The requirements of the EU General Data Protection Regulation (hereinafter GDPR) apply throughout Europe. We would like to inform you about the processing of personal data by our company in accordance with this regulation (see Articles 13 and 14 GDPR). If you have any questions or comments about this privacy policy, you can always address them to the email address indicated under 1.2.
In this section of the privacy policy you will find information on the scope, the person responsible for data processing, their data protection officer and data security.
The data processing by the AUBII GmbH can essentially be divided into two categories :
– for the purpose of contract performance , all data necessary for the performance of a contract with AUBII GmbH will be processed. If external service providers are also involved in the processing of the contract, e.g. hosting service providers or payment service providers, your data will be passed on to the respective if this is required.
– By calling up the website / application of AUBII GmbH, various information is exchanged between your device and our server. This can also be personal data. The information collected in this way is used, among other things, to optimize our website or to display advertising in the browser of your device.
This Privacy Policy applies to the following offers:
– our online offer available at www.excellent.org.
– Whenever one of our offers (e.g. websites, subdomains, mobile applications, web services or third-party affiliations) refers to this Privacy Policy, regardless of the way in which you access or use it.
All these offers are collectively referred to as „Services“.
Responsible person for the data processing i.e. the one who decides about the purposes and means of the processing of personal data in connection with the services is
AUBII GmbH
Alsterufer 34
20354 Hamburg
Germany
Telephone: +49 40 328 90 10 80
E-mail: service@excellent.org
You can contact our data protection officer as follows:
Datenschutz Saxelfur UG (haftungsbeschränkt)
Prof. Dr. Simon A. Fischer,
Modering 3
22457 Hamburg
E-Mail: mail@saxelfur.de
Telefon: 040 – 5520 1813
In order to develop the measures required by Art. 32 GDPR and thus achieve a level of protection commensurate with the risk, we have established the information security standard according to VdS 3473 in our company.
The guidelines of the VdS 3473 – Cyber-Security for small and medium-sized enterprises of the VdS Schadenverhütung GmbH contain guidelines and assistance for the implementation of an information security management system, as well as concrete measures for the organizational and technical protection of IT infrastructures. They are designed with the objective of ensuring an adequate level of protection.
In this section of the privacy policy, we will inform you in detail about the processing of personal data as part of our services. For better clarity, we divide this information by certain functionalities of our services. During the normal use of the services, different functionalities and thus also different processing operations can be used successively or simultaneously.
For all processing operations described below, unless otherwise stated:
There is no contractual or legal obligation to provide personal data. You are not required to provide data.
In the case of required data (data which are marked as obligatory when entering data), non-provisioning means that the service concerned can not be provided. Otherwise, non-provisioning may mean that our services can not be provided in the same form and quality.
In some cases, you may also give us your consent for further processing in connection with the processing described below (possibly for some of the data). In this case, we will separately inform you in connection with the submission of the respective declaration of consent of all modalities and the scope of the consent and the purposes that we pursue with these processing operations.
If we provide data to third countries, i.e. countries outside the European Union, then the transmission will take place only in compliance with the statutory eligibility requirements. The admissibility requirements are regulated by Art. 44-49 GDPR.
Our data processing takes mainly place with the involvement of so-called hosting service providers, who provide us with storage space and processing capacities in their data centers and, according to our instructions, also process personal data on our behalf. These service providers process data either exclusively in the EU or we have guaranteed an appropriate level of data protection using EU standard privacy clauses.
We transfer personal data to governmental authorities (including law enforcement agencies) when required to fulfill a legal obligation to which we are subject (Legal Basis: Art. 6 (1) (c) GDPR) or to assert, exercise or defend legal claims (Legal basis Art. 6 para. 1 f) GDPR).
We do not store your data longer than we need it for the respective processing purposes. If the data is no longer required for the fulfillment of contractual or legal obligations, these data will be deleted on a regular basis, unless their temporary storage is still necessary. Reasons for this can be, for example:
Likewise it is possible for us to store your data further with us, if you have expressly given your consent.
Here is how we process your personal information when you visit our services. In particular, we point out that the transmission of access data to external content providers (see b.) is inevitable due to the technical functioning of information transmission on the Internet.
