Privacy policy and information on the use of cookies
comforte AG takes the protection of your personal data seriously and has implemented the according legal provisions of the General Data Protection Regulation ("GDPR") and the Federal Data Protection Act (“BDSG”). For this reason, we would like to inform you to what extent and for what purpose our website processes your personal data.
Name and address of the person responsible and the data protection officer
The processor within the meaning of the GDPR and other national data protection laws of the member states as well as the Data Protection Officer are:
comforte AG
Abraham-Lincoln-Straße 22
65189 Wiesbaden
Deutschland
Tel.: +49-611-93199-00
E-Mail: info(at)comforte.com
Website: www.comforte.com
The Data Protection Officer is:
Thorsten Pregel
Tel.: +49-6127-9659990
E-Mail: privacy(at)comforte.com
I. Definition of personal data
According to Art. 4 No. 1 GDPR personal Data “means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
With regard to further definitions in accordance with the GDPR, we refer to Art. 4 GDPR.
II. Scope of processing of personal data
Personal data of the respective users will only be processed, if this serves the functionality of the website and is necessary for the provision of the contents and services. In accordance with the data protection principle of the prohibition with reservation of permission, we only process personal data that has either been provided with the user's prior consent or such consent is not possible for factual reasons and the statutory provisions permit the processing of personal data.
III. Legal basis for the processing of personal data
The central legal basis for the processing of personal data is Art. 6 Sec. 1 GDPR. Reference is made to this permission standard within the framework of this data protection declaration, insofar as this is necessary.
According to Art. 21 Sec. 1 GDPR, you can revoke your consent to the processing of your data at any time with effect for the future, insofar as you have given your consent when accessing the website. If we base the processing of your personal data on the weighing of interests, you may object to the processing.
IV. Data erasure and storage time
The user's personal data will always be deleted if the purpose of storage no longer exists. An exception to this is when the European or national legislator has provided for the storage of data in EU regulations, laws or other provisions to which the person responsible is subject. In addition, personal data will be deleted when the intended storage period has expired, unless there is a legal requirement to do so.
V. Provision of the website and creation of log files
1. Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer.
When you visit our website, we collect the following data from the respective user:
- Information about the browser type und the used version
- Email client and version
- Operating System of the user
- Internet-Service-Provider of the user
- IP-address of the user
- Date und time of the access to the website
- Websites, from which the user's system is accessed on our website
- Websites, accessed by the user's system via our website
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
2. Legal basis for data processing
The relevant legal basis for the temporary storage of data and log files is Art. 6 Sec. 1 lit. f GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this, the IP address of the user must remain stored for the duration of the session.
The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
Our legitimate interest in data processing pursuant to Art. 6 Sec. 1 lit. f GDPR also lies in these purposes.
4. Duration of storage
The storage of this data is limited to the duration of the user's session on our site when the website is made available, so that this data is deleted when the user leaves the site.
If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or distorted so that an assignment of the calling user is no longer possible.
5. Possibility of objection and elimination
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
VI. Use of cookies
1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic character string that enables a unique identification of the browser when the website is called up again.
On one hand we use cookies which are only stored on our website for the duration of the user's session and are automatically deleted when the user leaves the site. These are so-called "session cookies". On the other hand, we use cookies that are stored on your end device for a longer period of time so that they recognize the user when they re-enter our website. These types of cookies are called "persistent cookies".
In addition, when cookies are used, a differentiation must be made between necessary and unnecessary cookies. Necessary cookies are those that are necessary for the provision and maintenance of the website and do not require separate consent. If, however, cookies are not necessary, i.e. those that are not absolutely necessary, we obtain the explicit consent of the user in accordance with the data protection regulations.
In addition, we set cookies on the one hand and third parties use cookies on our behalf on the other.
When you visit our website, an information banner informs you about the use of cookies for analytical purposes and refers you to this data protection statement. In this context, there is also a note on how the storage of cookies can be prevented in the browser settings. Such a prevention of the use of cookies can be made at any time.
2. Legal basis for data processing
The relevant legal basis for the temporary storage of data and log files is Art. 6 Sec. 1 lit. f GDPR.
