Data Protection

Data protection – Candis GmbH

1. Introduction

Thank you for visiting our website Candis.io. The protection and security of our customers' and users' data is important to us. We have therefore designed our website and our business processes in such a way that as little personal data as possible is collected or processed. The following privacy statement explains what information we collect during your visit to our website and what parts of this information are used, if any, and how. Below, you are welcome to read in detail how we handle your personal data.

Candis takes the protection of your personal data very seriously and strictly adheres to the rules of the data protection laws of the Federal aRepublic of Germany, the Telemedia Act and the data protection regulations of the European Union. Candis obligates its employees to comply with the data protection requirements of the DSGVO.

The following statement also provides you with an overview of how Candis ensures this protection and what type of data is collected for what purpose.

For all questions regarding data protection, please contact the following e-mail address: datenschutz@Candis.io

2. Collection of server log data

We process so-called access data (in particular your IP address) on our website for statistical evaluations for the purpose of the operation, security and technical optimization of our website. This enables us to present our website to you more effectively and to identify errors. We collect access data when you call up our website and store it in a log file (so-called log file):

- Name of the accessed website,

- the date and time of the retrieval,

- the amount of data transferred / notification of successful retrieval,

- browser type and version,

- the operating system,

- referrer URL,

- requesting provider / your IP address

From these data you are not identifiable for us. Log data is regularly deleted in a timely manner, but at the latest after 90 days. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f) DSGVO.

3. Processing and use

Candis collects, processes and uses the personal data - unless expressly provided otherwise in this Privacy Policy - exclusively for the purpose of processing the contractual relationship pursuant to Art. 6(1)(b) DSGVO and for improving the user experience pursuant to Art. 6(1)(a) DSGVO and Art. 6(1)(f) DSGVO i.e. for the purpose of

● Creation of an account

● Verification of the customer identity

● Processing of the payment

● Suggesting individual suggestions for improvement that are helpful to the customer.

Personal data will be transmitted to third parties if the data subject has expressly consented to this in accordance with Art. 6 (1) sentence 1 a) DSGVO, if there is a legal requirement for the data transmission in accordance with Art. 6 (1) sentence 1 c) DSGVO, or if there is a legal requirement for the data transmission in accordance with Art. 6 (1) sentence 1 a) DSGVO. c) DSGVO a legal obligation exists, and/or this is necessary for the fulfillment of a contractual relationship with the data subject according to Art. 6 para. 1 sentence 1 letter b) DSGVO.

In other cases, personal data will not be disclosed to third parties.

4. Cookies use

On our site we use so-called "cookies". Cookies are small text files used by websites to simplify and speed up the management of your visit to our website or are necessary to allow you to use and access secure areas of the website.

Website cookies contain personal information about the customer. Cookies save the website customer from having to enter data multiple times, facilitate the transmission of specific content, and help Candis identify particularly popular areas of the website. This enables Candis, among other things, to tailor the content of its website precisely to the needs of its customer.

If the use of cookies is deactivated via the browser settings, the range of services can no longer be accessed.

Depending on where a cookie originates, a distinction can be made between so-called first-party cookies and third-party cookies:


First-Party-Cookies

 
Cookies that are generated and stored locally by the website operator, as the controller, or by a processor commissioned by the operator. Only the operator has access to these cookies later.

Third-Party-Cookies

 
Cookies that are generated, set and accessed by third-party providers that are not acting as processors on behalf of the website operator.

Depending on the validity period, a distinction can also be made between so-called transient and persistent cookies:

Transient Cookies

 

 
Cookies, which are automatically deleted when you close the browser. These include in particular the session cookies.

Persistent Cookies

 
Cookies that remain stored on your terminal device for a specified period of time after you close the browser.

Depending on their nature and purpose, the use of certain cookies may require the consent of the user. In this respect, cookies can be differentiated according to whether the user's consent is mandatory for their use:

Consent free Cookies

Cookies that are strictly necessary for the website operator, expressly requested by the subscriber or user, to provide this service ("Strictly Necessary Cookies").

 

Cookies requiring consent

Cookies used for all purposes other than those mentioned above.

 

Insofar as the user's consent is required, we use these cookies alone if you have given your consent in advance. When you call up our website, we display a so-called "cookie banner" in this respect, in which you can declare your consent to the use of cookies on the website by pressing a button.

Cookies that are absolutely necessary cannot be deactivated via the cookie banner on this website. However, you can generally manage and disable these cookies in your browser at any time.

This site uses different types of cookies:

Essential Cookies

 

These cookies are set automatically when the website or a specific function is called up, unless you have prevented cookies from being set by means of settings in your browser.

Name

Provider

Purpose

Expiration

Type

iw_optional_cookies_statusinwendoSaves the selected setting of the cookie banner.30 Takehttp Cookie

Preference Cookies

 

These cookies allow a website to remember certain information that affects how a website behaves or looks. (For example, the preferred language or the region in which a user is located).

Name

Provider

Purpose

Expiration

Type

__cfduidCloudflareSecurity cookie which helps Cloudflare to detect dangerous visitors on the websites and minimize blocking of legitimate users. The IP of the user is anonymized.30 Dayshttp Cookie

We process the data collected through the use of these cookies on the basis of Article 6 Paragraph 1 Letter a) GDPR.

Statistical Cookies

 

These cookies enable website operators to understand how visitors interact with websites by aggregating and reporting data anonymously.

