Data protection

Data Protection on Our Website

Protecting your privacy during the processing of personal data is an important concern for us. When you visit our website, our web servers automatically store the IP address of your internet service provider, the website from which you are visiting us, the web pages you visit on our site, as well as the date and duration of your visit. This information is strictly necessary for the technical transmission of the web pages and the secure operation of the server. Personalized evaluation of this data does not take place.

If you send us data via a contact form, this data is stored on our servers as part of data backup. We use your data exclusively for the purpose of processing your request. Your data is treated with strict confidentiality. It will not be disclosed to third parties.

Controller:

daenet Gesellschaft für Informationstechnologie mbH

Hanauer Landstr. 204

60314 Frankfurt

Email address: info@daenet.de

Phone: +49 (69) 242408 - 21

Personal Data

Personal data refers to data about your person. This includes your name, address, and email address. You are not required to provide any personal data to visit our website. In some cases, however, we may need your name, address, and additional information to provide you with the requested service.

The same applies if we provide you with informational material upon request or when we respond to your inquiries. In such cases, we will always inform you accordingly. Additionally, we only store data that you have automatically or voluntarily transmitted to us.

When you use one of our services, we usually only collect the data necessary to provide you with our service. We may ask for additional information, but such information is optional. Whenever we process personal data, we do so to offer you our service or to pursue our commercial objectives.

Contact

When contacting us (e.g., via contact form, email, telephone, or social media), the information provided by the inquiring individuals will be processed to the extent necessary to respond to the contact inquiries and any requested measures.

The response to contact inquiries within the scope of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre)contractual inquiries. Furthermore, it is based on the legitimate interests in responding to the inquiries.

  • Processed data types: Inventory data (e.g., names, addresses), contact details (e.g., email, telephone numbers), content data (e.g., entries in online forms).

  • Data subjects: Communication partners.

  • Purposes of processing: Contact inquiries and communication.

  • Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) of the GDPR), Legitimate interests (Art. 6(1)(f) of the GDPR).

Automatically stored data

Server log files

The provider of the pages automatically collects and stores information in server log files that your browser automatically transmits to us. These include:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser used and operating system used
  • Full IP address of the requesting computer
  • Transferred data volume

These data are not merged with other data sources. The processing is carried out in accordance with Art. 6(1)(f) of the GDPR based on our legitimate interest in improving the stability and functionality of our website.

For reasons of technical security, especially to defend against attack attempts on our web server, we temporarily store this data. It is not possible for us to draw conclusions about individual persons based on this data. The data is anonymized by shortening the IP address to the domain level no later than after seven days, so that it is no longer possible to establish a reference to the individual user. In anonymized form, the data is also processed for statistical purposes; a comparison with other data sets or disclosure to third parties, even in excerpts, does not take place. Only as part of our server statistics, which we publish every two years in our activity report, is the number of page views displayed.

Registration for educational and training services

When you register for one of our educational and training offerings on our website, we use your data to provide you with our training services. The processing is carried out in accordance with Art. 6(1)(b) of the GDPR. The data processed in this context, the type, scope, purpose, and necessity of their processing are determined by the underlying contractual and training relationship.

Cookies

Cookies are small text files that are stored on your computer. When you visit our websites, we may store information on your computer in the form of cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string that allows websites and servers to associate it with the specific internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the affected person from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified via the unique cookie ID.

By using session cookies, the controller can provide users of this website with a user-friendly service that would not be possible without the setting of cookies. Without consent, we only use technically necessary cookies on the legal basis of legitimate interest according to Art. 6 para. 1 lit. f GDPR.

We only use personal cookies to improve our website or for marketing/advertising purposes with your consent. During your first visit, you can voluntarily agree to tracking or analysis through the displayed cookie banner. Your data may be shared with partners or third parties. Only if you explicitly consent, these cookies will be stored, and the legal basis will then be your consent according to Art. 6 para. 1 lit. a GDPR. You can change your cookie preferences here:

XXXXX. Link to reopen the consent banner. XXXXX

Cookiebot

Our website uses the Consent technology by Cookiebot to obtain your consent for storing certain cookies on your device or for using certain technologies and to document this in compliance with data protection regulations. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter “Cookiebot”).