3. Duration of storage, possibility of objection and elimination
Cookies are stored on the user's computer and transmitted to our site. Therefore, you as a user also has full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in its entirety.
VII. Newsletter
1. Description and scope of data processing
You can subscribe to a free newsletter on our website. When registering for the newsletter, the following data from the input mask are transferred to us:
- First name
- Last name
- Email address
- Consent to receive further communication from us
- Consent for the data to be processed
In addition, the following data will be collected during registration:
- IP-address of the requesting computer
- Date and time of the registration
- On which Website the form was filled in
In the register process, your consent is obtained for the processing of the data and reference is made to this data protection declaration. Furthermore, we use the double-opt-in procedure in terms of data protection regulations.
In the context of data processing for the dispatch of newsletters, no data is passed on to third parties. The data will be used exclusively for sending the newsletter.
2. Legal basis for data processing
The legal basis for the processing of personal data is after registration and the user's consent to receive the newsletter Art. 6 Sec. 1 lit. a GDPR.
3. Purpose of data processing
The collection of the user's e-mail address serves to send the newsletter.
The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.
4. Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The user's e-mail address will therefore be stored for as long as the subscription to the newsletter is active.
5. Possibility of objection and elimination
The subscription to the newsletter can be revoked by the user concerned at any time. It is sufficient that the user informs us under the mail info@comforte.com that he does not want to receive any more newsletters.
VIII. Registration
1. Description and scope of data processing
On our website, we offer users the opportunity to register by providing personal data. The data is entered into an input mask and transmitted to us and saved. The data will not be passed on to third parties. The following data is collected during the registration process (* these are Mandatory fields):
- Business Email-address*
- Password*
- First name*
- Last name*
- Title
- Company*
- Address
- City*
- Country*
- State
- Zip
- Phone number*
- Subscription for Security Notifications
- Subscription for Product Update Notifications
- Confirmation of the note about Comforte Privacy Policy and the Website Terms and Conditions
At the time of registration, the following data is also stored:
- IP-address, only the first 6 digits
- Date and time of the registration
- Date and time, when comforte's data protection guidelines were accepted
- Date and time of the last Login
In the framework of the registration process, the user's consent to the processing of this data will be obtained.
2. Legal basis for data processing
The legal basis for the processing of data is Art. 6 Sec. 1 lit. a GDPR if the user has given his consent.
3. Purpose of data processing
A registration of the user is necessary for the provision of certain contents and services on our website. The Customer Center provides the user with important and necessary applications to ensure optimal and comprehensive service provision on our part. It is the central interface with our customers and contains very important tools:
- Support Ticket System (core tool for support, very important for 24x7 support)
- Download area for products (the only way customers can download our products)
- Download area for resources: manuals, videos, white papers
- License tool (license generation)
- Update notifications
- Security notifications
- Knowledgebase
4. Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.
This is the case for the data collected during the registration process if the registration on our website is cancelled or changed.
5. Possibility of objection and elimination
The user has the right to revoke his consent of processing the personal data at any time. If the user wishes to revoke his consent, he has to contact us via e-mail (info(at)comforte.com) with the corresponding content. In such a case, a further conversation might not possible anymore.
IX. Contact form and e-mail contact
1. Description and scope of data processing
There is a contact form on our website which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the input mask will be transmitted to us and stored. This data is:
The following is a list of the data in the input mask (fields marked with * are mandatory):
- First name
- Last name*
- Business Email address*.
- Telephone number
- Consent to receive further communication
- Consent that the data will be processed*
- Your message*
At the time the message is sent, the following data is also stored:
- The IP address of the user
- Date and time of registration
- On which page the form was filled in
Your consent is obtained for the processing of the data within the scope of the sending process and reference is made to this data protection declaration.
Alternatively, you can contact us via the e-mail address provided. In this case, the user's personal data transmitted by e-mail will be stored.
In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.
2. Legal basis for data processing
The legal basis for the processing of data is Art. 6 Sec. 1 lit. a GDPR if the user has given his consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 Sec. 1 lit. f GDPR.
