Privacy Statement of Perseus Technologies GmbH

(As of November 2018)

We, Perseus Technologies GmbH, look forward to your visit to our website www.perseus.de and www.club.perseus.de. We take the topic of data protection very seriously. In this privacy policy, we therefore explain the nature, scope and purpose of the processing of personal data when visiting and using our website.

1. Person responsible

Person responsible within the meaning of the EU General Data Protection Regulation (GDPR), other national data protection laws and other data protection regulations:

Perseus Technologies GmbH
Hardenbergstr. 32
10623 Berlin
Perseus Technologies GmbH is abbreviated to "Perseus".

2. Data Protection Officer

The company data protection officer of Perseus can be reached in writing at the above address with the note "Data Protection Officer" or by email at datenschutz@perseus.de.

3. General for data processing

3.1 Personal data and the extent of its processing

"Personal Data" means any information relating to a directly or indirectly identified or identifiable actual person. These include, for example, your personal name, your contact details or certain personal data that you provide when registering for a customer account. The
"processing" of personal data covers any process or series of operations performed with or without the aid of automated procedures, including the collection, storage, adaptation or modification, dissemination or deletion of personal data.

3.2 Legal basis for the processing of personal data

We process the personal data of the users of our Internet page only on the basis of the
following legal bases:

  • Art. 6 para. 1 sentence 1 lit. a) GDPR, ie the processing takes place on the basis of the consent of the data subject;
  • Art. 6 para. 1 sentence 1 lit. b) GDPR, ie the processing is necessary to fulfill a contract or to carry out pre-contractual measures;
  • Art. 6 para. 1 sentence 1 lit. c) GDPR, ie the processing is necessary to fulfill a legal obligation which is subject to Perseus;
  • Art. 6 para. 1 sentence 1 lit. d) GDPR, ie the processing is necessary to protect the vital interests of the data subject or another actual person;
  • Art. 6 para. 1 sentence 1 lit. f) GDPR, ie the processing is necessary for the protection of a legitimate interest of Perseus or a third party and this outweighs the interests, fundamental rights and fundamental freedoms of the person concerned.

3.3 Data deletion and storage duration

The personal data of the person/s concerned will be deleted or blocked as soon as the purpose of its storage is removed. However, it may also be stored if so provided for by the European or national legislature in EU regulations, laws or other regulations to which Perseus
is subject. This applies in particular if there are commercial or tax-related retention requirements. Upon expiry of such a statutory retention period, the data will be blocked or deleted, unless a further storage of legitimate interest is required, in particular for the conclusion of a contract or the fulfillment of a contract.

3.4 Security measures

For reasons of security, our websites use SSL encryption using the highest level of encryption supported by your Internet browser. You will recognize this by the lock icon on the status bar of your browser and the address bar beginning with "https: //." Nevertheless, we must point out that communication and data transmission on the Internet is never completely secure.

4. Processing of personal data when visiting our websites and in the context of the business operations of Perseus

4.1 Automated data collection when visiting our website

Each time you visit our website, our system automatically collects data and information from the computer system of the calling digital terminal. Specifically, these data are the following:

IP address of the user,

Information about the browser type and version used,

Internet service provider of the user,

Date, time and success of access,

Internet pages from which the user's system accesses our website,

Websites that are accessed by the user's system via our website.

This data is also stored in the log files of our system. The storage of other personal data of the user does not take place.

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 p. 1 lit. f) GDPR. The purpose of the data processing is to enable the connection to our web pages, to ensure their functionality, to secure the information technology systems and to facilitate and improve the administration of our web pages. For these purposes, Perseus's legitimate interest lies in the described data processing.

The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. In the case of the collection of the data for the provision of our Internet pages, this takes place at the end of the respective session. The data stored in the log files will be
deleted after 90 days at the latest. Additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment to the calling client is no longer possible.

4.2 Business operations

In the course of our business we process (personal) data of our contractual partners, customers as well as interested parties, in order to be able to render our (pre-) contractual services to them. The nature, scope and purpose, as well as the requirement of data processing depend on the underlying (pre) contractual relationship. This data includes, in particular, inventory and contact data, contract and payment data as well as communication data. In this context, we use hosting services, in particular, infrastructure, storage, database
and maintenance.

The legal basis of the data processing described above is Art. 6 para. 1 sentence 1 lit. b), lit. c) and lit. f) GDPR, in connection with order processors also in connection with Art. 28 GDPR, ie we conclude a contract processing contract. The purpose of the data processing is the operation of Perseus including the provision of the PCSC and this website. This results in our legitimate interest. A disclosure of this data to third parties will only be made if we have the consent of the person concerned or if there is a legal requirement for permission, in particular, if it is necessary to fulfill a legal obligation or if we have a legitimate interest in doing so.