When you enter our website, a connection to Cookiebot’s servers is established to obtain your consents and other declarations regarding cookie use. Subsequently, Cookiebot stores a cookie in your browser to be able to assign the granted consents or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Cookiebot cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention periods remain unaffected.

The use of Cookiebot is for obtaining the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

We have concluded a data processing agreement (DPA) with the aforementioned provider in accordance with Art. 28 GDPR. This is a data protection contract required by law, which ensures that this provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Google Analytics (4)

We use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”) on our website. In this context, pseudonymous usage profiles are created and cookies are used. The information generated by the cookie about the use of our website (e.g., IP address of the accessing computer, time of access, referrer URL, as well as information about the browser and operating system used) is usually transmitted to and processed by Google’s servers in the United States. The use of Google Analytics is based on your consent under (Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG) for the analysis and optimization of our online offering as well as the economic operation of this website. Therefore, Google processes the information on our behalf to evaluate the use of the website, to compile reports on website activity, and to provide other services related to website use and internet use for market research and the demand-oriented design of these internet pages. We have concluded a data processing agreement with Google for the use of Google Analytics. With this contract, Google assures that it processes the data in accordance with the General Data Protection Regulation and ensures the protection of the rights of data subjects. The IP address processed by Google Analytics is automatically shortened. The last three digits of your IP address are replaced with a “0”, preventing attribution. If necessary, the collected data will be transferred to third parties if this is required by law or if third parties process the data on behalf. User data collected through cookies will be deleted automatically after 14 months. The information generated by the cookies about the use of our website (e.g., IP address of the accessing computer, time of access, referrer URL, as well as information about the browser and operating system used) is transmitted to and processed by Google’s servers in the United States. For data transfers to recipients in the United States, Google relies on the Transatlantic Data Privacy Framework of July 10, 2023 (TADPF) and, in the case of data transfers to other third countries, on standard contractual clauses approved by the EU Commission as a guarantee for ensuring a level of data protection comparable to that of the EU. You can obtain a copy of the standard contractual clauses here. We only transmit data to Google on the basis of your consent. You can revoke or adjust your consent at any time with effect for the future. Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help Center. Information about Google’s data usage can be found in their Privacy Policy.

Social plugins from Facebook, Twitter, Instagram, Linkedin, etc.

Our website uses social buttons from social networks. These are only integrated into the page as HTML links, so no connection is established with the servers of the respective provider when you visit our website. If you click on one of the buttons, the website of the respective social network will open in a new window of your browser. There, you can, for example, activate the like or share button.

Online presence on Facebook, Twitter, Instagram, Linkedin

If you have given your consent in accordance with Art. 6(1)(a) of the GDPR to the respective social media operator, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presence on the aforementioned social media platforms. Pseudonymous usage profiles will be created from this data. These can be used, for example, to display advertisements within and outside the platforms that presumably match your interests. Cookies are usually used for this purpose. For detailed information on the processing and use of data by the respective social media operator, as well as your rights and privacy settings, please refer to the privacy policies linked below. If you need assistance in this regard, you can contact us.

LinkedIn: https://www.linkedin.com/legal/privacy-policy

Facebook: https://www.facebook.com/about/privacy/

Instagram: https://help.instagram.com/519522125107875

Twitter: https://twitter.com/en/privacy

Online forms

Our website uses form.taxi, a web service provided by the website https://form.taxi (hereinafter referred to as “form.taxi”). In order to provide you with the functionality of the form, we send the data you provide to form.taxi. This data is processed, stored, and forwarded to us by email. In addition, form.taxi collects, among other things, additional data such as your IP address, browser type, domain of the website, date, and time of access to provide the desired functionality of the form. The legal basis for the use of form.taxi is Art. 6(1)(f) of the GDPR (legitimate interest). The data processing and storage take place within the European Union. For more information, please refer to the privacy policy of form.taxi: https://form.taxi/en/privacy.

