Privacy Policy

INFORMATION ON DATA PROTECTION REGARDING OUR DATA PROCESSING ACCORDING TO ARTICLES 13, 14, AND 21 OF THE GENERAL DATA PROTECTION REGULATION (GDPR)

Privacy Policy

We take the protection of your personal data very seriously. You have the right to know when which data is collected and how it is processed. We have implemented technical and organizational measures to ensure that the regulations on data protection are observed. As we continue to develop our website and implement new technologies to improve our service for you, changes to this privacy policy may also become necessary. Therefore, we recommend that you read this privacy policy at regular intervals.

Name and Address of the Responsible Party

CanMe GmbH

Albert-Einstein-Straße 1, 95028 Hof

legal@canme.cloud

Imprint: www.canme.cloud/impressum

General Information on Data Processing

1. Scope of Processing Personal Data

We process personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The processing of personal data of users usually only occurs with the user's consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.

2. Legal basis for the processing of personal data

Insofar as we obtain consent from the data subject for processing operations involving personal data, Article 6(1)(a) of the GDPR serves as the legal basis.

For the processing of personal data that is necessary for the fulfillment of a contract to which the data subject is a party, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

If the processing is necessary to safeguard a legitimate interest of ours or a third party and the interests, fundamental rights, and freedoms of the data subject do not outweigh the aforementioned interest, then Article 6(1)(f) of the GDPR serves as the legal basis for the processing.

3. Data deletion and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also occur if this is provided for by European or national legislation in union law regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned norms expires, unless there is a necessity for further storage of the data for the conclusion of a contract or for contract fulfillment.

Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, the system automatically collects data and information from the computer system of the accessing device. The following data is collected:

(1) Information about the browser type and version used

(2) The user's operating system

(3) The user's internet service provider

(4) The user's IP address

(5) Date and time of access

(6) Websites accessed by the user's system through our website

The data is also stored in the system's log files. There is no storage of this data together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. Additionally, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing according to Article 6(1)(f) GDPR also lies in these purposes.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of data collection for the provision of the website, this is the case when the respective session is ended. In the case of data storage in log files, this occurs after a maximum of 30 days. Further storage is possible. In this case, the IP addresses of the users are deleted or anonymized, so that an assignment of the calling client is no longer possible.

5. Right to Object and Removal

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Therefore, there is no right to object on the part of the user.

Use of Cookies

1. Description, Scope, and Purpose of Data Processing

This website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. The use of cookies serves to make the use of our service more pleasant and interactive for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave the page.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a specific set period of time. When you visit our site again to use our services, it is automatically recognized that you have already been with us and what inputs and settings you have made, so you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of the website and to evaluate it for the purpose of optimizing the offer for you. These cookies allow us to automatically recognize during a subsequent visit to our site that you have already been with us. These cookies are automatically deleted after a defined period of time.

Cookie Recording: www.canme.cloud/cookie-policy

2. Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Article 6(1)(f) of the GDPR.

3. Duration of storage, options for objection and removal

Cookies are stored on the user's computer and read by the browser that transmits data to our site. Therefore, the user has complete control over the use of cookies. By changing the settings in the internet browser, you as a user can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for this website, not all functions of the website may be fully usable.

Contact form and email contact

1. Description and scope of data processing

You can be contacted via our contact form and the provided email address. In this case, the personal data of the sender, i.e., the user, transmitted with the request will be stored.

2. Legal basis for data processing

The legal basis for the processing of this data, which is transmitted in the course of sending a request, is Article 6(1)(f) GDPR. If the request aims at the conclusion of a contract, the legal basis for processing is Article 6(1)(b) GDPR.

3. Purpose of data processing

The processing of personal data from the input mask serves solely to process the contact request. In the case of contact via email, there is also the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of my information technology systems.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is considered ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

5. Right to Object and Removal

The user has the option to withdraw their consent to the processing of personal data at any time. If the user contacts me via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data that was stored during the contact will be deleted in this case.

Integration of external web services and processing of data outside the EU

On our website, we use active content from external providers, so-called web services. By accessing our website, these external providers may receive personal information about your visit. In this case, processing of data outside the EU may be possible.

We use the following external web services:

1. reCAPTCHA

To ensure sufficient data security when transmitting forms, we use the reCAPTCHA service from Google in certain cases. This primarily serves to ensure that the input is made by a natural person, or is misused by machine and automated processing. The differing privacy policies of Google Inc. apply here. You can find them at https://www.google.com/intl/de/policies/privacy/.

2. Google Ads

This website uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites when the user enters specific search terms in Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Google (e.g., location data and interests) (audience targeting). As website operators, we can quantitatively evaluate this data by analyzing, for example, which search terms led to the display of our advertisements and how many ads resulted in corresponding clicks.

The use of this service is based on your consent under Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: Data transfer frameworks – Privacy & Terms – Google and https://privacy.google.com/businesses/controllerterms/mccs/.

3. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies," text files that are stored on your computer and allow for an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website, your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activities, and provide other services related to website usage and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. You can prevent the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the features of this website to their full extent. Furthermore, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google as well as the processing of these data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout

For more information on terms of use and data protection, please refer to the Google Analytics terms or the Google Analytics overview. We would like to point out that this website has been enhanced with the code “gat._anonymizeIp();” to ensure the anonymized collection of IP addresses (so-called IP masking).

Use of Social Media Services

We maintain an online presence within social networks and platforms to communicate with customers, interested parties, and users active there and to inform them about our services. These external social networks and platforms from XING, LinkedIn, Twitter, etc. (service providers) are included in our website as references (links).

