Privacy Statement of Perseus Technologies GmbH

(As of November 2018)

We, Perseus Technologies GmbH, look forward to your visit to our website www.perseus.de and www.club.perseus.de. We take the topic of data protection very seriously. In this privacy policy, we therefore explain the nature, scope and purpose of the processing of personal data when visiting and using our website.

1. Person responsible

Person responsible within the meaning of the EU General Data Protection Regulation (GDPR), other national data protection laws and other data protection regulations:

Perseus Technologies GmbH
Hardenbergstr. 32
10623 Berlin
Perseus Technologies GmbH is abbreviated to "Perseus".

2. Data Protection Officer

The company data protection officer of Perseus can be reached in writing at the above address with the note "Data Protection Officer" or by email at datenschutz@perseus.de.

3. General for data processing

3.1 Personal data and the extent of its processing

"Personal Data" means any information relating to a directly or indirectly identified or identifiable actual person. These include, for example, your personal name, your contact details or certain personal data that you provide when registering for a customer account. The
"processing" of personal data covers any process or series of operations performed with or without the aid of automated procedures, including the collection, storage, adaptation or modification, dissemination or deletion of personal data.

3.2 Legal basis for the processing of personal data

We process the personal data of the users of our Internet page only on the basis of the
following legal bases:

  • Art. 6 (1) a GDPR, ie the processing takes place on the basis of the consent of the data subject;
  • Art. 6 (1) b GDPR, ie the processing is necessary to fulfill a contract or to carry out pre-contractual measures;
  • Art. 6 (1) c GDPR, ie the processing is necessary to fulfill a legal obligation which is subject to Perseus;
  • Art. 6 (1) d GDPR, ie the processing is necessary to protect the vital interests of the data subject or another actual person;
  • Art. 6 (1) f GDPR, ie the processing is necessary for the protection of a legitimate interest of Perseus or a third party and this outweighs the interests, fundamental rights and fundamental freedoms of the person concerned.

3.3 Data deletion and storage duration

The personal data of the person/s concerned will be deleted or blocked as soon as the purpose of its storage is removed. However, it may also be stored if so provided for by the European or national legislature in EU regulations, laws or other regulations to which Perseus
is subject. This applies in particular if there are commercial or tax-related retention requirements. Upon expiry of such a statutory retention period, the data will be blocked or deleted, unless a further storage of legitimate interest is required, in particular for the conclusion of a contract or the fulfillment of a contract.

3.4 Security measures

For reasons of security, our websites use SSL encryption using the highest level of encryption supported by your Internet browser. You will recognize this by the lock icon on the status bar of your browser and the address bar beginning with "https: //". Nevertheless, we must point out that communication and data transmission on the Internet is never completely secure.

4. Processing of personal data when visiting our websites and in the context of the business operations of Perseus

4.1 Automated data collection when visiting our website

Each time you visit our website, our system automatically collects data and information from the computer system of the calling digital terminal. Specifically, these data are the following:

  • IP address of the user,
  • Information about the browser type and version used,
  • Internet service provider of the user,
  • Date, time and success of access,
  • Internet pages from which the user's system accesses our website,
  • Websites that are accessed by the users system via our website.

This data is also stored in the log files of our system. The storage of other personal data of the user does not take place. The legal basis for the temporary storage of data and log files is Art. 6 (1) f GDPR. The purpose of the data processing is to enable the connection to our web pages, to ensure their functionality, to secure the information technology systems and to facilitate and improve the administration of our web pages. For these purposes, Perseus's legitimate interest lies in the described data processing.

The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. In the case of the collection of the data for the provision of our Internet pages, this takes place at the end of the respective session. The data stored in the log files will be
deleted after 90 days at the latest. Additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment to the calling client is no longer possible.

4.2 Business operations

In the course of our business we process (personal) data of our contractual partners, customers as well as interested parties, in order to be able to render our (pre-) contractual services to them. The nature, scope and purpose, as well as the requirement of data processing depend on the underlying (pre) contractual relationship. This data includes, in particular, inventory and contact data, contract and payment data as well as communication data. In this context, we use hosting services, in particular, infrastructure, storage, database
and maintenance.

The legal basis of the data processing described above is Art. 6 (1) b, c, f GDPR, in connection with order processors also in connection with Art. 28 GDPR, ie we conclude a contract processing contract. The purpose of the data processing is the operation of Perseus including the provision of the PCSC and this website. This results in our legitimate interest. A disclosure of this data to third parties will only be made if we have the consent of the person concerned or if there is a legal requirement for permission, in particular, if it is necessary to fulfill a legal obligation or if we have a legitimate interest in doing so.

The data will be deleted if the purpose of their processing has been completed, unless there are statutory, especially tax or commercial, retention requirements or the respective person concerned has given their consent for further storage or other legal permission. The need for storage is regularly reviewed.

