CONTROLLER
The person responsible for these websites is ITMediaConsult AG, Gut Retzenhöhe 1, 54422 Züsch, Phone: +49 8232 80988-70 s.hartinger@coseco.de Further information about our company can be found in our imprint.
You can reach the person responsible for data protection in the company unters.hartinger@coseco.de.
GENERAL
When you visit our website, personal data is also processed.
In order for the pages to be displayed in your browser, the IP address of the device you are using must be processed. In addition, there is further information about the browser of your device.
Under data protection law, we are also obliged to ensure the confidentiality and integrity of the personal data processed with our IT systems.
For this purpose, the following data is logged:
Information about the type of browser and the version usedThe user’s operating systemThe user’s internet service providerThe user’s IP address (for a maximum of 7 days)Date and time of accessWebsites from which the user’s system accesses our websiteWebsites accessed by the user’s system via our website
The IP address will be deleted or anonymized after 7 days at the latest from all systems used in connection with the operation of this website. We can then no longer establish a personal reference from the remaining data.
The data is also used to correct errors on the website.
The legal basis for this data processing is Art. 6 (1) (f) GDPR. Our “interest” within the meaning of Art. 6 para. 1 lit. f) is the operation of this website and the implementation of the protection goals of confidentiality, integrity and availability of the data.
COOKIES
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that allows the browser to be uniquely identified when you return to the website.
We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page has changed. These are, for example, the access data for closed areas of our website that require a log-in.
Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 et seq. GDPR.
Purpose of data processing
The purpose of the use of technically necessary cookies is to simplify the use of websites for users. Without the use of cookies, not all functions can be offered.
The data collected by cookies that are not technically necessary are not used to create user profiles. The use of this type of cookies is also carried out for the purpose of improving the quality of our website and content. This allows us to learn how the website is used and thus to continuously optimize our offer.
These purposes also include our legitimate interest in the processing of personal data in accordance with Art. 6 (1) (f) GDPR.
Duration of storage, possibility of objection and removal
Cookies are stored on the user’s computer and transmitted by the user to our site. Therefore, users also have full control over the use of cookies. By changing the settings in the internet browser, users can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
CONTACT VIA FORM, NEWSLETTER AND E-MAIL CONTACT
We offer contact and newsletter forms on our website through which you can contact us with concerns regarding our service, such as product or service enquiries. The personal data provided will be stored for the purpose of processing the enquiry and in the event that follow-up questions arise.
Alternatively, you can contact us via our e-mail address, which is linked to various buttons. In this case, the user’s personal data transmitted by e-mail will be stored for the purpose of processing the message and in case follow-up questions arise.
Enquiries and messages received via the contact or newsletter forms on our website or via our e-mail address are usually stored in our CRM system. The CRM system is regularly checked to see if data can be deleted. If data is no longer required in the context of a guest or prospective customer relationship or if a conflicting interest of the guest or interested party prevails, we will delete the data in question, provided that there are no statutory retention obligations to the contrary.
Legal basis for data processing
The legal basis for the processing of the data is Art. 6 (1) (a) GDPR if the user has consented.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) (f) GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR.
Purpose of data processing
The processing of the personal data from the input mask serves us solely to process the contact. In the event of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.
The other personal data processed during the submission process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
Duration of storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the facts in question have been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
Objection and removal option
The user has the option of withdrawing his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
The revocation of consent and the objection to the storage is possible orally, in writing or by e-mail.
In this case, all personal data stored in the course of contacting us will be deleted.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address bar of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
SUPPLEMENTARY DATA PROTECTION INFORMATION FOR APPLICANTS
We process the data that you have sent us in connection with your application in order to check your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application process.
The legal basis for the processing of your personal data in this application process is primarily § 26 BDSG in the version valid from 25.05.2018. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.
If, after completion of the application process, the data may be required for legal prosecution, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular for the purpose of safeguarding legitimate interests pursuant to Art. 6 (1) (f) GDPR. Our interest then lies in legal prosecution.
In the event of a rejection, applicants’ data will be deleted after six months.
In the event that you have consented to further storage of your personal data, we will transfer your data to our applicant pool. There, the data is deleted after two years.
If you have been awarded a position as part of the application process, the data will be transferred to our personnel information system.
Your applicant data will be reviewed by the HR department or management after receipt of your application. Suitable applications will then be forwarded internally to those responsible for the respective open position, if necessary. Then the further procedure will be coordinated. In principle, only those persons in the company have access to your data who need it for the proper running of our application process.
MINORS
Minors are not allowed to transmit any personal data to us without the consent of their legal guardians. We do not process any knowingly obtained personal data of minors within the framework of the website.
