Privacy policy

1. basic principles

Thank you for visiting our website candis.io. The protection and security of our customers' and users' data is important to us. We have therefore designed our website and our business processes in such a way that as little personal data as possible is collected or processed. The following privacy statement explains what information we collect during your visit to our website and what parts of this information are used, if any, and how. You are welcome to inform yourself in detail below about how we handle your personal data.

CANDIS takes the protection of your personal data very seriously and adheres strictly to the rules of the data protection laws of the Federal Republic of Germany, the Telemedia Act and the data protection regulations of the European Union. CANDIS obliges its employees to comply with the data protection requirements of the DSGVO.

The following declaration also gives you an overview of how CANDIS guarantees this protection and what kind of data is collected for what purpose.

For all questions regarding data protection, please contact the following e-mail address: datenschutz@candis.io.

2. collection of server log data

We process so-called access data (in particular your IP address) on our website for statistical evaluations for the purpose of the operation, security and technical optimisation of our website. This enables us to present our website to you more effectively and to identify errors. We collect access data when you call up our website and store it in a log file (so-called log file):

  • Name of the web page accessed,
  • Date and time of the retrieval,
  • the amount of data transmitted / message about the successful retrieval,
  • Browser type and version,
  • the operating system,
  • Referrer URL, 
  • requesting provider / your IP address

You are not identifiable to us from this data. Log data is regularly deleted promptly, at the latest after 90 days. The legal basis for this data processing is our legitimate interest in the sense of Art. 6 para. 1 lit. f) DSGVO.

3. processing and use

CANDIS collects, processes and uses the personal data - unless expressly provided otherwise in this privacy policy - exclusively for the purpose of processing the contractual relationship pursuant to Art. 6 (1) (b) DSGVO and for improving the user experience pursuant to Art. 6 (1) (a) DSGVO and Art. 6 (1) (f) DSGVO, i.e. for the following purposes

  • Creation of an account
  • Verification of customer identity
  • Settlement of the payment
  • Suggesting individual suggestions for improvement that are helpful to the customer

Personal data will be transferred to third parties if the data subject has expressly consented in accordance with Art. 6 para. 1 sentence 1 letter a) DSGVO to the transfer of data in accordance with Art. 6 para. 1 sentence 1 letter a) DSGVO. c) DSGVO, there is a legal obligation to do so and/or this is necessary under Art. 6 para. 1 sentence 1 letter b) DSGVO for the performance of a contractual relationship with the data subject.

In other cases personal data will not be passed on to third parties.

 

4. use of cookies

On our site we use so-called "cookies". Cookies are small text files used by websites to simplify and speed up the management of your visit to our website or are necessary to allow you to use and access secure areas of the website. 

The website cookies contain personal data about the customer. Cookies save the website customer from having to enter data more than once, make it easier to transmit specific content and help CANDIS to identify particularly popular areas of the website. This enables CANDIS, among other things, to tailor the content of its website precisely to the needs of its customers.

If the use of cookies is deactivated via the browser settings, the range of services can no longer be called up. 

Depending on where a cookie comes from, so-called first-party cookies and third-party cookies can be distinguished: 

First-party cookies
Cookies that are generated and stored locally by the website operator, as the controller, or by a processor commissioned by the operator.

Only the operator has later access to these cookies.
Third Party Cookies
Cookies, which are generated, set and retrieved by third party providers who are not acting as processors on behalf of the website operator.

Depending on the validity period, so-called transient and persistent cookies can also be distinguished:

Transient cookies
Cookies, which are automatically deleted when you close the browser. These include in particular the session cookies.
Persistent cookies
Cookies, which remain stored on your terminal device for a specified period of time after closing the browser.

Depending on their nature and purpose, the use of certain cookies may require the user's consent. In this respect, cookies can then be distinguished as to whether the user's consent is mandatory for their use:

Consent free cookies
Cookies that are strictly necessary in order for the website operator, expressly requested by the subscriber or user, to provide the service ("Strictly Necessary Cookies")
Cookies requiring consent
Cookies, which are used for all purposes other than those mentioned above.

Insofar as the user's consent is required, we will only use these cookies if you have given your consent in advance. When you call up our website, we display a so-called "cookie banner" in which you can declare your consent to the use of cookies on the website by pressing a button.

