Privacy policy
We process personal data (hereinafter generally referred to as “data”) only to the extent necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there. This privacy policy applies to the use of the website at crosscan.com. For linked content from other providers, the privacy policy provided on the linked website shall apply.
In accordance with Article 4(1) of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the ‘GDPR’), ‘processing’ means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
In this privacy policy, we provide you with information, in particular, regarding the nature, scope, purpose, duration and legal basis of the processing of personal data, insofar as we determine the purposes and means of such processing either alone or jointly with others. We also provide information below regarding the third-party components we use for optimisation purposes and to enhance the user experience, insofar as this involves third parties processing data under their own responsibility.
Our privacy policy is structured as follows:
I. Information about us as the data controller
II. Rights of users and data subjects
III. Information on data processing
The controller pursuant to Article 13(1)(a) of the GDPR is:
Crosscan GmbH
Benjamin Schilp
Ruhrstraße 48
58452 Witten
Phone: 02302 16929-0
Email: hello@crosscan.com
Data Protection Officer, Article 13(1)(b) of the GDPR
Our Data Protection Officer is:
Mr. Dipl.-Inform. Olaf Tenti
GDI Gesellschaft für Datenschutz und Informationssicherheit mbH
Körnerstr 45, 58095 Hagen (NRW - Germany)
Phone: +49 (0)2331/356832-0
Email: datenschutz(at)gdi-mbh.eu
Website: www.gdi-mbh.eu
II. Rights of users and data subjects
With regard to the data processing described in more detail below, users and data subjects have the right
1. the right to confirmation as to whether data concerning them is being processed, to be informed of the data being processed, to receive further information about the processing of the data, and to receive copies of the data (see also Article 15 of the GDPR);
2. to have inaccurate or incomplete data rectified or completed (see also Article 16 of the GDPR);
3. to the immediate erasure of data relating to them (see also Article 17 of the GDPR), or, alternatively, where further processing is necessary in accordance with Article 17(3) of the GDPR, to the restriction of processing in accordance with Article 18 of the GDPR;
4. to receive the data concerning them and provided by them, and to have that data transmitted to other providers/controllers (see also Article 20 of the GDPR);
5. by submitting a complaint to the supervisory authority if they believe that the data concerning them is being processed by the controller in breach of data protection regulations (see also Article 77 of the GDPR).
Furthermore, the controller is obliged to inform all recipients to whom data has been disclosed by the controller of any rectification or erasure of data or restriction of processing carried out pursuant to Articles 16, 17(1) and 18 of the GDPR. However, this obligation does not apply where such notification is impossible or would involve a disproportionate effort. Notwithstanding this, the user has a right to be informed of these recipients.
Furthermore, under Article 21 of the GDPR, users and data subjects have the right to object to the future processing of data relating to them, provided that the data is processed by the provider in accordance with Article 6(1)(f) of the GDPR. In particular, an objection to data processing for the purposes of direct marketing is permitted.
III. Information on data processing
The data processed when you use our website will be deleted or blocked as soon as the purpose for which it was stored no longer applies, provided that there are no legal obligations to retain the data and no contrary information is provided below regarding specific processing procedures.
Server data
For technical reasons, in particular to ensure a secure and stable website, data is transmitted by your web browser to us or to our provider (www.odoo.sh). These so-called server log files collect, amongst other things, the type and version of your web browser, the operating system, the website from which you accessed our website (referrer URL), the page(s) on our website that you visit, the date and time of each visit, and the IP address of the internet connection from which our website is accessed.
The data collected in this way is stored temporarily, but not alongside any other data we hold about you.
This data is stored on the legal basis of Article 6(1)(f) of the GDPR. Our legitimate interest lies in improving the stability, functionality and security of our website.
The data will be deleted after 30 days at the latest, unless further retention is required for evidential purposes. Otherwise, the data will be exempt from deletion, either in whole or in part, until the incident has been fully resolved.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential information, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address bar of your browser changes from “http://” to “https://” and by the padlock symbol in your browser bar.
