At Contovista (“Contovista” or “we”), we are committed to protecting and respecting your privacy. Like most companies, we store personal data about our customers and people who are interested in our services. We comply with the applicable data protection laws, in particular the Federal Act on Data Protection (FADP) and the General Data Protection Regulation of the European Union (GDPR).
Who is responsible for processing the data?
Which data is processed?
We process different data from various sources depending on the situation and purpose. We primarily collect and receive this data directly from you when you use our services or as part of general customer communication. Contovista processes different categories of data in this regard. The most important categories of data are described below:
- Applicant data: Applicant data refers to data relating to identity and personal characteristics and circumstances, e.g. name, address or date of birth.
- Contract data: When a contract is concluded, we process master data as well as other data, such as information about obtaining and using services. Such data includes information on the performance and enforcement of contracts as well as feedback on our services.
- Behavioural and preference data: Behavioural data refers to data about certain actions and interactions you may have with us. We may use such data to infer information about the statistical likelihood of you being interested in certain services or of behaving in a certain manner. We generate this data based on existing information, combining it with other data to enhance the quality of our analysis. Behavioural data informs us about certain actions, such as logins, obtaining and using services, and contacting us.
Preference data tells us what your needs are, what services you are interested in, or when and how you respond to our messages. We obtain this information by analysing existing data in order to get to know you better, target offers more precisely and improve them.
Behavioural and preference data can be evaluated either on a personal level to help us make tailored offers or display advertising, or on a non-personal level for the purpose of market research or development of our services.
- Communication data: This data relates to communication with you in writing, by telephone or via electronic channels (e.g. email, SMS and push messages). We also collect data when establishing your identity.
In addition to the IP address and information about the device being used, technical data also includes the date and time, geographic region, and the type of browser or device with which customers access electronic offers from us. This information helps us display content in a browser or on a device. The IP address provides us with information about a telecommunications provider, although we usually cannot determine an individual’s identity unless they are logged into a user account. Technical data also includes log files that are generated in our systems.
- Registration data: This is personal data that is transmitted during registration or activation enabling you to use or participate in certain offers and services (such as newsletters and competitions).
What is the data used for and how is it processed?
We collect and collate data either directly from you or as part of an automated collection process. We process data for the following purposes:
- Establishment, settlement and termination of business relationships
We process data for the purpose of establishing, registering, processing and terminating business relationships. The type of data processed varies according to the type and scope of the business relationships and includes master data, order data, registration data and communication data.
- Compliance with laws, recommendations of authorities and internal regulations
We process data to comply with laws, directives and recommendations from authorities as well as internal regulations (compliance). We are obliged to make certain inquiries or, under certain circumstances, to submit reports. In addition, data processing requires the fulfilment of disclosure, information and reporting obligations, the fulfilment of retention obligations as well as the prevention, detection and clarification of criminal offences and other violations.
This includes receiving and processing complaints and other reports, monitoring communication, internal investigations, or disclosing records to a government agency if we are required to do so or have legitimate interests in disclosure. Data may also be used in both external investigations (e.g., by a regulatory or law enforcement agency or an appointed private entity) and internal investigations.
- Risk management, prevention and corporate governance
We also process data for risk management purposes, to prevent fraud and other unauthorised activities, and as part of prudent business management, including business organisation and business development. With respect to business development, we may sell or acquire businesses or parts of businesses and enter into partnerships, which may also lead to exchanging and processing data.
- Improvement of services
Data is also processed for market research purposes and to improve our services. For these purposes, we use master data, behavioural and preference data, as well as information derived from surveys. We continuously develop our services, adapt them to the needs of our customers and find out how satisfied they are. We analyse which services are utilised and how new services could be designed and used, which gives us an indication of how well existing services are accepted in the market as well as revealing the market potential of new services.
- Security purposes and access controls
We may also process data for security and access control purposes. We continuously review and enhance the security of our IT and infrastructure. However, data security breaches cannot be ruled out with utter certainty. Contovista counters this risk with appropriate technical and organisational measures using state-of-the-art technology. Access controls include both controlling access to electronic systems and controlling physical access.