The data will be deleted if the purpose of their processing has been completed, unless there are statutory, especially tax or commercial, retention requirements or the respective person concerned has given their consent for further storage or other legal permission. The need for storage is regularly reviewed.

4.3 Opening and use of a customer account in the "Perseus Cyber Security Club"

When opening a customer account in the "Perseus Cyber Security Club" (hereafter PCSC) and using it, your company-related data, including certain personal data, will be collected and stored within the framework of our corporate administration, which you voluntarily submit to us for this purpose. The respective data can be seen from the input forms and possible uses. This includes, in particular, your information on the opening of a corresponding customer account, as well as all data required for processing and execution of the registration and use of the customer account (eg general information on the company, but also first name, last name and email address of the person performing the application, other required usage data).

The legal basis for the processing of this data is Art. 6 (1) sentence 1 lit. b) and lit. c) GDPR. The purpose of the data processing is the execution of the contract of use concerning the PCSC and the fulfillment of legal retention periods.

After the termination of a contract of use, the data of the underlying customer account is blocked with regard to legal, in particular tax and commercial retention periods and deleted after expiration of the statutory periods. This does not happen if you expressly consent to further use of your data or if a legal permission standard permits further data usage.

4.4 Payment Service Provider

For payment purposes, we use an external payment service provider, Stripe Payments Europe Ltd., Block 4, Harcourt Center, Harcourt Road, Dublin 2, Ireland (hereinafter Stripe). Stripe operates an online platform for credit card and SEPA direct debit payments. The data that is processed during the processing of a payment transaction can be seen from the input forms and include your stock data, ie in particular, account or payment card holder, bank data, including account or credit card number and invoice amount and transaction number. Processing is strictly through Stripe and is required to complete the relevant payment transaction.

The legal basis for the data processing described above is Art. 6 para. 1 sentence 1 lit. b) and lit. f) GDPR. We use Stripe as a payment service provider in the context of the fulfillment of the PCSC usage agreements and to offer you an effective and secure payment option. This results in our legitimate interest in the described data processing.

Further information on data protection when processing payment transactions via Stripe can be found in the transaction applications as well as on the Stripe website (https://stripe.com/en/terms).

4.5 Quaderno Accounting System

We use the Quaderno system to automatically generate invoices for the use of the services that we offer end customers on our website. The provider is the Recrea Systems, SLU ('Recrea') Fernando Guanarteme 111, 35010 Las Palmas, Spain (hereinafter: "Quaderno"). Quaderno processes your contact and contract data on our behalf.

The legal bases of the processing described above are Art. 6 para. 1 sentence 1 lit. b) and lit. f) GDPR. The processing takes place for the purpose of the production of invoices in the context of the completion of contracts. Our legitimate interest lies in this purpose. To protect your data, we have signed a contract processing agreement with Quaderno. You will find more about privacy on the Quaderno website, (https://quaderno.io/privacy).

4.6 FastBill Billing system

We use the FastBill system for the semi-automatic creation of invoices, which we provide to contractors who use other services not offered on our website (not end customers, but other contractual partners). The provider of FastBill is FastBill GmbH, Wildunger Str. 6, 60487 Frankfurt am Main (hereafter: FastBill). FastBill processes your contact and contract data on our behalf. The legal bases of the processing described above are Art. 6 para. 1 sentence 1 lit. b) and lit. f) GDPR. The processing takes place for the purpose of the production of invoices in the context of the completion of contracts. This is our legitimate interest in processing. To protect your data, we have concluded a contract processing contract with FastBill. Visit the FastBill website for more information on privacy (https://www.fastbill.com/datenschutz).

4.7 Evaluation of the use of the "Perseus Cyber Security Club"

We analyze the usage data of the "members" of the PCSC and those interested in using it and/or using our website. This includes inventory and contract data as well as usage data. The legal basis for the processing of this data is Art. 6 (1) sentence 1 lit. f) GDPR. The purpose of their processing lies in the needs-based design and development of PCSC in favor of its "members" especially with regard to customer loyalty. This is also a legitimate interest in the described data processing.

If these analyzes are personal in the case of registered "members" of the PCSC, they will be deleted or anonymised after the termination of a user agreement. If these analyzes are anonymized, the data will be deleted if the purpose of the memory is lost.