When SSL or TLS encryption is enabled, the data you send to us cannot be read by third parties (end-to-end encryption). These protocols authenticate the communication partner and ensure the integrity of the data being transmitted.
Cookies
In addition to the data mentioned above, cookies are used on your computer when you visit and use our website. When you visit our website for the first time, you will be asked whether you consent to the use of cookies and, if so, which categories you consent to. Cookies are small text files that are stored by your browser on your device to save specific information. Furthermore, these cookies are used to make your experience of our website more pleasant and convenient, or for analytical purposes. Some of the cookies we use are so-called ‘session cookies’. These serve to make the services of our website technically available to you. Following your visit, these cookies are automatically deleted by your browser. Other cookies remain on your computer and enable us to recognise your device on your next visit (so-called persistent or permanent cookies).
The next time you visit our website using the same device, the information stored in cookies will be read either by our website (‘first-party cookie’) or by another website to which the cookie belongs (‘third-party cookie’). These cookies are automatically deleted from your system after a pre-set period of time, which varies depending on the cookie. The information stored and sent back enables the respective website to recognise that you have already accessed and visited it using your device’s browser. We use this information to optimally design and display the website for you in accordance with your preferences. In doing so, only the cookie itself is identified on your device. Any further storage of personal data takes place only with your express consent or if this is absolutely necessary to enable you to use the service offered and accessed by you accordingly. This website uses the following types of cookies, the scope and functionality of which are explained below:
- Essential cookies: Strictly necessary cookies ensure functions without which you would not be able to use our websites as intended. These cookies are used exclusively by us and serve, for example, to ensure that, as a logged-in user, you remain logged in when accessing various subpages of our website, so that you do not have to re-enter your login details every time you visit a new page. The legal basis for their use is our legitimate interest within the meaning of Article 6(1)(f) of the GDPR.
- Functional cookies: These enable our website to store information you have already provided and to offer you improved functionality based on this. The legal basis for the use of these cookies is your consent in accordance with Article 6(1)(a) of the GDPR.
- Marketing or tracking cookies: These cookies are used to collect information about the websites visited by the user, to create and enable targeted and more effective advertising for the user, and to identify the interests of website visitors so that we can make our website even more interesting in the future.
Marketing and/or tracking cookies are only set once you have given your active consent. The legal basis for data processing in this case is Article 6(1)(a) of the GDPR.
Opt-out for marketing cookies
You can also manage cookies used for online advertising via the tools developed in many countries as part of self-regulatory programmes, such as the US-based https://www.aboutads.info/choices/or the EU-basedhttps://www.youronlinechoices.com/de/praferenzmanagement/ You can withdraw this consent to the use of cookies at any time with future effect here.
You can configure your browser so that you are notified when cookies are set and can choose to allow cookies only in specific cases, e.g. third-party cookies (cookies set by a third party, i.e. not by the website you are currently visiting), block the acceptance of cookies in certain cases or generally, and enable the automatic deletion of cookies when you close your browser. You can delete stored cookies at any time using your web browser. You have the option to disable cookies in your browser at any time. However, disabling cookies may restrict the functionality of this website.
Deleting cookies
Cookies are stored on your device until you delete them, which you can do at any time. Furthermore, expired cookies are automatically deleted by your browser if you have configured it accordingly. Expired cookies are no longer sent to our servers by your browser and can therefore no longer be used by us. Unless you have made or make different settings, cookies that are intended to enable or ensure the necessary technical functions will remain on your device until you close your browser; other cookies may remain on your device for longer (up to a maximum of 6 months). To protect your privacy, you should regularly check the cookies on your device and your browser history and delete them yourself.
