With the following privacy policy, we would like to inform you about how we process your personal data in accordance with the European General Data Protection Regulation (GDPR). The privacy policy applies to all processing of personal data carried out by us, both in the context of [the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer”)]

Responsible within the meaning of the GDPR is

CMC Network GmbH
Auenstr. 77
85354 Freising
Phone:  +49 8161 – 98 66 280
Mail: info@cmc-network.de

CEO: Markus Gschwendtner

Our data protection officer can be contacted as follows:

secjur GmbH
Steinhöft 9
20459 Hamburg
Phone: +49 40 228 599 520
Mail: dsb@secjur.com

You can contact our data protection officer directly at any time with any questions or suggestions regarding data protection and the exercise of your rights.

This privacy policy is based on the terminology of the GDPR. To simplify matters, we would like to explain some important terms in this context in more detail:

• Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the identity of that natural person.
• The data subject is a natural person whose physical, physiological, genetic, mental, economic, cultural or social identity can be identified.
• Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
• Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
• Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.
• Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

As part of our processing of personal data, personal data may be transmitted to other recipients or disclosed to them. The recipients of this personal data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website.

In such cases, we comply with the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your personal data that serve to protect your personal data.

The personal data processed by us will be deleted in accordance with the legal requirements as soon as the consent given for processing is revoked or other authorisations cease to apply (e.g. if the purpose of processing this personal data no longer applies or it is not required for the purpose). If the personal data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted to these purposes. This means that the personal data is blocked and not processed for other purposes. This applies, for example, to personal data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise or defence of legal claims or to protect the rights of another natural or legal person.

Our data protection information also contains further information on the retention and deletion of personal data, which take precedence for the respective processing operations.

If you use this website for purely informational purposes without transmitting data to us in any other way (e.g. by registering or using the contact form), we collect technically necessary data via server log files, which are automatically transmitted to our server, including:

• Date and time of access
• Website from which the website was accessed; websites that were accessed via the website
• Visited page on our website; amount of data transferred
• Information about the browser type and version used
• Operating system
• Access status (e.g. whether the website could be accessed without any problems or whether you received an error message)
• Use of website functions
• Search terms entered
• Access frequency of the individual website

The temporary storage of the data is necessary for the course of a website visit in order to be able to display our website to you. This processing is technically necessary to ensure the functionality of the website and the security of the information technology systems. The legal basis for processing is therefore Art. 6 para. 1 sentence 1 lit. f GDPR in order to guarantee the provision, security and stability of our website.

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the provision of the website, this is the case when the respective session has ended. The log files are not stored but deleted immediately.

We use storage space, computing capacity and software that we rent or otherwise obtain from the server provider Hetzner Online GmbH (web host) to provide our online offering. To ensure an appropriate level of data protection at the recipient of your personal data, we have concluded an order processing contract with the recipient in accordance with Art. 28 GDPR. If Hetzner Online GmbH transfers data to a third country, it will only do so in accordance with its privacy policy if an adequacy decision pursuant to Art. 45 GDPR or suitable guarantees pursuant to Art. 46 GDPR are in place.

For further information and a copy of the security, please contact our data protection officer (dsb@secjur.com).

The web hosting services we use from Microsoft Ireland Operations Ltd. also include sending, receiving and storing emails, e.g. when providing our contact form. For these purposes, the addresses of the recipients and senders as well as other information relating to the sending of emails (e.g. the providers involved) and the content of the respective emails are processed. The aforementioned data may also be processed for the purpose of recognising SPAM. Please note that e-mails on the Internet are generally not sent in encrypted form. As a rule, emails are encrypted in transit, but not on the servers from which they are sent and received (unless an end-to-end encryption method is used). We can therefore accept no responsibility for the transmission path of the emails between the sender and receipt on our server. The legal basis for the provision of these services is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR to ensure the provision, security and stability of the email service.

You have the option of contacting us via the “Contact” form on our website. We process the following personal data from you when you contact us and respond to your enquiry:

• First name and surname
• e-mail address
• Your telephone number
• Company name
• Communication content, if used
• Date and time of the enquiry
• IP address

If you contact us as part of an existing contractual relationship or contact us in advance for information about our range of services or our other services, the personal data you provide will be processed for the purpose of processing and responding to your contact enquiry in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. Otherwise to safeguard our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR for the purpose of responding to customer/contact enquiries appropriately.

We delete your personal data as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of contact enquiries, this is generally the case when it is clear from the circumstances that the specific matter in question has been conclusively dealt with.

Our contact form is provided via our web host.

