Privacy policy and information on the use of cookies

comforte AG takes the protection of your personal data seriously and has implemented the according legal provisions of the General Data Protection Regulation ("GDPR") and the Federal Data Protection Act (“BDSG”). For this reason, we would like to inform you to what extent and for what purpose our website processes your personal data.

Name and address of the person responsible and the data protection officer

The processor within the meaning of the GDPR and other national data protection laws of the member states as well as the Data Protection Officer are:

comforte AG
Abraham-Lincoln-Straße 22
65189 Wiesbaden
Deutschland

Tel.: +49-611-93199-00
E-Mail: info(at)comforte.com
Website: www.comforte.com

The Data Protection Officer is:

Thorsten Pregel
Tel.: +49-6127-9659990
E-Mail: privacy(at)comforte.com

 

I. Definition of personal data

According to Art. 4 No. 1 GDPR personal Data “means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

With regard to further definitions in accordance with the GDPR, we refer to Art. 4 GDPR.

II. Scope of processing of personal data

Personal data of the respective users will only be processed, if this serves the functionality of the website and is necessary for the provision of the contents and services. In accordance with the data protection principle of the prohibition with reservation of permission, we only process personal data that has either been provided with the user's prior consent or such consent is not possible for factual reasons and the statutory provisions permit the processing of personal data.

III. Legal basis for the processing of personal data

The central legal basis for the processing of personal data is Art. 6 Sec. 1 GDPR. Reference is made to this permission standard within the framework of this data protection declaration, insofar as this is necessary.

According to Art. 21 Sec. 1 GDPR, you can revoke your consent to the processing of your data at any time with effect for the future, insofar as you have given your consent when accessing the website. If we base the processing of your personal data on the weighing of interests, you may object to the processing.

IV. Data erasure and storage time

The user's personal data will always be deleted if the purpose of storage no longer exists. An exception to this is when the European or national legislator has provided for the storage of data in EU regulations, laws or other provisions to which the person responsible is subject. In addition, personal data will be deleted when the intended storage period has expired, unless there is a legal requirement to do so.

V. Provision of the website and creation of log files

1. Description and scope of data processing

Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer.

When you visit our website, we collect the following data from the respective user:

  1. Information about the browser type und the used version
  2. Email client and version
  3. Operating System of the user
  4. Internet-Service-Provider of the user
  5. IP-address of the user
  6. Date und time of the access to the website
  7. Websites, from which the user's system is accessed on our website
  8. Websites, accessed by the user's system via our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Legal basis for data processing

The relevant legal basis for the temporary storage of data and log files is Art. 6 Sec. 1 lit. f GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this, the IP address of the user must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing pursuant to Art. 6 Sec. 1 lit. f GDPR also lies in these purposes.

4. Duration of storage

The storage of this data is limited to the duration of the user's session on our site when the website is made available, so that this data is deleted when the user leaves the site.

If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or distorted so that an assignment of the calling user is no longer possible.

5. Possibility of objection and elimination

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

VI. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic character string that enables a unique identification of the browser when the website is called up again.

On one hand we use cookies which are only stored on our website for the duration of the user's session and are automatically deleted when the user leaves the site. These are so-called "session cookies". On the other hand, we use cookies that are stored on your end device for a longer period of time so that they recognize the user when they re-enter our website. These types of cookies are called "persistent cookies".

In addition, when cookies are used, a differentiation must be made between necessary and unnecessary cookies. Necessary cookies are those that are necessary for the provision and maintenance of the website and do not require separate consent. If, however, cookies are not necessary, i.e. those that are not absolutely necessary, we obtain the explicit consent of the user in accordance with the data protection regulations.

In addition, we set cookies on the one hand and third parties use cookies on our behalf on the other.

The following list shows the cookies used by us and our processors Hubpsot Inc. and Google Analytics.