HubSpot

We use HubSpot on this website. The provider is HubSpot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter referred to as HubSpot).
Among other things, HubSpot enables us to manage existing and potential customers and customer contacts. With the help of HubSpot, we are able to record customer interactions (e.g. download of whitepapers). The personal data collected in this way can be analysed and used for communication or marketing measures (e.g. newsletter mailings).
HubSpot is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the most efficient customer management and customer communication possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
Details can be found in HubSpot’s privacy policy: https://legal.hubspot.com/de/privacy-policy.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here: https://legal.hubspot.com/de/dpa

Newsletter

This website uses the services of Mailchimp for sending newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

Mailchimp is a service that organizes and analyzes the sending of newsletters, among other things. When you enter data for the purpose of subscribing to the newsletter (e.g., email address), it is stored on Mailchimp’s servers in the USA.

With the help of Mailchimp, we can analyze our newsletter campaigns. When you open an email sent via Mailchimp, a file contained in the email (known as a web beacon) connects to Mailchimp’s servers in the USA. This allows us to determine whether a newsletter message has been opened and which links, if any, have been clicked. In addition, technical information is collected (e.g., time of access, IP address, browser type, and operating system). This information cannot be attributed to the respective newsletter recipient. It is used solely for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of the recipients.

If you do not want analysis by Mailchimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message. The data processing is based on your consent (Art. 6(1)(a) of the GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of data processing operations that have already taken place remains unaffected by the revocation.

The data you provide to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter, and will be deleted from the newsletter distribution list after unsubscribing. Data that has been stored by us for other purposes remains unaffected.

The transfer of data to the USA is based on the standard contractual clauses of the European Commission.

Details can be found here:

https://mailchimp.com/eu-us-data-transfer-statement/

and

https://mailchimp.com/legal/dataprocessingaddendum/#Annex_C__Standard_Contractual_Clauses

After you have unsubscribed from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider, if necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with legal requirements for newsletter mailings (legitimate interest within the meaning of Art. 6(1)(f) of the GDPR). The storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.

For more information, please refer to Mailchimp’s privacy policy: https://mailchimp.com/legal/terms/

We have entered into a data processing agreement (DPA) in accordance with Article 28 of the GDPR with the aforementioned provider. This is a legally required contract that ensures the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Website Analytics

We use the privacy-friendly web analytics service provided by Plausible.io (Plausible Insights OÜ, Västriku tn 2, 50403 Tartu, Estonia, www.plausible.io) to collect anonymous statistics about the usage of our website. Based on anonymized data, the analysis does not allow for the identification of individual persons. The following data is processed within the EU:

  • Page URL
  • HTTP Referer
  • Browser
  • Operating System
  • Device type
  • Country (IP address is not stored)

The processing of this data is based on our legitimate interest in measuring the reach of our website (Article 6(1)(f) of the GDPR).

You can find further information about Plausible by visiting https://plausible.io/data-policy.

Security

We have implemented technical and administrative security measures to protect your personal data against loss, destruction, manipulation, and unauthorized access. All our employees and service providers working on our behalf are obligated to comply with applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before transmission. This ensures that your data cannot be misused by third parties. Our security measures undergo continuous improvement, and our privacy policies are regularly updated. Please ensure that you have the latest version.

  • URL of the page
  • HTTP referer
  • Browser
  • Operating system
  • Device type
  • Country (the IP address is not stored)

Rights of the data subject:

You have the right to request information, correction, deletion, or restriction of the processing of your stored data, as well as the right to object to the processing and the right to data portability, in accordance with the conditions of data protection law.

Right to information:

You can request information from us about whether and to what extent we process your data.

Right to deletion:

You can request the deletion of your data from us if we process it unlawfully or if the processing disproportionately interferes with your legitimate interests. Please note that there may be reasons that prevent immediate deletion, such as legally regulated retention obligations.

Regardless of your exercise of the right to deletion, we will promptly and completely delete your data, unless there is a contractual or legal obligation to retain it.

Right to restriction of processing:

You can request us to restrict the processing of your data if:

  • You contest the accuracy of the data, for a period that allows us to verify its accuracy.
  • The processing of the data is unlawful, but you oppose its deletion and instead request the restriction of its use.
  • We no longer need the data for the intended purpose, but you still need it for the establishment, exercise, or defense of legal claims.
  • You have objected to the processing of the data.