Unconditionally required cookies cannot be deactivated via the cookie banner of this website. However, you can manage and deactivate these cookies generally in your browser at any time. 

This site uses different types of cookies:

Technically necessary cookies
These cookies are set automatically when you access the website or a specific function, unless you have prevented cookies from being set by means of settings in your browser.
Name
Provider
Purpose
Procedure
Type
iw_optional_cookies_status
inwendo
Saves the selected setting of the cookie banner.
30 days
HTTP cookie
Preference cookies
These cookies enable a website to remember certain information that influences the way a website behaves or looks. (For example, the preferred language or the region in which a user finds it).
Name
Provider
Purpose
Procedure
Type
__cfduid
Cloudflare
Security cookie, which helps Cloudflare to detect dangerous visitors on the websites and minimize the blocking of legitimate users. The IP of the user is anonymized.
30 days
HTTP cookie

We process the data collected through the use of these cookies on the basis of Article 6 paragraph 1 letter a) of the DS-GVO.

Statistical cookies
These cookies allow website operators to track how visitors interact with websites by aggregating and reporting data anonymously.
Name
Provider
Purpose
Procedure
Type
_gid
Google Analytics
Used for anonymous recognition of the user
1 day
HTTP cookie
Ajs_anonymous_id
Google Analytics
For recording user numbers even with recurring calls
12 months
HTTP cookie
ajs_user_id
Google Analytics
To track site usage, achieve predefined events and goals, and measure site performance and stability
12 months
HTTP cookie
_ga [4x]
Google Tag Manager
Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
24 months
HTTP cookie
CONSENT
Google
Google's security cookies to authenticate users, prevent fraudulent use of credentials and protect user information from unauthorized access.
20 years
HTTP cookie
DV
Google Analytics
This cookie is used to store user preferences and other information. This includes, in particular, the preferred language, the number of search results to display on the page, and the decision whether or not to enable the Google SafeSearch filter.
Session
HTTP cookie
__utmzz
Google Analytics
Parameters for the use of Google Analytics (can be disabled and loaded before accepting the cookie banner)
6 months
HTTP cookie
__utmzzses
Google Analytics
Parameters for the use of Google Analytics (can be disabled and loaded before accepting the cookie banner)
Session
HTTP cookie
_hjClosedSurveyInvites
Hotjar
Cookie set only in certain cases - cookie that is created when a user interacts with an external survey link and prevents the survey invitation from reappearing.
1 year
HTTP cookie
_hjDonePolls
Hotjar
 Cookie that ensures that a Hotjar survey is not shown again to a user who has already answered the survey.
 1 year
HTTP cookie
_hjMinimizedPolls
Hotjar
 Cookie that ensures that a survey window remains minimized when the user visits a page where it should appear.
 1 year
HTTP cookie
_hjShownFeedbackMessage
Hotjar
 This cookie is set the first time the user answers or minimizes a feedback window. The cookie is set so that the window remains minimized when the user visits a page where it should be displayed. 
 1 year
HTTP cookie
_hjid
Hotjar
 Hotjar cookie that is set when the customer lands on a page with the Hotjar script for the first time. It is used to store the Hotjar user ID, which is unique to that page, in the browser. This ensures that behavior on subsequent visits to the same page can be attributed to the same user ID.