4.8 Contact

Visitors to our website can use various options to contact us. Currently, these are: contact form, email, phone and live chat. The data provided voluntarily by you in the use of the aforementioned contact options are transmitted to us and stored. Please contact us via the
contact form. Required information is your name and e-mail address. In addition, you can voluntarily provide additional data, eg phone or fax number. At the time of sending the message, we will store your IP address as well as the date and time of your registration in the
contact form. If you contact us by e-mail, phone and/or social media, we will also save your personal data.

Perseus uses the following systems: CRM system Freshsales, helpdesk system Freshdesk, chat system Freshchat. The supplier of these three systems is Freshworks Inc., 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066, USA (hereafter: Freshworks). Freshsales is a common system for maintaining customer relationships, while Freshdesk is a system that can accept and manage contact requests. Freshchat serves the purpose of communicating between you and Perseus via live chat.

By using the aforementioned systems, the data you provide will be transmitted to Freshworks and stored on its servers in the United States. Freshworks transmits this data to external service providers in order to offer their services. Freshworks has a certification under the so-called "EU-US Privacy Shield" (https://www.privacyshield.gov/participant?id=a2zt0000000GnbQAAS&status=Active), so that the legal requirements for the adequacy of the data protection level according to Art 45 GDPR. It is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards in the United States. Read more about Freshworks and privacy on the Freshworks website (http://freshworks.com/privacy).

The legal basis for the processing of data described above is Art. 6 (1) sentence 1 lit. b) and lit. f) GDPR. Their processing takes place for the purpose of examining and answering such inquiries, in particular also for carrying out pre-contractual measures on request. Our legitimate interest in the described data processing, as well as the need for direct and effective customer communication and the corresponding need-based design of the website, results from this purpose.

Your data will be automatically deleted as soon as the respective request is completed and no other, possibly legal, facts permit further storage by Perseus.

4.9 Applications

4.9.1 Personal data collected as part of the application process

Personal data means any information concerning the personal or material circumstances of an identified or identifiable individual. This includes information such as, for example, your name, address, telephone number and date of birth, but also data relating to your specific career etc. by reference to which a specific individual can be identified with reasonable effort. However, information which cannot be (in)directly associated with your real-life identity is not personal data.

4.9.2 Fundamentals and purposes of processing personal data collected from application documents and during the application process

If you apply to us electronically, i.e. via e-mail or using our online form, we will collect and process your personal data for the purpose of executing the application process and preparing contracts. By submitting an application via our recruitment website, you express your interest in taking up work with us. In this context, you transmit personal data, which we will use and store exclusively for the purpose of your job search / application process.

In particular, the following data is collected during this process:

  • name (first and last names)
  • e-mail address
  • phone number
  • expected salary
  • available from

Furthermore, you can choose to upload expressive documents such as a cover letter, your CV and reference letters. These may contain additional personal data such as date of birth, address etc. Only authorized HR staff and/or staff involved in the application process have access to your data. The personal data is stored, as a rule, exclusively for the purpose of filling the vacancy for which you have applied.
Your data will be stored for a period of 180 days after the application process has been concluded. This is usually done to fulfill legal requirements and/or defending ourselves against any claims arising from legal provisions. After this period, we are obligated to delete or anonymize your data. In case of anonymization, the data will only be available to us in the form of so-called metadata, without any direct personal reference, for statistical analysis (for example, share of male and/or female applicants, number of applications per specified period of time etc.).

Furthermore, we reserve the right to store your data for the purpose of adding it to our Talent Pool in order to identify any other vacancies that may be of interest to you. This includes, for example, applications for apprenticeships or internships. By accepting the data privacy statement, you consent to any further storage of your data as well as its inclusion in our Talent Pool. Should you be offered and accept a position with us during the application process, we will store the personal data collected as part of the application process for at least the duration of your employment.

4.9.3 Disclosure of data to third parties

Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. This database is operated by Personio GmbH, which offers a human resource and applicant management software solution (https://www.personio.com/legal-notice/). In this context, Personio is our processor under article 28 of the GDPR. In this case, the processing is based on an agreement for the processing of orders between us as the controller and Personio.

4.9.4 Rights of data subjects

If we as the controller process personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed during this online application process, please refer to our Data Protection Officer (see item 2).

4.9.5 Concluding provisions

We reserve the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the application process or other processes. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.