The necessary cookies we use are the following:

cookieStatus

  • Purpose: Used to by privacy policy to remember which user has accepted cookies in the browser.
  • Type /Duration: Persistent Cookie / Unlimited

These are the following technically necessary cookies from Hubspot Inc., as a third party, who is responsible for us as a processor:

  1. __hs_opt_out
    • Purpose: This cookie is used by the opt-in privacy policy to remember not to ask the visitor to accept cookies again. This cookie is set when you give visitors the choice to opt out of cookies.
    •  Type/Duration: Persistent Cookie/ Expires after 2 years
  2. __hs_do_not_track
    • Purpose: This cookie can be set to prevent the tracking code from sending any information to HubSpot. Setting this cookie is different from opting out of cookies, which still allows anonymized information to be sent to HubSpot.
    • Type/Duration: Persistent Cookie/ Expires after 2 years
  3. __hs_testcookie
    • Purpose: This cookie is used to test whether the visitor has support for cookies enabled.
    • Type/Duration: Session Cookie/ Expires immediately after Exit of Website
  4. hs_ab_test
    • Purpose: This cookie is used to consistently serve visitors the same version of an A/B test page that they’ve seen before.
    • Type/Duration: Session Cookie/ Expires immediately after Exit of Website
  5. hs_lang_switcher_choice
    • Purpose: This cookie is used to consistently redirect visitors to the language version of a page in the language they’ve selected on this top-level private domain in the past (if such a language version exists).
    • Type/Duration: Persistent cookie/Unlimited
  6. <id>_key
    • Purpose: When visiting a password-protected page, this cookie is set so future visits to the page from the same browser do not require login. The cookie name is unique for each password-protected page.
    • Type/Duration: Persistent cookie/Unlimited
  7. hs-messages-is-open (TTL 30 minutes)
    • Purpose: This cookie is used on the visitor UI side so HubSpot can determine/save whether the chat widget is open for future visits. It resets after 30 minutes to re-close the widget after 30 minutes of inactivity
    • Type/Duration: Session Cookie/30 minutes
  8. hs-messages-hide-welcome-message (TTL 1 day) 
    • Purpose: When you dismiss the welcome message in your messages tool, a cookie is set to prevent it from appearing again for one day.
    • Type/Duration: Persistent Cookie/1 day

These are the following technically unnecessary cookies from Hubspot Inc., as a third party, who is responsible for us as a processor:

  1. hstc
    • Purpose: The main cookie for tracking visitors. It contains the domain, utk (see below), initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
    • Type/Duration: Persistent Cookie/ Expiration after 2 years
  2. hubspotutk
    • Purpose: This cookie is used for to keep track of a visitor's identity. This cookie is passed to HubSpot on form submission and used when de-duplicating contacts.
    • Type/Duration: Persistent Cookie/ Expiration after 10 years
  3. __hssc
    • Purpose: This cookie keeps track of sessions. This is used to determine if we should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. 
    • Type/Duration: Persistent Cookie/ Expiration after 30 min
  4. __hssrc
    • Purpose: Whenever HubSpot changes the session cookie, this cookie is also set. We set it to 1 and use it to determine if the visitor has restarted their browser. If this cookie does not exist when we manage cookies, we assume it is a new session.
    • Type/Duration: Session Cookie/ Expires immediately after Exit of Website
  5. messagesUtk
    • Purpose: This cookie is used to recognize visitors who chat with you via the messages tool. If the visitor leaves your site before they're added as a contact, they will have this cookie associated with their browser. If you have a history of chatting with a visitor and they return to your site later in the same cookied browser, the messages tool will load your conversation history with that visitor.
    • Type/Duration: Persistent Cookie/Unlimited

These are the following technically unnecessary cookies from Google Analytics, as a third party, who is responsible for us as a processor:

  1. _ga
    • Purpose: Used to distinguish users.
    • Type/Duration: Persistent Cookie/ Expires after 2 years
  2. _gid
    • Purpose: Used to distinguish users
    • Type/Duration: Persistent Cookie/ Expires after 24 hours
  3. _gat
    • Purpose: Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>
    • Type/Duration: Session Cookie/ Expires after1 minutes
  4. AMP_TOKEN
    • Purpose: Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.
    • Type/Duration: Persistent Cookie/ Expires after 30 seconds to 1 year
  5. _gac_<property-id>
    • Purpose: Contains campaign related information for the user. If you have linked your Google Analytics and AdWords accounts, AdWords website conversion tags will read this cookie unless you opt-out.
    • Type/Duration: Persistent Cookie/ Expires after 90 days

When you visit our website, an information banner informs you about the use of cookies for analytical purposes and refers you to this data protection statement. In this context, there is also a note on how the storage of cookies can be prevented in the browser settings. Such a prevention of the use of cookies can be made at any time.

2. Legal basis for data processing

The relevant legal basis for the temporary storage of data and log files is Art. 6 Sec. 1 lit. f GDPR.