2.2.1 Information on processing |
||||
| Data category | Intended | Legal basis | Legitimate interest | Storage time |
| access data | Establishing a connection, presenting the contents of the service, detecting attacks on our site due to unusual activities, fault diagnosis | Art. 6 para. 1 f) GDPR | proper functioning of services, security of data and business processes, prevention of misuse, prevention of damage through interference with information systems | 14 days |
2.2.2 Recipient of personal data |
|||
| Recipient category | Affected data | Legal basis of the transfer | Legitimate interest |
| External content providers that provide content (such as images, videos, embedded social networking postings, banner ads, fonts, update information) required to view the service | access data | Art. 6 para. 1 f) GDPR | proper functioning of services, (expedited) presentation of content |
| IT security service | access data | Order processing (Art. 28 GDPR) | Preventing attacks by exploiting security holes/ vulnerabilities |
| Hoster | access data | Art. 6 para. 1 f) GDPR | Web hosting |
What happens to your personal data in connection with a subscription to our newsletter, we describe here:
2.3.1 Information on processing |
||||
| Data category | Intended | Legal basis | Legitimate interest | Storage time |
| E-mail address | Verification of the application (double opt-in process), sending of the newsletter | Article 6 (1) (a) GDPR | Duration of newsletter subscription | |
| Personal data | Personalization of the newsletter | Art. 6 (1) (bf) GDPR | Duration of newsletter subscription | |
| Credentials | Trace ability of completed newsletter registration/ confirmation/ deregistration | Art. 6 (1) (b), f) GDPR | Proof of successful newsletter registration, confirmation and deregistration | Duration of newsletter subscription |
| User Profile Data Newsletter | Interest based design of the newsletter | Art. 6 (1) (f) GDPR | Improvement of our service, promotional purposes | Duration of newsletter subscription |
2.3.2 Recipient of personal data |
|||
| Recipient category | Affected data | Legal basis of the transfer | Legitimate interest |
| Service provider for newsletter distribution | All under 2.3.1. mentioned data | Order processing (Article 28 (3) sentence 1 GDPR)
Privacy Shield Agreement Transmission to the USA |
|
In an ongoing application process, we process your personal data in the following ways:
2.4.1 Information om processing |
||||
| Data category | Intended | Legal basis | Legitimate interest | storage time |
| Address data, contact data | Identification, establishment of contact, communication for contract initiation | Art. 6 (1) (b) GDPR | 6 months | |
| Personal data | Identification, contact, age verification | Art. 6 (1) (b) GDPR | 6 months | |
| Application data | candidate selection | Art. 6 (1) (b) GDPR | 6 months | |
2.4.2 Recipients of personal data |
|||
| No data are transfered | |||
How we process your personal information when contacting our customer service can be found here:
2.5.1 Information on processing |
||||
| Data category | Intended | Legal basis | Legitimate interest | Storage time |
| Account data, personal data, contact data, login data, order data, payment data, access data, application data, appraiser data, review data, company data | Processing of customer inquiries | Art. 6 para. 1 b), f) | Customer loyalty, improvement of our service | 6 months |
2.5.2 Recipients of personal data |
|||
| recipient category | Affected data | Legal basis of the transfer | legitimate interest |
| Hoster | All under 2.5.1. mentioned data | Art. 6 para. 1 f) GDPR | Web hosting |
When you conclude a contract with us, your data will be processed at the conclusion of the contract as follows:
2.6.1 Information for processing |
||||
| Recipient category | Affected data | Legal basis of the transfer | Legitimate interest | Storage time |
| Company data, personal data, address data, contact data, registration data, order data, payment data, access data | Contract | Art. 6 (1) (b) GDPR | ten years | |
2.6.2 Recipients of personal data |
|||
| Recipient category | Affected data | Legal basis of the transfer | Legitimate interest |
| Hoster | All under 2.6.1. mentioned data | Order processing (Art. 28 GDPR) | |
For the invoice, reminder process and debt collection your data are processed as follows:
2.7.1 Information for processing |
||||
| Data category | Intended | Legal basis | Legitimate interest | Storage time |
| Company data, personal data, address data, contact data, order data, payment data | Collect open receivables | Art. 6 (1) (b) GDPR | ten years | |
2.7.2 Recipients of personal data |
|||
| Recipient category | Affected data | Legal basis of the transfer | Legitimate interest |
| Payment service | All under 2.7.1. mentioned data | Order processing (Art. 28 GDPR) | Execution of different payment methods (SEPA, BACS, credit card, Paypal, etc.) |
| Debt collection service | All under 2.7.1. mentioned data, debt collection data | Order processing (Art. 28 GDPR) | |
2.8.1 Information for processing |
||||
| Data category | Intended | Legal basis | Legitimate interest | Storage time |
| Account data, person data, login data, employee data, company data, order data, payment data, collection data, company data, address data, contact data, order data | Accounting and tax consultancy | Art. 6 (1) (b) GDPR | Ten years | |
2.8.2 Recipients of personal data |
|||
| Recipient category | Affected data | Legal basis of the transfer | Legitimate interest |
| Tax consultancy | All under 2.8.1. mentioned data | Order processing (Art. 28 GDPR) | |
The following information describes how your personal information are processed when you post a review.