Name

Provider

Purpose

Expiration

Type

_gidGoogle AnalyticsUsed to anonymously identify the user1 Dayhttp Cookie
Ajs_anonymous_idGoogle AnalyticsTo record the number of users, even with recurring calls12 Monthshttp Cookie
ajs_user_idGoogle AnalyticsTo record site usage, achievement of predefined events and goals, and to measure site performance and stability12 Monthshttp Cookie
_ga[4x]Google Tag ManagerRegisters a unique ID that is used to generate statistical data on how the visitor uses the website.24 Monthshttp Cookie
CONSENTGoogleSecurity cookies set by Google to authenticate users, prevent fraudulent use of login information and protect user data from unauthorized access.20 yearshttp Cookie
DVGoogle AnalyticsThis cookie is used to store user preferences and other information. These include in particular the preferred language, the number of search results to be displayed on the page and the decision whether or not to activate the Google SafeSearch filter.Sessionhttp Cookie
__utmzz,Google AnalyticsParameters for using Google Analytics (can also be deactivated before accepting the cookie banner)6 Monthshttp Cookie
__utmzzsesGoogle AnalyticsParameters for using Google Analytics (can also be deactivated before accepting the cookie banner)Sessionhttp Cookie
_hjClosedSurveyInvitesHotjarCookie is only set in certain cases - cookie that is created when a user interacts with an external survey link and prevents the survey invitation from appearing again.1 yearhttp Cookie
_hjDonePollsHotjarCookie which ensures that a Hotjar survey is not displayed again to a user who has already answered the survey.1 yearhttp Cookie
_hjMinimizedPollsHotjarCookie which ensures that a survey window remains minimized when the user visits a page on which it should appear.1 yearhttp Cookie
_hjShownFeedbackMessageHotjarThis cookie is set when the user first answers or minimizes a feedback window. The cookie is set so that the window remains minimized when the user visits a page in which it should be displayed.1 yearhttp Cookie
_hjidHotjarHotjar cookie that is set when the customer first lands on a page with the Hotjar script. It is used to store the Hotjar user ID unique to that page in the browser. This ensures that behavior on subsequent visits to the same page can be attributed to the same user ID.1 yearhttp Cookie
_hjRecordingLastActivityHotjarStored in session storage, unlike cookies. This file is dropped when a recording starts and when the recording is sent through the WebSocket (thus when the user does something that Hotjar records).Sessionhttp Cookie
_hjTLDTestHotjarWhen the Hotjar script runs, Hotjar tries to figure out the most generic cookie path, which we should use instead of the site's hostname. This is done so cookies can be shared across subdomains (if applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed.Sessionhttp Cookie
_hjUserAttributesHashHotjarUser attributes sent via the Hotjar detection interface are and are cached for the duration of the session to know when an attribute has changed and needs to be updated.Sessionhttp Cookie
_hjCachedUserAttributesHotjarThis cookie stores user properties that are sent through the Hotjar identification interface. These properties are only saved when the user interacts with the Hotjar feedback window.Sessionhttp Cookie
_hjLocalStorageTestHotjarThis cookie is used to check whether Hotjar can store data in local storage. This cookie is deleted immediately after use.Sessionhttp Cookie
_hjIncludedInPageviewSampleHotjarThis cookie is set to tell Hotjar whether this visitor is included in the data sample defined by your website's pageview limit.30 minuteshttp Cookie
_hjIncludedInSessionSampleHotjarThis cookie is set to tell Hotjar whether this visitor is included in the data sample defined by your site's daily session limit.30 minuteshttp Cookie
_hjAbsoluteSessionInProgressHotjarThis cookie is used to recognize a user's first pageview session. This is a true/false flag set by the cookie.30 minuteshttp Cookie
_hjFirstSeenHotjarThis cookie is set to identify the first session of a new user. It stores a true/false value indicating whether Hotjar saw this user for the first time. It is used by recording filters to identify new user sessions.Sessionhttp Cookie
hjViewportIdHotjarThis cookie stores information about the viewing settings used by the user, such as the resolution used.Sessionhttp Cookie
_hjRecordingEnabledHotjarThis cookie is added when a recording is started and is read when the recording engine is initialized to determine if the user is already in a recording in a given session.Sessionhttp Cookie

We process the data collected through the use of these cookies on the basis of Article 6 Paragraph 1 Letter a) GDPR.

Marketing-Cookies

 

Cookies used to track visitors on websites. The idea is to display ads that are important and engaging to the individual user and therefore more important to publishers and third party advertisers.

