Privacy policy and information on the use of cookies

comforte AG takes the protection of your personal data seriously and has implemented the according legal provisions of the General Data Protection Regulation ("GDPR") and the Federal Data Protection Act (“BDSG”). For this reason, we would like to inform you to what extent and for what purpose our website processes your personal data.

Name and address of the person responsible and the data protection officer

The processor within the meaning of the GDPR and other national data protection laws of the member states as well as the Data Protection Officer are:

comforte AG
Abraham-Lincoln-Straße 22
65189 Wiesbaden
Deutschland

Tel.: +49-611-93199-00
E-Mail: info(at)comforte.com
Website: www.comforte.com

The Data Protection Officer is:

Thorsten Pregel
Tel.: +49-6127-9659990
E-Mail: privacy(at)comforte.com

 

I. Definition of personal data

According to Art. 4 No. 1 GDPR personal Data “means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

With regard to further definitions in accordance with the GDPR, we refer to Art. 4 GDPR.

II. Scope of processing of personal data

Personal data of the respective users will only be processed, if this serves the functionality of the website and is necessary for the provision of the contents and services. In accordance with the data protection principle of the prohibition with reservation of permission, we only process personal data that has either been provided with the user's prior consent or such consent is not possible for factual reasons and the statutory provisions permit the processing of personal data.

III. Legal basis for the processing of personal data

The central legal basis for the processing of personal data is Art. 6 Sec. 1 GDPR. Reference is made to this permission standard within the framework of this data protection declaration, insofar as this is necessary.

According to Art. 21 Sec. 1 GDPR, you can revoke your consent to the processing of your data at any time with effect for the future, insofar as you have given your consent when accessing the website. If we base the processing of your personal data on the weighing of interests, you may object to the processing.

IV. Data erasure and storage time

The user's personal data will always be deleted if the purpose of storage no longer exists. An exception to this is when the European or national legislator has provided for the storage of data in EU regulations, laws or other provisions to which the person responsible is subject. In addition, personal data will be deleted when the intended storage period has expired, unless there is a legal requirement to do so.

V. Provision of the website and creation of log files

1. Description and scope of data processing

Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer.

When you visit our website, we collect the following data from the respective user:

  1. Information about the browser type und the used version
  2. Email client and version
  3. Operating System of the user
  4. Internet-Service-Provider of the user
  5. IP-address of the user
  6. Date und time of the access to the website
  7. Websites, from which the user's system is accessed on our website
  8. Websites, accessed by the user's system via our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Legal basis for data processing

The relevant legal basis for the temporary storage of data and log files is Art. 6 Sec. 1 lit. f GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this, the IP address of the user must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing pursuant to Art. 6 Sec. 1 lit. f GDPR also lies in these purposes.

4. Duration of storage

The storage of this data is limited to the duration of the user's session on our site when the website is made available, so that this data is deleted when the user leaves the site.

If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or distorted so that an assignment of the calling user is no longer possible.

5. Possibility of objection and elimination

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

VI. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic character string that enables a unique identification of the browser when the website is called up again.

On one hand we use cookies which are only stored on our website for the duration of the user's session and are automatically deleted when the user leaves the site. These are so-called "session cookies". On the other hand, we use cookies that are stored on your end device for a longer period of time so that they recognize the user when they re-enter our website. These types of cookies are called "persistent cookies".

In addition, when cookies are used, a differentiation must be made between necessary and unnecessary cookies. Necessary cookies are those that are necessary for the provision and maintenance of the website and do not require separate consent. If, however, cookies are not necessary, i.e. those that are not absolutely necessary, we obtain the explicit consent of the user in accordance with the data protection regulations.

In addition, we set cookies on the one hand and third parties use cookies on our behalf on the other.

For the latest detailed information about our Cookie Settings, please follow this link >> Cookie Settings

When you visit our website, an information banner informs you about the use of cookies for analytical purposes and refers you to this data protection statement. In this context, there is also a note on how the storage of cookies can be prevented in the browser settings. Such a prevention of the use of cookies can be made at any time.

2. Legal basis for data processing

The relevant legal basis for the temporary storage of data and log files is Art. 6 Sec. 1 lit. f GDPR.

3. Duration of storage, possibility of objection and elimination

Cookies are stored on the user's computer and transmitted to our site. Therefore, you as a user also has full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in its entirety.