Local storage/session storage cookies
We also use what is known as local storage and session storage technology (also referred to as ‘local data’, ‘local storage’ and ‘session storage’), which means we utilise your browser’s storage capacity. With local storage, data is stored locally in your browser’s cache; this data remains there even after you close the browser window or exit the programme and can be read if you do not actively clear the cache. Local storage enables your preferences when using our websites to be stored on your computer and used by you. The function of session storage is essentially the same as that of local storage, except that the relevant data is automatically removed from your browser’s cache immediately after you close the browser (‘session’). Third parties cannot access the data stored in Local Storage or Session Storage. It is not passed on to third parties nor used for advertising purposes. In particular, this technology is used to present our content to you in an appealing graphical format (e.g. pop-up windows, etc.) and to personalise our offering and the navigation on our pages for you. The data is not combined with other data (e.g. information from tracking tools, which is also stored separately in local storage). Certain information and inputs to the tracking tools are also stored in local storage for transmission and analysis. This data is used solely to analyse and evaluate visitors’ browsing behaviour. The data stored in local storage is not used for advertising purposes. Insofar as the use of this technology is necessary for the operation of the website, processing is carried out on the basis of our legitimate interest in providing you with an attractive, fully functional service, pursuant to Article 6(1)(f) of the GDPR; otherwise, it is based on your consent in accordance with Article 6(1)(a) of the GDPR.
Ways to contact us via our website using forms and email
On our website, you can contact us via the contact form or by email.
In this context, the information you provide in the form or in the email, including the contact details you have provided, will be stored and processed by us for the purpose of handling your enquiry and in the event of any follow-up questions. This data (e.g. name, company, telephone number, email address, IP address) will not be passed on to third parties without your consent. Mandatory fields are clearly marked. The data will not be merged with other data collected on this website. The contact form is sent using TLS encryption. The encryption serves to prevent unauthorised access to your personal data by third parties.
The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your enquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Article 6(1)(f) of the GDPR). The data you provide in the contact form or in the email will remain with us until you request its deletion, object to its processing, or the purpose for storing the data no longer applies (e.g. once your enquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
Information about Google services
We use various services provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, on our website. As a result, Google may receive information from you. It cannot be ruled out that Google may also transfer this information to a server in a third country. For the transfer of personal data, we have concluded a data processing agreement with Google containing EU Standard Data Protection Clauses in accordance with Article 46 of the GDPR. Google has undertaken to comply with the Standard Contractual Clauses (SCCs) for the transfer of personal data to third countries in accordance with Directive 95/46/EC. Further information on this is available at: https://policies.google.com/privacy/frameworks?hl=de
Furthermore, the provider has joined the EU-US Data Privacy Framework for data transfers to the US, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission. We have no control over what data Google actually collects and processes. Google states that, in principle, the following information (including personal data) may be processed:
- Log data (in particular the IP address)
- Location-based information
- Unique application numbers
- Cookies and similar technologies
If you are signed in to your Google account, Google may link the processed information to your account, depending on your account settings. For more information from Google, please visit: https://www.google.com/intl/de/policies/privacy/index.html.
You can prevent this by logging out of your Google account or by adjusting the relevant account settings in your Google account. Furthermore, you can prevent the installation of cookies – insofar as Google sets them – by adjusting the relevant settings in your browser; however, we would like to point out that, in this case, you may not be able to make full use of all the functions of this website. You can find further information in Google’s privacy policy, which you can access here: https://www.google.com/policies/privacy/.
Further information on the individual Google services we use on this website can be found in the full privacy policy.
Use of Google Analytics
We use Google Analytics on our website. The service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”).
We have entered into a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics. The legal basis for the use of Google Analytics is your consent in accordance with Article 6(1)(a) of the GDPR.
If you have consented to the processing of your data, Google may store cookies on your device in order to provide the service. Cookies are small text files used to recognise your browser. Google stores the following data in connection with your use of the website: in addition to your IP address, the time, location, duration and frequency of your visits to the website are stored. As part of the processing carried out by Google Analytics, personal data is transferred to the USA.
Google uses this information to analyse website usage, compile reports on website activity and provide other services to the controller relating to such usage. Before the IP address is transmitted to the USA, it is anonymised by the _anonymizeIP function on servers located within the Member States of the European Union.