Name

Provider

Purpose

Expiration

Type

WEBingThis cookie keeps track of information about how the end-user uses the website and any advertisements that the end-user saw before visiting said website.13 monthshttp Cookie
intercom-id-rbert73iIntercomTo create unique anonymous identifiers9 monthshttp Cookie
intercom-session-rbert73iIntercomTo detect sessions and recurring sessions7  dayshttp Cookie
GOESGoogle DoubleclickCookie to store user preferences. E.g. to display individual advertising.2 yearshttp Cookie
frFacebookCookie to enable Facebook functions on our site3 dayshttp Cookie
1P_JARGoogle DoublecklickUsed to optimize advertising by Google DoubleClick, to provide ads relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads multiple times.1 monthhttp Cookie
ANIDGooglePlaying out individual and relevant advertising6 dayshttp Cookie
NOTGooglePlaying out individual and relevant advertising6 dayshttp Cookie
lidcLinkedinUsed for routing1 dayhttp Cookie
lisscLinkedinClassification pending12 dayshttp Cookie
justLinkedInSaves the language setting usedSessionhttp Cookie
UserMatchHistoryLinkedinUsed to track visitors across multiple websites in order to present relevant advertisements based on the visitor's preferences.29 dayshttp Cookie
Visitor_id<id>Salesforce PardotThe visitor cookie contains a unique visitor ID and the unique identifier for your account. For example, the cookie name visitor_id12345 stores the visitor ID 1010101010. The account identifier 12345 ensures that the visitor is being tracked on the correct Pardot account. The visitor value is the visitor_id in your Pardot account. This cookie is set for visitors by the Pardot tracking code.Up to 10 yearshttp Cookie
Visitor_id<id>hashSalesforce PardotThe visitor hash cookie contains the account ID and stores a unique hash. The cookie name visitor_id12345-hash stores e.g. For example, the hash is "855c3697d9979e78ac404c4ba2c66533" and the account ID is 12345. This cookie is a security measure to ensure that a malicious user cannot impersonate a Pardot visitor and access relevant prospect information.Up to 10 yearshttp Cookie
_BEAMER_FIRST_VISIT_{product ID}BeamerSave the date of your first visit to the website.3000 dayshttp Cookie
_BEAMER_USER_ID{product ID}BeamerStores a unique user ID of the user.300 dayshttp Cookie
_BEAMER_LAST_UPDATE_{product ID}BeamerStores a timestamp for the last number of unread updates for this user.3000 dayshttp Cookie
_BEAMER_FILTER_BY_URL_{product ID}BeamerStores whether a URL filter is available20 minuteshttp Cookie
_BEAMER_DATE_{product ID}BeamerStores the time the feed was last accessed.300 Dayshttp Cookie
_BEAMER_LAST_POST_SHOWN_{product ID}Beamer(Cookie is only stored if certain circumstances are met) Saves the user ID of the last post that was displayed as a teaser by Beamer300 dayshttp Cookie
_BEAMER_SOUND_PLAYED_{product ID}Beamer(Cookie is only stored if certain circumstances are met) Saves whether the notification sound was played after the last notification7 dayshttp Cookie
_BEAMER_LAST_PUSH_PROMPT_INTERACTION_{product ID}Beamer(Cookie is only stored if certain circumstances are met) Stores the date of the user's last interaction with the300 dayshttp Cookie
_BEAMER_NPSLAST_SHOWN_{product ID}Beamer(Cookie is only stored if certain circumstances are met) Saves the time at which the user satisfaction survey was last shown to the customer.300 dayshttp Cookie
taboola_global:user-idTabolaStores a unique user ID of the user.1 yearhttp Cookie

5. Statistical evaluation - tracking

We use tracking technology on our website to measure and evaluate our website and to be able to optimize our content. To protect our users and partners, we can also detect and defend against fraud and security risks. The legal basis for this data processing is the consent you have given us (Art. 6 Para. 1 lit. a) GDPR). To do this, we use the following products, which are provided to us by service providers:

5.1 Leadlab

We use the Leadlab service from theWiredMinds GmbH, Lindenfühlstraße 32, 70176 GmbH and its tracking pixel technology to analyze user behavior and optimize our site based on this.

In particular, the service allows us to see which companies have visited our site. We do not receive any information that directly identifies you. In connection with the use of Leadlab, cookies and tracking pixels are used, which enable a statistical analysis of the use of this website through your visits. Information - including personal information - about your visitor behavior is stored in the cookie and transmitted to Wiredminds or collected directly by Wiredminds.

The information is processed by Wiredminds using a pseudonym in a usage profile for the purpose of analysis and is anonymised as far as possible. The data obtained in this way will not be used to identify you personally without your separate consent and the data will not be combined with personal data about you as the bearer of the pseudonym.

Insofar as IP addresses are collected, they are made anonymous immediately after collection by deleting the last block of numbers.

Information on data protection at Wireminds GmbH can be found on this company's website.

The legal basis for this type of data processing is your consent, Article 6 (1) (a) GDPR. You can withdraw your consent at any time with effect for the future. Please use the "Cookie consent" function in the footer.

Wiredminds processes the data on our behalf on the basis of an order processing agreement between us and Wiredminds. This ensures that data processing on our behalf is carried out in accordance with the General Data Protection Regulation while guaranteeing the protection of the rights of the data subjects.

Information on data protection at Wireminds GmbH can be found at:

https://www.wiredminds.de/datenschutz/

.

5.2 Pardot

This website uses the Pardot analysis tool from salesforce.com, inc, San Francisco, CA 94105, USA. We use Pardot to analyze and regularly improve the use of our website. To do this, we analyze user and click behavior on our website in order to better tailor our communication to customer needs.


The legal basis for this type of data processing is your consent, Article 6 (1) (a) GDPR.

You can withdraw your consent at any time with effect for the future. Please use the "Cookie consent" function in the footer.


Salesforce has submitted to the Privacy Shield Agreement between the European Union and the USA and has been certified. Salesforce thus undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the list of

Privacyshield participants

.


Pardot processes the data on our behalf based on an order processing agreement between us and Pardot. This ensures that data processing on our behalf is carried out in accordance with the General Data Protection Regulation while guaranteeing the protection of the rights of the data subjects.


5.3 Segment

We use "Segment" on our website, a service provided by Segment.io, Inc., 100 California Street, Suite 700, San Francisco, CA 94111, USA (hereinafter referred to as: "Segment"). Segment stores and processes information about your user behavior on our website.

We use segments for marketing and optimization purposes, in particular to analyze the use of our website and to be able to continuously improve individual functions and offers as well as the user experience. By statistically evaluating user behavior, we can improve our offer and make it more interesting for you as a user. The legal basis for this type of data processing is your consent, Article 6 (1) (a) GDPR.