2.9.1 Information about processing |
||||
| Data category | Intended | Legal basis | Legitimate interest | Storage time |
| Reviewer data | Posting of a review | Art. 6 (1) (b) GDPR, Recital 40 and 44
|
Fulfillment of the contractual agreement | Duration of the customer contract or revocation possibility of the reviewer |
2.9.2 Recipientof personal data |
|||
| Recipient category | Affected data | Legal basis of the transfer | Legitimate interest |
| Hoster | all under 2.9.1. mentioned data | Order processing (Art. 28 GDPR) | |
The following information describes how your personal information are processed during a mediation process.
2.10.1 Information for processing |
||||
| Data category | Intended | Legal basis | Legitimate interest | Storage time |
| Mediation data, company data | Mediation process | Article 6 (1) (a), (b) GDPR | Fulfillment of the contractual agreement | 6 months |
2.10.2 Recipient of personal data |
|||
| Recipient category | Affected data | Legal basis of the transfer | Legitimate interest |
| Hoster | all under 2.10.1. mentioned data | Order processing (Art. 28 GDPR) | |
Below we describe how your personal information is processed using tracking technologies to analyze and optimize our services and for promotional purposes.
The description of the tracking methods also includes information on how to prevent or contradict the processing of data. Please note that the so-called „opt-out“, i.e. the rejection of processing, is usually stored via cookies. If you use our services via a new device or in another browser, or if you have deleted the cookies set by your browser, you must explain the refusal again.
The tracking methods described process personal data only in pseudonymous form. A connection with a specific, identified natural person, i.e. a combination of the data with information about the carrier of the pseudonym, does not take place.
Purposes of processing
The analysis of user behavior by means of tracking helps us to check the effectiveness of our services, to optimize them and to adapt them to the needs of our users, as well as to correct errors. It also serves to statistically determine parameters for the use of our services (range, intensity of use, user surfing behavior) on the basis of uniform standard procedures and thus to obtain comparable values across the market.
Tracking to measure the success of advertising campaigns is designed to help us optimize our ads for the future, and to help marketers and advertisers optimize their ads accordingly. The aim of tracking to optimize the display of advertisements is to show users advertising tailored to their interests, to increase the success of the advertising and thereby also the advertising revenues.
Legal basis of processing
Legitimate interest pursuant to Art. 6 para. 1 f) GDPR
The tracking methods used in detail
| Name of the service | functionality | Possibility to prevent processing (opt-out) | Data transfer to third country? | Adequacy decision (Article 45 GDPR) | Suitable guarantees, (Art. 46 GDPR) |
| Google Analytics | Web analytics service | tools.google.com/dlpage/gaoptout?hl=de | no | Privacy-Shield-Agreement
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active |
|
| Facebook pixel | Custom Audiences for Ads (Facebook Ads) | Opposition of cookies for distance measurement and advertising purposes:
Network: http://optout.networkadvertising.org/, US-Webseite: (http://www.aboutads.info/choices), European Website: http://www.youronlinechoices.com/uk/your-ad-choices/ |
yes | Privacy-Shield-Agreement
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active |
|
| Lead Forensics | Business web analytics service | http://lfwebproxy.westeurope.cloudapp.azure.com:5000/?clientID=120186 | no | ||
| Mailchimp | Tracking e-mail activities | You can cancel the receipt of our newsletter at any time | yes | Privacy-Shield-Agreement
https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active |
|
| Google Double click | yes | Privacy-Shield-Agreement
https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active |
|||
| Pipedrive | Tracking e-mail activities | By contradiction to EXCELLENT.ORG | yes |
If you want to opt-out of interest-based advertising, you can also go to http://www.youronlinechoices.com, click on „Preference Management“ and follow the instructions to use the data for interest-based advertising listed there Service providers completely or individually to prevent. You will still receive advertising, but it is not interest-based.