We process data in order to communicate with you, provide you with information or send you messages. We use master data and communication data for this purpose. We usually retain this data in order to document the communication as well as for quality assurance and to deal with later inquiries. If you contact us by email, we shall be expressly authorised to reply via the same channel to the sender’s address or to the address provided. Emails are transmitted in an unencrypted manner via the Open Internet and as such, we cannot ensure that they will not be accessed, viewed or manipulated by third parties. Consequently, email communication is not suitable for transmitting confidential information.
If you would like to receive a newsletter offered on our website, we require your email address and confirmation that you are the owner of the email address provided and that you agree to receive the newsletter. If you want to subscribe to a newsletter as a customer, you can grant us your consent to do so at the time of registration.
The newsletter will provide you with regular recommendations and offers that may be of interest to you. For this purpose, we collect and process data regarding your usage behaviour on our website, your orders and how you use the newsletter. We evaluate this data for statistical purposes in order to better tailor the content of the newsletter to your interests. The processing of the data entered in the newsletter registration form is based on your consent, which you can revoke at any time in the future. We store the data you provide for the purpose of receiving the newsletter until you unsubscribe from the newsletter.
- Information from other sources
We may receive publicly available professional information about you from third parties or online publications. This information is used to ensure that the information we hold about you is accurate and up to date, that we have all the information we need to provide or offer you a product or service, and to help us provide the best possible service in the most efficient way.
- Automatic collection during visit to our website
Why do we process your data?
This section describes the data we collect and the legal basis for such processing.
- Our legitimate interest
To respond to your communication and keep a record for quality and training purposes, we process your first and last name, job title, company name, email address, phone number and country.
To ensure network and information security, we process your IP address, browser type and operating system, the pages visited during your visit and the source of your access to our website (e.g. the website or URL (link) that referred you to our website.
To monitor the performance of our website and improve the user experience, we process your weblog server information (as described above).
To send you more information about our service, we process your first name, last name, company name and email address.
To personalise our service strategy and thereby enhance the customer experience and to explain our offerings and market strategy to ensure that our communication is relevant, we process your first name, last name, job title, organisation, email address, phone number, country, and responses to questions about our services and industries.
To determine your interest in our services, we process your first name, last name, job title, company name, email address, phone number, authorised user credentials (email address and password) and your interaction with our website, content and services.
- Your declaration of consent
In order to contact you or keep in touch with you, we process your first name, last name, company name, email address, phone number and country.
To respond to your communication and keep a record for quality and training purposes, we process your first and last name, job title, company name, email address, phone number and country.
To send you confirmation and more information about our services, we process your first name, last name, company name and email address.
What about special categories of data?
We do not knowingly or intentionally collect specific categories of data from individuals and ask that you do not provide us with any special categories of personal data.
How do we share your personal data?
We are bound to confidentiality by the Data Protection Act and other regulatory requirements. Services are often developed, provided and processed with shared responsibilities, which means that data is processed by different bodies. The agencies involved may each process your data, but may only do so within the framework of legal and/or contractual requirements.
- Internal persons at Contovista
- Service provider
We cooperate with service providers both in Germany and abroad. To enable us to provide services in an efficient, secure and cost-effective manner, we rely on third-party services in certain areas. Among other things, these services include IT support, information dispatch, marketing, sales, communication, market research, printing services, customer relationship management services, marketing automation, analytics services, as well as services from consulting companies and law firms. In each case, we only disclose to service providers the data necessary and required to provide such services. Our service providers have agreed to confidentiality constraints and use all the data that we provide to them or that they collect on our behalf exclusively for the purpose of rendering the contractually agreed services for us.
- Electronic data transmission
Do we share data abroad?