4.10 Registration for the newsletter

We offer subscription to a free newsletter in various places on our website for promotional emails. The data that you voluntarily enter in the input form provided for this purpose is transmitted to us during registration and stored. The requirement of your email address is mandatory in any case. The indication of any further data is voluntary and serves your personal address. At the time of sending the message, we will store your IP address, as well as the date and time of your registration in the contact form. We use a double opt-in procedure to make sure that you only receive our newsletter if you really want it. To do this, we will send you a notification email in which you confirm by clicking on a link contained in this email indicating that you actually want to receive our advertising emails or our newsletter.

 The legal basis for the processing of data described above is Article 6 (1) sentence 1 lit. a) GDPR in conjunction with Section 7 (2) no. 3 UWG and Article 6 (1) sentence 1 lit. f) GDPR. The purpose of the processing is the legally secure shipping of our newsletter. For this reason, it is necessary to use a user-friendly and secure newsletter system that allows proof of consent. For this purpose, the legitimate interest in the logging of the application process results.

You can unsubscribe from our newsletter at any time, either by clicking on the unsubscribe link contained in each newsletter or by e-mail to newsletter@perseus.de. After the cancellation, your email address or any other, optionally voluntarily indicated data will be blocked immediately on our newsletter mailing list. The blocking takes place within our legitimate interest acc. Art. 6 para. 1 sentence 1 lit. f) GDPR to prove a previously given consent and the implementation of an unsubscribe request and to be able to ensure that no further newsletter is sent.

4.11 Sending and evaluation of the newsletter

We use "MailChimp" and "Mandrill" to send and statistically analyze the emails we send as part of our newsletter and transaction emails. Both are offered by the technical service provider, The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta,
GA 30308, USA (hereinafter: Rocket Science).

The emails contain the following customer data: name, email address and company. This data is transmitted to Rocket Science and stored on their servers in the United States. Rocket Science in turn transmits this data to external service providers in order to offer their services. Rocket Science uses this information for the distribution and statistical evaluation of newsletters and transaction emails. For the evaluation, the emails sent include so-called "web beacons" or "tracking pixels." These are small image files that allow the evaluation of user behavior. In this way, we can determine if a newsletter message has been opened and which links have been clicked on. In addition, technical information is collected (eg time of retrieval, IP address, browser type and operating system). This data are collected exclusively under a pseudonym and is not linked with your other personal data. It is used exclusively for the statistical analysis of newsletter campaigns, in order to better adapt future newsletters to the interests of the recipients.

In addition, "Rocket Science" may itself use the data for its own legitimate interest in the needs-based design and optimization of the service, as well as for market research purposes, eg to determine from which countries the recipients come. However, "Rocket Science" does not use the data to subscribe the subscribers to our newsletter or to pass them on to third parties.

Rocket Science is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active), so the legal requirements for the adequacy of the data protection level under Art. 45 GDPR are given. It is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards in the United States.

More about rocket science and privacy can be found on their website (https://mailchimp.com/legal/privacy). The legal basis for the processing described above is Article 6 (1) sentence 1 lit. f) GDPR and Art. 28 para. 3 p. 1 GDPR. Its purpose is to use a promotional effective, secure and user-friendly newsletter system in the sense of customer loyalty. This also results in our legitimate interest in data processing. Finally, we have entered into a contract processing agreement with Rocket Science to protect your information in the United States.

If you do not want a statistical evaluation of the newsletters sent to you, you can unsubscribe from the newsletter at any time (see section 4.10) or disable the display of graphics in your e-mail program by default. The evaluation data will be deleted at the latest after 12 months.

4.12 Test Phishing emails

We use SendinBlue service to send test phishing emails to PCSC users. The provider is the Sendinblue SAS, 47, rue de la Chaussee d'Antin, 75009 Paris, France (hereafter: SendinBlue).

These test phishing emails belong to the service portfolio of the PCSC and are sent exclusively to PCSC users. For this purpose, the email addresses specified by the users of the PCSC are processed on SendinBlue's servers, which are located exclusively within the European Union. SendinBlue allows us to analyze the test phishing emails sent. The aim is to see if the respective email has been opened and if and which links contained within have been clicked by the email recipient. You can find more about SendinBlue and data protection on their website (https://en.sendinblue.com/legal/privacypolicy/).

The legal basis for the processing described above is Article 6 (1) sentence 1 lit. b) and lit. f) and Art. 28 para. 3 sentence 1 GDPR. The purpose of the data processing is the implementation of the PCSC usage agreement, as well as the provision of effective PCSC awareness services for cyber security using a secure e-mail delivery system. This also results from our legitimate interest. Finally, we have concluded a contract processing contract with SendinBlue to protect your data.

The data will be deleted if the purpose of their processing has been completed, unless there are statutory, especially tax or commercial, retention requirements or the respective data subject has given their consent for further storage or other legal permission. The need for storage is regularly reviewed.

4.13 Cookies

Our website uses so-called cookies. These are text files that are stored in the Internet browser you use or on the Internet browser on your computer system. A cookie can be stored on your operating system as soon as it calls up a website. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.

We use cookies to make our website more user-friendly (technically necessary cookies). Some elements of our website require that the calling browser be identified even after a page break. The following data is stored and transmitted in the cookies: language settings and log-in information. In addition, we use cookies on our website that allow an analysis of the browsing behavior of their visitors (analysis cookies). The following data can be transmitted: entered search terms, frequency of page views and the use of functions of the website.

The data of the users collected in this way are made anonymous by technical means. Therefore, assignment of the data to the calling user is no longer possible. The data will not be stored along with other personal data of the users. You will be informed when using our website about the use of cookies for analysis purposes. Your consent will also be sought to process the personal data used in this context. The reference to this privacy policy is also made. The legal basis of the processing described above is Art. 6 para. 1 p. 1 lit. f) GDPR. The purpose of the processing is, on the one hand, to simplify the use of our website for its visitors. On the other hand, it is about improving the quality of our website and its contents. In these purposes, we have a legitimate interest in the use of cookies.

The storage of cookies can be configured at any time via the browser settings or completely disabled. Already saved cookies can be deleted at any time. However, a complete deactivation may mean that you can only use our website and its functionalities to a limited extent.

4.14 Google Analytics

We use the internet analytics service, Google Analytics. The provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA (hereafter: Google). Google uses cookies to create anonymous usage profiles. The information generated by the respective cookie about your use of our website, such as browser type and version, operating system used, referrer URL, IP address, time of server request, are usually transmitted to a Google server in the US and stored there. In order to ensure that your IP address is only anonymous, we have extended the code "gat._anonymizeIp ();" (so-called IP masking) on our website to Google Analytics. As a result, your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.

The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google information. You can prevent the storage of cookies by setting your browser software accordingly. However, this may mean that you can only use our website and its functionalities to a limited extent. In addition, you can prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address), as well as the processing of this data by Google, by using this link (https: // tools .google.com / dlpage / gaoptout? hl = en) Download and install the available browser plugin. An opt-out cookie is set, which prevents the future collection of your data when visiting our website. Google is certified under the so-called EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active), so that the legal requirements for the adequacy of the data protection level acc. Art. 45 GDPR. It is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards in the United States. For more information about privacy at Google in general (http://support.google.com/analytics/answer/6004245?hl=en) and in the context of Google Analytics in particular, visit the Google website (https: // www .google.com / intl / en / policies / privacy).

The legal basis of the processing described above is Article 6 (1) sentence 1 lit. f) GDPR (in conjunction with § 15 (3) TMG) and Art. 28 (3) sentence 1 GDPR. Google processes the information collected through the cookies on our behalf for the purpose of evaluating your use of our website, to provide reports on the activities on our website and to provide other services related to the use of our website and the Internet for the purpose of their needs- based design. These ticks result in our legitimate interest in the processing described above.

Finally, we've entered into a contract processing agreement with Google to protect your data in the United States. The stored data of users is automatically deleted or rendered anonymous after 14 months.

4.15 Google AdWords Conversion Tracking

We also use the internet analytics service, Google Conversion Tracking. The provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA (hereafter: Google). In this way, we can determine if you have reached our website through a so-called Google AdWords ad. Google uses cookies. The information generated by these cookies is transmitted by Google for evaluation on a server in the United States and stored there. They are not for your personal identification. If you visit our website due to a Google AdWords ad published by us and the cookie has not yet expired, we and Google may recognize that you have clicked on the ad and have been redirected accordingly.

You can prevent the storage of cookies by setting your browser software accordingly. However, this may mean that you can only use our website and its functionalities to a limited extent. In addition, you can specifically set your browser so that cookies from the domain www.googleadservices.com are generally blocked. Finally, you can take advantage of Google's settings and opt-out options at http://www.google.com/ads/preferences. Google is certified under the so-called EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active), so that the legal requirements for the adequacy of the data protection level acc. Art. 45 GDPR. It is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards in the United States. For more information about privacy at Google in general (https://www.google.com/intl/en/policies/privacy) and Google AdWords Conversion Tracking (https://services.google .com / sitestats / en.html).

The legal basis for the processing described above is Article 6 (1) sentence 1 lit. f) GDPR (in conjunction with § 15 para. 3 TMG). The purpose of processing is the evaluation of our website and the creation of reports on the user activities to design and optimize our website and our advertising as needed. For this purpose, our legitimate interest in processing arises. The above-mentioned cookies lose their validity after 30 days and are automatically deleted.

4.16 DoubleClick

We use the online marketing tool DoubleClick. Provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA (hereafter: Google). We use DoubleClick to show you tailored ads in your web browser, to improve campaign performance reports, or to prevent you from seeing the same ads multiple times.

Google uses cookies and uses a so-called cookie ID to determine which ads are displayed in which browser and can thus prevent them from being displayed multiple times. In addition, DoubleClick uses these cookie IDs to track conversions related to ad requests, such as when a user views a DoubleClick ad and later uses the same browser to visit the advertiser's website and buy something there. The cookie ID also contains technical information about the browser and the operating system, referring websites, the time of visit and further information on the use of the online offer as well as the IP address of the users. If you're registered with a service provided by Google, Google may associate the visit with your account.

You can prevent the storage of cookies by setting your browser software accordingly. However, this may mean that you can only use our website and its functionalities to a limited extent. You can also set your browser to generally block cookies from the domain www.googleadservices.com. Finally, you can take advantage of Google's settings and opt-out options at http://www.google.com/ads/preferences. Google is certified under the so-called EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active), so that legal requirements for data protection level acc. Art. 45 GDPR are met. It is an agreement between the European Union and the United States, designed to ensure compliance with European data protection standards in the United States. For more information about privacy at Google in general (https://www.google.com/intl/en/policies/privacy) and more specifically about Double Click (https://www.google.com / doubleclick).

The legal basis for the processing described above is Article 6 (1) sentence 1 lit. f) GDPR. Purposes of the processing are analysis as well as appropriate design and optimization of our website and our advertising. For these purposes, our interest in the above-described data processing is legitimate.

4.17 Google Tag Manager

Finally, we use the Google Tag Manager system on our website. The provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA (hereafter: Google). Google Tag Manager measures the reach of the online advertising used on our website, but does not
process personal information.

4.18 Hotjar

We use the internet analysis service, Hotjar, on our website. The provider is Hotjar Ltd., Level 2, St Julian's Business Center, 3, Elia Zammit Street, St Julian's STJ 1000, Malta (hereafter Hotjar). This allows the navigation of the users of our website to be understood (so-called heatmaps). This allows us to analyze how you use our website to improve its ease of use. Hotjar uses cookies. As a result, interactions such as mouse movements and user feedback are recorded anonymously. Furthermore, technical information, such as operating system, browser, geographic origin, resolution and type of device are evaluated. The information generated by the cookie about your use of our website is usually transmitted to a Hotjar server in Ireland and stored there. This information is not personal and will not be disclosed by Hotjar to third parties. The IP address transmitted by Hotjar from your browser will not be merged with other Hotjar data. You can prevent the storage of cookies by setting your browser software accordingly.

However, this may mean that you can only use our website and its functionalities to a limited extent. In addition, you can specifically set your browser via the following link to block tracking via Hotjar (https://www.hotjar.com/legal/compliance/opt-out). More information about "Hotjar" can be found at: www.hotjar.com. The privacy policy of "Hotjar" is available at https://www.hotjar.com/privacy.

The legal basis for the processing described above is Article 6 (1) sentence 1 lit. f) GDPR. The purpose of the processing is analysis of the behavior of users of our website as well as the needs-based design and optimization of our website. Our legitimate interests in this processing arises from this purpose.

4.19 Facebook pixels

We use the so-called Facebook Pixel on our website. The provider is the Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA and Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (hereafter: Facebook). When you visit our website, a connection is established between your browser and the Facebook server. Certain data, including the IP address, are transmitted to Facebook. If you are a registered member of Facebook, Facebook can, in principle, connect the transmitted data with your Facebook profile and thus use it for the display of targeted advertisements. By using the Facebook pixel, we can track your usage behavior after viewing or clicking on a Facebook ad. Regardless of the digital device, you may object to Facebook's Facebook pixel processing
described above (https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen ).

Facebook has a certification under the so-called EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active), so that the legal requirements for the adequacy of the data protection level acc. Art. 45 GDPR are met. It is an agreement between the European Union and the United States, designed to ensure compliance with European data protection standards in the United States. On the Facebook page, you will find further information on data protection in Facebook’s data usage policy (https://de-de.facebook.com/privacy/explanation), as well as special information about Facebook Pixel (https: //de-de.facebook. com / business / help / 651294705016616).