3. Duration of storage, possibility of objection and elimination

Cookies are stored on the user's computer and transmitted to our site. Therefore, you as a user also has full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in its entirety.

VII. Newsletter

1. Description and scope of data processing

You can subscribe to a free newsletter on our website. When registering for the newsletter, the following data from the input mask are transferred to us:

  1. First name
  2. Last name
  3. Email address
  4. Consent to receive further communication from us
  5. Consent for the data to be processed

In addition, the following data will be collected during registration:

  1. IP-address of the requesting computer
  2. Date and time of the registration
  3. On which Website the form was filled in

In the register process, your consent is obtained for the processing of the data and reference is made to this data protection declaration. Furthermore, we use the double-opt-in procedure in terms of data protection regulations.

In the context of data processing for the dispatch of newsletters, no data is passed on to third parties. The data will be used exclusively for sending the newsletter.

2. Legal basis for data processing

The legal basis for the processing of personal data is after registration and the user's consent to receive the newsletter Art. 6 Sec. 1 lit. a GDPR.

3. Purpose of data processing

The collection of the user's e-mail address serves to send the newsletter.

The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The user's e-mail address will therefore be stored for as long as the subscription to the newsletter is active.

5. Possibility of objection and elimination

The subscription to the newsletter can be revoked by the user concerned at any time. It is sufficient that the user informs us under the mail info@comforte.com that he does not want to receive any more newsletters.

VIII. Registration

1. Description and scope of data processing

On our website, we offer users the opportunity to register by providing personal data. The data is entered into an input mask and transmitted to us and saved. The data will not be passed on to third parties. The following data is collected during the registration process (* these are Mandatory fields):

  1. Email-address*
  2. Password*
  3. First name*
  4. Last name*
  5. Title
  6. Position
  7. Company*
  8. Street*
  9. Country*
  10. State
  11. Zip
  12. Phone number*
  13. Website
  14. Comforte Privacy Policy consent

At the time of registration, the following data is also stored:

  1. IP-address, only the first 6 digits
  2. Date and time of the registration
  3. Date and time, when comforte's data protection guidelines were accepted
  4. Date and time of the last Login

In the framework of the registration process, the user's consent to the processing of this data will be obtained.

2. Legal basis for data processing

The legal basis for the processing of data is Art. 6 Sec. 1 lit. a GDPR if the user has given his consent.

3. Purpose of data processing

A registration of the user is necessary for the provision of certain contents and services on our website. The Customer Center provides the user with important and necessary applications to ensure optimal and comprehensive service provision on our part. It is the central interface with our customers and contains very important tools:

  1. Support Ticket System (core tool for support, very important for 24x7 support)
  2. Download area for products (the only way customers can download our products)
  3. Download area for resources: manuals, videos, white papers
  4. License tool (license generation)
  5. Update notifications
  6. Security notifications
  7. Knowledgebase

4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

This is the case for the data collected during the registration process if the registration on our website is cancelled or changed.

5. Possibility of objection and elimination

The user has the right to revoke his consent of processing the personal data at any time. If the user wishes to revoke his consent, he has to contact us via e-mail (info(at)comforte.com) with the corresponding content. In such a case, a further conversation might not possible anymore.

IX. Contact form and e-mail contact

1. Description and scope of data processing

There is a contact form on our website which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the input mask will be transmitted to us and stored. This data is:

The following is a list of the data in the input mask (fields marked with * are mandatory):

  1. First name
  2. Surname*
  3. Company name*.
  4. Email address*.
  5. Telephone number
  6. Which products are you interested in?*
  7. Consent to receive further communication
  8. Consent that the data will be processed*
  9. Your message*

At the time the message is sent, the following data is also stored:

  1. The IP address of the user
  2. Date and time of registration
  3. On which page the form was filled in

Your consent is obtained for the processing of the data within the scope of the sending process and reference is made to this data protection declaration.

Alternatively, you can contact us via the e-mail address provided. In this case, the user's personal data transmitted by e-mail will be stored.

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for the processing of data is Art. 6 Sec. 1 lit. a GDPR if the user has given his consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 Sec. 1 lit. f GDPR.

3. Purpose of data processing

The processing of the personal data from the input mask serves us only for the treatment of the establishment of contact. In the event of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those that were sent by e-mail, this is the case when the respective conversation with the user is finished. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been finally clarified and no further contact is necessary for the user.