VII. Newsletter

1. Description and scope of data processing

You can subscribe to a free newsletter on our website. When registering for the newsletter, the following data from the input mask are transferred to us:

  1. First name
  2. Last name
  3. Email address
  4. Consent to receive further communication from us
  5. Consent for the data to be processed

In addition, the following data will be collected during registration:

  1. IP-address of the requesting computer
  2. Date and time of the registration
  3. On which Website the form was filled in

In the register process, your consent is obtained for the processing of the data and reference is made to this data protection declaration. Furthermore, we use the double-opt-in procedure in terms of data protection regulations.

In the context of data processing for the dispatch of newsletters, no data is passed on to third parties. The data will be used exclusively for sending the newsletter.

2. Legal basis for data processing

The legal basis for the processing of personal data is after registration and the user's consent to receive the newsletter Art. 6 Sec. 1 lit. a GDPR.

3. Purpose of data processing

The collection of the user's e-mail address serves to send the newsletter.

The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The user's e-mail address will therefore be stored for as long as the subscription to the newsletter is active.

5. Possibility of objection and elimination

The subscription to the newsletter can be revoked by the user concerned at any time. It is sufficient that the user informs us under the mail info@comforte.com that he does not want to receive any more newsletters.

VIII. Registration

1. Description and scope of data processing

On our website, we offer users the opportunity to register by providing personal data. The data is entered into an input mask and transmitted to us and saved. The data will not be passed on to third parties. The following data is collected during the registration process (* these are Mandatory fields):

  1. Email-address*
  2. Password*
  3. First name*
  4. Last name*
  5. Title
  6. Position
  7. Company*
  8. Street*
  9. Country*
  10. State
  11. Zip
  12. Phone number*
  13. Website
  14. Comforte Privacy Policy consent

At the time of registration, the following data is also stored:

  1. IP-address, only the first 6 digits
  2. Date and time of the registration
  3. Date and time, when comforte's data protection guidelines were accepted
  4. Date and time of the last Login

In the framework of the registration process, the user's consent to the processing of this data will be obtained.

2. Legal basis for data processing

The legal basis for the processing of data is Art. 6 Sec. 1 lit. a GDPR if the user has given his consent.

3. Purpose of data processing

A registration of the user is necessary for the provision of certain contents and services on our website. The Customer Center provides the user with important and necessary applications to ensure optimal and comprehensive service provision on our part. It is the central interface with our customers and contains very important tools:

  1. Support Ticket System (core tool for support, very important for 24x7 support)
  2. Download area for products (the only way customers can download our products)
  3. Download area for resources: manuals, videos, white papers
  4. License tool (license generation)
  5. Update notifications
  6. Security notifications
  7. Knowledgebase

4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

This is the case for the data collected during the registration process if the registration on our website is cancelled or changed.

5. Possibility of objection and elimination

The user has the right to revoke his consent of processing the personal data at any time. If the user wishes to revoke his consent, he has to contact us via e-mail (info(at)comforte.com) with the corresponding content. In such a case, a further conversation might not possible anymore.

IX. Contact form and e-mail contact

1. Description and scope of data processing

There is a contact form on our website which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the input mask will be transmitted to us and stored. This data is:

The following is a list of the data in the input mask (fields marked with * are mandatory):

  1. First name
  2. Surname*
  3. Company name*.
  4. Email address*.
  5. Telephone number
  6. Which products are you interested in?*
  7. Consent to receive further communication
  8. Consent that the data will be processed*
  9. Your message*

At the time the message is sent, the following data is also stored:

  1. The IP address of the user
  2. Date and time of registration
  3. On which page the form was filled in

Your consent is obtained for the processing of the data within the scope of the sending process and reference is made to this data protection declaration.

Alternatively, you can contact us via the e-mail address provided. In this case, the user's personal data transmitted by e-mail will be stored.

In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for the processing of data is Art. 6 Sec. 1 lit. a GDPR if the user has given his consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 Sec. 1 lit. f GDPR.

3. Purpose of data processing

The processing of the personal data from the input mask serves us only for the treatment of the establishment of contact. In the event of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those that were sent by e-mail, this is the case when the respective conversation with the user is finished. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been finally clarified and no further contact is necessary for the user.

