Privacy Policy

Privacy policy of the CeGaT GmbH

CeGaT GmbH takes your legitimate data protection concerns very seriously and observes the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), the Telecommunications Digital Services Data Protection Act (TDDDG) and, if applicable, the regulations of others applicable data protection regulations.

CeGaT GmbH handles the data provided by you carefully and conscientiously. Any collection, processing or use of data of any kind will always be in accordance with legal requirements or with your express consent.

For the future of Internet-based business models and the development of an Internet-based economy, the protection of privacy is of crucial importance. CeGaT GmbH underlines its commitment to privacy protection with this statement. The following discloses our information gathering and dissemination practices for this website.

This privacy policy applies to this website and all other websites that link to this privacy policy. Other privacy policies may apply to individual CeGaT GmbH companies. We therefore encourage you to read the privacy policies of all CeGaT websites you visit.

The responsible party pursuant to Art. 4 para. 7 of the General Data Protection Regulation (GDPR) is:

CeGaT GmbH
Paul-Ehrlich-Str. 23
72076 Tübingen, Germany
info@cegat.de | www.cegat.de
Handelsregister Amtsgericht Stuttgart HRB 729958
Tel. +49 (0)7071 565 44 55
Fax. +49 (0)7071 565 44 56

You can reach our data protection officer at CeGaT GmbH at:

CeGaT GmbH
Thomas Fletschinger
e-mail: dsb(at)cegat.de

Global data protection standards

Our handling of personal data is based on global principles and standards with regard to transparency in the use of personal data, compliance with and granting of the right of choice, access regulations, rules on data integrity, data security, data sharing and monitoring of the lawfulness of processing. In particular, CeGaT GmbH complies with the General Data Protection Regulation (GDPR) and the Gene Diagnostics Act.

Consent

In using this site, you consent to the processing of your data in the following manner. Any changes to this privacy policy will always be posted on this page so that you are always aware of what data is being stored by CeGaT GmbH and how it is being used.

We will also expressly ask for your consent to the further processing of personal data collected on this website or provided by you, where required by applicable data protection legislation.

This consent / agreement can be revoked at any time by sending an e-mail to info(at)cegat.de. In any event, CeGaT GmbH agrees to treat all personal data provided in the strictest confidence and not to disclose it to third parties.

Collection and processing of personal data

CeGaT GmbHs’ aim is to have a better understanding of your needs and interests in order to provide you with the best possible service. For this reason, CeGaT GmbH collects and uses personal data in the manner described below and in accordance with the applicable legal provisions on data protection.

When you visit our website, we collect your IP address, use cookies and other Internet technologies (hereinafter referred to as “automated tools” and “embedded web links”) that help us to obtain general information about visitors to our website and their interests. Below you will find information about the technologies used and the information they collect.

We also collect and process information that you provide to us on a voluntary basis, such as when you subscribe to our newsletter or contact us via the contact form.

What data do we collect and why?

With the help of the collected data, CeGaT GmbH would like to offer you consistent personal support. CeGaT GmbH uses your data exclusively as described in this statement. A subsequent change in the purpose of use is subject to your express consent, unless the change is otherwise legitimized by applicable legal provisions.

We always process your personal data for a specific purpose.

In particular, we may process your personal data for the following purposes:

  • For order processing and delivery of ordered services and products
  • To carry out tasks for the preparation or performance of contracts
  • To inform you about products, promotions and other. In some cases, this may also include information from other companies and business partners, insofar as their products beneficially complement the products of CeGaT GmbH
  • To tailor information about our products to your exact needs. For example, we can provide you with information on exactly the products that interest you
  • To improve the quality of our products and services by adapting our offer to your specific needs
  • So that we can contact you and answer customer inquiries
  • To conduct voluntary customer surveys in order to continuously improve our services and products
  • To send you communications about products or services we are promoting
  • To assess and structure how often you use our products, which products you are interested in, and how we can best address you in each case. Here we can differentiate between our individual products
  • To provide evidence of business transactions
  • For the fulfillment of contractual obligations
  • For archiving and logging
  • For processing job inquiries
  • For invoicing and accounting as well as
  • other purposes prescribed by law and by the authorities
  • In certain cases, we are required by law to transmit data to a requesting government agency (institution or authority). The legal basis for the processing is Art. 6 para. 1c GDPR or § 24 para. 2 no. 1 BDSG.
  • In some cases, business partners require personal data from our customers. This usually takes place in the context of order fulfillment (e.g. in the case of complaints). This is expressly provided for by law. In this case, CeGaT GmbH remains responsible for the protection of your data – if necessary, in addition to the order processor. The respective business partner works according to our instructions, which CeGaT GmbH ensures through strict contractual regulations.