HTTP cookie
_hjRecordingLastActivity
Hotjar
 Stored in sesssion storage, as opposed to cookies. This file is dropped when a recording starts and when the recording is sent through the WebSocket (thus when the user does something that Hotjar records).
 Session
HTTP cookie
_hjTLDTest
Hotjar
 When the Hotjar script is run, Hotjar tries to determine the most common cookie path we should use instead of the site's hostname. This is done so that cookies can be shared across subdomains (if applicable). To determine this, we attempt to save the _hjTLDTest cookie for various URL substring alternatives until it fails. After this test, the cookie is removed.
Session
HTTP cookie
_hjUserAttributesHash
Hotjar
 User attributes sent through the Hotjar discovery interface are cached and stored for the duration of the session to know when an attribute has changed and needs to be updated.
Session
HTTP cookie
_hjCachedUserAttributes
Hotjar
 This cookie stores user properties that are sent through the Hotjar identification interface. These properties are only stored when the user interacts with the Hotjar feedback window.
Session
HTTP cookie
 _hjLocalStorageTest
Hotjar
 This cookie is used to check whether Hotjar can store data in local storage. This cookie is deleted immediately after use. 
Session
HTTP cookie
_hjIncludedInPageviewSample
Hotjar
 This cookie is set to tell Hotjar whether this visitor is included in the data sample defined by your site's pageview limit.
30 minutes
HTTP cookie
_hjIncludedInSessionSample
Hotjar
 This cookie is set to tell Hotjar whether this visitor is included in the data sample defined by your site's daily session limit.
30 minutes
HTTP cookie
_hjAbsoluteSessionInProgress
Hotjar
 This cookie is used to recognize the first pageview session of a user. This is a true/false flag set by the cookie.
30 minutes
HTTP cookie
_hjFirstSeen
Hotjar
 This cookie is set to identify the first session of a new user. It stores a true/false value indicating whether this is the first time Hotjar has seen this user. It is used by record filters to identify new user sessions.
Session
HTTP cookie
hjViewportId
Hotjar
 This cookie stores information about the view settings used by the user, such as the resolution used.
Session
HTTP cookie
_hjRecordingEnabled
Hotjar
 This cookie is added when a recording is started and is read when the recording module is initialized to determine if the user is already in a recording in a particular session.
Session
HTTP cookie

We process the data collected through the use of these cookies on the basis of Article 6 paragraph 1 letter a) of the DS-GVO.

Marketing cookies
Cookies that are used to follow visitors to websites. The idea is to display ads that are important and appealing to the individual user and therefore more important to publishers and third party advertisers.
Name
Provider
Purpose
Procedure
Type
MUID
Bing
This cookie carries information about how the end user uses the site and any advertisements that the end user has seen prior to visiting the said site.
13 months
HTTP cookie
intercom id-rbert73i
Intercom
To create unique anonymous recognition IDs
9 months
HTTP cookie
intercom session-rbert73i
Intercom
To detect sessions and recurring sessions
7 days
HTTP cookie
IDE
Google Doubleclick
Cookie for storing user preferences. E.g. for playing out individual advertising.
2 years
HTTP cookie
for
Facebook
Cookie to enable Facebook functions on our site
3 months
HTTP cookie
1P_JAR
Google Doublecklick
Used to optimize advertising from Google DoubleClick to deliver ads relevant to users, improve campaign performance reports, or prevent users from seeing the same ads more than once.
1 month
HTTP cookie
ANID
Google
Playing out individual and relevant advertising
6 months
HTTP cookie
NID
Google
Playing out individual and relevant advertising
6 months
HTTP cookie
lidc
Linkedin
Used for routing
1 day
HTTP cookie
lissc
Linkedin
Classification pending
12 months
HTTP cookie
long
Linkedin
Saves the language setting used
Session
HTTP cookie
UserMatchHistory
Linkedin
Used to track visitors across multiple Web pages to deliver relevant advertising based on the visitor's preferences.
29 days
HTTP cookie
visitor_id <id></id>
Salesforce Pardot
The visitor cookie contains a unique visitor ID and the unique identifier for your account. For example, the cookie name visitor_id12345 stores the visitor ID 10101010, while the account identifier 12345 ensures that the visitor is tracked to the correct Pardot account. The visitor value is the visitor_id in your Pardot account. This cookie is set for visitors by the Pardot tracking code.
Up to 10 years
HTTP cookie
Visitor_id <id> hash</id>
Salesforce Pardot
The visitor hash cookie contains the account ID and stores a unique hash. For example, the cookie name visitor_id12345-hash stores the hash "855c3697d9979e78ac404c4ba2c66533", and the account ID is 12345. This cookie is a security measure to ensure that a malicious user cannot fake a visitor to Pardot and access relevant prospect information.
Up to 10 years
HTTP cookie
_BEAMER_FIRST_VISIT_{product ID}
Projector
Memory the date of your first visit to the site.
3000 days
HTTP cookie
_BEAMER_USER_ID{product ID}
Projector
 Stores a unique user ID of the user.
300 days
HTTP cookie
_BEAMER_LAST_UPDATE_{product ID}
Projector
Stores a timestamp for the last number of unread entries of the updates for this user.
3000 days
HTTP cookie
_BEAMER_FILTER_BY_URL_{product ID}
Projector
Saves whether a URL filter is present
20 minutes
HTTP cookie
_BEAMER_DATE_{product ID}
Projector
Stores the time of the last access to the feed.
300 Days
HTTP cookie
_BEAMER_LAST_POST_SHOWN_{product ID}
Projector
(Cookie is only stored if certain circumstances are met) Stores the user ID of the last post that was displayed as a teaster by Beamer.
300 Days
HTTP cookie
_BEAMER_SOUND_PLAYED_{product ID}
Projector
(Cookie is only stored if certain circumstances are met) Stores whether the notification sound was played after the last notification
7 days
HTTP cookie
_BEAMER_LAST_PUSH_PROMPT_INTERACTION_{product ID}
Projector
(cookie is only stored when certain circumstances are met) memory the date of the user's last interaction with the
300 days
HTTP cookie
_BEAMER_NPSLAST_SHOWN_{product ID}
Projector
(Cookie is only stored when certain circumstances are met) Stores the time when the user satisfaction survey was last shown to the customer.
300 days
HTTP cookie
taboola_global:user-id
Taboola
Stores a unique user ID of the user.
1 year
HTTP cookie