5. Possibility of objection and elimination

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

To assert the objection or the request for removal, all you need to do is send an e-mail to info@comforte.com with the corresponding content. All personal data stored in the course of contacting us will be deleted in this case.

X. Hubspot Inc.

1. Description and scope of data processing

On our Website, we use Hubspot (25 First Street, 2nd Floor, Cambridge, MA 02141, United States) as provider of web analysis tools to track users’ surfing behavior. The Hubspot software uses cookies on the user’s device (about cookies see above). By entering our webpages, we store the following data:

  1. The IP address of the user's invoking system.
  2. City and country, where the IP address comes from
  3. The accessed Website
  4. The Website, the user comes from before entering our website (Referrer)
  5. The sub-pages accessed from the accessed website
  6. The duration the user stays on the Website
  7. The frequency of accessing the Website
  8. Date and time, when the first access of the Website appeared
  9. Date and time, when the last access of the Website appeared

The personal data collected by us via HubSpot are stored on servers of the third party HubSpot in the USA. As this is a processing of personal data in a non-EU country, it has been ensured that the processing is carried out solely in accordance with EU and national data protection legislation. HubSpot Inc. is certified under the necessary requirements of the EU-US Privacy Shield Framework and has committed itself to treat all personal data obtained from member states of the European Union (EU) and Switzerland in accordance with the applicable principles of the Privacy Shield Agreement. For more information regarding Hubspot's privacy policy, please use the following link: https://legal.hubspot.com/privacy-policy.

2. Legal basis for the processing of personal data

The legal basis for processing users' personal data is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The processing of users' personal data enables us to analyze the surfing behavior of our users. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website, its user-friendliness and to offer our users the best possible service. For these purposes, it is also in our legitimate interest to process the data in accordance with Art. 6 para. 1 lit. f GDPR. By anonymizing the IP address, users' interest in protecting their personal data is sufficiently taken into account.

4. Possibility of objection and elimination

The user has the possibility to object to the processing of this personal data at any time by writing us an corresponding e-mail.

XI. Drift.com, Inc.

1. Description and scope of data processing

On our Website, we use Drift.com, Inc. (“Drift”, Address: 222 Berkeley Street, 6th Floor, Boston, MA 02116, USA), which collects, processes and stores Personal Data about people who chat with the Customer via Drift. Drift does not sell any Contact Data collected on behalf of the us or market Drift Services to the our site visitors. The Drift software uses cookies on the user’s device (about cookies see above). By accepting the privacy section before starting to chat via the Drift Chat tool, we store the following data:

  • Fist and last name

  • Title, work department, and manager/supervisor name

  • Position

  • Employer

  • Contact information (company, email, phone, physical business address)

  • Photographs (if any)

  • Biographical and directory information, including linked social media profile or posts

  • Localization data

The personal data collected by us via Drift are stored on servers of the third party Drift. in the USA. As this is a processing of personal data in a non-EU country, it has been ensured that the processing is carried out solely in accordance with EU and national data protection legislation. For this reason, we have concluded standard contractual clauses with Drift in accordance with the EU GDPR to ensure a sufficient level of protection for personal data.

2. Legal basis for the processing of personal data

The legal basis for processing users' personal data is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The processing of users' personal data enables us to chat directly with users on our website and we can thus help the user directly with any questions. For these purposes, it is in the user’s legitimate interest to process the data in accordance with Art. 6 para. 1 lit. f GDPR.

4. Possibility of objection and elimination

The user has the possibility to object to the processing of this personal data at any time by writing us an corresponding e-mail.

XII. Google Analytics

1. Description and scope of data processing

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies” (see above), which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. In case of the IP de-personalization process being activated on this website, your IP address will be shortened by Google within the member states of the European Union or in other member states of the European Economic Area. Only in exceptional cases shall the full IP address be transmitted to a Google server in the USA and shortened there. For the cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. Furthermore, you may prevent the gathering of data by Google created by the Cookie and your website user data (incl. your IP address) and the processing of such data by Google, by downloading and installing the Browser-Plugin which is available at the following link https://tools.google.com/dlpage/gaoptout?hl=en.

2. Legal basis for the processing of personal data

The legal basis for processing users' personal data is Art. 6 Sec. 1 lit. f GDPR.