INTEGRATION OF THIRD-PARTY SERVICES AND CONTENT Third-party
content is integrated within the website. For the use of such content, the transmission of the user’s IP address to the respective third-party provider is technically necessary. Without the IP address, the third-party providers would not be able to send the content embedded in the website to the browser of the respective user. We have no influence on whether a third-party provider stores or otherwise uses the IP address, e.g. for statistical purposes.
Google Maps
We integrate the maps of the “Google Maps” service of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
The use of Google Maps is in the interest of easy findability. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. When Google Maps is accessed, servers in the USA or at least outside the EU are accessed. An adequate level of data protection is evidenced by the fact that Google LLC is listed in the Privacy Shield.
Google Webfonts
This site uses so-called web fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. To do this, your browser must establish a direct connection with Google’s servers. This makes Google aware that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our plugins. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If your browser does not support web fonts, a default font from your computer will be used.
For more information on the handling of user data, please see https://developers.google.com/fonts/faq and Google’s privacy policy under https://www.google.com/policies/privacy/.
YouTube
Our website uses plugins from YouTube, which is operated by Google.
The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plugin, a connection to YouTube’s servers is established. The YouTube server is informed which of our pages you have visited. If you are logged in to your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. The use of YouTube serves the attractive design of our website. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. For more information on how user data is handled, please see YouTube’s privacy policy at https://www.google.de/intl/de/policies/privacy.
reCAPTCHA
We use Google’s reCaptcha service to determine whether a human or a computer is making a specific entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer: IP address of the device used, the website you visit on our website and on which the captcha is integrated, the date and duration of the visit, the identification data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha surfaces and tasks, where you have to identify images. The legal basis for the described data processing is Article 6 (1) (f) of the General Data Protection Regulation. There is a legitimate interest on our part in this data processing, to ensure the security of our website and to protect ourselves from automated inputs (attacks).
Complianz
We use the Complianz plugin – Complianz GDPR’s cookie consent does not process any personal data. This means that you don’t need to add any text to your privacy policy about this plugin. The cookies used (all functional ones) will be automatically added to your cookie policy. You can find our Privacy Policy here.
WordFence
This website uses the WordPress add-on plugin “WP WordFence”, from the manufacturer Defiant, 800 5th Ave Ste 4100, Seattle, WA 98104, USA. This additional plugin acts as a firewall, virus protection and spam filter for our website and is intended to prevent malicious program code from being transferred to our server and to prevent unauthorized access to our data.
For more information on functionality, see https://www.wordfence.com/. The manufacturer’s privacy policy can be found at: https://www.wordfence.com/privacy-policy/.
WP StatisticsThe website uses the WordPress add-on plugin “WP Statistics” URL: https://wp-statistics.com of the provider “Verona Labs”, Tatari 64, 10134, Tallinn, Estonia, URL: https://veronalabs.com for the analysis of visitor data. The plugin “WP-Statistics” respects the privacy of visitors. This additional function is used for statistical evaluations of visitor access, such as browser version, referrals and search queries or visitors by country. The collection and storage of the data is carried out without user profiles and anonymously. To protect the online identity of the respective visitor, IP addresses are completely replaced by hash values, which excludes subsequent identification of the visitor. The anonymised data is stored locally on a secure server in accordance with the applicable GDPR. The respective statistical visit data is stored in the database for one year (365 days) and then automatically deleted.
MailChimp
We use the MailChimp service to create and send emails to registered newsletter recipients. By registering via our newsletter function, the data you enter, such as name, company name, email, company size and industries, will be stored in our MailChimp account for sending the newsletter. If you unsubscribe, the data will be removed from the mailing lists of our MailChimp account.
Your rights as a data subject
Insofar as your personal data is processed on the occasion of your visit to our website, you have the following rights as a “data subject” within the meaning of the GDPR:
InformationYou can request information from us as to whether we process your personal data. There is no right to information if the provision of the requested information would violate the duty of confidentiality pursuant to Section 57 of the German Criminal Code (StBG) or if the information must be kept secret for other reasons, in particular because of an overriding legitimate interest of a third party. By way of derogation from this, there may be an obligation to provide the information if, in particular taking into account imminent damage, your interests outweigh the interest in secrecy. The right to information is also excluded if the data is stored only because it may not be deleted due to statutory or statutory retention periods or serves exclusively the purposes of data backup or data protection control, provided that the provision of information would require a disproportionately high level of effort and processing for other purposes is excluded by suitable technical and organisational measures. Provided that the right of access is not excluded in your case and your personal data is processed by us, you can request information from us about the following information:
Purposes of the processing,
categories of personal data processed by you,
recipients or categories of recipients to whom your personal data is disclosed, in particular in the case of recipients in third countries, if possible, the envisaged period for which your personal data will be stored or, if this is not possible, the criteria for determining the storage period, the existence of a right to rectification or erasure, or restriction of the processing of personal data concerning you or a right to object to such processing, the existence of a right to lodge a complaint with a supervisory authority for data protection,
provided that the personal data has not been collected from you as a data subject, the available information about the origin of the data, the existence of automated decision-making including profiling and meaningful information about the the logic involved as well as the scope and intended effects of automated decision-making,
in the case of transfer to recipients in third countries, unless there is a decision of the EU Commission on the adequacy of the level of protection pursuant to Art. 45 para. 3 GDPR, information on which appropriate safeguards are provided for the protection of personal data in accordance with Art. 46 para. 2 GDPR.