You can withdraw your consent at any time with effect for the future. Please use the "Cookie consent" function in the footer.

Segment processes the data on our behalf on the basis of an order processing contract between us and segment. This ensures that data processing on our behalf is carried out in accordance with the General Data Protection Regulation while guaranteeing the protection of the rights of the data subjects.


Segment has submitted to the Privacy Shield Agreement between the European Union and the USA and has been certified. Segment thus undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the list of

Privacyshield participants

.

Further information from the third-party provider on data protection can be found on the following website:

https://segment.com/docs/legal/privacy/

.

5.4 Google Analytics

We use Google Analytics, web analytics services provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4 Ireland ("Google").

The protection of your data is important to us, which is why we have also added the "anonymizeIp" configuration parameter to Google Analytics. Your IP address is only recorded in abbreviated form by the code. We therefore process your personal usage data in Google Analytics anonymously. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

The IP address transmitted by the user's browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; In addition, users can prevent the data generated by the cookie and related to their use of the online offer being collected by Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link:

http://tools.google.com/dlpage/gaoptout?hl=de.

Otherwise, your data will only be processed in a pseudonymised form, as explained in more detail below. It is not possible for us to draw any conclusions about your person. Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and internet usage. Pseudonymous user profiles can be created from the processed data.

Cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. You can withdraw your consent at any time with effect for the future. Please use the "Cookie consent" function in the footer.

Google processes the data on our behalf on the basis of an order processing contract between us and Google. This ensures that data processing on our behalf is carried out in accordance with the General Data Protection Regulation while guaranteeing the protection of the rights of the data subjects.


You can find more information on data use by Google, setting and objection options in Google's data protection declaration (

https://policies.google.com/technologies/ads

) and in the settings for the display of advertisements by Google (

https://adssettings.google.com/authenticated

).


Google has submitted to the Privacy Shield Agreement between the European Union and the USA and has been certified. Google thus undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the list of

Privacyshield participants

.

Further information on the terms of use of Google Analytics and the data protection regulations can be found at:

http://www.google.com/analytics/terms/de.html

or under

https://policies.google.com/?hl=de&gl=de

.

5.5 Facebook

This website uses integrated plugins from the social network Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). An overview of the Facebook plugins can be found here:

https://developers.facebook.com/docs/plugins/

.

When you visit our website, a direct connection is established between your browser and the Facebook server via the plugin. Facebook receives the information that you have visited our site with your IP address. If you click the Facebook "Like" button while you are logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to assign visits to our pages in each case. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the data transmitted or how it is used by Facebook. If you do not want Facebook to be able to associate your visit to our site with your Facebook user account, please log out of your Facebook user account.

Facebook remarketing tags are integrated on our website. When you visit our pages, a direct connection is established between your browser and the Facebook server via the remarketing tags. Facebook receives the information that you have visited our site with your IP address. This allows Facebook to assign visits to our pages in each case. We can use the information obtained in this way to display Facebook Ads.

The cookies are stored on the basis of Article 6 (1) (a) GDPR. You can withdraw your consent at any time with effect for the future. Please use the "Cookie consent" function in the footer.


Meta has submitted to the Privacy Shield Agreement between the European Union and the USA and has been certified. Meta thus undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the list of

Privacyshield participants

.

Information on how to contact Facebook, how to set up advertisements and the data usage guidelines is available under the following link:

http://de-de.facebook.com/about/privacy

.

5.6 Intercom

On our website we use "Intercom", a service of Intercom, Inc., 55 Second Street, Suite 400, San Francisco, CA 94105, USA (hereinafter referred to as: "Intercom"). Intercom stores and processes information about your user behavior on our website to enable easier support via the built-in chat function.

We use Intercom for marketing and optimization purposes, in particular to analyze the use of our website and to be able to continuously improve individual functions and offers as well as the user experience. By statistically evaluating user behavior, we can improve our offer and make it more interesting for you as a user. The legal basis for this type of data processing is your consent, Article 6 (1) (a) GDPR.

You can withdraw your consent at any time with effect for the future. Please use the "Cookie consent" function in the footer.

Intercom processes the data on our behalf on the basis of an order processing contract between us and intercom. This ensures that data processing on our behalf is carried out in accordance with the General Data Protection Regulation while guaranteeing the protection of the rights of the data subjects.


Intercom has submitted to the Privacy Shield Agreement between the European Union and the USA and has been certified. Intercom thus undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the list of

Privacyshield participants

.


Further information from the third-party provider on data protection can be found on the following website:

https://www.intercom.com/legal/terms-and-policies

.

5.7 Optimizely

We use the “Optimizely” software, a web analysis service provided by Optimizely, Inc., ("Optimizely") on our website. Optimizely is provided by Optimizely GmbH, Spichernstrasse 6, 50672 Cologne, Germany.

The program allows us to create different versions of a page (A/B tests) and direct the users of our website to different pages. By statistically evaluating user behavior, we can improve our offer and make it more interesting for you as a user. The legal basis for this type of data processing is your consent, Article 6 (1) (a) GDPR.


You can withdraw your consent at any time with effect for the future. Please use the "Cookie consent" function in the footer.

In addition, you can deactivate Optimizely tracking at any time and thus prevent Optimizely from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Optimizely by following the instructions on

https://www.optimizely.com/legal/opt-out/

consequences.

Optimizely processes the data on our behalf on the basis of an order processing contract between us and Optimizely. This ensures that data processing on our behalf is carried out in accordance with the General Data Protection Regulation while guaranteeing the protection of the rights of the data subjects.

For more information about how Optimizely processes your data, visit

https://www.optimizely.com/privacy/

.