9.1 Microsoft Teams

We use Microsoft Teams for the purpose of exchange, communication and collaboration, both internally and externally, in particular to present our demo version and for support enquiries.

Microsoft Teams is an application of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Data traffic is primarily routed via European data centres; only in exceptional cases is transport via servers in third countries, in particular the USA, reserved. This is done on the basis of Commission Implementing Decision (EU) 2019/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/976, which is supplemented by the licence agreement with Microsoft (data protection addendum) (https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA?year=2021). According to its own information, Microsoft processes the following personal data when using Microsoft Teams: Support and feedback data, which you may transmit to Microsoft during use, as well as diagnostic and service data, i.e. data in connection with service use (this personal data enables Microsoft to provide the service (troubleshooting, securing and updating the product and monitoring performance), as well as to carry out some internal business processes, e.g. determining sales revenue, determining service use, carrying out product and capacity planning). Use for own purposes to this extent is an obligatory prerequisite for the conclusion of a licence agreement with Microsoft; any further dispositive use for own purposes is contractually excluded. To this extent, Microsoft Corporation is an independent data controller in accordance with its data protection provisions (https://docs.microsoft.com/de-de/microsoftteams/teams-privacy) and is therefore responsible for compliance with data protection requirements.

If you use the Teams application, your personal data will be collected and stored. This includes your IP address, your Microsoft access data if applicable, unless you are participating as a guest, and information about the device you are using (log data). Call quality data is also collected. Where applicable, the processing also includes personal data within documents that you share with us via Microsoft Teams (content).

This data is processed exclusively for the purpose of handling communication via Microsoft Teams, for collaboration on joint projects, to secure the IT systems against unauthorised access by third parties and to improve system stability. Your personal data will not be processed for any other purpose.

The legal basis for the processing of your log data is Art. 6 para. 1 sentence 1 lit. a GDPR. Your consent is voluntary: If you do not wish to participate in a video conference or an exchange via Microsoft Teams, you have the option of using another communication system such as the telephone or an exchange via e-mail instead.

Data processed by Microsoft will be stored and deleted for the “minimum period necessary to provide the service” in accordance with their privacy policy (see https://docs.microsoft.com/de-de/microsoftteams/teams-privacy).

For data processing by Microsoft, you can also assert these rights against Microsoft. To do so, please contact their EU Data Protection Officer, Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland / Telephone: +353 1 706 3117.

If you apply to our company, we will process your application data exclusively for purposes related to the processing of your application. By submitting an application, you express your interest in taking up employment with us. In this context, you provide us with personal data that we use and store exclusively for the purpose of your job search/application.

You also have the option of uploading informative documents such as a cover letter, your CV and references. These may contain further personal data such as date of birth, address, etc.

Your application will only be processed and acknowledged by the relevant contact persons at our company. The legal basis for the processing of your data is the initiation of a contract in accordance with Art. 6 Para. 1 S.1 lit. b GDPR, which takes place at your request. If we obtain your consent (e.g. for inclusion in our applicant pool), this constitutes the legal basis for this storage in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

If you receive an offer of employment with us during the application process and accept it, we will store the personal data collected during the application process for at least the duration of the employment relationship.

If we are unable to offer you employment, we will retain the data you have submitted for up to six months after any rejection for the purpose of answering any questions in connection with your application and rejection.This does not apply if statutory provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly consented to longer storage.

We maintain publicly accessible profiles on various social networks. Your visit to these profiles triggers a variety of data processing operations. Below we provide you with an overview of which of your personal data we collect, use and store when you visit our profiles.

When you visit our profiles, your personal data is not only collected, used and stored by us, but also by the operators of the respective social network. This happens even if you yourself do not have a profile on the respective social network. The individual data processing operations and their scope differ depending on the operator of the respective social network and they are not necessarily traceable by us. For details on the collection and storage of your personal data as well as the type, scope and purpose of its use by the operator of the respective social network, please refer to the following information.

LinkedIn

When you visit our LinkedIn company profile, certain information about you is processed. In the case of direct messages to us or comments on our LinkedIn company profile or under our posts, we receive the message, the comments and your user name.

In addition, LinkedIn processes LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (LinkedIn) as the operator of personal data when you visit our LinkedIn company profile, follow this page or engage with the page in order to provide us with statistics and insights in anonymised form. This gives us insights into the types of actions that people take on our site (page insights). In particular, LinkedIn processes data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company profile, e.g. whether you are a follower of our LinkedIn company page. With the Page Insights, LinkedIn does not provide us with any personal data about you. We only have access to the summarised Page Insights. It is also not possible for us to draw conclusions about individual members from the information in the Page Insights.