5. statistical analysis - tracking

We use tracking technology on our website to measure and evaluate our website and to optimize our content. For the protection of our users and partners, we can also detect and prevent fraud and security risks. The legal basis for this data processing is your consent given to us (Art. 6 para. 1 lit. a) DSGVO). We use the following products for this purpose, which are provided to us via service providers:


5.1 Leadlab

We use the Leadlab service from WiredMinds GmbH, Lindenspürstraße 32, 70176 GmbH and its pixel-counting technology on our website to analyse user behaviour and to optimise our site on this basis.

In particular, the service allows us to identify which companies have visited our site. We do not receive any information that directly identifies you. In connection with the use of Leadlab, cookies and tracking pixels are used to enable a statistical analysis of the use of this website through your visits. Information - including personal information - on your visitor behaviour is stored in the cookie and transmitted to Wiredminds or collected directly by Wiredminds.

The information is processed by Wiredminds using a pseudonym in a user profile for the purpose of analysis and is made as anonymous as possible. The data thus obtained will not be used to personally identify you without your separately granted consent and the data will not be merged with personal data about you as the bearer of the pseudonym.
As far as IP addresses are collected, they are anonymised immediately after collection by deleting the last number block.
Information on data protection at Wireminds GmbH can be found on the website of this company.

The legal basis for this type of data processing is your consent, Art. 6 para. 1 letter a) DSGVO.

Wiredminds processes the data on our behalf on the basis of a contract [MR1] between us and Wiredminds. This contract ensures that the data processing on our behalf is carried out in accordance with the Basic Data Protection Regulation and guarantees the protection of the rights of the data subjects.

Information on data protection at Wireminds GmbH can be found at: https://www.wiredminds.de/datenschutz/.

5.2 Pardot

This website uses the Pardot analysis tool from salesforce.com, inc, San Francisco, CA 94105, USA. We use Pardot to analyze the use of our website and to improve it regularly. For this purpose, we analyze the user or click behavior on our website in order to better tailor our communication to customer needs.

The legal basis for this type of data processing is your consent, Art. 6 para. 1 letter a) DSGVO.

Pardot processes the data on our behalf on the basis of a contract for processing [MR1] between us and Pardot. This ensures that the data processing on our behalf is carried out in accordance with the General Data Protection Regulation while guaranteeing the protection of the rights of the data subjects.

5.3 Segment

We use "Segment" on our website, a service of Segment.io, Inc., 100 California Street, Suite 700, San Francisco, CA 94111, USA (hereinafter referred to as: "Segment"). Segment stores and processes information about your user behavior on our website.

We use Segment for marketing and optimization purposes, in particular to analyze the use of our website and to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behaviour, we can improve our offer and make it more interesting for you as a user. The legal basis for this type of data processing is your consent, Art. 6 (1) a) DSGVO.

Segment processes the data on our behalf on the basis of a contract for processing [MR1] between us and Segment. This ensures that the data processing on our behalf is carried out in accordance with the General Data Protection Regulation while guaranteeing the protection of the rights of the data subjects.