As explained in section 1.6., we are not the only ones who process data about you; other bodies also do so where necessary. Since they are not exclusively located in Switzerland, data may be processed worldwide, including outside the EU or European Economic Area (third countries). If recipients are located in a country without adequate legal data protection, we shall undertake to contractually oblige them to comply with data protection, usually by concluding recognised standard contractual clauses. We can waive this if recipients are already subject to a set of rules recognised in Europe to ensure data protection or if we can rely on an exceptional provision. The latter may be the case, in particular, during legal proceedings abroad, in cases of overriding public interest or where the performance of the contract requires such disclosure, provided we have obtained consent or the data has been made generally accessible. It should be noted that data exchanged online is often routed via third countries. Consequently, data may end up abroad even if the sender and recipient are located in the same country.
For how long do we store data and when do we delete it?
We store data for as long as required to do so by the applicable legal requirements or the purpose of the processing. The duration of retention is therefore based on legal and internal regulations. Contovista also takes into account retention obligations and processing purposes as well as the need to protect its own interests (e.g. to enforce or defend against claims and to ensure IT security). Should these purposes be achieved or no longer apply and there be no obligation to retain the data, we delete or anonymise the data as part of the usual processes. This may be more than ten years, depending on the respective legal basis.
Examples of documentation and evidence purposes include Contovista’s interest in documenting operations, interactions and other facts in the event of legal claims, discrepancies, for IT and infrastructure security purposes, to demonstrate good corporate governance and compliance, to develop our services, to manage your relationship with us and to meet the reasonable expectations of our customers and previous customers. From a technical perspective, retention may be necessary because certain data cannot be separated from other data and must continue to be retained with that data (e.g. in the case of backup or document management systems).
How do we protect data?
Contovista shall take appropriate security measures of a technical and organisational nature to maintain the security of data, to protect it against unauthorised or unlawful processing and to counteract the risk of loss, accidental alteration, unintentional disclosure or unauthorised access. These security measures include the encryption and pseudonymisation of data, access restrictions, the storage of backup copies, instructions to employees and confidentiality agreements. We also require third parties to adopt appropriate security measures. However, it should be noted that security risks cannot be ruled out entirely.
What rights do you have?
To the extent that the requirements of applicable law are met, you shall have the following rights in relation to your data:
- Information about your own data;
- Correction of incorrect or incomplete data;
- Deletion of your data;
- Restriction of data processing of your data;
- Filing a complaint against the way the data is processed.
Do you have a right of revocation?
You shall have the right to revoke your consent at any time with future effect. In certain cases, you can also object to data processing (e.g. data processing connected to advertising). However, processing activities carried out in the past based on consent shall not be rendered unlawful as a result of revocation.
Revocation shall not be possible in cases where data processing is absolutely necessary for the provision of the service or fulfilment of contractual obligations. In such cases, a waiver of such data processing is only possible by terminating the contractual relationship.
What applies to direct marketing and profiling?
We may use data to inform you about Contovista’s services that we believe could be of interest to you. We may contact you via email or other communication channels that we believe may be helpful to you. In either case, we shall respect your preferences as to how you would like us to send marketing.
To protect your privacy rights and to ensure that you have control over how we market to you, we shall take steps to limit direct marketing to an appropriate and proportionate level and only send you communications that we believe may be of interest or relevant to you.
You can ask us to stop direct marketing at any time by following the “unsubscribe” link that you will find on all email marketing messages we send you. Alternatively, you can request this by contacting us at email@example.com. Please indicate whether you would like us to stop all forms of marketing or only a specific type (e.g., email).
For more information about this type of interest-based advertising and how to opt-out of this feature, please visit www.youronlinechoices.com/uk/ or follow the link to the website of our advertising partners listed below. Without these cookies, ads you may come across will be less relevant to you and your interests.
What applies to third-party cookies?
Which online technologies are used?
We currently work with the following providers for the above-mentioned purposes:
Our website is hosted on WordPress. Your data can be stored via WordPress data storage, databases and the general WordPress applications. WordPress stores your data on secure servers behind a firewall. Further information about WordPress privacy can be found at (wordpress.org/about/privacy/).
We operate parts of our website based on HubSpot, a service provided by HubSpot Inc, 25 First Street, Cambridge, MA 02141, USA. HubSpot is certified under the EU-US Privacy Shield and applies standard contractual clauses (SCCs) to ensure that data is processed securely outside the EU. This entails the use of “web beacons” and the setting of “cookies”, which are stored on your computer and enable us to analyse how our website is used. HubSpot analyses the collected information (e.g. IP address, geographical location, browser type, duration of the visit and pages viewed) on our behalf to generate reports about the visit and the pages visited.