The legal basis for the processing described above is Art. 6 para. 1 sentence 1 lit. f) GDPR. The purpose of the processing is to analyze and optimize our website and our advertising. Our legitimate interests in processing arises from this purpose.

4.20 Outbrain

We use the technology of Outbrain UK Ltd., 5 New Street Square, EC4A 3TW, London, Great Britain (Outbrain) on our website. We use it to evaluate the usage behavior of visitors to our website, in order to optimize their ads. Outbrain uses cookies to collect certain data: device source, browser type, anonymized IP address of the user. This is never combined with other personal data.

You can prevent the storage of cookies by setting your browser software accordingly. However, this may mean that you can only use our website and its functionalities to a limited extent. You can also opt out of data processing for the respective digital device on the Outbrain website (https://www.outbrain.com/legal/privacy). You will also find further information on data protection by Outbrain there. The legal basis for the processing described above is Article 6 (1) sentence 1 lit. f) GDPR. The purpose of the processing is to analyze and optimize our website and our advertising. Our legitimate interests in processing results from this purpose. Outbrain stores the data stored for a period of 24 months. After that, it will be deleted.

4.21 Use of Vimeo Plugins

We embed videos on our website using the technologies of Vimeo Inc., 555 West 18th Street, NY, New York 10011, USA (hereafter: Vimeo). When you visit our website, you will be connected to the Vimeo servers. Vimeo uses cookies and stores the information about your visit to our website, as well as your IP address and any interactions with the Vimeo plug-ins we use, eg clicking on a start button to play a video. If you are registered as a member of Vimeo and logged in, Vimeo assigns this information to your user account. In addition, Vimeo can use Google Analytics via a so-called iframe, in which the videos are integrated. We have no influence on that.

You can prevent the storage of cookies by setting your browser software accordingly. However, this may mean that you can only use our website and its functionalities to a limited extent. You can prevent an assignment to your Vimeo user account by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo. For Google Analytics, see para. X.

According to its own statement, Vimeo uses standard data privacy clauses in accordance with Art. Art. 46 GDPR, so that the legal requirements for the adequacy of the data protection level acc. Art. 46 GDPR are provided (https://vimeo.com/transfer_statement). For more information on privacy (https://vimeo.com/privacy), visit the Vimeo website. The legal basis of the processing described above is Art. 6 para. 1 sentence 1 lit.f) GDPR. The purpose of data processing is the optimal presentation of our website and content.

4.22 Webinars

We conduct webinars on our website. You can participate in a webinar if you have previously registered for it via our website. To conduct webinars, we use the GoToMeeting system offered by LogMeIn Ltd, Bloodstone Building Block C, 70 Sir John Rogersons's Quay, Dublin 2, Ireland, which is part of LogMeIn, Inc., 320 Summer Street, Boston, MA 02210, USA (LogMeIn). When you participate in our webinars, your following personal information is collected and stored by LogMeIn: Title, first name, last name, company, address, email, PCSC member or non-member yes/no, technical information such as length of participation, webcam usage, IP address, operating system. The data may be transferred to the USA. LogMeIn is certified under the so-called EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000013fAAA&status=Active), so that the legal requirements for the adequacy of the data protection level according to Art. 45 GDPR are met. It is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards in the United States. Visit LogMeIn's website for more privacy information at LogMeIn (https://www.logmeininc.com/en/gdpr/gdpr-compliance).

The legal basis of the processing described above is Art. 6 para. 1 sentence 1 lit. b) and lit. f) GDPR. Finally, a contract processing contract was signed with LogMeIn. The purpose of the processing is to conduct webinars and provide the required technologies accordingly. That is in the legitimate interests of Perseus.

4.23 Shariff Sharing functions

We use the so-called Shariff sharing function on our website. In this way, certain content on our website, such as blog posts, can be shared by our users within certain social networks while maintaining adequate privacy. Normally, the use of so-called social plugins leads to the recording of the IP address and the logging of the further activities of the visitors of such websites, even if the respective visitor does not click on a so-called social button, at all, to connect him with the respective social network. We do not want this and therefore use the Sharrif method. Direct contact to the respective social network is only established when you actively click on the social button of a social network to share a contribution.

4.24 Questionnaire Security Scoring

Visitors to our website may request from Perseus, subject to the conditions specified therein, a so-called privacy scoring of their own domain. It is necessary to complete a questionnaire. Perseus uses the Typeform system for this. The provider of Typeform is TYPEFORM SL, Bac de Roda 163, 08018 Barcelona, Spain (hereafter: Typeform).