5.8 Bing Ads

On our website we use technologies from "Bing Ads", a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter referred to as: "Microsoft").

Bing Ads collects and stores data from which usage profiles are created using pseudonyms. Bing Ads enables us to track user activities on our website, insofar as the users have reached our website via ads from Bing Ads. If you access our website via such an ad, a cookie will be set on your end device. This enables us and Microsoft to understand that a user clicked on a Bing Ads ad and was redirected to our website. Microsoft and we can also understand that the user has reached a predetermined target page, a so-called conversion page. We only learn the total number of users who clicked on a Bing Ads ad and were then redirected to the conversion page.

The information collected is transferred to Microsoft servers in the USA and stored there for a maximum of 180 days. In addition, Microsoft may be able to use so-called cross-device tracking to track your usage behavior across several end devices you use. This allows Microsoft to show you personalized advertising on Microsoft websites and in apps provided by Microsoft.

We use Bing Ads for marketing and optimization purposes, in particular to analyze the use of our website and to be able to continuously improve individual functions and offers as well as the user experience. By statistically evaluating user behavior, we can improve our offer and make it more interesting for you as a user. This is also our legitimate interest in the processing of the above data by the third-party provider. The legal basis for this type of data processing is your consent, Article 6 (1) (a) GDPR.

You can withdraw your consent at any time with effect for the future. Please use the "Cookie consent" function in the footer.

Microsoft processes the data on our behalf based on an order processing agreement between us and Microsoft. This ensures that data processing on our behalf is carried out in accordance with the General Data Protection Regulation while guaranteeing the protection of the rights of the data subjects.


Microsoft has submitted to the Privacy Shield Agreement between the European Union and the USA and has been certified. Microsoft thus undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the list of

Privacyshield participants

.

You can find more information about the analysis services of Bing Ads at:

https://help.bingads.microsoft.com/#apex/3/de/53056/2

.

5.9 OptinMonster

We use the “OptinMonster” software on our website, a service provided by Retyp, LLC., 5127, NW 24th Dr, Gainesville, Florida, 32605, OptinMonster stores and processes information about your user behavior on our website.

The program enables us to include pop-ups and other opt-ins (such as floating bars) on our website. The data is only collected through an active action by the customer (e.g. the customer registers for the newsletter via a pop-up). OptinMonster does not store the collected data on its own servers, but forwards it directly to Candis. The legal basis for this type of data processing is your consent, Article 6 (1) (a) GDPR.

You can withdraw your consent at any time with effect for the future. Please use the "Cookie consent" function in the footer.

OptinMonster processes the data on our behalf on the basis of an order processing agreement between us and OptinMonster. This ensures that data processing on our behalf is carried out in accordance with the General Data Protection Regulation while guaranteeing the protection of the rights of the data subjects.


Retyp has submitted to the Privacy Shield Agreement between the European Union and the USA and has been certified. Retyp thus undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the list of

Privacyshield participants

.

Details on how Optinmonster handles the customer's personal data are described in more detail in Optinmonster's data protection information (https://optinmonster.com/privacy/).


5.10 Beamer

We use the “Beamer” software on our website, a service provided by Joincube, Inc..

We use Beamer to notify our users of important changes, news, and updates, as well as to collect user feedback on our latest updates. Beamer uses cookies and other technologies to collect data about the behavior of our users and their devices (in particular the IP address of the device (is only recorded and stored in an anonymous form), the device type (unique device identifier), browser information, geographic location). (country only), the preferred language in which our website is displayed). Beamer stores this information in a pseudonymised user profile. Neither Beamer nor we will ever use this information to identify individual users or to match it with other data about an individual user. The legal basis for this type of data processing is your consent, Article 6 (1) (a) GDPR.

Beamer processes the data on our behalf on the basis of an order processing contract between us and Beamer. This ensures that data processing on our behalf is carried out in accordance with the General Data Protection Regulation while guaranteeing the protection of the rights of the data subjects.


You can withdraw your consent at any time with effect for the future. Please use the "Cookie consent" function in the footer.


Joincube has submitted to the Privacy Shield Agreement between the European Union and the USA and has been certified. Joincube thus undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the list of

Privacyshield participants

.


You can find more information about beamer at:

https://www.getbeamer.com/privacy-policy/


5.11 Hotjar

We use the “Hotjar” software on our website, a service provided by Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta.

We use Hotjar to better understand the needs of our users and to optimize the offer and experience on this website. Hotjar's technology gives us a better understanding of our users' experiences (e.g. how much time users spend on which pages, which links they click, what they like and don't like, etc.) and this helps us tailor our offering to our users' feedback to align Hotjar works with cookies and other technologies to collect data about the behavior of our users and their end devices, in particular the IP address of the device (is only recorded and stored in anonymous form while you are using the website), screen size, device type (unique device identifiers). ), information about the browser used, location (country only), preferred language for viewing our website. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually prohibited from selling the data collected on our behalf. The legal basis for this type of data processing is your consent, Article 6 (1) (a) GDPR.


You can withdraw your consent at any time with effect for the future. Please use the "Cookie consent" function in the footer.


For more information see the 'about Hotjar' section on Hotjar's help page:

https://help.hotjar.com/hc/en-us/categories/115001323967-About-Hotjar


5.12 Taboola

We use the “Taboola” software on our website, a service provided by Taboola, Inc., 16 Madison Square West,

7th Floor, New York, New York 10010.


Our website uses Taboola technology. Taboola uses cookies to determine what content you use and which of our pages you visit if you have arrived at our website by clicking on a Taboola advertisement.