For further information on data protection from the third-party provider, please visit the following website: https://segment.com/docs/legal/privacy/.

5.4 Google Analytics

We use Google Analytics, web analytics services provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

The protection of your data is important to us, which is why we have additionally extended Google Analytics with the configuration parameter "anonymizeIp". Your IP address is only recorded in abbreviated form by the code. We therefore process your personal usage data in Google Analytics anonymously. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

The IP address transmitted by the user's browser is not combined with other data from Google. Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

In all other respects, your data will be processed pseudonymously, as explained in more detail below. It is not possible for us to draw conclusions about your person. Google will use this information on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website and the Internet. In doing so, pseudonymous user profiles of the users can be created from the processed data.

The information generated by the cookie about the use of the online offer by the user is usually transferred to a Google server in the USA and stored there. Google is certified under the Privacy-Shield-Agreement and thus offers a guarantee to comply with the European data protection law:(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google processes the data on our behalf on the basis of an order processing agreement [MR1] between us and Google. This ensures that the data processing on our behalf is carried out in accordance with the General Data Protection Regulation while guaranteeing the protection of the rights of the data subjects.

Further information on the use of data by Google, setting and objection options, you can find in the privacy policy of Google(https://policies.google.com/technologies/ads) and in the settings for the display of advertising by Google(https://adssettings.google.com/authenticated).

Further information on the terms of use of Google Analytics and the data protection regulations can be found at: http://www.google.com/analytics/terms/de.html or https://policies.google.com/?hl=de&gl=de.

5.5 Facebook

This website uses plugins of the social network Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA integrated ("Facebook"). An overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/.

When you visit our website, a direct connection between your browser and the Facebook server is established via the plugin. Facebook thereby receives the information that you have visited our site with your IP address. If you click the Facebook "Like-Button" while you are logged in to your Facebook account, you can link the contents of our pages on your Facebook profile. This allows Facebook to associate the visit to our Pages with the visit. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. If you do not want Facebook to be able to assign visits to our Pages to your Facebook user account, please log out of your Facebook user account.

Facebook remarketing tags are integrated on our Internet pages. When you visit our pages, the remarketing tags establish a direct connection between your browser and the Facebook server. Facebook thereby receives the information that you have visited our site with your IP address. This enables Facebook to assign the visit to our pages. We can use the information obtained in this way to display Facebook Ads.

The storage of cookies is based on Art. 6 para. 1 lit. a DSGVO.

Information about how to contact Facebook, how to set up ads and the data usage guidelines are available at http://de-de.facebook.com/about/privacy.

5.6 Intercom

We use "Intercom" on our website, a service of Intercom, Inc., 55 Second Street, Suite 400, San Francisco, CA 94105, USA (hereinafter referred to as: "Intercom"). Intercom stores and processes information about your user behavior on our website to enable easier support via the built-in chat function.

We use Intercom for marketing and optimization purposes, in particular to analyze the use of our website and to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behavior, we can improve our offer and make it more interesting for you as a user. The legal basis for this type of data processing is your consent, Art. 6 (1) a) DSGVO.

Intercom processes the data on our behalf on the basis of a contract for processing [MR1] between us and Intercom. This ensures that the data processing on our behalf is carried out in accordance with the General Data Protection Regulation while guaranteeing the protection of the rights of the data subjects.

For more information about the third-party provider's privacy practices, please visit the following website: https://www.intercom.com/legal/terms-and-policies.

5.7 Optimizely

We use "Optimizely" software on our website, a web analytics service provided by Optimizely, Inc ("Optimizely"). Optimizely is provided by Optimizely GmbH, Spichernstrasse 6, 50672 Cologne, Germany. 

The program allows us to create different versions of a page (A/B tests) and to direct the users of our website to different pages. Through the statistical evaluation of user behavior, we can improve our offer and make it more interesting for you as a user. The legal basis for this type of data processing is your consent, Art. 6 para. 1 lit. a) DSGVO. 

In addition, you can deactivate Optimizely tracking at any time and thus prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Optimizely and the processing of this data by Optimizely by following the instructions on https://www.optimizely.com/legal/opt-out/.