The processing of your personal data in connection with the operation of our LinkedIn company profile is based on a balancing of interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR in order to offer you a contemporary and supportive information and interaction opportunity with and about us. The processing serves our legitimate interest in analysing the types of actions taken on our LinkedIn company profile and improving our company profile based on these findings.

This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. We have entered into an agreement with LinkedIn on processing as joint controllers, which sets out the distribution of data protection obligations between us and LinkedIn. The agreement is available here. According to this, the following applies:

• LinkedIn and we have agreed that LinkedIn is responsible for exercising your rights under the GDPR. You can contact LinkedIn online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ) or reach LinkedIn via the contact details in the privacy policy. You can contact the data protection officer at LinkedIn via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You can also contact us using the contact details provided to exercise your rights in connection with the processing of personal data in the context of page inserts. In such a case, we will forward your request to LinkedIn.
• LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other supervisory authority.

In addition, LinkedIn processes your data as a user for the provision of services, communication, further development of services and research as well as for advertising, customer support, analysis and security purposes. In principle, LinkedIn is solely responsible for the processing of personal data when you visit our LinkedIn company profile. The categories of personal data that LinkedIn processes in this context are listed in the LinkedIn data policy described. Further information about the processing of personal data by LinkedIn can be found here.

Please note that in accordance with the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the USA or other third countries

Google Maps

On our website we use the map service Google Maps from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; (Google)). This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently.

By using Google Maps, information about the use of this website, including your IP address and the (start) address entered as part of the route planner function, is collected. When you access a web page on our website that contains Google Maps, your browser establishes a direct connection with Google’s servers. The map content is transmitted by Google directly to your browser, which integrates it into the website. We have no influence on the scope of the data collected by Google in this way. To the best of our knowledge, this is at least the following data:

• Date and time of the visit to the website in question
• Internet address or URL of the website accessed
• IP address, (start) address entered as part of route planning

The data transfer takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google user account, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or customising its website. Such an analysis is carried out in particular (even for users who are not logged in) to provide customised advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

The legal basis for the use of the maps is Art. 6 para. 1 sentence 1 lit. a GDPR, i.e. the integration only takes place with your consent.

The personal data will also be transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45 para. 3 GDPR for the EU-U.S. Data Privacy Framework. On the basis of this decision, data transfers to organisations based in the USA that are certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework.

When you visit our website or a sub-website for the first time and it contains cookies, a “cookie banner” will be displayed. There you will be informed about the individual cookies that we use. You can find out the name of each individual cookie, the provider, the purpose of processing and the storage period.

Our cookie banner informs you about the specific cookies we use. In addition, we give you the opportunity to decide whether you want to consent to the setting of non-essential cookies. You can also allow us to use non-essential cookies and cancel this decision at any time. The following are processed:

• Usage data (e.g. websites visited, time of access)
• Meta and communication data (e.g. IP address)

The legal basis for the use of the cookie banner is Art. 6 para. 1 sentence 1 lit. f GDPR. We have an overriding legitimate interest in using the cookie banner, which enables us to obtain the legally required consent for the use of non-essential cookies and to fulfil our duty to provide information regarding cookies.

The cookie banner stores the preferences until you reset or customise them.

The cookie banner is provided by the provider CookieYes. CookieYes ensures, in accordance with its privacy policy, that personal data is only transferred to a country that offers an adequate level of protection, in particular through the existence of an adequacy decision, the conclusion of standard contractual clauses or similar. For further information, please contact our data protection officer  (dsb@secjur.com).

General informationen

We use cookies on our website. These are text files that your browser automatically creates and that are stored on your IT system when you visit our website. Through cookies, certain information flows to the location that sets the cookie. By using cookies, it is not possible to execute programmes or transfer viruses to your end device.

If you do not wish to use cookies, you can switch them off in the settings.

From a legal point of view, a distinction must be made between necessary and non-necessary cookies.

i. Necessary cookies

We use necessary cookies. These are cookies that are technically necessary to provide all the functions of our website. The legal basis for data processing is our legitimate interest within the meaning of Art. 6 para. 1, sentence 1 lit. f GDPR. We have an overriding legitimate interest in being able to offer our website in a technically flawless manner. The legal basis for the use of cookies vis-à-vis our contractual partners who make use of services contractually owed by us via our website is Art. 6 para. 1, sentence 1 lit. b GDPR, the provision of our contractual services.

ii. Non-necessary cookies

We also use non-essential cookies (e.g. analysis and marketing cookies). These are cookies that are not technically necessary. We use them to understand your behaviour on our website and to improve our offering. The legal basis for data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. The cookies are only set after you have given your consent via our “cookie banner”.