3. Purpose of data processing
The processing of the personal data from the input mask serves us only for the treatment of the establishment of contact. In the event of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those that were sent by e-mail, this is the case when the respective conversation with the user is finished. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been finally clarified and no further contact is necessary for the user.
5. Possibility of objection and elimination
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
To assert the objection or the request for removal, all you need to do is send an e-mail to info@comforte.com with the corresponding content. All personal data stored in the course of contacting us will be deleted in this case.
X. Hubspot Inc.
1. Description and scope of data processing
On our Website, we use Hubspot (25 First Street, 2nd Floor, Cambridge, MA 02141, United States) as provider of web analysis tools to track users’ surfing behavior. The Hubspot software uses cookies on the user’s device (about cookies see above). By entering our webpages, we store the following data:
- The IP address of the user's invoking system.
- City and country, where the IP address comes from
- The accessed Website
- The Website, the user comes from before entering our website (Referrer)
- The sub-pages accessed from the accessed website
- The duration the user stays on the Website
- The frequency of accessing the Website
- Date and time, when the first access of the Website appeared
- Date and time, when the last access of the Website appeared
The personal data collected by us via HubSpot are stored on servers of the third party HubSpot in the USA. As this is a processing of personal data in a non-EU country, it has been ensured that the processing is carried out solely in accordance with EU and national data protection legislation. HubSpot Inc. is certified under the necessary requirement of the EU-U.S. Data Privacy Framework (succession of „Privacy Shield Framework“) and has committed itself to treat all data obtained from member states of the European Union (EU) and Switzerland in accordance with the applicable principles of the Data Privacy Framework. For more information regarding Hubspot's privacy policy, please use the following link: https://legal.hubspot.com/privacy-policy.
2. Legal basis for the processing of personal data
The legal basis for processing users' personal data is Art. 6 para. 1 lit. f GDPR.
3. Purpose of data processing
The processing of users' personal data enables us to analyze the surfing behavior of our users. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website, its user-friendliness and to offer our users the best possible service. For these purposes, it is also in our legitimate interest to process the data in accordance with Art. 6 para. 1 lit. f GDPR. By anonymizing the IP address, users' interest in protecting their personal data is sufficiently taken into account.
4. Possibility of objection and elimination
The user has the possibility to object to the processing of this personal data at any time by writing us an corresponding e-mail.
XI. Salesloft (formerly Drift.com, Inc.)
1. Description and scope of data processing
On our Website, we use Salesloft (formerly Drift.com, Inc.; adress: 1180 W Peachtree St NW Suite 2400, Atlanta, GA 30309, USA), which collects, processes and stores Personal Data about people who chat with the Customer. Salesloft does not sell any Contact Data collected on behalf of the us or market Salesloft Services to the our site visitors. The Salesloft software uses cookies on the user’s device (about cookies see above). By accepting the privacy section before starting to chat via the Salesloft Chat tool, we store the following data:
Fist and last name
Title, work department, and manager/supervisor name
Position
Employer
Contact information (company, email, phone, physical business address)
Photographs (if any)
Biographical and directory information, including linked social media profile or posts
Localization data
The personal data collected by us via Drift are stored on servers of the third party Salesloft. in the USA. As this is a processing of personal data in a non-EU country, it has been ensured that the processing is carried out solely in accordance with EU and national data protection legislation. Salesloft has submitted to the EU-U.S. Data Privacy Framework and is certified.
2. Legal basis for the processing of personal data
The legal basis for processing users' personal data is Art. 6 para. 1 lit. f GDPR.
3. Purpose of data processing
The processing of users' personal data enables us to chat directly with users on our website and we can thus help the user directly with any questions. For these purposes, it is in the user’s legitimate interest to process the data in accordance with Art. 6 para. 1 lit. f GDPR.
4. Possibility of objection and elimination
The user has the possibility to object to the processing of this personal data at any time by writing us an corresponding e-mail.