Optimizely processes the data on our behalf on the basis of a contract processing agreement [MR1] between us and Optimizely. This ensures that the data processing on our behalf is carried out in accordance with the GDPR while guaranteeing the protection of the rights of the data subjects. 

You can find more information about how Optimizely processes your data at https://www.optimizely.com/privacy/.

5.8 Bing Ads

On our website we use technologies from "Bing Ads", a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter referred to as: "Microsoft").

Bing Ads collects and stores data from which usage profiles are created using pseudonyms. Bing Ads enables us to track user activity on our website, insofar as the users have reached our website via ads from Bing Ads. If you arrive at our website via such an ad, a cookie is set on your terminal device. This allows us and Microsoft to track that a user clicked on a Bing Ads ad and was directed to our website through it. Microsoft and we can also track that the user has reached a pre-determined landing page, called a conversion page. We only learn the total number of users who clicked on a Bing Ads ad and were then redirected to the conversion page. 

The information collected is transferred to Microsoft servers in the USA and stored there for a maximum of 180 days. In addition, Microsoft may be able to track your usage behavior across multiple devices you use through cross-device tracking. This allows Microsoft to show you personalized ads on Microsoft websites and in apps provided by Microsoft.

We use Bing Ads for marketing and optimisation purposes, in particular to analyse the use of our website and to be able to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behavior, we can improve our offer and make it more interesting for you as a user. This is also our legitimate interest in the processing of the above data by the third-party provider. The legal basis for this type of data processing is your consent, Art. 6 (1) a) DSGVO. 

Microsoft processes the data on our behalf on the basis of a contract for processing [MR1] between us and Microsoft. This ensures that the data processing on our behalf is carried out in accordance with the General Data Protection Regulation while guaranteeing the protection of the rights of the data subjects.

For more information about Bing Ads analysis services, please visit: https://help.bingads.microsoft.com/#apex/3/de/53056/2.

5.9 OptinMonster

We use on our website the software "OptinMonster" a service of Retyp, LLC, 5127, NW 24th Dr, Gainesville, Florida, 32605, OptinMonster stores and processes information about your user behavior on our website. 

The program allows us to include popups and other opt-ins (such as floating bars) on our website. The data is only collected by an active action of the customer (e.g. the customer signs up for the newsletter via a popup). OptinMonster does not store the collected data on its own servers, but forwards it directly to CANDIS. The legal basis for this type of data processing is your consent, Art. 6 para. 1 lit. a) DSGVO.

OptinMonster processes the data on our behalf on the basis of a contract for processing [MR1] between us and OptinMonster. This ensures that the data processing on our behalf is carried out in accordance with the General Data Protection Regulation while guaranteeing the protection of the rights of the data subjects. 

Details of how Optinmonster handles the customer's personal information are described in Optinmonster's Privacy Notice(https://optinmonster.com/privacy/).

5.10 Projector

We use on our website the software "Beamer" a service of Joincube, Inc. 

We use Beamer to inform our users about important changes, news and updates, as well as to collect user feedback on our latest updates. Beamer uses cookies and other technologies to collect data about the behavior of our users and their devices (in particular, the IP address of the device (collected and stored only in anonymized form), the type of device (unique device identifiers), browser information, geographic location (country only), the preferred language in which our website is displayed). Beamer stores this information in a pseudonymous user profile. Neither Beamer nor we will ever use this information to identify individual users or match it with other data about an individual user. The legal basis for this type of data processing is your consent, Art. 6 (1) a) DSGVO.

Beamer processes the data on our behalf on the basis of a commissioned processing agreement [MR1] between us and Beamer. This ensures that the data processing on our behalf is carried out in accordance with the General Data Protection Regulation while guaranteeing the protection of the rights of the data subjects.

You can find more information about Beamer at: https://www.getbeamer.com/privacy-policy/.


5.11 Hotjar

We use on our website the software "Hotjar" a service of Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta.

We use Hotjar to better understand the needs of our users and to optimize the offering and experience on this website. Using Hotjar's technology, we get a better understanding of our users' experiences (e.g. how much time users spend on which pages, which links they click on, what they like and dislike, etc.) and this helps us to tailor our offering to our users' feedback. Hotjar uses cookies and other technologies to collect data about our users' behaviour and their devices, in particular device IP address (collected and stored only in anonymous form during your website use), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language for viewing our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling the data collected on our behalf. The legal basis for this type of data processing is your consent, Art. 6 para. 1 lit. a) DSGVO.