Right to Data Portability:

You have the right to request that we provide you with the data you have provided to us in a structured, commonly used, and machine-readable format, and that you have the right to transmit this data to another controller without hindrance from us, provided that:

  • We process this data based on your revocable consent or for the performance of a contract between us, and
  • This processing is carried out by automated means.

If technically feasible, you can request that we directly transmit your data to another controller.

Right to object:

If we process your data based on legitimate interests, you can object to this data processing at any time. This also applies to profiling based on these provisions. In this case, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims. You can object to the processing of your data for direct marketing purposes at any time and without stating reasons.

Changes to this Privacy Policy

We reserve the right to modify our privacy policy if necessary due to new technologies. Please ensure that you have the latest version. If there are fundamental changes to this privacy policy, we will announce them on our website.

All interested parties and visitors to our website can contact us regarding privacy matters at:

Mr. Robert Heindl

Projekt 29 GmbH & Co. KG

Ostengasse 14

93047 Regensburg

Tel: 0941 2986930

Fax: 0941 29869316

Email: anfragen@projekt29.de

Website: www.projekt29.de

General Data Protection Information according to Art. 13 GDPR

The protection of your personal data is of particular concern to us. We process your personal data (referred to as “data”) exclusively in accordance with the applicable legal provisions. With this privacy policy, we aim to inform you comprehensively about the processing of your data in our company and about your rights and entitlements regarding data protection, as outlined in Article 13 of the European General Data Protection Regulation (EU GDPR).

1. Who is responsible for data processing and who can you contact?

Responsibility lies with:

daenet Gesellschaft für Informationstechnologie mbH Hanauer Landstr. 204 60314 Frankfurt

Email: info@daenet.de

Phone: +49 (69) 242408 - 21

The company’s data protection officer is:

Robert Heindl Projekt 29 GmbH & Co. KG Ostengasse 14 93047 Regensburg

Email: anfragen@projekt29.de

Phone: +49 (69) 242408 - 21

2. What data is processed and from which sources does this data originate?

We process the data that we have received from you in the course of contract initiation or processing, based on your consent, or as part of your application or employment with us.

The personal data we process includes:

Personal and contact information, such as name, address, contact details (email address, telephone number, fax), and bank details for customers.

For applicants and employees, this includes personal and contact information (name, address, contact details, birth date), data from resumes and employment references, bank details, religious affiliation, and photographs.

For business partners, this includes the designation of their legal representatives, company name, trade register number, VAT ID, company number, address, contact details of relevant persons (email address, telephone number, fax), and bank details.

For participants in our educational and training programs, this includes name, address, and contact details (email address, telephone number).

For visitors to our company, this includes name and signature.

In addition, we also process the following other personal data:

  • Information about the type and content of contract data, order data, sales and document data, customer and supplier history, as well as consultation documents.

  • Advertising and sales data.

  • Information from electronic communication with us (e.g., IP address, login data).

  • Other data that we receive from you in the context of our business relationship (e.g., during customer meetings).

  • Data generated by us from master/contact data and other data, such as customer needs and potential analyses.

  • Documentation of your consent for receiving newsletters or similar communications.

  • Photographs taken at events.



3. For what purposes and on what legal basis is the data processed?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the applicable version of the German Federal Data Protection Act 2018:

  • To fulfill (pre-)contractual obligations (Art. 6(1)(b) GDPR): The processing of your data is carried out for contract processing online or at one of our branches, as well as for processing your employment within our company. The data is processed particularly during business initiation and when executing contracts with you.

  • To fulfill legal obligations (Art. 6(1)(c) GDPR):
    Processing of your data is necessary to fulfill various legal obligations, for example, under the Commercial Code or the Tax Code.

  • To protect legitimate interests (Art. 6(1)(f) GDPR):
    Based on a balance of interests, data processing may be carried out beyond the actual fulfillment of the contract to protect our legitimate interests or those of third parties. Data processing for the protection of legitimate interests may occur in the following cases:

    • Advertising or marketing (see No. 4),
    • Measures for business control and the further development of services and products,
    • Maintaining a group-wide customer database to improve customer service,
    • In the context of legal proceedings,
    • Sending non-promotional information and press releases.
  • Based on your consent (Art. 6(1)(a) GDPR):
    If you have given us consent to process your data, such as for receiving our newsletter.