This procedure is used to evaluate the effectiveness of the advertisements for statistical and market research purposes and can help to optimize future advertising measures. These usage profiles do not allow any conclusions to be drawn about your person and are anonymous to us. We process this data on the basis of your consent in accordance with Article 6 (1) (a) GDPR.


You can withdraw your consent at any time with effect for the future. Please use the "Cookie consent" function in the footer.


For more information on Taboola, visit:

https://www.taboola.com/policies/privacy-policy

In addition, Taboola has created a way to permanently deactivate the processing of your data (opt-out):

https://www.taboola.com/policies/privacy-policy#user-choices-and-opting-out


5.13 Ethn.io


On our website we use technologies from "Ethn.io", a service of Ethn.io, Inc., 6121 Sunset Blvd., Los Angeles California 90028, USA (hereinafter referred to as: "Ethn.io").


With the help of Ethn.io, we carry out individual surveys on user behavior and satisfaction on a voluntary basis. A transfer takes place via the servers of Ethn.io. By evaluating the surveys, we can improve our offer and fix errors faster, thus making our software better and more interesting for you as a user. This is also our legitimate interest in the processing of the above data by the third-party provider. The legal basis for this type of data processing is your consent, Article 6 (1) (a) GDPR.


We have concluded standard contractual clauses with Ethn.io in accordance with Art. 46 Para. II Letter c) GDPR, in order to be able to guarantee the perception and enforceability of the rights of our users and the level of protection of their data. In individual cases, processing can take place on the basis of Article 49 (1) (a) GDPR. We would like to point out that we select our third-party services as carefully as possible, but due to the current legal situation with service providers in the USA there is a residual risk of evaluation by American authorities.


Ethn.io has submitted to the Privacy Shield Agreement between the European Union and the USA and has been certified. Ethn.io thus undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the list of

Privacyshield participants

.


You can find more information about data processing by Ethn.io at:

https://ethn.io/privacy

.


5.14 VWO


We use the “VWO” software on our website, a service provided by Wingify Software Pvt Ltd., Schellinggase 3/10, 1010 Vienna, Austria.

We use VWO to better understand the needs of our users and to optimize the offer and experience on this website. Using VWO's technology, we get a better understanding of our users' experiences (e.g. how much time users spend on which pages, which links they click on, what they like and don't like, etc.) and this helps us to tailor our offer to our users' feedback to align The program allows us to create different versions of a page (A/B testing) and direct users to different pages for testing purposes of our website. By statistically evaluating user behavior, we can improve our offer and make it more interesting for you as a user. The legal basis for this type of data processing is your consent, Article 6 (1) (a) GDPR.


VWO processes the data on our behalf on the basis of an order processing contract between us and VWO. This ensures that data processing on our behalf is carried out in accordance with the General Data Protection Regulation while guaranteeing the protection of the rights of the data subjects.


More information can be found on VWO's help page:

https://vwo.com/de/compliance/gdpr/


5.15 emlen


We use the "emlen" software on our website, a service provided by emlen GmbH, Dudweilerstraße 71, 66111 Saarbrücken, Germany.

We use emlen to create individual "deal rooms" for our customers and thus offer you a better user experience. The program allows us to create different versions of a sales page. By statistically evaluating user behavior, we can improve our offer and make it more interesting for you as a user. The legal basis for this type of data processing is your consent, Art. 6 para. 1 lit. a) GDPR.


If you consent to and use the emlen GmbH dealroom application, the following data will be transmitted to emlen GmbH


IP address (anonymized)

Browser, device and location information

Pages viewed, content viewed and duration

Referral URL

e-mail address


emlen processes the data on our behalf on the basis of an order processing contract between us and emlen. This ensures that the data processing on our behalf is carried out in accordance with the General Data Protection Regulation while guaranteeing the protection of the rights of the data subjects.


Further information can be found on emlen's help page:

https://www.emlen.io/emlen-datenschutz


5.16 Google Ads & Google Remarketing


We use Google Ads & Google Remarketing, an advertising service of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google Ads & Google Remarketing enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively, for example by analyzing which search terms have led to the display of our advertisements and how many advertisements have led to corresponding clicks.

Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

This list contains all data collected by or through the use of this service.


  • your web request

  • the IP address

  • the browser type

  • the browser language

  • the date and time of your request

  • one or more cookies that may uniquely identify your browser

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with Art. 25 para. 1 GDPR.


Google processes the data on our behalf on the basis of a data processing agreement between us and Google. This ensures that the data processing on our behalf is carried out in accordance with the General Data Protection Regulation while guaranteeing the protection of the rights of the data subjects.


Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy (

https://policies.google.com/technologies/ads

) and in the settings for the display of advertisements by Google (

https://adssettings.google.com/authenticated

). You can also withdraw your consent to cookies by clicking on "Cookie consent" in the footer of our website.

Further information on the terms of use of Google Ads & Google Remarketing and the data protection regulations can be found at:

https://policies.google.com/technologies/ads

or at

https://policies.google.com/

.

Google has submitted to the Privacy Shield Agreement between the European Union and the USA and has been certified. This means that Google undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the list of Privacyshield participants linked here:

https://www.dataprivacyframework.gov/s/participant-search

.



6. Research / Surveys & interviews



The following section only applies to you if you participate in our research program. We are constantly working to improve Candis and rely on feedback to do so. For this reason, we conduct user interviews, surveys and other measures to obtain feedback that we can analyze. In the following paragraphs, we would like to explain to you which tools we use for this purpose and how these tools process data.