This website may contain additional programs (plugins) from social networks such as: Facebook, Google+, Twitter or Pinterest, which are operated by third parties and via which messages can be transmitted to the corresponding social network via a button in order to rate content, for example to be recommended or shared. This is the purpose and legitimate interest in promoting our services.We configure our services in such a way that data transmission does not take place until you press the button. The legal basis for data transmission in this case is Art. 6 I f) GDPR. The respective provider is responsible for the data protection compliant processing of the transmitted data.
| Name of the service | providers | Privacy information of the provider |
| Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA | https://de-de.facebook.com/about/privacy/ | |
| Google+ | Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA | https://www.google.com/+/policy/pagesterm.html |
| Twitter Inc., 539 Bryant Street, Suite 402, San Francisco, CA 94107, USA | https://twitter.com/de/privacy | |
| LinkedIn Ireland Unlimited Company,Wilton Place,Dublin 2, Irland | https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy |
If we process your personal data in order to operate direct mail, you have the right at any time to object to the processing of your personal data for the purpose of such advertising, as far as it relates to such direct mail, with future effect.
You also have the right, for reasons arising from your particular situation, to object to the processing of personal data concerning you at any time with regard to the future in accordance with Article 6 (1) (e) or (f) GDPR appeal.
The right to object can be exercised free of charge.
You can reach us via the contact details listed under 1.2.
You have the right to know whether personal data concerning you are processed, which personal data this may be, and further information in accordance with Art. 15 GDPR.
You have the right to demand immediate correction of your incorrect personal data (Art. 16 GDPR). Taking into account the purposes of processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
You have the right to demand that personal data relating to you be deleted immediately if one of the reasons stated in Art. 17 (1) GDPR is applicable and the processing is not for one of the purposes set out in Art. 17 (3) GDPR is required.
You are entitled to demand a restriction on the processing of your personal data if one of the conditions laid down in Art. 18 (1) (a) to (d) GDPR is met.
You have the right to receive personally identifiable information you provide us in a structured, common and machine-readable format. Furthermore, you have the right to transmit this data to another person without hindrance or to obtain that a direct transmission takes place by us, if this is technically possible. This should always apply if the basis of the data processing is the consent or a contract and the data is processed automatically. Accordingly, this does not apply to data held in paper form only.
If the processing is based on your consent, you have the right to revoke your consent at any time. The legality of the processing on the basis of the consent until the revocation is not affected.
You have the right of appeal to a supervisory authority.
Contractor: a natural or legal person, public authority, body or body that processes personal data on behalf of the controller.
Browser: computer program for displaying web pages (e.g. Chrome, Firefox, Safari)
Cookies: In the context of the World Wide Web, a cookie describes a small text file that is stored locally on the computer of the user when visiting a website. This file stores data about the behavior of the user. When the browser is called up and the corresponding website is visited repeatedly, the cookie is used and uses the stored data to provide the web server with information about the surfing behavior of the user.
In this context cookies are information that a website stores locally on a visitor’s computer in a small text file. This can be settings already made by the user on a page, but also information that the website has gathered completely independently from the user. Later, these locally stored text files can then be read out again by the same web server from which they were created. Most browsers accept cookies automatically. You can manage cookies using the browser features (usually under „Options“ or „Preferences“). This may disable the storage of cookies, be made dependent on your approval in individual cases or otherwise restricted. You can also delete cookies at any time.
Third countries: Country which is not bound by the legal requirements of the EU Data Protection Directive (non-EEA)
Personal information: Any information relating to an identified or identifiable natural person. A natural person is considered as identifiable, which can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, the expression of the physical , physiological, genetic, mental, economic, cultural or social identity of this natural person.
Pixel:Pixels are also called counting pixels, tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML emails or on web pages. When a document is opened, this small image is downloaded from a server on the Internet, where the download is registered there. This allows the operator of the server to see if and when an e-mail has been opened or a website has been visited.This function is usually realized by calling a small program (Javascript). This will allow certain types of information to be detected and shared on your computer system, such as the content of cookies, the time and date of the page view, and a description of the page on which the pixel is located.
Profiling:Any type of automated processing of personal data that involves the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal preferences to analyze or predict interests, reliability, behavior, whereabouts or location of this natural person
Services: Our offers subject to this Privacy Policy (see Scope).
Tracking: The collection of data and their evaluation regarding the behavior of visitors to our services.
Tracking technologies: Tracking can be done via the log files stored on our web servers as well as by collecting data from your device via pixels, cookies and similar tracking technologies.
Processing: Any process or series of operations related to personal data, such as collecting, acquiring, organizing, processing, storing, adapting or modifying, reading out, querying, using, with or without the help of automated procedures; disclosure by submission, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction.