Google Analytics

We use Google Analytics on our website. The service is offered by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google").

We have concluded a contract with Google for commissioned data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics. The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

If you have consented to data processing, Google may store cookies on your end device to provide the service. Cookies are small text files that serve to recognise your browser. Google stores the following data when you use the website: In addition to the IP address, the time, location, duration and frequency of your website visit are stored. As part of the processing of Google Analytics, personal data is transmitted to the USA.

Google uses this information to analyse website usage, create reports on website activity and provide other services to the controller associated with usage. Before the IP address is transmitted to the USA, it is anonymised using the _anonymizeIP function on servers within the member states of the European Union.

If you in the cookie banner of this website - crosscan.com -

  • select the checkbox "Google Analytics" and click on "Accept selection" or
  • click on "Accept all",

you give your consent in accordance with Art. 6 para. 1 sentence 1 lit. a in conjunction with. Art. 49 para. 1 a) GDPR that your personal data may be processed in the USA.

Under no circumstances will Google merge your IP address with other data within Google.

Information on terms of use and data protection can be found at www.google.com/analytics/terms/de.html or at policies.google.com

The data sent by us and linked to cookies is automatically deleted after 14 months. You can revoke your consent at any time with effect for the future by preventing the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

Furthermore, you can prevent the collection of data by Google Analytics by installing the deactivation add-on provided by Google in your browser. If this is properly installed in your browser, data will not be collected by Google Analytics. The deactivation add-on can be downloaded from the Google website at this link: tools.google.com/dlpage/gaoptout

Alternatively, you can click on the following link to set an opt-out cookie for the browser you are using: Opt-Out-Cookie. When you visit this website, data will then no longer be forwarded to Google Analytics.

Please note that the opt-out cookie can be deleted if necessary. The deletion of the opt-out cookie depends on your individual browser settings. If the cookie is deleted, it must be set again by clicking on the link above. If you have set the opt-out cookie, it is possible that not all services provided by us can be used properly.

Use of Google Remarketing

This website uses the remarketing function of Google Inc. This function is used to present interest-based adverts to website visitors within the Google advertising network. A so-called "cookie" is stored in the website visitor's browser, which makes it possible to recognise the visitor when he or she visits websites that belong to the Google advertising network. On these pages, the visitor can be presented with adverts that relate to content that the visitor has previously accessed on websites that use Google's remarketing function.

According to its own information, Google does not collect any personal data during this process. However, if you do not wish to use Google's remarketing function, you can deactivate it by making the appropriate settings at adssettings.google.com. Alternatively, you can deactivate the use of cookies for interest-based advertising via the advertising network initiative by following the instructions at www.networkadvertising.org/managing/opt_out.asp. The legal basis for data collection is Art. 6 para. 1 lit. f GDPR.

 

Cookies

Like many other websites, we also use so-called "cookies". Cookies are small text files that are transferred from a website server to your hard drive. This automatically provides us with certain data such as IP address, browser used, operating system on your computer and your connection to the Internet.

Cookies cannot be used to start programmes or transfer viruses to a computer. Using the information contained in cookies, we can make navigation easier for you and enable our web pages to be displayed correctly.
Under no circumstances will the data collected by us be passed on to third parties or linked to personal data without your consent.

The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR.

Of course, you can also view our website without cookies. Internet browsers are regularly set to accept cookies. You can deactivate the use of cookies at any time via your browser settings. Please use the help functions of your internet browser to find out how to change these settings. Please note that individual functions of our website may not work if you have deactivated the use of cookies.

Google AdWords

Our website uses Google Conversion Tracking. If you have reached our website via an advert placed by Google, Google AdWords will set a cookie on your computer. The conversion tracking cookie is set when a user clicks on an advert placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognise that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers are told the total number of users who clicked on their advert and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

The legal basis for the storage of "conversion cookies" is based on Art. 6 para. 1 sentence 1 lit a GDPR.

If you do not wish to participate in tracking, you can refuse the setting of a cookie required for this - for example, by using a browser setting that generally deactivates the automatic setting of cookies or by setting your browser to block cookies from the domain adssettings.google.com.