IP addresses

IP addresses are used to help diagnose problems, administer the site, and gather demographic information. We also use IP addresses and other information you may have provided to us on this website to help us understand which pages of our site are being accessed and what topics are of interest to our visitors. We use this information to improve the information we provide about our products and services. CeGaT GmbH only collects this data in anonymous form and will not link it to the profile of a registered user without the user’s consent. When you visit our website, only the domain name is recorded by default.

CeGaT GmbH collects data only in connection with your visit to the CeGaT website. When you visit the websites of other companies or organizations that are not part of CeGaT GmbH, we do not collect any personal data.

Cookie-Tool Cookiebot

In order to obtain effective user consent for cookies and cookie-based applications that require consent, this website uses a cookie tool, Cookiebot, with technology from Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter “Cookiebot”). Through the integration of an appropriate JavaScript code, a banner is displayed to the user when accessing the page, in which the user can consent to certain cookies and/or cookie-based applications by ticking the appropriate box. In this case, the Cookiebot will block the setting of any cookies requiring consent until the user has given their consent by ticking the appropriate box. This ensures that such cookies are only set on the user’s device if consent has been given. In order for the Cookiebot to be able to uniquely assign page views to individual users and to individually record, log and store the consent settings made by the user for the duration of a session, certain user information (including the IP address) is collected by the Cookiebot when our website is accessed, transmitted to the servers of Cybot A/S and stored there.

This data processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in a legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website. Further legal basis for the described data processing is Art. 6 para. 1 lit. c GDPR. As a data controller, it is our legal obligation to obtain your permission before using any technically unnecessary cookies.

For more information about Cybot A/S’s use of data, please visit: https://www.cookiebot.com/de/privacy-policy/

Cookies

  • We use cookies on our website or web pages. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablets, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware. In the cookie, information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we gain direct knowledge of your identity. The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.
  • In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our website again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
  • On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies enable us to automatically recognize that you have already been to our website when you visit it again. These cookies are automatically deleted after a defined period of time.
  • The cookies process data and are necessary for the aforementioned purposes to protect our legitimate interests as well as those of third parties pursuant to Art. 6 para. 1 p. 1 lit. f) GDPR.
  • Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.

E-mail addresses

We will also contact you by email if you leave us your email address or provide it via the contact form. We will not share your email address with anyone outside of CeGaT GmbH. You can decide at any time to stop receiving emails from CeGaT GmbH. When you send an email to CeGaT GmbH, depending on the settings of your email programs, information may be automatically transmitted to us.

Use of external service providers

We work with a number of service providers who process certain types of information on our behalf. This is done solely in accordance with applicable data protection legislation. In particular, we have entered into data processing agreements on behalf of our service providers that meet the requirements of Article 28 of the GDPR.

Privacy policy for the online tool appointment booking with cituro

In order to offer you online booking, this website uses the online booking software cituro. Your IP address and the time of the call will be recorded by the operator and stored for 2 days as part of the technical logging when you open the online booking. This information will not be used for any other purpose.

Upon completion of the booking process, additional personal information will be collected from you that is necessary for the provision of our services.

For more information, see the privacy policy of the provider cituro: https://www.cituro.com/datenschutz

Newsletter notices and consents

The following information informs you about the content of our newsletter, as well as the procedure for registration, dispatch, statistical evaluation and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.

Newsletter content

We send newsletters and emails with promotional information (hereinafter “newsletter”) only with the consent of the recipients or a legal permission. The contents circumscribed in the context of a registration for the newsletter are decisive for the consent of the users.

Double opt-in and logging

Subscribing to our newsletter is a double opt-in process. Once you have registered, you will receive an email asking you to validate the registration. This confirmation is necessary to ensure that no one else can register using another email address. Subscriptions to the newsletter are logged in order to provide evidence of the registration process as required by law. This includes recording the time of registration and confirmation and the IP address. You will find a link at the end of each newsletter. You can unsubscribe from the newsletter at any time.

Login data

To subscribe to the newsletter, it is sufficient to provide your e-mail address. In addition, we use other data such as name and country. This information is only used for personalization and segmentation of the newsletter.

Brevo (formaly Sendinblue)

We use Brevo GmbH, Köpenicker Straße 126, 10179 Berlin, Germany, to send our newsletter campaigns.

With your registration to receive our newsletter and subsequent e-mail confirmation, you give us permission to use your data (e.g. name or e-mail address, etc.) for the purpose of receiving the newsletter. This data is stored on Brevo’s servers in Germany.

With Brevo, in addition to sending the newsletter campaigns, we are able to analyze their success. For this purpose, so-called “web beacons” are stored in the emails. These are only activated after the emails have been opened and store corresponding information, such as opening and interacting with the email. In addition, other non-personal data such as the IP address, browser type, etc. are recorded. We use these results to optimize future campaigns for you.

The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). If you do not want this data transfer, you must unsubscribe from our newsletter. To do this, you can use the corresponding link at the end of each of our emails.

The data you provide us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from both our servers and Brevo’s servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

Find Brevos’s privacy policy here: https://www.brevo.com/de/legal/privacypolicy/

Statistical survey and analyses

Newsletters contain a “webbeacon”, a pixel-sized file that is called up when you open a newsletter. Technical information such as information about the browser and your system, as well as your IP address and the time of access, is collected as part of this retrieval. We use this information to improve our technical offer by analyzing technical data, target groups and user habits according to where they access our site (by IP) or when they access it.

Whether and when newsletters are opened and which links are clicked are also part of the statistical analysis. For technical reasons, this information may be linked to individual newsletter recipients. However, it is not our intention to track individual users. Rather, it is used to help us understand our users’ reading habits and to tailor our content or send different content to our users according to their interests.

Use of social media platforms and plugins

General information

We have integrated tracking tools from our social media channels on our website to optimize the website, align our corporate strategy and to better understand our visitors. These are carried out on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR.

Meta Pixel and Facebook Custom Audiences

We use the “Meta Pixel” from Meta on our website for analysis purposes, as well as for optimization and economic operation.

Certification under the Privacy Shield agreement guarantees compliance with European data protection law. You can find more information here: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

With the meta pixel, we can identify the visitors to our website who interact with it. We use the Facebook pixel to show ads only to Facebook users who are interested in our products and services or who have certain characteristics that we pass on to Facebook. We also want to ensure that our ads are relevant to users’ interests and are not intrusive.

Meta processes the data in accordance with its data usage policy. For information on the design of ads on Facebook, please refer to Facebook’s privacy policy: https://www.facebook.com/policy.

Explicit information and details about the Meta pixel and how it works can be found in the Meta support area: https://www.facebook.com/business/help/742478679120153?id=1205376682832142

You can object to the collection and use of your data by the meta pixel to display Facebook ads at any time. To do this, you can specify in your Facebook account settings which types of advertisements may be displayed to you within Facebook. To do this, select the “Ads” section in the settings: https://www.facebook.com/adpreferences/advertisers/?entry_product=account_settings_menu

LinkedIn

We have a LinkedIn profile with LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. This is used by us for information purposes such as postings, but also for the placement of advertisements.

If you would like to deactivate the LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

For details on how they handle your personal data, please see LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

LinkedIn Insight Tag

We make use of the LinkedIn Insight Tag conversion tracking tool on our website. The service provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. LinkedIn Ireland Unlimited (Wilton Place, Dublin 2, Ireland) is responsible for the data protection aspects in the European Economic Area (EEA), the EU and Switzerland.

LinkedIn also processes information about you in, among other places, the United States. Please note that according to the European Court of Justice, there is currently no adequate level of protection for data transfers to the US. This may pose various risks to the lawfulness and security of data processing.

LinkedIn uses so-called Standard Contractual Clauses (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular the USA) or a data transfer there. The Standard Contractual Clauses (SCCs) are templates provided by the EU Commission to ensure that your data complies with European data protection standards even when transferred to and stored in third countries (such as the US). Through these clauses, LinkedIn commits that even if the data is stored, processed and maintained in the US, LinkedIn will comply with the European level of data protection when processing your relevant data. These clauses are based on an implementing decision issued by the EU Commission. The decision and the corresponding standard contractual clauses can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

More information about LinkedIn’s standard contractual clauses can be found at https://de.linkedin.com/legal/l/dpa or https://www.linkedin.com/legal/l/eu-sccs.

You can learn more about LinkedIn Insight-Tag at https://www.linkedin.com/help/linkedin/answer/a427660. You can also learn more about the data processed through the use of LinkedIn Insight-Tag in the privacy policy at https://de.linkedin.com/legal/privacy-policy.

For the transfer of data from the EU to the USA, the provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

Vimeo

We use the “Vimeo” service on our website, which is provided by Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.

Videos are integrated on some of our pages using Vimeo. By using this service, e.g. by clicking on the start button of a video, personal data may be stored using cookies. You can prevent this storage of data by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.

The data is processed on the basis of our legitimate interest, i.e. the optimization of our website in accordance with Art. 6 para. 1 lit. f. GDPR.

The privacy policy of Vimeo Inc. can be viewed here: vimeo.com/privacy

For the transfer of data from the EU to the USA, the provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

Youtube

The use of YouTube videos on this website is in compliance with applicable data protection regulations. YouTube is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). When you access a page containing YouTube videos, a connection is established to YouTube’s servers, which may result in YouTube collecting and processing personal data. However, we have no control over the nature and extent of the data collected or its processing by YouTube. For more information on data processing by YouTube, please refer to Google’s privacy policy: https://policies.google.com/privacy.

To protect your privacy, we have activated the “extended data protection mode” option provided by YouTube on this website. This means that YouTube does not store information about visitors to our website unless they view the video. Viewing the video may result in YouTube placing cookies on your device and transmitting data to YouTube. However, we have no influence over these processes.

By using this website, you consent to the processing of your data by YouTube and Google in the manner and for the purposes described above.

This data protection notice was created using ChatGPT.

GetSiteControl

We use the widget tool “GetSiteControl” from GetWebCraft Limited, Klimentos 41-43, Klimentos Tower, Flat/Office 25, 1061, Nicosia, Cyprus on our website. For this purpose, we have used an overlay widget that is displayed on several pages and serves the purpose of providing users with a quick contact option in case of further questions, thereby simplifying interaction and improving the user experience. The widget is displayed according to certain rules (e.g. visiting certain subpages). GetSiteControl sets cookies for this purpose. The processing takes place only after the explicit consent according to Art. 6 para. 1 lit. a GDPR.

The current privacy policy of GetSiteControl can be found at http://www.getsitecontrol.com/privacy/

Use of Google Tools

The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. With the tracking measures used, we aim to ensure a demand-oriented design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the tracking tools described in more detail below.

Google Tag Manager

Use Google Tag Manager: Google Tag Manager is a solution that allows marketers to manage website tags through a single interface. The Tag Manager tool itself (which implements the tags) is a cookie-loose domain and does not collect any personal information. The tool is responsible for triggering other tags, which in turn may collect data. Google Tag Manager has no access to this data. When disabled at the domain or cookie level, all tracking tags implemented with the Google Tag Manager will continue to be disabled. https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

Google Adwords Conversions

For better readability, Google Adwords will be abbreviated to Google Ads in the following.

On this website, we use Google Ads, a service provided by Google Ireland Limited, Gordon House Barrow Street Dublin 4, Ireland (hereinafter referred to as “Google”), to display advertisements (so-called “Google Ads”) on other websites to make users aware of our offers. We may use the data about the advertising campaigns to determine the success of the individual advertising measures. In this way, we aim to show you ads that are of interest to you, make our website more interesting for you, and achieve a fair calculation of advertising costs.

Google serves these ads through so-called “ad servers”. For this purpose, we use ad server cookies, which allow us to measure certain success parameters, such as the display of ads or clicks by users. When you visit our website through a Google ad, Google Ads places a cookie on your computer. Analytics for this cookie typically include the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), and opt-out information (indicating the user no longer wants to be targeted).

These cookies allow Google to recognize your web browser. If a user visits certain pages on an advertiser’s website and the cookie stored on his or her computer has not yet expired, Google and the advertiser may be able to tell that the user clicked on the ad and was directed to that page. A different cookie is assigned to each advertiser. Therefore, cookies cannot be tracked across advertisers’ websites. Ad server cookies typically expire after 30 days and are not designed to identify you personally.

We do not collect or process any personally identifiable information in connection with these advertising services. We only receive statistical reports from Google. These reports help us determine which of our advertising services are most effective. We do not receive any other data from the use of the ads; in particular, we cannot identify users based on this information.

Because of the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no control over the extent to which Google may use the information it collects through this tool. Therefore, we provide this information to the best of our knowledge: Through the integration of ads conversion, Google receives the information that you have visited the corresponding part of our website or clicked on the ad from us. If you are registered for a Google service, Google may associate the visit with your account. Even if you are not registered with Google or have not signed in to a Google service, it is possible that the service provider may learn and store your IP address.

You can prevent participation in this tracking process in several ways:

  • by setting your browser software accordingly – the suppression of third-party cookies will result in you not receiving third-party ads
  • by disabling cookies for conversion tracking by setting your browser to block cookies from the domain googleadservices.com (https://www.google.de/settings/ads) with this setting being deleted when you delete your cookies
  • by disabling the interest-based ads of the providers that are part of the self-regulatory campaign “About Ads” via the link http://www.aboutads.info/choices, this setting being deleted when you delete your cookies;
  • by permanently deactivating it in your Firefox, Internet Explorer or Google Chrome browsers at the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.

Google Adwords Remarketing

We use the Google Adwords Remarketing application in addition to Google Adwords Conversion. This allows our ads to be shown to you when you continue to use the Internet after you have visited our website. Google does so using cookies stored on your browser to record and analyze your use of different sites. In this way, Google can determine your previous visit to our website. Google states that it will not combine the data it collects through Google Remarketing with any of your personal data that may be stored by Google (e.g. because you have registered for a Google service such as GMail). According to Google, pseudonymization is used in the remarketing process.

Legal basis for the processing
Legal basis for the processing of your data is the consent you have given via the cookie consent tool (Art. 6 para. 1 sentence 1 lit. a) GDPR). Information on the third country transfer that takes place can be found under the item “Third country transfer”.

Further information
Further information on the purpose and scope of the data collection and its processing, as well as further information on your rights in this regard and setting options for protecting your privacy, can be found in the data protection conditions for advertising from Google:

http://www.google.de/intl/de/policies/technologies/ads

Google Analytics 4 (with cookies, with UserID)

Google Universal Analytics has been replaced by the new Google Analytics 4 service, which is also provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). This tool is also used to analyze website usage.

Google Analytics 4 uses “cookies” by default. Cookies are text files that are stored on your device and allow analysis of your use of a website. The information collected by cookies about your use of this website (including the IP address sent by your device, shortened by the last few digits, see below) is usually sent to a Google server, where it is stored and processed. This information may also be transferred to and processed on servers of Google LLC in United States.

When using Google Analytics 4, the IP address transmitted by your terminal device when you use the website is always automatically and anonymously collected and processed by default, so that a direct personal reference of the collected information is excluded. This automatic anonymization is carried out by Google within the member states of the European Union (EU) or other contractual states of the European Economic Area (EEA) by shortening the IP address transmitted by your terminal device by the last digits.

Google will use this and other information on our behalf to evaluate your use of the website, compiling reports on website activity for us and providing other services relating to website activity and internet usage. Google will not associate the IP address transmitted by your device and shortened by Google Analytics 4 with any other data held by Google. The data collected through the use of Google Analytics 4 will be stored for two months and then deleted.

Google Analytics 4 also has a special feature called “demographic characteristics” that allows you to create statistics that include information about age, interest-based advertising, and third-party information. This makes it possible to identify and distinguish groups of users of the website for the purpose of targeted marketing. However, the information collected through the “demographic characteristics” cannot be linked to any specific individual and is therefore not personally identifiable. The data collected through the “demographic characteristics” function will be kept for two months and then deleted.

All the aforementioned processing, particularly the setting of Google Analytics cookies for the storage and reading of information on the terminal device you use to use the site, will only be carried out if you give explicit consent pursuant to art. 6 (1) lit. a GDPR. Without your consent, Google Analytics 4 will not be used during your use of the website. You can revoke your consent at any time with effect for the future. To exercise your opt-out, please disable this service using the “Cookie Consent Tool” provided on the website. In connection with this website, the “UserIDs” feature is also used as an extension of Google Analytics 4. By assigning individual UserIDs, we can have Google generate cross-device reports (so-called “cross-device tracking”). This means that your usage behavior can also be analyzed across devices if you have given your consent to the use of Google Analytics 4 in accordance with Art. 6 (1) lit. a GDPR, if you have set up a personal account by registering on this website.