If you follow these references during your visit to our website and are logged into your personal user account with the service provider, the information that you visited our website will be forwarded to the service provider. The service provider can associate the visit to the website with your account. This information is collected and stored by the service provider. To prevent this, you must log out of your service provider account before clicking on the reference. The functions assigned to the references by the service provider, particularly the transmission of information and user data, are not activated merely by visiting our website, but only by clicking on the corresponding references.

For the purpose and scope of data collection by the service provider, as well as the further processing and use of your data there, and your related rights and options for protecting your privacy, please refer to the privacy notices of the respective service provider:

1. XING

The website of XING is operated exclusively by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany (XING). The references are marked on our website by the XING logo (no plugins are used). Privacy policy of XING: https://www.xing.com/app/share?op=data_protection

2. LinkedIn

The website of LinkedIn is operated exclusively by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (LinkedIn). The references are marked on our website by the LinkedIn logo (no plugins are used). Privacy policy of LinkedIn: https://www.linkedin.com/legal/privacy-policy

LinkedIn is certified under the Privacy Shield agreement and thus provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

3. Twitter

The website of Twitter is operated exclusively by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (Twitter). The references are marked on our website by the Twitter logo (no plugins are used). Privacy policy of Twitter: https://twitter.com/de/privacy

Twitter is certified under the Privacy Shield agreement and thus provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Opt-Out: https://twitter.com/personalization

4. Facebook

The website of Facebook is operated exclusively by Facebook Ireland Ltd., 4 Grand Canal Square - Grand Canal Harbour, Dublin 2 Ireland. The references are marked on our website by the Facebook logo (no plugins are used). Privacy policy of Facebook: https://de-de.facebook.com/business/gdpr

6. Instagram

The website of Instagram is also operated by Facebook Ireland Ltd., 4 Grand Canal Square - Grand Canal Harbour, Dublin 2 Ireland. The references are marked on our website by the Instagram logo (no plugins are used). Instagram's privacy policy (Facebook GDPR validity): https://de-de.facebook.com/business/gdpr

7. Pinterest

The website of Pinterest is exclusively operated by Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA. The references are marked on our website by the Pinterest logo (no plugins are used). Pinterest's privacy policy: https://policy.pinterest.com/de/privacy-policy

Rights of the data subject

If personal data is processed by you, you are a data subject within the meaning of the GDPR and you have the following rights against the controller:

1. Right of access

You can request confirmation from the controller as to whether personal data concerning you is being processed. If such processing occurs, you can request the following information from the controller:

(1) the purposes for which the personal data is processed;

(2) the categories of personal data that are processed;

(3) the recipients or categories of recipients to whom the personal data concerning you has been disclosed or will be disclosed;

(4) the planned duration of storage of the personal data concerning you or, if specific details are not possible, the criteria for determining the storage duration;

(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) all available information about the source of the data, if the personal data is not collected from the data subject;

You have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.

2. Right to rectification

You have the right to rectification and/or completion from the controller, provided that the personal data processed concerning you is inaccurate or incomplete. The controller must carry out the rectification without delay.

3. Right to restriction of processing

You may request the restriction of processing of personal data concerning you under the following conditions:

(1) if you contest the accuracy of the personal data concerning you for a period that enables the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data;

(3) the controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise, or defend legal claims, or

(4) if you have lodged an objection to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate grounds of the controller override your grounds.

If the processing of your personal data has been restricted, these data – apart from their storage – may only be processed with your consent or to assert, exercise, or defend legal claims or to protect the rights of another natural or legal person or for reasons of significant public interest of the Union or a member state. If the restriction of processing has been limited according to the aforementioned conditions, you will be informed by the controller before the restriction is lifted.

4. Right to deletion

a) Obligation to delete You can request the controller to delete your personal data without delay, and the controller is obliged to delete this data without delay, provided that one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You withdraw your consent on which the processing was based according to Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR, and there is no other legal basis for the processing.

(3) You file an objection to the processing according to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you file an objection to the processing according to Art. 21 para. 2 GDPR.

(4) The personal data concerning you has been processed unlawfully.

(5) The deletion of the personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.

(6) The personal data concerning you has been collected in relation to services offered by the information society in accordance with Art. 8 para. 1 GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to delete it according to Art. 17 para. 1 GDPR, he shall take appropriate measures, taking into account the available technology and the implementation costs, including technical measures, to inform controllers who process the personal data that you, as the data subject, have requested the deletion of all links to this personal data or of copies or replications of this personal data.

c) Exceptions

The right to deletion does not exist insofar as the processing is necessary

(1) for the exercise of the right to freedom of expression and information;

(2) to fulfill a legal obligation that requires processing under the law of the Union or the Member States to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) as well as Art. 9(3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes in accordance with Art. 89(1) GDPR, insofar as the right mentioned in section a) is likely to make the achievement of the objectives of this processing impossible or seriously impaired, or

(5) for the establishment, exercise, or defense of legal claims.

5. Right to Information

If you have asserted your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to inform all recipients to whom your personal data have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients by the controller.

6. Right to Object

You have the right to object at any time to the processing of your personal data that is subject to processing under Article 6(1)(e) or (f) of the GDPR, for reasons relating to your particular situation. The controller shall no longer process your personal data unless they demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims. You have the option to exercise your right to object in connection with the use of information society services – regardless of Directive 2002/58/EC – through automated procedures that use technical specifications.

7. Right to withdraw the data protection consent declaration

You have the right to withdraw your data protection consent declaration at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

8. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your residence, your place of work, or the place of the alleged infringement, if you believe that the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant about the status and the results of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.