If you click on the cookie banner on this website – crosscan.com –
- tick the ‘Google Analytics’ box and click ‘Accept selection’ or
- click on ‘Accept All’,
You consent, in accordance with Article 6(1)(a) in conjunction with Article 49(1)(a) of the GDPR, to your personal data being processed in the USA.
Google will not, under any circumstances, link your IP address with any other data held by Google.
For information on our terms of use and privacy policy, please visit https://www.google.com/analytics/terms/de.html resp. at https://policies.google.com/?hl=de
The data we send and which is linked to cookies is automatically deleted after 14 months. You may withdraw your consent at any time with future effect by preventing cookies from being stored via the relevant settings in your browser software; however, please note that in this case you may not be able to make full use of all the features of this website.
You can also prevent Google Analytics from collecting data by installing the opt-out add-on provided by Google in your browser. Provided this is correctly installed in your browser, Google Analytics will not collect any data. The opt-out add-on can be downloaded from the Google website via this link: http://tools.google.com/dlpage/gaoptout?hl=de
Alternatively, you can set an ‘opt-out cookie’ for your browser by clicking on the following link: Opt-Out-Cookie. In future, no data will be sent to Google Analytics when you visit this website.
Please note that the opt-out cookie may be deleted. Whether the opt-out cookie is deleted depends on your individual browser settings. If the cookie is deleted, it must be reset by clicking the link provided above again. If you have set the opt-out cookie, you may not be able to use all the services we provide properly.
Use of Google Remarketing
This website uses the remarketing feature provided by Google Inc. This feature is used to display interest-based advertisements to website visitors within the Google advertising network. A so-called ‘cookie’ is stored in the website visitor’s browser, which enables the visitor to be recognised when they visit websites that belong to Google’s advertising network. On these sites, the visitor may be shown advertisements relating to content that the visitor has previously viewed on websites that use Google’s remarketing function.
According to Google, no personal data is collected during this process. However, if you do not wish to use Google’s remarketing feature, you can disable it by adjusting the relevant settings under https://adssettings.google.com/. Alternatively, you can opt out of the use of cookies for interest-based advertising via the Network Advertising Initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp. The legal basis for data collection is Article 6(1)(f) of the GDPR.
Use of Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that enables us to integrate tracking and analytics tools, as well as other technologies, into our website. Google Tag Manager itself does not create user profiles, store cookies or carry out any independent analysis. Its sole purpose is to manage and deploy the tools integrated via it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.
The use of Google Tag Manager is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in the quick and straightforward integration and management of various tools on its website. Where consent has been obtained, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR; consent may be withdrawn at any time.
YouTube
The video platform YouTube is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, or, if your registered office or place of residence is in the EU, by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
The following information does not apply to any direct embedding of YouTube videos on our website.
When you visit our YouTube channel, your data may be automatically collected and stored for market research and advertising purposes. This data is used to create so-called user profiles using pseudonyms. These may be used, for example, to display advertisements on and off the video platform that are likely to match your interests. Cookies are generally used on your device for this purpose. The function of cookies is explained in the privacy policy available there; please therefore refer to the relevant information provided there. These cookies store visitor behaviour and user interests.
Furthermore, the data collected provides us with a statistical analysis of which groups of people are interested in the individual videos we upload to YouTube. In particular, we are provided with information on the number of views and the playback times of videos. This data is provided for statistical analysis in a form that is anonymised to such an extent that it is not possible to identify individual persons. The information provided includes, for example, the approximate geographical location, age group and other summary characteristics.
The legal basis for the collection and processing of data is your consent within the meaning of Article 6(1)(a) of the GDPR, which you may have given or may give to Google when accessing their website(s). You may withdraw your consent to data processing at any time with future effect; to do so, please contact Google directly. The withdrawal of consent does not affect the lawfulness of the data processing carried out prior to the withdrawal.
For data transfers to the US, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.
For detailed information on how Google processes and uses data on the YouTube website, as well as contact details, your rights in this regard and privacy settings, please refer to Google’s privacy policy, which can be found at the following link: https://policies.google.com/privacy?hl=de&gl=de
Google Ads
On our website, we use the Google AdWords advertising service, specifically the feature known as conversion tracking. This is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, hereinafter referred to simply as ‘Google’.