If you subscribe to our newsletter and download studies and other documents, we can also use HubSpot to record visits to our website on a personal level using additional information (especially name and email address) and, if necessary, provide you with targeted information on topics you are interested in. If you do not want HubSpot to collect your personal data, you can prevent the storage of cookies at any time by changing your browser settings accordingly.
- Google services
- Google reCAPTCHA
We use Google reCAPTCHA (hereinafter “reCAPTCHA”) on our website, provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
How do we use social media sites?
We may operate our own pages on social networks or similar third-party platforms. If you communicate with us via such pages or comment on or redistribute content, we shall collect corresponding information and process it primarily for communication and marketing purposes. We have the right, but not the obligation, to check content before or after it is published and to delete content without notification (e.g. in the case of unacceptable behaviour), insofar as this is technically possible, or to report it to the provider of the relevant platform. In the event of a breach of decency and conduct rules, we may also report the relevant user account to the provider of the platform which could result in their account being blocked or deleted.
When visiting social media sites, data (e.g. visitor behaviour) may also be transmitted directly to or collected by the provider in question and processed together with other data already known to it (e.g. for marketing and market research purposes). For more information on data processing by social network providers, please refer to the privacy policies of the relevant social networks. We currently use the following social media plugins:
- Facebook plugin
Facebook plugins are integrated on our website. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our website. You can find an overview of the Facebook plugins at developers.facebook.com/docs/plugins/.
- Twitter plugin
- LinkedIn plugin
Our website uses certain features of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. A connection to LinkedIn servers is established each time one of our pages containing a LinkedIn feature is accessed. LinkedIn is informed that you have visited our web pages using your IP address. If you click on LinkedIn’s “Recommend” button and are logged into your LinkedIn account, it will be possible for LinkedIn to assign your visit to our website to you and your user account. We should point out that we as the provider of the pages have no knowledge of the content of the transmitted data or how it is used by LinkedIn.
3. TERMS AND CONDITIONS FOR VISITING OUR WEBSITES
Which definitions apply when visiting our websites?
- Compliance with a legal obligation: Processing is necessary to ensure that we can meet our legal and regulatory obligations.
- Consent: You have expressly consented to the processing of your personal data.
- Data controller: The entity that determines the purpose and manner of the processing of personal data.
- European Economic Area: Comprising the countries belonging to the European Union as well as Norway, Iceland and Liechtenstein.
- Identifiable natural person: A person who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Legitimate interests: Processing is necessary for our or a third party’s legitimate interests relating to effective and proper conduct as well as the management of our respective businesses (unless our or the third party’s interests are overridden by your own interests, rights and freedoms).
- Performance of a contract: Processing is necessary to perform our contractual obligations, exercise our contractual rights or otherwise perform our contract with you, or to take steps to conclude a contract at your request.
Which aspects of the disclaimer should be noted?
Our offering contains links to external third-party websites, over whose content we have no influence at all. For this reason, we cannot assume any liability for such external content. The respective provider or operator of the pages shall always be responsible for the content of the linked pages. The linked pages were checked for possible legal violations at the time they were linked and no illegal content was identified. Permanent monitoring of the content of the linked pages is not reasonable without concrete evidence of the law being violated. If we become aware of any such infringements, we shall remove such links immediately.
Which aspects of copyright should be noted?
The content and works created by the site operators of these pages are subject to copyright laws. Duplication, processing, distribution, or any form of commercialisation of such material beyond the scope of the copyright law shall require the prior written consent of its respective author or creator. Downloads and copies of this page shall only be permitted for private, non-commercial use. The copyrights of third parties are respected to the extent that the content on this page was not created by the operator. In particular, third-party content is identified as such. Nevertheless, should you become aware of a copyright infringement, please inform us. If we become aware of any such infringements, we shall remove such content immediately.