For our use of Google Analytics 4, we have entered into an order processing agreement with Google, which obligates Google to protect the data of our website users and not to pass it on to third parties. To ensure compliance with European data protection standards, Google refers to the European Commission’s Standard Contractual Clauses, which we have contractually agreed with Google, even if data is transferred from the EU or EEA to the U.S. for further processing.

Further legal information on Google Analytics 4, including a copy of the aforementioned standard contractual clauses, can be found at the following link: https://policies.google.com/privacy?hl=de&gl=de

Details on the processing triggered by Google Analytics 4 and Google’s handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites

DISABLE GOOGLE ANALYTICS MEASUREMENT IN THIS BROWSER

Further notes on Google UA can be found here: https://policies.google.com/privacy?hl=de&gl=de

For the transfer of data from the EU to the USA, the provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

Google Signals

As an extension to Google Analytics, this website also uses the Google Signals service. Google Signals allows us to have Google generate cross-device reports (called “cross-device tracking”). If you have enabled “personalized ads” in your Google Account settings and have connected your internet-enabled devices to your Google Account, Google may analyze user behavior across devices and create database models based on this behavior, provided you have given your consent to the use of Google Analytics in accordance with Art. 6 (1) GDPR (see above). The logins and device types of all page visitors who were logged in to a Google Account and made a conversion will be taken into account. The data shows, among other things, the device on which you first clicked on an ad and the device on which you converted. We do not receive any personal information from Google in this regard, only statistics generated by Google signals. You can opt out of cross-device analysis by turning off the “personalized ads” feature in your Google Account settings.

Follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=de

You can read more about Google Signals here: https://support.google.com/analytics/answer/7532985?hl=en&sjid=85788738706191989-EU#zippy=%2Cthemen-in-diesem-artikel%2Cin-this-article

Google reCAPTCHA

This website also uses the reCAPTCHA feature provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). The primary purpose of this feature is to determine whether a submission is made by a human being or is being abused by machine and automated processing. The service includes the transmission of the IP address and possibly other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in the identification of persons on the Internet and the prevention of abuse and spam. In connection with the use of Google reCAPTCHA, personal data may also be transferred to the servers of Google LLC. in the USA.

Further information on Google reCAPTCHA as well as Google’s privacy policy can be viewed at: https://www.google.com/intl/de/policies/privacy/

Our website may contain links to the websites of third parties. CeGaT GmbH is not responsible for the privacy practices or the content of websites outside of CeGaT GmbH.

Disclosure of data, transfer to third country

We do not share your personal information with third parties for purposes other than those described below. We will only share your personal information with third parties if:

  • you have given your express consent to this in accordance with Art. 6 (1) p. 1 lit. a) GDPR, § 26 (2) Federal Data Protection Act (BDSG),
  • the disclosure is necessary in accordance with Art. 6 (1) p. 1 lit. f) GDPR for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
  • in the event that a legal obligation exists for the disclosure pursuant to Art. 6 (1) sentence 1 lit. c) GDPR as well as
  • this is legally permissible and necessary according to Art. 6 para. 1 p. 1 lit. b) GDPR, § 26 para. 1 BDSG for the processing of a contractual relationship with you or for pre-contractual measures at your instigation.

We have no plans to transfer this information to any third country or international body, nor will we use automated means to make decisions, except as described in this Privacy Statement.

If necessary, CeGaT GmbH will also share information with business partners, service providers, third parties or subcontractors. We may use your personal information for the purpose of providing a service or completing a transaction, for example, fulfilling an order, providing customer support, or providing product or service information.

Your personal data will not be shared, sold or otherwise made available to third parties for marketing purposes without your prior consent.

In response to a court or governmental order, CeGaT GmbH may be required to disclose your data and related information. We also reserve the right to use your information to assert or defend against legal claims.

In the event of an acquisition or merger with another company, it may be necessary to disclose or transfer personal information to potential or actual purchasers. In such an event, CeGaT GmbH will use its best efforts to protect the information.

CeGaT GmbH reserves the right to store and disclose personal data and other data for the purpose of detecting and fighting illegal activities and fraud attempts or a violation of the CeGaT GmbH terms of use.

Data management

CeGaT GmbH retains personal data only as long as required by the purpose or legal provisions for which they were collected.