4. Processing of personal data for advertising purposes

You can object to the use of your personal data for advertising purposes at any time, either in general or for specific measures, without incurring any costs other than the transmission costs at the basic rates.

Under the legal conditions of § 7(3) of the German Unfair Competition Act (UWG), we are entitled to use the email address you provided during contract initiation for direct advertising of our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.

If you do not wish to receive such recommendations by email from us, you can object to the use of your address for this purpose at any time, without incurring any costs other than the transmission costs at the basic rates. A notification in written form is sufficient for this purpose. Of course, every email also includes an unsubscribe link.

5. Who receives my data?

If we engage a service provider for order processing, we remain responsible for protecting your data. All processors are contractually obligated to treat your data confidentially and to process it only within the scope of providing the service. The data processors we engage may include IT service providers that we require for the operation and security of our IT system, as well as advertising and address publishers for our own promotional activities.

In the event of a legal obligation or for the purpose of legal proceedings, authorities, courts, and external auditors may be recipients of your data.

In addition, for the purpose of contract initiation and fulfillment, insurance companies, banks, credit agencies, and service providers may be recipients of your data.



6. How long will my data be stored?

We process your data until the termination of the business relationship or until the expiration of the applicable legal retention periods (such as those stipulated in the Commercial Code, the Tax Code, or the Working Time Act). Additionally, we may retain the data until the conclusion of any potential legal disputes where the data is required as evidence.



7. Are personal data transferred to a third country?

In general, we process your data within the EU. If a transfer to a third country takes place, it will only be done based on an adequacy decision by the European Commission, standard contractual clauses, appropriate safeguards, or your explicit consent.



8. What are my data protection rights?

You have the right to request information, correction, deletion, or restriction of the processing of your stored data. You also have the right to object to the processing and the right to data portability, as well as the right to lodge a complaint in accordance with the conditions of data protection laws.



Right to information:

You have the right to request information from us regarding whether and to what extent we process your data.



Right to rectification:

If we process your data that is incomplete or incorrect, you can request its correction or completion at any time.



Right to erasure:

You can request the deletion of your data from us if we process it unlawfully or if the processing disproportionately interferes with your legitimate interests. Please note that there may be reasons that prevent immediate deletion, such as legally regulated retention obligations.

Regardless of your exercise of the right to erasure, we will promptly and completely delete your data, provided that there is no contractual or legal obligation to retain it.

Right to Restriction of Processing:

You have the right to request us to restrict the processing of your data if:

  • You contest the accuracy of the data, for a period that allows us to verify the accuracy of the data.

  • The processing of the data is unlawful, but you refuse its deletion and instead request the restriction of its use.

  • We no longer need the data for the intended purpose, but you still need it for the establishment, exercise, or defense of legal claims.

  • You have objected to the processing of the data.

Right to Data Portability:

You have the right to request that we provide you with your data that you have provided to us in a structured, commonly used, and machine-readable format, and that you have the right to transmit this data to another controller without hindrance from us, provided that:

  • We process this data based on your revocable consent or for the performance of a contract between us, and
  • This processing is carried out by automated means.

If technically feasible, you may request us to transmit your data directly to another controller.

Right to Object:

If we process your data based on legitimate interests, you have the right to object to such processing at any time, including profiling based on these provisions. In that case, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims. You can also object to the processing of your data for direct marketing purposes at any time without providing any reasons.

Right to Lodge a Complaint:

If you believe that the processing of your data violates German or European data protection laws, we kindly ask you to contact us to clarify any concerns. You also have the right to lodge a complaint with the supervisory authority responsible for you, the respective State Office for Data Protection Supervision.

If you wish to exercise any of the aforementioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

9. Am I obligated to provide data?

The processing of your data is necessary for the conclusion or fulfillment of the contract between you and us. If you do not provide us with this data, we will generally have to refuse to enter into the contract or will no longer be able to carry out an existing contract and consequently terminate it. However, you are not obligated to provide consent for the processing of data that is not relevant or legally required for the fulfillment of the contract.

10. Changes to this Privacy Policy

We reserve the right to modify our privacy notices if necessary due to new technologies or processing activities. Please ensure that you have the latest version.



As of October 2024.