For more information, please refer to the 'about Hotjar' section on Hotjar's help page: https://help.hotjar.com/hc/en-us/categories/115001323967-About-Hotjar

5.12 Taboola

We use on our website the software "Taboola" a service of Taboola, Inc., 16 Madison Square West, 7th Floor, New York, New York 10010.

Our website uses technology from Taboola. Taboola uses cookies to determine what content you are using and which of our pages you are visiting when you arrive at our website by clicking on a Taboola ad.

This procedure is used to evaluate the effectiveness of the advertisements for statistical and market research purposes and can help to optimise future advertising measures. These usage profiles do not allow any inference to your person and are anonymous for us. We process this data on the basis of your consent in accordance with Art. 6 (1) a) DSGVO.

You can find more information about Taboola at: https://www.taboola.com/policies/privacy-policy. In addition, Taboola has created an option to permanently deactivate the processing of your data (opt-out): https://www.taboola.com/policies/privacy-policy#user-choices-and-opting-out.


6. social media

We maintain online presences within social networks and video services in order to communicate with the users active there and to offer information about us there. When you visit our site, however, no direct connection is established between your browser and the servers of the respective social networks. A forwarding of data only takes place after you agree to the data transfer by clicking on the privacy settings. An automatic transmission of user data to the operators of these platforms does not occur through this tool.

For a detailed presentation of the respective forms of processing and the possibilities of objection, we refer to the data protection declarations and information provided by the operators of the respective networks.


6.1 LinkedIn

Our website uses the "share function" of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. If you click on the LinkedIn "button", you will be redirected to your user account in a separate browser window - provided you are logged into your user account at LinkedIn. The plug-in establishes a direct connection between your browser and the LinkedIn server. LinkedIn thereby receives the information that you have visited our website with your IP address. In addition, it is then possible for LinkedIn to assign your visit to our website to you and your user account. We point out that we have no knowledge of the content of the transmitted (personal) data and their use by LinkedIn.  

The legal basis for the collection and processing of your personal data carried out by LinkedIn for us for the aforementioned statistical purposes is Art. 6 para. 1 sentence 1 lit. a) DSGVO. You can find more information on this in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy.

6.2 Facebook (Fanpage)

We operate a so-called "fan page" on Facebook to inform about topics related to our software. This is an offer from Facebook Ireland Ltd ("Facebook"), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We have agreed to the conditions for the commercial use of Facebook.                                                                                                          

When you visit our fan page on Facebook, Facebook uses our fan page cookie on your device and collects so-called "Insights data" about the use of our fan page:

  • Information about your visit to our Facebook fan page (your IP address, last visited website, file name, URL)
  • Information about your Facebook interactions regarding our content ("likes")
  • If necessary, your comments will be saved, including a time

These cookies from Facebook each have a unique cookie ID. On the basis of the data processing carried out by Facebook, we receive anonymised statistical data of fan page visitors from Facebook, in accordance with our joint responsibility pursuant to Art. 26 DSGVO. At no time during your visit to our fan page is it possible for us to identify you by means of the Insights function and the statistics provided by these. 

The legal basis for the collection and processing of your personal data carried out by Facebook for us for the aforementioned statistical purposes is Art. 6 (1) sentence 1 lit. a) DSGVO. 

When and in what form Facebook corrects, stores ported or deletes your personal data is known only to Facebook. We have no influence on this. Since Facebook, as the provider of the Fanpage and the Facebook Insights tool, collects and evaluates personal data required for our statistics, Facebook also has the possibility to establish a personal reference based on this data. Facebook may also transfer data to the USA. 

Information about how to contact Facebook, how to set up ads and the data usage guidelines are available at http://de-de.facebook.com/about/privacy.

For more information about our shared responsibility with Facebook, please visit: https://www.facebook.com/legal/terms/page_controller_addendum.

6.3 Wistia

Our website uses plugins from the video portal Wistia, a service of Wistia Inc, 120 Brookline Street, Cambridge, Massachusetts, 02139 USA. 

We use Wistia in connection with the "extended data protection mode" function to be able to show you videos. The legal basis is Art. 6 para. 1 lit. a) DSGVO. 