Through certification under the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active Google guarantees that EU data protection requirements will be complied with even when data is processed in the US.
We use conversion tracking to promote our services in a targeted manner. The legal basis for this is Article 6(1)(f) of the GDPR. Our legitimate interest lies in the analysis, optimisation and cost-effective operation of our website.
If you click on an advert displayed by Google, the conversion tracking tool we use will store a cookie on your device. These so-called conversion cookies expire after 30 days and are not used to identify you personally.
Provided the cookie is still valid and you visit a specific page on our website, both we and Google can determine that you clicked on one of our adverts placed on Google and that you were subsequently redirected to our website.
Using the information collected in this way, Google compiles statistics for us regarding visits to our website. We also receive information about the number of users who have clicked on our advert(s) and the pages on our website that they subsequently visited. However, neither we nor any third parties who also use Google AdWords are able to identify you in this way.
You can also prevent or restrict the installation of cookies by adjusting the relevant settings in your web browser. You can also delete cookies that have already been stored at any time. However, the steps and procedures required to do this depend on the specific web browser you are using. If you have any questions, please consult your web browser’s help function or documentation, or contact its manufacturer or support team.
Furthermore, Google also offers
https://services.google.com/sitestats/de.html
http://www.google.com/policies/technologies/ads/
http://www.google.de/policies/privacy/
further information on this subject, and in particular on the options for restricting data usage.
Google Maps
Parts of our website use Google Maps features to display map data. This content is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’). When you visit our website, your browser downloads the necessary code from Google. To do this, the browser you are using must connect to Google’s servers. This enables Google to recognise that our website has been accessed via your IP address. At the same time, Google may store cookies on your device, provided you have not disabled the use of cookies in your browser, or read cookies. Location data may also be collected if you have enabled this in your browser.
We use Google Maps to ensure our website is visually appealing and user-friendly, and to make it easier for you to find the locations listed on our website. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR.
We collect your IP address to enable it to be transmitted to Google. You are not obliged to provide this data; however, it is not possible to use the relevant parts of our website without providing it.
Further information can be found in Google’s privacy policy, which is available at: https://www.google.com/policies/privacy/.
LeadFeeder
We use the LeadFeeder service as a lead generation tool. LeadFeeder accesses the list of website visitors’ IP addresses provided by Google Analytics in its reports and links this list of IP addresses to information about the companies that can be found online under these IP addresses. As the IP addresses of website visitors are already truncated when using Google Analytics, no direct personal reference is established.
We can only assume that these are visitors to the company. LeadFeeder is integrated into our CRM system and email marketing tool. LeadFeeder is a service provided by Liidio Oy, Mikonkatu 17 C, Helsinki 00100, Finland.
Leadfeeder’s privacy policy can be found at: https://www.leadfeeder.com/privacy/
You can prevent Leadfeeder from storing a user profile or data relating to your use of our website by opting out. You can find details on how to do this and further information at: https://yourdata.leadfeeder.com/
If you click on the cookie banner on this website – crosscan.com –
- tick the “Leadfeeder” box and click “Accept selection” or
- click on ‘Accept All’,
You consent, in accordance with Article 6(1)(a) in conjunction with Article 49(1)(a) of the GDPR, to your personal data being processed in the USA.
LinkedIn (Company Profile)
We use the professional and career network “LinkedIn” for recruitment purposes and maintain a company profile there. LinkedIn is operated by LinkedIn Corporation, 1000 W. Maude Ave., Sunnyvale, California 94085, USA, or, if your company is based or you reside in the EU, by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”).
We have a data processing agreement with LinkedIn, which can be viewed here: https://de.linkedin.com/legal/l/dpa?
When you visit our company profile on LinkedIn, your data may be automatically collected and stored by LinkedIn for market research and advertising purposes, as well as to suggest job vacancies that may be of interest to you (known as ‘Page Insights’). This data is used to create so-called usage and interest profiles using pseudonyms. Cookies are generally used on your device for this purpose.