5. Possibility of objection and elimination

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

To assert the objection or the request for removal, all you need to do is send an e-mail to info@comforte.com with the corresponding content. All personal data stored in the course of contacting us will be deleted in this case.

X. Hubspot Inc.

1. Description and scope of data processing

On our Website, we use Hubspot (25 First Street, 2nd Floor, Cambridge, MA 02141, United States) as provider of web analysis tools to track users’ surfing behavior. The Hubspot software uses cookies on the user’s device (about cookies see above). By entering our webpages, we store the following data:

  1. The IP address of the user's invoking system.
  2. City and country, where the IP address comes from
  3. The accessed Website
  4. The Website, the user comes from before entering our website (Referrer)
  5. The sub-pages accessed from the accessed website
  6. The duration the user stays on the Website
  7. The frequency of accessing the Website
  8. Date and time, when the first access of the Website appeared
  9. Date and time, when the last access of the Website appeared

The personal data collected by us via HubSpot are stored on servers of the third party HubSpot in the USA. As this is a processing of personal data in a non-EU country, it has been ensured that the processing is carried out solely in accordance with EU and national data protection legislation. HubSpot Inc. is certified under the necessary requirements of the EU-US Privacy Shield Framework and has committed itself to treat all personal data obtained from member states of the European Union (EU) and Switzerland in accordance with the applicable principles of the Privacy Shield Agreement. For more information regarding Hubspot's privacy policy, please use the following link: https://legal.hubspot.com/privacy-policy.

2. Legal basis for the processing of personal data

The legal basis for processing users' personal data is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The processing of users' personal data enables us to analyze the surfing behavior of our users. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website, its user-friendliness and to offer our users the best possible service. For these purposes, it is also in our legitimate interest to process the data in accordance with Art. 6 para. 1 lit. f GDPR. By anonymizing the IP address, users' interest in protecting their personal data is sufficiently taken into account.

4. Possibility of objection and elimination

The user has the possibility to object to the processing of this personal data at any time by writing us an corresponding e-mail.

XI. Google Analytics

1. Description and scope of data processing

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies” (see above), which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. In case of the IP de-personalization process being activated on this website, your IP address will be shortened by Google within the member states of the European Union or in other member states of the European Economic Area. Only in exceptional cases shall the full IP address be transmitted to a Google server in the USA and shortened there. For the cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. Furthermore, you may prevent the gathering of data by Google created by the Cookie and your website user data (incl. your IP address) and the processing of such data by Google, by downloading and installing the Browser-Plugin which is available at the following link https://tools.google.com/dlpage/gaoptout?hl=en.

2. Legal basis for the processing of personal data

The legal basis for processing users' personal data is Art. 6 Sec. 1 lit. f GDPR.

XII. Use of social media plugins

1. Scope

We use social media plugins on our site. However, these sharing buttons are only provided via the so-called "Shariff" variant. This is not an embedding of the plugins via iframes, but rather a simple HTML link, which is only activated by clicking on the user. This means that the social media platforms only become visible when the user uses the link, so that it depends on the individual behavior of the user whether tracking and storing Internet behavior is possible through the social media platforms. For further information please use the following link: www.heise.de/ct/ausgabe/2014-26-Social-Media-Buttons-datenschutzkonform-nutzen-2463330.html

2. Legal basis for the processing of personal data

The legal basis for processing users' personal data is Art. 6 Sec. 1 lit. f GDPR.

3. Purpose of data processing

The processing of users' personal data enables us to analyze the surfing behavior of our users. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness. For these purposes, it is also in our legitimate interest to process the data in accordance with Art. 6 Sec. 1 lit. f GDPR. By anonymizing the IP address, users' interest in protecting their personal data is sufficiently taken into account.

4. Duration of Storage

The data will be deleted as soon as they are no longer needed for our recording purposes.

XIII. Rights of the data subject

The privacy of the users of our website is important to us. The respective users of the website are qualified as affected persons in the sense of the data protection regulations. For this reason, we would like to point out to the user his rights under data protection law as the person concerned (Compare Articles 12-23 GDPR):

  1. Right of access by the data subject
  2. Right to rectification
  3. Right to restriction of processing
  4. Right to erasure (‘right to be forgotten’)
  5. Right of notification
  6. Right to data portability
  7. Right to object
  8. Automated individual decision-making, including profiling
  9. Right to revoke the data protection declaration of consent
  10. Right of appeal to a supervisory authority