XII. Google Analytics
1. Description and scope of data processing
This website uses Google Analytics, a web analytics service provided by Google, LLC. (“Google”). Google Analytics uses “cookies” (see above), which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. In case of the IP de-personalization process being activated on this website, your IP address will be shortened by Google within the member states of the European Union or in other member states of the European Economic Area. Only in exceptional cases shall the full IP address be transmitted to a Google server in the USA and shortened there. For the cases in which personal data is transferred to the USA, Google has submitted to the EU-U.S. Data Privacy Framework and is certified: https://www.dataprivacyframework.gov/.
Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. Furthermore, you may prevent the gathering of data by Google created by the Cookie and your website user data (incl. your IP address) and the processing of such data by Google, by downloading and installing the Browser-Plugin which is available at the following link https://tools.google.com/dlpage/gaoptout?hl=en.
2. Legal basis for the processing of personal data
The legal basis for processing users' personal data is Art. 6 Sec. 1 lit. f GDPR.
XIII. Sanction list screening
1. Description and scope of data processing
In accordance with the anti-terror regulations and other EU sanctions regulations, comforte is obliged to ensure that no funds or economic resources (i.e. including software) are made available to persons, companies or states named on sanctions lists (so-called prohibition of provision). To ensure this, comforte regularly carries out a comparison with applicable sanctions lists using software before entering into a business relationship and during an ongoing business relationship. Due to the business activities in the USA, a comparison is also made with sanctions lists of several US authorities (OFAC, BIS).
The data concerned are company name and address as well as first and last name of a contact person. If the software reports a hit, the other available data is used to check whether it is a “supposed hit” or an actual match with a sanctions list entry. If necessary, the (potential) customer is contacted for further information in order to verify their identity.
If full compliance is found, the responsible supervisory authority BAFA will be informed if necessary.
2. Legal basis for data processing
The legal basis for the processing of data is Art. 6 Sec. 1 lit. f GDPR. It is in our legitimate interest to ensure compliance with the legal regulations, whereby a comparison with the sanctions lists is necessary.
3. Purpose of data processing
Purpose of data processing is compliance with specifications of EU sanctions regulations and other sanctions regulation in markets we serve.
4. Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected and insofar as there are no statutory retention obligations to the contrary. This is usually the case after the contract initiation or the business relationship has ended.
5. Transmission to third parties and categories of recipients
In order to carry out the sanctions list comparison, the above-mentioned data is transmitted to AEB SE (Sigmaringer Straße 109, 70567 Stuttgart) as our processor. AEB SE is bound by instructions and works for us based on an order processing contract. In this context, it cannot be ruled out that data may be transferred to an AEB subsidiary in a third country (Switzerland, Singapore, United Kingdom). Compliance with the level of protection of the GDPR is contractually guaranteed.
In the event of a relevant positive finding, the data may be forwarded to the competent supervisory authority BAFA.
6. Possibility of objection and elimination
If you want to object the described data processing or if your data shall be deleted, please contact us via e-mail to info(at)comforte.com.
XIV. Call Dispatch Scholz GmbH (CDS)
1. Description and scope of data processing
In order to provide support services, our partner, CDS located at An der Fahrt 8, 55124 Mainz, Germany, manages round-the-clock support for our customers, including telephone emergency support and incident forwarding.
To ensure seamless support, CDS processes the following contact data:
Contact First Name
Contact Last Name
Contact E Mail
Phone contact
Contact Country
Company Name
Customer ID (Internal)
Company Country
The data is used exclusively for processing the service & support that we make available to you as our customer.
2. Legal basis for data processing
The legal basis for the processing of data is Art. 6 Sec. 1 lit. b and f GDPR.
3. Purpose of data processing
To fulfill our contractually agreed service & support obligations and accordingly also in the interest of you as our customer.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. Personal data linked to a support request will be retained only as long as necessary to verify our adherence to contractual obligations.
5. Possibility of objection and elimination
The user can revoke permission to process personal data at any time, to do this please send an e mail to us at info@comforte.com detailing the information you wish to be removed.
XV. OTRS AG
1. Description and scope of data processing
In order to provide support services, we use the ticket system by OTRS located at Zimmersmühlenweg 11, 61440 Oberursel, Germany.
The following contact details are processed to ensure seamless support:
Contact First Name
Contact Last Name
Contact E Mail
Phone contact
Contact Country
Company Name
Customer ID (Internal)
Company Country
The data is used exclusively for processing the service & support that we make available to you as our customer. It is stored on servers in Germany.