Information on how cookies work is provided in LinkedIn’s Privacy Policy and Cookie Policy; please refer to those documents for further details. These cookies store information about visitor behaviour and user interests.
Furthermore, we use the data collected to produce statistical analyses of which groups of people are interested in our company website. The data is processed for statistical analysis in such a way that it is anonymised to the extent that it is not possible to identify individual persons; such analyses may include information on approximate geographical location, age group and other summary characteristics.
The processing of personal data using Page Insights on LinkedIn is carried out on the basis of an agreement between joint controllers in accordance with Article 26 of the GDPR, which you can view here: https://legal.linkedin.com/pages-joint-controller-addendum
Regardless of the internal responsibilities agreed between us and LinkedIn, you may direct any data protection enquiries to us or our Data Protection Officer, or to LinkedIn.
If LinkedIn asks you to give your consent to the processing of your data, for example via a tick box, the legal basis for the processing of your data is Article 6(1)(a) of the GDPR.
You may withdraw your consent at any time with future effect; to do so, you must contact LinkedIn. Any data processing carried out up to the point of withdrawal remains lawful. If you wish to disable LinkedIn advertising cookies, please use the following link:
Wenn Sie LinkedIn-Werbe-Cookies deaktivieren möchten, nutzen Sie bitte folgenden Link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
For detailed information on how LinkedIn processes and uses data, as well as contact details, your rights in this regard and privacy settings, please refer to LinkedIn’s privacy policy, which can be found at the following link: https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=de.linkedin.com%7Cli-other
You can find LinkedIn’s cookie policy at the following link: https://www.linkedin.com/legal/cookie-policy
For data transfers to the US, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards on the basis of an adequacy decision by the European Commission.
LinkedIn Analytics and LinkedIn Ads
We use conversion tracking technology and the retargeting feature provided by LinkedIn Corporation on our website.
This technology enables personalised adverts to be displayed to visitors to this website on LinkedIn. It also allows for the creation of anonymous reports on the performance of the adverts, as well as information on website interaction. To this end, the LinkedIn Insight Tag is embedded on this website, which establishes a connection to the LinkedIn server provided that you visit this website whilst logged into your LinkedIn account.
In LinkedIn’s Privacy Policy at https://www.linkedin.com/legal/privacy-policy you can find further information on data collection and use, as well as the options and rights available to you regarding the protection of your privacy. If you are logged in to LinkedIn, you can disable data collection at any time via the following link: https://www.linkedin.com/psettings/enhanced-advertising.
If you click on the cookie banner on this website – crosscan.com –
- tick the “LinkedIn Insight Tag” checkbox and click “Accept selection” or
- click on ‘Accept All’,
You consent, in accordance with Article 6(1)(a) in conjunction with Article 49(1)(a) of the GDPR, to your personal data being processed in the USA.
Facebook profile
Our presence on social networks and platforms, such as Facebook, enables us to communicate actively and in a contemporary manner with our customers and prospective clients. We use these platforms to provide information about our services, products and interesting special offers relating to our company. When you visit our online presence on social media, your data may be automatically collected and stored for market research and advertising purposes. So-called usage profiles are created from this data using pseudonyms. These may be used, for example, to display advertisements within and outside the platforms that are presumed to match your interests. Cookies are generally used on your device for this purpose. The function of cookies is explained in our privacy policy; please therefore refer to the relevant information there. These cookies store visitor behaviour and user interests. This serves to safeguard our overriding legitimate interests, as determined by a balancing of interests, in the optimised presentation of our services and offers, as well as in effective communication with customers and prospective customers. The legal basis for the processing is therefore Article 6(1)(f) of the EU GDPR. If you are asked by the respective social media platform operators for consent to data processing, e.g. via a tick box, the legal basis for the data processing is Article 6(1)(a) of the EU GDPR.