Please note that you may not delete the opt-out cookies as long as you do not wish measurement data to be recorded. If you have deleted all your cookies in the browser, you must set the respective opt-out cookie again.

You can find more information about Google AdWords and Google Conversion Tracking in Google's privacy policy: www.google.de/policies/privacy/.

Google Maps

Parts of our website use Google Maps functions to integrate map data. This content is provided by Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ("Google"). When you access our website, your browser loads the necessary code from Google. For this purpose, the browser you are using must connect to Google's servers. This informs Google that our website has been accessed via your IP address. At the same time, Google can store cookies on your end device, unless you have prohibited the use of cookies in your browser, or read cookies. Location data may also be collected if you allow this in your browser.
 
Google Maps is used for the purpose of an appealing, convenient design of our website and to make it easier for you to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR.
 
Your IP address is collected by us to enable transmission to Google. You are not obliged to provide this data, but it is not possible to use the affected parts of our website without providing this data.
 
Further information can be found in Google's privacy policy at www.google.com/policies/privacy/.

Leadfeeder

We use the LeadFeeder service as a lead generation tool. LeadFeeder accesses the list of IP addresses of Internet site visitors provided by Google Analytics in the evaluation and links the list of IP addresses with information about the companies that can be found on the Internet under these IP addresses. Due to the shortening of the IP address of the website visitors already made when using Google Analytics, a direct personal reference is not established.

Leadfeeder is integrated into our CRM System & Email Marketing Tool, so you can be sure that your company will be there. LeadFeeder is a service of Liidio Oy, Mikonkatu 17 C, Helsinki 00100, Finland.

The privacy policy of Leadfeeder can be found at www.leadfeeder.com/privacy/

You can prevent the storage of a user profile or data about your use of our site by leadfeeder by means of an «opt-out». The possibility and information can be found at:

yourdata.leadfeeder.com

If you are in the cookie banner of this website  - crosscan.com -

  • select the checkbox "Accept selection" or
  • click on "accept all",

give your consent in accordance with Article 6 paragraph 1 sentence 1 letter a within the meaning of Article 49 para. 1 a) GDPR that your personal data may be processed in the USA.

LinkedIn Analytics und LinkedIn Ads

On our website, we use the conversion tracking technology and the retargeting function of LinkedIn Corporation.

This technology allows visitors to this website to be shown personalized ads on LinkedIn. Furthermore, it is possible to generate anonymous reports on the performance of the advertisements as well as information on the website interaction. For this purpose, the LinkedIn Insight tag is integrated on this website, which establishes a connection to the LinkedIn server if you visit this website and are logged in to your LinkedIn account at the same time.

In LinkedIn’s privacy policy at www.linkedin.com/legal/privacy-policy you will find more information on data collection and use as well as the possibilities and rights to protect your privacy. If you are logged in to LinkedIn, data collection can be deactivated at any time under the following link: www.linkedin.com/psettings/enhanced-advertising.

If you are in the cookie banner of this website  - crosscan.com -

  • select the "LinkedIn Insight Tag" checkbox and click Accept Selection, or
  • click on "accept all",

give your consent in accordance with Article 6 paragraph 1 sentence 1 letter a within the meaning of Article 49 para. 1 a) GDPR that your personal data may be processed in the USA.

Pipedrive

Our contact forms and request forms for downloading material are connected to the customer relationship management tool ("CRM tool") Pipedrive. The data entered when filling out the forms is transmitted to Pipedrive and stored there on Pipedrive servers.

The CRM system Pipedrive of the provider Pipedrive OÜ is based on our legitimate interests (efficient and fast processing of user requests, inventory customer management, new customer business) a, a private limited company established under the laws of the Republic of Estonia, with the address Paldiski mnt 80, Tallinn, 10617, Estonia, registered in the Estonian Commercial Register under code 11958539, and a subsidiary of Pipedrive US.

With Pipedrive we have a contract with so-called. Standard Contractual Clauses in which Pipedrive undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level.

Pipedrive US processes the data in the USA.

If you are in the cookie banner of this website  - crosscan.com -

  • select the checkbox "Accept selection" or
  • click on "accept all",

give your consent in accordance with Article 6 paragraph 1 sentence 1 letter a within the meaning of Article 49 para. 1 a) GDPR that your personal data may be processed in the USA.