6.1 Typeform


On our website, we offer you the opportunity to contact us and take part in surveys. We use Typeform, a plugin from the provider: TYPEFORM SL C/Bac de Roda, 163 (Local), 08018 - Barcelona, Spain.


We store your details from the TYPEFORM form, including the data you provide there, in order to be able to process your request and in the event of follow-up questions. This data will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. as soon as the appointment has taken place). This does not affect relevant statutory provisions - in particular retention periods.


When you visit one of our pages equipped with Typeform, a connection to the Typeform servers is established. This tells the Typeform server which of our pages you have visited. Typeform also obtains your IP address.


Typeform is used on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR.


We have concluded a data processing agreement with Typeform. This ensures that Typeform only uses the user data within the framework of the EU data protection standards exclusively for processing the requests and does not pass them on to third parties.


Further information can be found in Typeform's privacy policy:

https://admin.typeform.com/to/dwk6gt/


6.2 Calendly


We use the calendly tool, a service provided by Calendly, LLC, 1315 Peachtree St NE, Atlanta, GA 30309, USA, to make appointments quickly, easily and simply. Calendly is used to make it easy for existing and new customers to make appointments.


When using the tool, you will be asked to provide personal data such as your name, e-mail address and telephone number. You also have the option of presenting your request and providing us with further information. If you use the tool, your details from the inquiry form, including the information you provide there, will be stored and, of course, transmitted over the Internet. The processing of the data entered takes place exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR).

Calendly has submitted to the Privacy Shield Agreement between the European Union and the USA and has been certified. Calendly thus undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the list of

Privacyshield participants

.


This privacy policy and the provider's privacy policy apply to the handling of data collected through the use of Calendly. We have a contract with Calendly You can find Calendly's privacy policy at: https://calendly.com/pages/privacy



6.3 SurveyMonkey


We use the survey management software Surveymonkey from the American company Momentive Inc (1 Curiosity Way, San Mateo, California 94403-2396) for the simple implementation of surveys relevant to our product. The Irish company Momentive Europe UC (2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland) is responsible for the European Economic Area.

SurveyMonkey processes your e-mail address and, in any case, a customer ID, as well as the results of the survey you have completed confidentially. The data is stored for the statutory retention period and then deleted or anonymized. The data entered is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR).

Momentive has submitted to the Privacy Shield Agreement between the European Union and the USA and has been certified. Momentive thus undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the list of

Privacyshield participants

.


Further information on the processing of data can be found in Momentive's privacy policy:

https://www.surveymonkey.de/mp/legal/privacy/

.



7. Social media

We maintain online presences within social networks and video services in order to communicate with the users who are active there and to offer information about us there. However, when you visit our site, no direct connection is established between your browser and the servers of the respective social networks. The data will only be forwarded after you have checked the privacy settingsagree to the data transfer with a click.This tool does not automatically transfer user data to the operators of these platforms.

For a detailed description of the respective forms of processing and the possibility of objection, we refer to the data protection declarations and information provided by the operators of the respective networks.

7.1 LinkedIn

Our website uses the "share function" of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. If you click the LinkedIn "button", you will be forwarded to your user account in a separate browser window - provided you are logged into your LinkedIn user account. The plug-in establishes a direct connection between your browser and the LinkedIn server. LinkedIn receives the information that you have visited our website with your IP address. In addition, LinkedIn will then be able to assign your visit to our website to you and your user account. We point out that we have no knowledge of the content of the transmitted (personal) data and their use by LinkedIn.

The legal basis for the collection and processing of your personal data carried out for us by LinkedIn for the aforementioned statistical purposes is Article 6 Paragraph 1 Clause 1 Letter a) GDPR. You can find more information on this in LinkedIn's privacy policy at:

https://www.linkedin.com/legal/privacy-policy

.

7.2 Facebook (Fanpage)

We operate a so-called "fan page" on Facebook to provide information about topics related to our software. This is an offer from Facebook Ireland Ltd ("Facebook"), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We have agreed to the terms of commercial use of Facebook.

If you visit our fan page on Facebook, Facebook uses our fan page cookie on your end device and collects so-called "insights data" about the use of our fan page:

· Information about your visit to our Facebook fan page (your IP address, last visited website, file name, URL)

· Information about your Facebook interactions regarding our content ("likes")

· If necessary, your comments will be saved, together with a time stamp

These Facebook cookies each have a unique cookie ID. On the basis of the data processing carried out by Facebook, we receive anonymous statistical data from the fan page visitors from Facebook, in accordance with our joint responsibility in accordance with Article 26 GDPR. At no time during your visit to our fan page is it possible for us to identify you personally using the insights function and the statistics provided by it.

The legal basis for the collection and processing of your personal data carried out for us by Facebook for the aforementioned statistical purposes is Article 6 Paragraph 1 Clause 1 Letter a) GDPR.

Only Facebook knows when and in what form Facebook corrects, stores or deletes your personal data. We have no influence on this. Since Facebook, as the provider of the fan page and the Facebook Insights tool, carries out the collection and evaluation of personal data required for our statistics, Facebook can also use this data to establish a personal reference. Facebook can also transfer data to the USA.

Information on how to contact Facebook, how to set up advertisements and the data usage guidelines is available under the following link:

http://de-de.facebook.com/about/privacy

.

You can find more information about our shared responsibility with Facebook at:

https://www.facebook.com/legal/terms/page_controller_addendum

.

7.3 Wistia

Our website uses plugins from the Wistia video portal, a service provided by Wistia Inc., 120 Brookline Street, Cambridge, Massachusetts, 02139 USA.