If you click on the cookie banner on this website – crosscan.com –
- tick the ‘Facebook Pixel’ box and click ‘Accept selection’ or
- click on ‘Accept All’,
You consent, in accordance with Article 6(1)(a) in conjunction with Article 49(1)(a) of the GDPR, to your personal data being processed in the USA.
For detailed information on how providers process and use data on their websites, as well as contact details, your rights in this regard and settings to protect your privacy – in particular, your right to object (known as ‘opt-out’) – please refer to the providers’ privacy policies linked below:
Facebook: https://www.facebook.com/about/privacy/
You can find the opt-out option as follows:
Facebook: https://www.facebook.com/settings?tab=ads
If you have any further questions on this matter, please do not hesitate to contact us (you will find our contact details above).
Data processing is carried out on the basis of an agreement between joint controllers in accordance with Article 26 of the GDPR, which you can view here:
https://www.facebook.com/legal/terms/page_controller_addendum
Online job applications / Posting job advertisements
We offer you the opportunity to apply for a job via our website. When you submit a digital application, we collect and process your applicant details and application data electronically for the purposes of the recruitment process.
The legal basis for this processing is Section 26(1), first sentence, of the Federal Data Protection Act (BDSG) in conjunction with Article 88(1) of the General Data Protection Regulation (GDPR).
If an employment contract is concluded following the recruitment process, we will store the data you provided during the application process in your personnel file for the purposes of standard organisational and administrative procedures – naturally, in compliance with all relevant legal obligations.
The legal basis for this processing is also Section 26(1), first sentence, of the Federal Data Protection Act (BDSG) in conjunction with Article 88(1) of the General Data Protection Regulation (GDPR).
If an application is rejected, we automatically delete the data provided to us two months after notification of the rejection. However, the data will not be deleted if legal provisions, such as the duty to provide evidence under the AGG, require it to be retained for a longer period of up to four months or until the conclusion of legal proceedings.
The legal basis in this case is Article 6(1)(f) of the GDPR and Section 24(1)(2) of the BDSG. Our legitimate interest lies in the defence or enforcement of our legal rights.
If you expressly consent to your data being stored for a longer period, for example for inclusion in a database of job applicants or prospective clients, the data will be processed on the basis of your consent. The legal basis in this case is Article 6(1)(a) of the GDPR. However, you may, of course, withdraw your consent at any time in accordance with Article 7(3) of the GDPR by notifying us, with effect for the future.
Odoo
We use Odoo as our ERP system for processing and storing contact details, managing orders and invoicing.
When you contact us (via the contact form or by email), the information you provide is processed for the purpose of handling your enquiry in accordance with Article 6(1)(b) of the GDPR. In order to process and respond to your enquiries and messages as quickly as possible, we have linked our contact form to our Customer Relationship Management tool (“CRM tool”) in Odoo. The data submitted when completing the form is transferred to Odoo and stored there on Odoo’s servers.
We use the Odoo ERP system provided by Odoo S.A. on the basis of our legitimate interests (efficient and prompt handling of user enquiries, existing customer management, new customer acquisition, business processing) as a limited liability company incorporated under Belgian law, with its registered office at: Chaussée de Namur, 40 1367 Grand Rosière, Belgium.
Links to third-party websites
Our website contains links to third-party websites. These websites have their own privacy policies. We have no control over the content of these linked websites. We are not responsible for these websites. However, we have selected them carefully.
If you click on such a link, you will leave our website and open the external website in your browser. In doing so, data – usually at least your IP address – will be transmitted to the server of the linked website. If we become aware of any unlawful content, for example through notification from a third party, we will remove the link immediately.
Deletion or blocking of data
We adhere to the principles of data avoidance and data minimisation. We therefore only store your personal data for as long as is necessary to fulfil the purposes set out here, or for the duration of the various retention periods prescribed by law. Once the relevant purpose no longer applies or these periods have expired, the relevant data is routinely blocked or deleted in accordance with legal requirements.