By using the aforementioned system, the data you provide in each case, your IP address as well as information about the devices you are using and your browser will be transmitted to Typeform. You can find more information about Typeform and data protection on the Typeform website (https://admin.typeform.com/to/dwk6gt).

The legal basis for the processing of data described above is Art. 6 (1) sentence 1 lit. b) and lit. f) GDPR. Their processing is for the purpose of examining and answering the requirement of security scoring. For this purpose, we also have a legitimate interest in the described data processing, as well as the need for direct and effective customer communication and the corresponding needs-based design of the website or the form within the security scoring offered by Perseus.

Your data will be automatically deleted as soon as the respective request is completed and no other, possibly legal, facts permit further storage by Perseus.

4.25 CylancePROTECT

We use the intelligent security software, CylancePROTECT, from our partner, Cylance by Blackberry, as part of the Perseus 360 ° cyber security package. The supplier of CylancePROTECT is Cylance Deutschland GmbH, Prinzregentenstraße 11, 80538 Munich (Headquarters USA: 400 Spectrum Center Dr., Suite 900 Irvine, CA 92618). Cylance's software analyzes software and activities on our customers' computers to identify malicious programs, determine the security status of the system, and respond to potential threats.

The legal bases of the processing described above are Art. 6 para. 1 sentence 1 lit. b) and lit. f) GDPR. The processing is done to protect our customers’ and clients’ computer and data systems. This is our legitimate interest in processing. To protect your privacy, we have entered into a contract processing agreement with Cylance. You can find more information about privacy on the Cylance website (https://www.cylance.com/en-us/company/about-us/privacy-notice.html).

5. Rights of the person concerned

If personal data are processed by you, you are affected within the meaning of the GDPR. You therefore have the following rights in relation to the person responsible:

5.1 Right to information, Art. 15 GDPR

Pursuant to Art. 15 GDPR, you have the right to request confirmation from us as to whether or not we process personal data relating to you. If this is the case, you can request the following information about the following from us: Purposes of processing; category of personal data to be processed; recipients or categories of recipients to whom your data has been or will be disclosed; planned storage period or, if it is not possible to provide concrete details in this regard, criteria for determining the storage period; existence of a right to rectification, deletion, limitation of processing or objection; existence of a right of appeal to a supervisory authority; origin of your data if it has not been collected from us; existence of automated decision-making including "profiling" and, if applicable, the existence of a "data protection" system of meaningful information on its details; transfer of personal data to a third country or to an international organization; suitable guarantees in accordance with Art. 46 GDPR in connection with the transfer.

5.2 Right to rectification

Pursuant to Art. 16 GDPR, you have the right to demand immediate correction or completion of your personal data stored by us.

5.3 Right to restriction of processing

Pursuant to Art. 18 GDPR, you have the right to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing pursuant to Art. 21 GDPR.

5.4 Right to cancellation

Pursuant to Art. 17 GDPR, you have the right to demand the deletion of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or for assertion, exercise or defense of legal claims is required.

5.5 Right to information

If you have asserted the right to rectification, deletion or limitation of processing to Perseus as the responsible body, we are required, in accordance with. Art. 19 GDPR to notifiy all recipients to whom the personal data relating to you has been disclosed of this rectification or deletion the data or limitation processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed by Perseus about these recipients.

5.6 Data transferability

Pursuant to Art. 20 GDPR, you have the right to receive your personal data, which you have provided us, in a structured, common and machine-readable format or to request a transfer to another person responsible.

5.7 Right of objection

Pursuant to Art. 21 GDPR, you have the right to revoke your previously granted consent to us at any time. We will then no longer process your personal information, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.

If the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to "profiling" insofar as it is associated with such direct mail. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

5.8 Right to revoke the data protection consent declaration

Pursuant to Art. 7 para. 3 GDPR, you have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

5.9 Right to complain to a supervisor

Pursuant to Art. 77 GDPR, you have the right to complain to a supervisor. Typically, you can contact the supervisor of your usual whereabouts, workplace, or the location of the alleged violation.

6. Timeliness and changes to this Privacy Policy

This privacy policy applies in its current version. We reserve the right to update this privacy policy at any time, in particular due to the further development of our website and the IT technology or software used on it and/or legal changes. The current privacy policy can be accessed and printed at any time on the website at https://www.perseus.de/en/data-protection.

Modify Cookie Settings