Last modified: January 2023
When using the cofenster.com website, the cofenster app and to manage contracts with you, it is sometimes necessary for us to process personal data. The protection of your data is an important concern for us. You can find out how we process this data in detail in this data protection declaration.
Insofar as this data protection declaration deals with the processing of customer data, it should be noted that we only conclude contracts with entrepreneurs within the meaning of Section 14 of the German Civil Code (BGB), the majority of which are organised as legal entities or commercial partnerships.
- Who is responsible for data processing?
- What data do we process?
- Do we share your data and is it processed in third countries?
The terms used in this statement have the meaning given in the GDPR.
1. Who is responsible for data processing?
The data controller within the meaning of the DSGVO is the..
(hereinafter referred to as "cofenster", "we" or "us").
You can contact cofenster's data protection officer at the above address and online at firstname.lastname@example.org.
2. What data do we process?
2.1 Visiting the website - necessary data
When you visit our website (cofenster.com), it is technically necessary to process some data. This data processing is necessary even without registration. Necessary data are
- - the time of your visit,
- - the page from which you are accessing our website,
- - the amount of data sent,
- - the type of browser used and the browser settings
- - as well as the operating system used and
- - Your IP address.
This information is stored for a maximum of 7 days in so-called server log files and then deleted. The data is stored for security reasons, e.g. to be able to clarify cases of misuse. If data must be retained for evidentiary reasons, it is exempt from deletion until the incident has been finally clarified.
The legal basis for this data processing is our legitimate interests (Art. 6 para. 1 p. 1 lit. f DSGVO) in providing a functioning website.
2.2 Use of the app - necessary data
When you use the cofenster app, your IP address, the date and time of the request, your http status code, the amount of data and information about your operating system are recorded by default. We need this data to ensure the operation of our app.
This data processing is based on our legitimate interests (Art. 6 para. 1 p. 1 lit. f DSGVO) in providing a functioning mobile app.
Through our website you can make an appointment with us to discuss the offer that suits you. You will be shown a calendar function, for which you only need to select the appointment that suits you and enter an e-mail address.
This type of data processing takes place, insofar as a natural person is to become our contractual partner, for the purpose of initiating a contract (Art. 6 para. 1 p. 1 lit. b DSGVO). Otherwise, we process this data on the basis of our legitimate interest (Art. 6 para. 1 p. 1 lit. f DSGVO) in presenting our services to our future customers and, if necessary, providing assistance.
The service provider used for this purpose, who will only act in accordance with our instructions, is described in more detail in section 3.3.
2.4. Entering into, executing and managing the contracts concluded with us and invoicing our services
When concluding a contract with us, we collect and store the name and address of our customers as well as the name and email address of a contact person. The email address also functions as the login name for the application on the website. You will also be required to enter a password.
We also process the payment data of our customers for the monthly billing of our services. Depending on the payment method, we process your name, bank code and account number or your credit card number. This also requires details of the contract concluded and the amount owed. We use a service provider for the technical facilitation of the payment (see also section 3.1).
We also use a third-party provider to manage the individual subscriptions and in particular for invoicing (see section 3.2). This data processing is carried out for the execution of the contract and billing of our services.
We store your contact details (such as name, address, e-mail and telephone, if applicable) in our customer database. For this purpose, we use the service provider mentioned in section 3.3, who will only act according to our instructions.
Part of our contractual service is also the temporary hosting of the created content. This requires the storage of the video including the respective content. We also use third-party providers for this, who only act on our behalf (see section 3.4).
The legal basis for the aforementioned data processing is the fulfilment of the contract concluded with us (Art. 6 para. 1 lit. b DSGVO) or, if our contractual partner is not a natural person, our legitimate interests in enabling the performance of the contracts concluded with us (including payment) (Art. 6 para. 1 sentence 1 lit. f DSGVO).
2.5 Use of your data for advertising purposes
We use your contact details such as address, e-mail or telephone numbers to contact you for advertising purposes.
This is done partly on the basis of our legitimate advertising interests (Art. 6 para. 1 lit. f DSGVO) or, insofar as we contact you by e-mail or telephone, on the basis of your consent (Art. 6 para. 1 lit. a DSGVO).
2.6 Website analysis
We have your user behaviour analysed by third-party providers (see section 3.4 on providers) and thus obtain valuable analyses that help us to design and improve our services.
We only carry out such an evaluation with your express consent (Art. 6 para. 1 p. 1 lit. a DSGVO). If you do not give your consent, your user behaviour will not be evaluated by the third-party provider and we will not be able to improve our services accordingly.
If you have given your consent, you could revoke your consent on our website by deselecting the service again on the cookie banner provided. The cookie banner can be accessed at any time via our website.
3. Do we share your data and is it processed in third countries?
3.1 Contact management (CRM) and appointment setting
We use the services of Hubspot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland to manage our customer contact.
If you would like to make an appointment with us via our site and provide your contact details (name and email) as well as the desired time of a meeting, this data will be stored and processed by Hubspot.
Hubspot also supports us with the management of customer contacts and creates an online marketing concept for us to improve the business relationship. For this purpose, Hubspot receives your contact data (name, telephone and email) as well as information about the customer contact (details of the last contact), whether a contract was concluded and when this was the case.
Hubspot only processes your data according to our instructions. Hubspot also partially processes your data in the USA. Insofar as Hubspot transfers your data to the USA, this is done on the basis of the standard contractual clauses issued by the EU Commission. In addition, we encrypt the data transferred to Hubspot in-transit to ensure the security of the data. Details on data processing by Hubspot can be found on the Hubspot website.