Correction and completion
If you discover that we have incorrect personal data about you, you can demand that we correct this incorrect data immediately. In the case of incomplete personal data concerning you, you can request that it be completed.
Deletion
You have a right to erasure (“right to be forgotten”), provided that the processing is not necessary for the exercise of the right to freedom of expression, the right to information or to comply with a legal obligation or to perform a task carried out in the public interest and one of the following grounds applies:
The personal data is no longer necessary for the purposes for which it was processed. The justification basis for the processing was exclusively your consent, which you have withdrawn. You have objected to the processing of your personal data that we have made public. You have objected to the processing of personal data that we have not made public and there are no overriding legitimate grounds for the processing.
Your personal data has been processed unlawfully. The deletion of the personal data is necessary to comply with a legal obligation to which we are subject.
There is no entitlement to erasure if deletion is not possible or only possible with disproportionately high effort in the case of lawful, non-automated data processing due to the special nature of storage and your interest in deletion is low. In this case, the restriction of processing takes the place of deletion.
Restriction of processing
You can ask us to restrict processing if one of the following grounds applies:
They contest the accuracy of the personal data. In this case, the restriction may be requested for the duration that allows us to verify the accuracy of the data. The processing is unlawful and you are requesting the restriction of the use of your personal data instead of erasure.
Your personal data will no longer be required by us for the purposes of the processing that you need to establish, exercise or defend legal claims. You have filed an objection pursuant to Art. 21 (1) GDPR. The restriction of processing can be demanded as long as it has not yet been determined whether our legitimate reasons outweigh your reasons.
Restriction of processing means that the personal data will only be processed with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest. Before we lift the restriction, we have the duty to inform you about it.
Data portability
You have a right to data portability if the processing is based on your consent (Art. 6 para. 1 sentence 1 letter a) or Art. 9 para. 2 lit. a) GDPR) or on a contract to which you are a party and the processing is carried out using automated processes. In this case, the right to data portability includes the following rights, provided that this does not adversely affect the rights and freedoms of other persons: You can request that we receive the personal data that you have provided to us in a structured, commonly used and machine-readable format. You have the right to transmit this data to another controller without hindrance on our part. To the extent technically feasible, you can request that we transfer your personal data directly to another controller.
Contradiction
If the processing is based on Art. 6 para. 1 sentence 1 letter e) GDPR (performance of a task in the public interest or in the exercise of official authority) or Art. 6 para. 1 sentence 1 letter f) GDPR (legitimate interest of the controller or a third party), you have the right to object for reasons arising from your particular situation: object at any time to the processing of personal data concerning you. This also applies to profiling based on Art. 6 (1) sentence 1 (e) or (f) GDPR. After exercising the right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You can object at any time to the processing of personal data concerning you for direct marketing purposes. This also applies to profiling that is associated with such direct advertising. Once you have exercised this right to object, we will no longer use the personal data in question for direct marketing purposes.
You have the option of informally informing our company of the objection by telephone, e-mail, if necessary by fax or to our postal address listed at the beginning of this privacy policy.
Withdrawal of consent
You have the right to revoke your consent at any time with effect for the future. The revocation of consent can be communicated informally by telephone, e-mail, possibly by fax or to our postal address. The revocation does not affect the lawfulness of the data processing that was carried out on the basis of the consent until the receipt of the revocation. After receipt of the revocation, the data processing that was based exclusively on your consent will be discontinued.
Complaint
If you believe that the processing of personal data concerning you is unlawful, you may lodge a complaint with a data protection supervisory authority that has jurisdiction over the place of your stay or place of work, or the place of the alleged infringement.
Status and update of this Privacy Policy
This Privacy Policy is as of January 14, 2020. We reserve the right to update the privacy policy from time to time in order to improve data protection and/or adapt it to changed official practice or case law.