This page uses the two-click solution for this. This ensures that direct contact between networks and users is only established when you actually start a video. This tool does not automatically transfer user data to the operators of these platforms.

Without this "two-click solution", a connection to the Wistia server in the USA is established as soon as you call up one of our Internet pages on which a Wistia video is embedded. This connection is necessary in order to be able to display the respective video on our website via your internet browser. In the course of this, Wistia will at least record and process your IP address, the date and time and the website you visited.

Wistia tracks how you interact with the videos on this website: How much of a video you play, at what points in a video you pause or rewind, etc. In some media, we pause the media and ask you to provide your email address or name. You are not required to provide this information, but we reserve the right to restrict certain media to identified users. Wistia aggregates the data collected through the media, including names and email addresses, and makes it available to us. Other than providing this data to us, Wistia does not sell or provide the data collected by our media to third parties. 

Wistia processes the data on our behalf on the basis of a commission processing agreement [MR1] between us and Beamer. This ensures that the data processing on our behalf is carried out in accordance with the General Data Protection Regulation while guaranteeing the protection of the rights of the data subjects.

For more information on how we handle user data, please see Wistia's privacy policy at: https://wistia.com/support/account-and-billing/privacy-and-data-protection#cookies.

7. newsletter

On our website you can subscribe to our newsletter to receive information. We will only process the voluntary information you provide us with for the purpose of sending you the newsletter. Our legal basis for the processing is your consent according to Art. 6 para. 1 lit. a) DSGVO. You can revoke your consent at any time with effect for the future.

7.1 Salesforce Email Studio

Newsletters are sent via "eMail Studio", a newsletter sending platform of the cloud provider Salesforce (salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany).

The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on Salesforce's servers. Salesforce uses this information to send and evaluate the newsletter on our behalf.

In addition, Salesforce may, at its discretion, use this information to improve or enhance its services, such as to technically enhance the delivery and display of newsletters or for statistical purposes to determine which countries the recipients are from. This data is used in pseudonymous form, i.e. without allocation to a user. However, Salesforce does not use the data of our newsletter recipients to write to them itself or pass it on to third parties.

The legal basis for this type of data processing is your consent, Art. 6 (1) lit. a DSGVO, e.g. as part of the newsletter order or registration on our website. You can object to the sending of newsletters and mailings by Salesforce at any time with effect for the future by clicking on the unsubscribe link in the respective email. If you unsubscribe from your newsletter, for example, your data will be deleted as far as possible.

Salesforce processes the data on our behalf (Art. 28 DSGVO). You can view the data protection regulations of the shipping service provider here: https://www.salesforce.com/de/company/privacy/.

8. your data subject rights

With regard to the data processing listed here, you are entitled to various data subject rights which are regulated in the DSGVO.

Right to information

First of all, you have the right to obtain information about the data you have provided to us and which we have processed (Article 15 of the GDPR). 

Right of rectification, erasure and restriction

In addition, you can demand the correction (Art. 16 DSGVO), deletion (Art. 17 DSGVO) and restriction (Art. 18 DSGVO) of your data.

Right to data portability and right to object

You also have a right to data portability (Art. 20 DSGVO) and a right to object (Art. 21 DSGVO).

right of appeal

Without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority. You can contact the data protection supervisory authority of your usual place of residence or our company headquarters. The address of the supervisory authority responsible for us is:

Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219
10969 Berlin

Phone: 030 13889-0
E-mail: mailbox@datenschutz-berlin.de

9. responsible person / data protection officer

If you have any further questions, for example about data that we have stored about you, please do not hesitate to contact us.

Candis GmbH
Friedrichsstraße 200
10117 Berlin

Represented by:
Managing Director: Christian Ritosek, Christopher Becker

Contact:
Phone: 030 346 556 100
E-mail: info@candis.io 

Our data protection officer is Mr Ali Tschakari, LL.M. Bitkom Servicegesellschaft mbH, Albrechtstraße 10, 10117 Berlin. You can contact him directly at the e-mail address datenschutz@bitkom-consult.de or datenschutz@candis.io.

10. status and update of this privacy policy

This privacy policy is current as of April 19, 2021. 

CANDIS reserves the right to amend this data protection regulation at any time, taking into account current data protection regulations.