We use Wistia in connection with the "extended data protection mode" function to be able to show you videos. The legal basis is Article 6 Paragraph 1 Letter a) GDPR.

This page uses the two-click solution for this. This ensures that direct contact between the networks and users is only established when you actually start a video. This tool does not automatically transfer user data to the operators of these platforms.

Without this "two-click solution", a connection to the Wistia server in the USA will be established as soon as you access one of our websites on which a Wistia video is embedded. This connection is required in order to be able to display the respective video on our website via your Internet browser. In the course of this, Wistia will record and process at least your IP address, the date and time and the website you have visited.

Wistia tracks how you interact with the videos on this site: how much of a video you play, where in a video you pause or rewind, etc. In some media, we pause the media and ask you to provide your email address or provide your name. You are not required to provide this information, but we reserve the right to restrict certain media to identified users. Wistia aggregates the information collected through the media, including names and email addresses, and makes it available to us. Apart from providing us with this data, Wistia does not sell or make available the data collected by our media to third parties.


Wistia processes the data on our behalf on the basis of an order processing contract between us and Beamer. This ensures that data processing on our behalf is carried out in accordance with the General Data Protection Regulation while guaranteeing the protection of the rights of the data subjects.


Further information on handling user data can be found in Wistia's data protection declaration at:

https://wistia.com/support/account-and-billing/privacy-and-data-protection#cookies

.

8. Newsletter

You can subscribe to our newsletter on our website to receive information. We only process the information you provide us voluntarily to send the newsletter. Our legal basis for processing is your consent in accordance with Article 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future.

8.1 Salesforce E-Mail Studio

The newsletter is sent using ‘eMail Studio’, a newsletter dispatch platform of the cloud provider Salesforce (salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany).

The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on Salesforce's servers. Salesforce uses this information to send and analyse the newsletter on our behalf.

The legal basis for this type of data processing is your consent, Art. 6 para. 1 lit. a) GDPR, e.g. as part of the newsletter order or registration on our website. You can object to the sending of newsletters and mailings by Salesforce at any time with effect for the future by clicking on the unsubscribe link in the respective email. If you unsubscribe from the newsletter, for example, your data will be deleted in accordance with the statutory retention periods.

Salesforce has submitted to the Privacy Shield agreement between the European Union and the USA and has been certified. This means that Salesforce undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the list of

Privacyshield participants linked below

.

Salesforce processes the data on our behalf (Art. 28 GDPR). You can view the data protection provisions of the shipping service provider here:

https://www.salesforce.com/de/company/privacy/

.



8.2 Intercom

We send newsletters via ‘Intercom’, a service of Intercom, Inc, 55 Second Street, Suite 400, San Francisco, CA 94105, USA (hereinafter referred to as: ‘Intercom’).


The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on Intercom's servers. Intercom uses this information to send and analyse the newsletter on our behalf.

The legal basis for this type of data processing is your consent, Art. 6 para. 1 lit. a) GDPR, e.g. as part of the newsletter order or registration on our website. You can object to the sending of newsletters and mailings by Intercom at any time with effect for the future by clicking on the unsubscribe link in the respective email. If you unsubscribe from the newsletter, for example, your data will be deleted in accordance with the statutory retention periods.

For marketing and optimisation purposes, in particular to improve and analyse our newsletter, we use the performance measurement provided by Intercom. This records whether the newsletter is opened. The legal basis for this type of data processing is your consent, Art. 6 para. 1 lit. a) GDPR.

Intercom processes the data on our behalf on the basis of an order processing contract between us and Intercom. This ensures that the data processing on our behalf is carried out in accordance with the General Data Protection Regulation while guaranteeing the protection of the rights of the data subjects.


Intercom has submitted to the Privacy Shield agreement between the European Union and the USA and has been certified. Intercom thus undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the list of

Privacyshield participants

linked below.


Further information from the third-party provider on data protection can be found on the following website:

https://www.intercom.com/legal/terms-and-policies

.


9. Your data subject rights

With regard to the data processing listed here, you have various data subject rights, which are regulated in the DSGVO.

right to information

First of all, you have the right to obtain information about your data transmitted to us and processed by us (Article 15 GDPR).

Right to rectification, erasure and restriction

In addition, you can request the correction (Art. 16 GDPR), deletion (Art. 17 GDPR) and restriction (Art. 18 GDPR) of your data.

Right to data portability and right to object

You also have a right to data portability (Article 20 GDPR) and a right to object (Article 21 GDPR).

Right to Complaint

Without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority. You can contact the data protection supervisory authority of your usual place of residence or our company headquarters. The address of the supervisory authority responsible for us is:

Berlin Commissioner for Data Protection and Freedom of Information

Friedrichstr. 219

10969 Berlin

Phone: 030 13889-0

E-mail:mailbox@datenschutz-berlin.de

10. Responsible / data protection officer

If you have any further questions, e.g. about data that we have stored about you, please do not hesitate to contact us.

Candis GmbH

Karl-Liebknecht-Str. 5

10178 Berlin

Represented by: Christian Ritosek

Managing directors: Christian Ritosek

Contact:

Phone: 030 346 556 100

E-mail:info@Candis.io

Our data protection officer is Mr. Ali Schakari, LL.M. Bitkom Servicegesellschaft mbH, Albrechtstrasse 10, 10117 Berlin. You can contact him directly at the email addressdatenschutz@bitkom-consult.de or datenschutz@Candis.io to reach.

11. Status and update of this data protection declaration

This privacy policy is dated 06.06.2024..

Candis reserves the right to change this data protection policy at any time, taking into account currently applicable data protection regulations.