XIII. Customer satisfaction survey (SurveyMonkey Europe UC)

1. Description and scope of data processing

We may use your email address to contact you for customer satisfaction surveys. The response to the customer survey is carried out by SurveyMonkey. To find out how SurveyMonkey processes your data, please see the following links:

2. Legal basis for the processing of personal data

The legal basis for processing users' personal data is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The processing of personal data via customer satisfaction surveys and their analysis serves the purpose that we can offer the customer a constantly improved service. Our ambition is to offer the customer the best possible service. For this reason, it is very important to us that the customer's opinion is expressed as stated in the customer survey.

4. Option to object and elimination

The user has the option to object to the processing of this personal data at any time by writing us a corresponding email. 

XIV. Use of social media plugins

1. Scope

We use social media plugins on our site. However, these sharing buttons are only provided via the so-called "Shariff" variant. This is not an embedding of the plugins via iframes, but rather a simple HTML link, which is only activated by clicking on the user. This means that the social media platforms only become visible when the user uses the link, so that it depends on the individual behavior of the user whether tracking and storing Internet behavior is possible through the social media platforms. For further information please use the following link: www.heise.de/ct/ausgabe/2014-26-Social-Media-Buttons-datenschutzkonform-nutzen-2463330.html

2. Legal basis for the processing of personal data

The legal basis for processing users' personal data is Art. 6 Sec. 1 lit. f GDPR.

3. Purpose of data processing

The processing of users' personal data enables us to analyze the surfing behavior of our users. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness. For these purposes, it is also in our legitimate interest to process the data in accordance with Art. 6 Sec. 1 lit. f GDPR. By anonymizing the IP address, users' interest in protecting their personal data is sufficiently taken into account.

4. Duration of Storage

The data will be deleted as soon as they are no longer needed for our recording purposes.

XV. Applications

1. Scope
By submitting an application electronically, i.e. via e-mail or using our online form at our job portal, you express your interest in taking up work with us. In this context, you transmit personal data and can choose to upload expressive documents such as a cover letter, your CV and reference letters.

Your personal data will be transmitted using comforte's most advanced technologies (https://www.comforte.com/data-security) and stored in our databases in a secure way. The application database is operated by Personio GmbH, which offers a human resource and applicant management software solution (https://www.personio.com/legal-notice/). In this context, Personio is our processor under article 28 of the GDPR. In this case, the processing is based on an agreement for the processing of orders between us as the controller and Personio.

2. Legal basis for the processing of personal data

The legal basis for this processing of personal data is Art. 88 GDPR in conjunction with § 26 BDSG (new) and, if applicable, Art. 6 Para. 1 lit. b GDPR for the initiation or fulfilment of a contractual relationship.

3. Purpose of data processing

If you apply to us, we will collect and process your personal data for the purpose of executing the application process and preparing contracts.

Only authorized HR staff and/or staff involved in the application process have access to your data.
The personal data is stored, as a rule, exclusively for the purpose of filling the vacancy for which you have applied.

4. Duration of Storage

Your data will be stored for a period of 90 days after the application process has been concluded. This is usually done to fulfill legal requirements and/or defending ourselves against any claims arising from legal provisions. After this period, we are obligated to delete or anonymize your data. In case of anonymization, the data will only be available to us in the form of so-called metadata, without any direct personal reference, for statistical analysis (for example, share of male and/or female applicants, number of applications per specified period of time etc.).

Should you be offered and accept a position with us during the application process, we will store the personal data collected as part of the application process for at least the duration of your employment.

5. Possibility of objection and elimination

You have the right to revoke your consent of processing the personal data at any time. If you wish to revoke your consent, please contact us via e-mail (info(at)comforte.com) with the corresponding content.

XVI. Rights of the data subject

The privacy of the users of our website is important to us. The respective users of the website are qualified as affected persons in the sense of the data protection regulations. For this reason, we would like to point out to the user his rights under data protection law as the person concerned (Compare Articles 12-23 GDPR):

  1. Right of access by the data subject
  2. Right to rectification
  3. Right to restriction of processing
  4. Right to erasure (‘right to be forgotten’)
  5. Right of notification
  6. Right to data portability
  7. Right to object
  8. Automated individual decision-making, including profiling
  9. Right to revoke the data protection declaration of consent
  10. Right of appeal to a supervisory authority