Data protection information in the application process

  • In accordance with legal requirements, we process applicant data only for the purpose and within the scope of the application process. The processing of the applicant’s data for the fulfillment of our (pre-)contractual obligations within the scope of the application procedure is in accordance with Art. 6 para. 1 lit. b. GDPR Art. 6 para. 1 lit. f. GDPR, insofar as the data processing becomes necessary for us, e.g. within the scope of legal proceedings (in Germany, § 26 BDSG also applies).
  • Applicants must provide us with applicant data as part of the application process. Required applicant data includes personal information, mailing and contact addresses, and application documents such as cover letter, resume, and transcripts. In addition, applicants may voluntarily provide us with additional information.
  • Applicants consent to the processing of their data for the purposes of the application process in the manner and to the extent described in this Privacy Policy by submitting their application to CeGaT GmbH.
  • As far as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily provided in the course of the application process, their processing is additionally carried out in accordance with Art. 9 para. 2 lit. b GDPR (e.g. health data such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants in the course of the application process, their processing is additionally carried out in accordance with Art. 9 para. 2 GDPR (e.g. health data, if necessary for the exercise of the profession).
  • Candidates may submit their applications by mail or e-mail. Please note, however, that emails are generally not encrypted and that applicants are responsible for encryption. Therefore, we cannot be responsible for the transmission of the application between the sender and the receipt on our server. If the applicant has any concerns about the security of the application materials sent by e-mail, we recommend that the application materials be sent by mail.
  • In the event of a successful application, the data provided by the applicant may be processed by us for the purposes of the employment relationship. Otherwise, in the event of an unsuccessful application for a position, the applicant’s data will be deleted. Candidate data will also be deleted if an application is withdrawn, which candidates are entitled to do at any time.
  • Subject to a justified withdrawal by the applicant, the data will be deleted six months after the end of the application process to enable us to answer any follow-up questions about the application and to comply with our obligations under the Equal Treatment Act. If, during the application process, you are offered a position, the data from the application will be transferred to a personnel file and will be deleted 10 years after the end of the employment relationship.

Invoices for any reimbursement of travel expenses are archived in accordance with tax law requirements.

Data subject rights

You have the right,

  • according to 15 GDPR to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction, processing or opposition, the existence of a right of complaint, the origin of your data, if not collected by us, such as the existence of automated decision-making and, if applicable, meaningful information about its details;
  • in accordance with Art. 16 GDPR to demand the correction of incorrect or the completion of your personal data stored by us without delay;
  • pursuant to 17 GDPR to request the erasure of personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation on grounds of public interest, or for the establishment, exercise or defense of legal claims;
  • to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
  • according to Art. 20 GDPR to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
  • according to Art. 7 para. 3 GDPR to revoke your once given consent at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future, and
  • to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the registered office of our company.

The competent supervisory authority for data protection of CeGaT GmbH is:

Baden-Württemberg Supervisory Authority
The State Commissioner for Data Protection Baden-Württemberg
Postfach 10 29 32, 70025 Stuttgart
Urbanstr. 32, 70182 Stuttgart
Tel. 0711 615541-0
Fax. 0711 615541-15
Mail: poststelle@lfd.bwl.de
http://www.baden-wuerttemberg.datenschutz.de

For the assertion of the aforementioned rights as well as for questions regarding data protection, you can contact the person responsible in accordance with the aforementioned point 1 or send a corresponding e-mail to info(at)cegat.de.

Right of objection

If the processing of your personal data is carried out on the basis of legitimate interests in accordance with Art. 6 para. 1 p. 1 lit. f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be exercised by us without reference to a specific situation. If you wish to exercise your right of withdrawal or objection, it is sufficient to send an e-mail to info(at)cegat.de.

Data security

  • We use the widely used Secure Sockets Layer (SSL) in conjunction with the highest level of encryption supported by your browser when you visit the site. This is usually 256-bit encryption. In the event that your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. A locked key or lock icon in the lower status bar of your browser will indicate that a particular page of our site is being transmitted using encryption.
  • In order to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties, we use appropriate technical and organizational security measures. In line with technological developments, our security measures are constantly being improved.
  • In addition, in accordance with the General Data Protection Regulation (GDPR), we require each of our employees to respect data privacy and confidentiality.

Changes to this privacy policy

We will update this Privacy policy when appropriate, for example, because of changes in relevant data protection regulations.

Status: 06.03.2024