The criteria for the erasure of personal data for the purposes of making contact via the contact form or contact widget are as follows:
Contacting us to request a callback, a quote, a partnership, information about our services, or to make any other enquiry regarding our company or our products: Personal data provided in this context will be deleted once our communication has concluded, provided no further information is required or a request has been made for the personal data to be deleted.
Further data transfers
We also disclose personal data in response to official and/or court orders. Personal data will not be disclosed for any purpose other than those set out in this privacy policy.
Your rights to access, rectification, restriction, erasure and objection
You have the right to access your personal data held by us at any time. You also have the right to have your personal data corrected, restricted or, apart from data retained as required for business purposes, deleted. Please contact our Data Protection Officer in this regard. You will find the contact details at the bottom of this page.
To ensure that data can be blocked at any time, this data must be stored in a block file for verification purposes. You may also request that the data be deleted, provided there is no legal obligation to retain it. Where such an obligation exists, we will block your data upon request.
You may amend or withdraw your consent by notifying us accordingly, with effect from the future.
Information / Data subjects' rights
Users have the following rights regarding the data collected about them:
- Right of access (Article 15 of the GDPR):
Right of access (Article 15 of the GDPR):
- Rectification (Art. 16 GDPR):
You have the right to have any inaccurate personal data concerning you that we hold rectified. You also have the right to have us complete any incomplete data record we hold.
- Erasure (Article 17 of the GDPR):
You may request that we erase your personal data provided that (1) the data has been processed unlawfully, (2) the purpose for which the data was collected has been fulfilled, (3) you have withdrawn your consent to the processing of the data and there is no other legal basis for the processing, (4) we are subject to a legal obligation to erase the data, (5) you are under 16 years of age, or (6) you have objected to the processing and there are no overriding legitimate grounds on our part for the processing.
- Restriction of processing (Article 18 of the GDPR):
You may request that we restrict processing in the following cases. In such cases, we will mark the data as restricted and will not process it further. (1) If you dispute the accuracy of the personal data, for the duration of our investigation. (2) If you have requested erasure and we are unable or not permitted to carry out the erasure. (3) Where you require the data to assert claims, but we would be obliged to erase it because the purpose of the processing has been fulfilled. (4) Where you have objected to the processing and a final decision has not yet been made.
- Data portability (Article 20 of the GDPR):
in accordance with Article 20 of the GDPR, to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, or to request that it be transferred to another controller;
- Withdrawal of consent:
In accordance with Article 7(3) of the GDPR, you may withdraw your consent at any time. As a result, we will no longer be permitted to process your data on the basis of that consent in the future.
If you have given us your consent to process your personal data, you may withdraw that consent at any time. Please send your withdrawal of consent to the address given above or by email to: datenschutz@gdi-mbh.eu
- Right to object to processing (Article 21 of the GDPR):
Where your personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) of the GDPR, you have the right, under Article 21 of the GDPR, to object to the processing of your personal data where there are grounds relating to your particular situation.
If you wish to exercise your right of withdrawal or right to object,Go to contact form here....
- Making a complaint to a supervisory authority:
to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR. As a rule, you may contact the supervisory authority for your usual place of residence or work, or for the location of our law firm’s or company’s registered office.
Questions for the Data Protection Officer
If you have any questions regarding data protection, please send us an email or contact our Data Protection Officer directly:
Mr Dipl. Inform. Olaf Tenti
GDI - Gesellschaft für Datenschutz und Informationssicherheit mbH
Körnerstr. 45
58095 Hagen - Germany
Email: datenschutz(at)gdi-mbh.eu
Tel.: + 49 (0) 2331 / 35 68 32 - 0
Fax: + 49 (0) 2331 / 35 68 32 - 1
Right to lodge a complaint with the data protection supervisory authority
Under Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority. As a general rule, you may contact the supervisory authority for your usual place of residence or work, or for the location of our registered office.
Changes to our privacy policy
We reserve the right to amend this privacy policy from time to time to ensure that it always complies with the latest legal requirements or to reflect changes to our services in the privacy policy, for example when new services are introduced. The new privacy policy will then apply to your next visit.
As of January 2026