2. Legal basis for data processing
The legal basis for the processing of data is Art. 6 Sec. 1 lit. b and f GDPR.
3. Purpose of data processing
To fulfill our contractually agreed service & support obligations and accordingly also in the interest of you as our customer.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. Personal data linked to a support request will be retained only as long as necessary to verify our adherence to contractual obligations.
5. Possibility of objection and elimination
The user can revoke permission to process personal data at any time, to do this please send an e mail to us at info@comforte.com detailing the information you wish to be removed.
XVI. Use of social media plugins
1. Scope
We use social media plugins on our site. However, these sharing buttons are only provided via the so-called "Shariff" variant. This is not an embedding of the plugins via iframes, but rather a simple HTML link, which is only activated by clicking on the user. This means that the social media platforms only become visible when the user uses the link, so that it depends on the individual behavior of the user whether tracking and storing Internet behavior is possible through the social media platforms. For further information please use the following link: https://www.heise.de/hintergrund/Ein-Shariff-fuer-mehr-Datenschutz-2467514.html
2. Legal basis for the processing of personal data
The legal basis for processing users' personal data is Art. 6 Sec. 1 lit. f GDPR.
3. Purpose of data processing
The processing of users' personal data enables us to analyze the surfing behavior of our users. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness. For these purposes, it is also in our legitimate interest to process the data in accordance with Art. 6 Sec. 1 lit. f GDPR. By anonymizing the IP address, users' interest in protecting their personal data is sufficiently taken into account.
4. Duration of Storage
The data will be deleted as soon as they are no longer needed for our recording purposes.
XVII. Applications
1. Scope
By submitting an application electronically, i.e. via e-mail or using our online form at our job portal, you express your interest in taking up work with us. In this context, you transmit personal data and can choose to upload expressive documents such as a cover letter, your CV and reference letters.
Your personal data will be transmitted using comforte's most advanced technologies (https://www.comforte.com/data-security) and stored in our databases in a secure way. The application database is operated by Personio GmbH, which offers a human resource and applicant management software solution (https://www.personio.com/legal-notice/). In this context, Personio is our processor under article 28 of the GDPR. In this case, the processing is based on an agreement for the processing of orders between us as the controller and Personio.
2. Legal basis for the processing of personal data
The legal basis for this processing of personal data is Art. 6 Sec. 1 lit. b DSGVO for the initiation or fulfilment of a contractual relationship.
3. Purpose of data processing
If you apply to us, we will collect and process your personal data for the purpose of executing the application process and preparing contracts.
Only authorized HR staff and/or staff involved in the application process have access to your data.
The personal data is stored, as a rule, exclusively for the purpose of filling the vacancy for which you have applied.
4. Duration of Storage
Your data will be stored for a period of 180 days after the application process has been concluded. This is usually done to fulfill legal requirements and/or defending ourselves against any claims arising from legal provisions. After this period, we are obligated to delete or anonymize your data. In case of anonymization, the data will only be available to us in the form of so-called metadata, without any direct personal reference, for statistical analysis (for example, share of male and/or female applicants, number of applications per specified period of time etc.).
Should you be offered and accept a position with us during the application process, we will store the personal data collected as part of the application process for at least the duration of your employment.
5. Possibility of objection and elimination
You have the right to revoke your consent of processing the personal data at any time. If you wish to revoke your consent, please contact us via e-mail (info(at)comforte.com) with the corresponding content.
XVIII. Rights of the data subject
The privacy of the users of our website is important to us. The respective users of the website are qualified as affected persons in the sense of the data protection regulations. For this reason, we would like to point out to the user his rights under data protection law as the person concerned (Compare Articles 12-23 GDPR):
- Right of access by the data subject
- Right to rectification
- Right to restriction of processing
- Right to erasure (‘right to be forgotten’)
- Right of notification
- Right to data portability
- Right to object
- Automated individual decision-making, including profiling
- Right to revoke the data protection declaration of consent
- Right of appeal to a supervisory authority