3.2 Video Hosting
If you have created a video in the cowindow app, it will not be stored locally but with a third-party provider. This is Amazon Web Services EMEA SARL (hereinafter referred to as "AWS") at 38 Avenue John F. Kennedy, L-1855, Luxembourg. AWS only processes your data on our behalf (Art. 28 DSGVO). AWS receives all the video material recorded and stored by you via a connection in the mobile app and then makes it available on demand via the web app. The transmission of the IP address is also necessary for this.
In some cases, server maintenance by a US Amazon company may be necessary. We have therefore concluded the standard contractual clauses issued by the EU Commission with Amazon for data transfer to the USA (https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/). In addition, we encrypt the data transferred to Amazon in-transit to ensure the security of the data.
3.3 Server & Database Host
The cofenster software, which processes your data as described above, is provided to you as a service. For us, the software is hosted by a virtual private server (VPS) of OVH GmbH, St. Johanner Straße 41-43, 66111 Saarbrücken. Through hosting, OVH GmbH has access to the data stored there. This may include the following data: Name, address, e-mail and telephone, if applicable. OVH GmbH only processes your data on our behalf (Art. 28 DSGVO).
3.4 Analysis of the use of the website and app by segment
When using our website and app, we use a service provided by Segment.io, Inc. This company has its registered office at 100 California Street Suite 700 San Francisco, CA 94111 United States.
Segment helps us to collect and analyse technical usage data when visiting our website by setting cookies. The IP address from which our app or website is accessed is collected, as well as information about usage (subpages accessed, length of stay). This allows us to optimise our website for you. Segment only collects the usage data in pseudonymised form and creates pseudonymised usage profiles.
The data is stored on Segment's servers in the USA. In order to make certain contractual arrangements about data processing, we have therefore concluded the standard contractual clauses with Segment. In addition, we encrypt the data transferred to Segment in-transit to ensure the security of the data.
The processing of your personal data collected when using Segment is based on your consent pursuant to Art. 6 (1) lit. a DSGVO. You can obtain more information on data processing by Segment at the following link: https://segment.com/legal/privacy/.
4. Are we profiling?
We do not process your data to use it for profiling.
5. How long do we store your data?
As a matter of principle, we process and store your data only as long as it is required for the fulfilment of our contractual and legal obligations and the purposes of the processing. If the data is no longer required for the fulfilment of these purposes, it will be deleted in a timely manner. We delete your data in particular if you have revoked your consent and there is no other legal basis for storage.
Data that are technically necessary for the provision of our website are already deleted by us after 7 days.
Within the scope of contractual relationships, we are obliged to store contract-relevant documents for up to 10 years in accordance with § 257 HGB and § 147 AO.
Data that we store in our customer database is typically retained by us for up to three calendar years; this applies in particular if we are still retaining the data due to any legal disputes. If we store your data in our customer database for promotional purposes, it is usually deleted earlier. For this purpose, we regularly carry out checks to determine whether storage is still permissible.
6. What rights do you have?
As a data subject within the meaning of the GDPR, you have numerous rights vis-à-vis us under the conditions of the GDPR, which we would like to inform you about below. You will also find details on the rights and the exact conditions of your rights in Articles 15 to 21 of the GDPR. To exercise your rights, please contact us at the address mentioned in section 1 or at email@example.com
6.1 You can revoke your consent given to us at any time with effect for the future. This revocation can be made by sending an informal message to the above contact addresses. This also applies to consents you gave us before the GDPR came into force (i.e. before 25 May 2018). If you revoke your consent, the lawfulness of the data processing carried out up to that point will not be affected.
6.2 Under the conditions of Art. 15 DSGVO, you have the right to receive information from us about whether and which data we process about you. In addition, we can provide you with a copy of this data.
6.3 Under the conditions of Article 16 of the GDPR, you have the right to request that we correct information about you that is not or no longer accurate without delay. In addition, you can request that we complete your incomplete personal data. If required by law, we will also inform third parties about this correction if we have passed on your data to them.
6.4 Under the conditions of Art. 17 DSGVO, you have the right to demand that we delete your personal data without delay. Please note that your right to deletion may be restricted by legal provisions. These include, in particular, the restrictions listed in Art. 17 DSGVO and Section 35 of the Federal Data Protection Act (in the version applicable since 25 May 2018).
6.5 Under the conditions of Art. 18 DSGVO, you can request the restriction of the processing of your personal data by us. If you have obtained a restriction of processing, we will inform you before the restriction is lifted.
6.6 Under the conditions of Article 20 of the GDPR, you have the right to receive personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transmit this data to others. Details and restrictions can be found in Art. 20 GDPR. The exercise of this right does not affect your right to erasure.
6.7 You have the right to contact the competent supervisory authority at any time, for example if you assume that the data processing is not carried out lawfully. The authority responsible for us is the Hamburg Commissioner for Data Protection and Freedom of Information. You can also contact the supervisory authority in the member state of your place of residence, your place of work or the place of the alleged data protection breach.
6.8 You have the right, under the conditions of Article 21 of the GDPR, to object to the processing of data relating to you on grounds relating to your particular situation, if this is carried out on the basis of our legitimate interests. You have the same right under the conditions of Art. 21 DSGVO if we use your data for direct marketing purposes.
7. Updating this declaration
7.2 We recommend that you re-read this privacy statement from time to time. In the event of extensive changes to this statement, we will expressly inform our users.