Storage duration

A distinction is made between the following types of cookies with regard to the storage period:

• Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed their end device (e.g. browser or mobile application).
• Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or favourite content can be displayed directly when the user visits a website again. The user data collected with the help of cookies can also be used to measure reach. If we do not provide users with explicit information on the type and storage duration of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and that they can be stored for up to two years.

For more information, please refer to the information we provide in the cookie banner.

15.1 General informationen

On the basis of your consent within the meaning of Art. 6 para. 1 lit. a. GDPR, we use content or service offers from third-party providers within our online offer. GDPR in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).

This always presupposes that the third-party providers of this content recognise the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymised information may also be stored in cookies on the user’s device and may contain technical information about the browser and operating system, referring websites, visit time and other information about the use of our online offer, as well as being linked to such information from other sources.

15.2 Google Fonts

We use Google Fonts on our website to display external fonts from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). The legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR. In order to enable the display of certain fonts on our website, a connection to the Google server is established when our website is accessed. This enables Google to determine from which website your enquiry has been sent and to which IP address the display of the font is to be transmitted. Further information can be found in Google’s privacy policy: Google | Privacy policy

15.3 Google Analytics

We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offering. This includes, for example, the number of visits to our website, subpages visited and the time spent by visitors.

Google Analytics uses cookies and other browser technologies to evaluate user behaviour and recognise users. We use Google Analytics with activated IP anonymisation.

This information is used, among other things, to compile reports on website activity.

We process data with the help of Google Analytics for the purpose of optimising our website and for marketing purposes on the basis of your consent in accordance with Art. 6 para. 1 lit. a. GDPR.

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Analytics: Google | Privacy policy

15.4 Google Tag Managers

We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and enables us to control the precise integration of services on our website

This allows us to flexibly integrate additional services in order to analyse user access to our website.

The use of Google Tag Manager is based on our legitimate interests, i.e. interest in the optimisation of our services in accordance with Art. 6 para. 1 lit. f. GDPR.

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: Google | Privacy Policy

15.5 Google reCAPTCHA

We have integrated Google reCAPTCHA components on our website. Google reCAPTCHA is a service of Google Ireland Limited and enables us to distinguish whether a contact request originates from a natural person or is automated by means of a programme. When you access this content, you establish a connection to the servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the time spent on the website and the user’s mouse movements in order to distinguish automated requests from human requests. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google reCAPTCHA.

The service is used on the basis of our legitimate interests, i.e. to protect the transmission of forms in accordance with Art. 6 para. 1 lit. f. GDPR.

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google reCAPTCHA: Google | Privacy Policy

15.6 Microsoft Bookings – Online appointment scheduling

We collect and process personal data for the online booking of meeting appointments.

We use the “Microsoft Bookings” service provided by Microsoft Ireland Operations Limited (South County Business Park, One Microsoft Place, Carmanhall And Leopardstown, Dublin, D18 P521, Ireland) for this purpose. The connection to the service is only established when you access the online booking function via a button on our website or via a link by email. Further information on the handling of user data can be found in Microsoft’s privacy policy.

We would like to point out that you are not obliged to use Microsoft Bookings to make an appointment. If you do not wish to use the service, please use one of the other contact options offered to make an appointment.

The legal basis for data transmission, storage and processing is your consent (Article 6(1)(a) GDPR).

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected.

You have the option of withdrawing your consent to data processing or objecting to the use of the data at any time. In this case, the intended contact with the user is no longer possible, or communication that has already begun can no longer be continued.

16.1 Right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling.

Unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

16.2 Right to information

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and to obtain information about this personal data and further information and a copy of the personal data in accordance with the legal requirements.

16.3 Right to correction

In accordance with the statutory provisions, you have the right to request the completion of personal data concerning you or the rectification of inaccurate personal data concerning you.

16.4 Right to deletion

You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds provided for by law applies and insofar as the processing or storage is not necessary.

16.5 Restriction of processing

You have the right to demand that we restrict processing if one of the legal requirements is met.

16.6 Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with the legal requirements or to request its transmission to another controller.

16.7 Right to withdraw consent

You have the right to withdraw your consent at any time.

16.8 Complaint to the supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.

We will adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

If we further develop our website and our offers or if legal or official requirements change, it may be necessary to amend this data protection notice. You can access the current data protection information at any time here.