The Pipedrive Privacy Policy can be accessed here: www.pipedrive.com/en/privacy.

The data collected on the website, by entering the data in the above forms, will be deleted in our CRM tool Pipedrive, if we have processed your request and the purpose of storage has ceased to apply and there are no other legal exceptions to the contrary. You can inform yourself at any time about the data stored about you.

Other data transfers

We also pass on personal data on official and/or judicial instructions. A transfer of personal data that goes beyond the ones mentioned in this privacy policy does not take place.

Your rights to information, correction, blocking, deletion and objection
You have the right to obtain information about your personal data stored by us at any time. You also have the right to have your personal data corrected, blocked or, apart from the mandatory data storage for business purposes, deleted. Please contact our data protection officer at the bottom of this page.

In order for data to be blocked at any time, this data must be kept in a lock file for control purposes. You can also request the deletion of the data if there is no legal archiving obligation. If such an obligation exists, we will block your data on request.

You can make changes or withdraw your consent by notifying us accordingly with future effect.

Information / data subject rights

Users have the following rights regarding their data:

  • Information (Article 15 GDPR): Information about the stored data, purpose of data processing, type of categories of personal data that are processed, to whom the data may be processed. are/have been transferred, how long the data should be stored and what rights the data subjects are entitled to
  • Corrigendum (Article 16 GDPR): You have the right to have any inaccurate personal data concerning you that we store corrected. You also have the right to have an incomplete record stored by us supplemented.
  • Deletion (Article 17 GDPR): You can request us to delete your personal data if (1) the data has been processed unlawfully, (2) the purpose for which the data was collected has been achieved, (3) you have revoked your consent to data processing and there is no other legal basis for processing, (4) we are subject to a legal obligation to delete the data (5) you are under 16 years of age or (6) you have objected to the processing and there are no overriding legitimate grounds for processing on our part.
  • Restriction of processing (Article 18 GDPR): You can request us to restrict processing in the following cases. In these cases, we will provide the data with a blocking notice and will not process it further (1) If you dispute the accuracy of the personal data for the duration of our review (2) If you have requested deletion and we cannot or may not perform a deletion (3) If you need the data for the assertion of claims, but we would be obliged to delete it because the purpose of the processing has been achieved (4) If you have objected to the processing and no final decision has been made yet.
  • Data portability (Article 20 GDPR): pursuant to Art. 20 GDPR To receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;

  • Revocation of a given consent: In accordance with Article 7 paragraph 3 GDPR, to revoke your once given consent at any time. As a result, we may no longer continue to process data based on this consent in the future.

    If you have consented to the processing of personal data, you can revoke your consent at any time. Please send your revocation to the above data or by e-mail to: datenschutz@crosscan.com

  • Right to object to processing (Article 21 GDPR): If your personal data are based on legitimate interests in accordance with Article 6 paragraph 1 sentence 1 lit. f GDPR, you have the right to be processed in accordance with Art. 21 GDPR Object to the processing of your personal data if there are reasons for this that arise from your particular situation.

    If you wish to exercise your right of withdrawal or objection, please contact us.

  • Complaint to a supervisory authority: to complain to a supervisory authority in accordance with Article 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our office / company headquarters.

 

Questions to the data protection officer

If you have any questions about data protection, please send us an e-mail or contact our data protection officer directly:

Mr Dipl Inform Olaf Tenti
GDI - Company for Data Protection and Information Security
Körnerstr. 45
58095 Hagen
Email: datenschutz(at)gdi-mbh.eu
Tel: + 49 (0) 2331 / 35 68 32 - 0
Fax: + 49 (0) 2331 / 35 68 32 - 1

Right to complain about data protection supervision

You have the right to lodge a data protection complaint with the supervisory authorities. The supervisory authority responsible for us is the State Commissioner for Data Protection North Rhine-Westphalia. The complaint may be lodged with any supervisory authority regardless of jurisdiction.
Changes to our Privacy Policy

We reserve the right to amend this privacy policy from time to time so that you always comply with current legal requirements or to implement changes to our services in the privacy policy, for example when introducing new services. The new privacy policy applies to your next visit.

Status of the data protection declaration: November 2020