4.3 Opening and use of a customer account in the "Perseus Cyber Security Club"

When opening a customer account in the "Perseus Cyber Security Club" (hereafter PCSC) and using it, your company-related data, including certain personal data, will be collected and stored within the framework of our corporate administration, which you voluntarily submit to us for this purpose. The respective data can be seen from the input forms and possible uses. This includes, in particular, your information on the opening of a corresponding customer account, as well as all data required for processing and execution of the registration and use of the customer account (eg general information on the company, but also first name, last name and email address of the person performing the application, other required usage data).

The legal basis for the processing of this data is Art. 6 (1) b, c GDPR. The purpose of the data processing is the execution of the contract of use concerning the PCSC and the fulfillment of legal retention periods.

After the termination of a contract of use, the data of the underlying customer account is blocked with regard to legal, in particular tax and commercial retention periods and deleted after expiration of the statutory periods. This does not happen if you expressly consent to further use of your data or if a legal permission standard permits further data usage.

4.4 Payment Service Provider

For payment purposes, we use an external payment service provider, Stripe Payments Europe Ltd., Block 4, Harcourt Center, Harcourt Road, Dublin 2, Ireland (hereinafter Stripe). Stripe operates an online platform for credit card and SEPA direct debit payments. The data that is processed during the processing of a payment transaction can be seen from the input forms and include your stock data, ie in particular, account or payment card holder, bank data, including account or credit card number and invoice amount and transaction number. Processing is strictly through Stripe and is required to complete the relevant payment transaction.

The legal basis for the data processing described above is Art. 6 (1) b, f GDPR. We use Stripe as a payment service provider in the context of the fulfillment of the PCSC usage agreements and to offer you an effective and secure payment option. This results in our legitimate interest in the described data processing.

Further information on data protection when processing payment transactions via Stripe can be found in the transaction applications as well as on the Stripe website (https://stripe.com/en/terms).

4.5 Quaderno Accounting System

We use the Quaderno system to automatically generate invoices for the use of the services that we offer end customers on our website. The provider is the Recrea Systems, SLU ('Recrea') Fernando Guanarteme 111, 35010 Las Palmas, Spain (hereinafter: "Quaderno"). Quaderno processes your contact and contract data on our behalf.

The legal bases of the processing described above are Art. 6 (1) b and f GDPR. The processing takes place for the purpose of the production of invoices in the context of the completion of contracts. Our legitimate interest lies in this purpose. To protect your data, we have signed a contract processing agreement with Quaderno. You will find more about privacy on the Quaderno website, (https://quaderno.io/privacy).

4.6 FastBill Billing system

We use the FastBill system for the semi-automatic creation of invoices, which we provide to contractors who use other services not offered on our website (not end customers, but other contractual partners). The provider of FastBill is FastBill GmbH, Wildunger Str. 6, 60487 Frankfurt am Main (hereafter: FastBill). FastBill processes your contact and contract data on our behalf. The legal bases of the processing described above are Art. 6 (1) b and f GDPR. The processing takes place for the purpose of the production of invoices in the context of the completion of contracts. This is our legitimate interest in processing. To protect your data, we have concluded a contract processing contract with FastBill. Visit the FastBill website for more information on privacy (https://www.fastbill.com/datenschutz).

4.7 Evaluation of the use of the "Perseus Cyber Security Club"

We analyze the usage data of the "members" of the PCSC and those interested in using it and/or using our website. This includes inventory and contract data as well as usage data.

The legal basis for the processing of this data is Art. 6 (1) f GDPR. The purpose of their processing lies in the needs-based design and development of PCSC in favor of its "members" especially with regard to customer loyalty. This is also a legitimate interest in the described data processing.

If these analyzes are personal in the case of registered "members" of the PCSC, they will be deleted or anonymised after the termination of a user agreement. If these analyzes are anonymized, the data will be deleted if the purpose of the memory is lost.

4.8 Contact

Visitors to our website can use various options to contact us. Currently, these are: contact form, email, phone and live chat. The data provided voluntarily by you in the use of the aforementioned contact options are transmitted to us and stored. Please contact us via the
contact form. Required information is your name and e-mail address. In addition, you can voluntarily provide additional data, eg phone or fax number. At the time of sending the message, we will store your IP address as well as the date and time of your registration in the
contact form. If you contact us by e-mail, phone and/or social media, we will also save your personal data (see 4.13).

Perseus uses the following systems: CRM system Freshsales, helpdesk system Freshdesk, chat system Freshchat. The supplier of these three systems is Freshworks Inc., 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066, USA (hereafter: Freshworks). Freshsales is a common system for maintaining customer relationships, while Freshdesk is a system that can accept and manage contact requests. Freshchat serves the purpose of communicating between you and Perseus via live chat.

By using the aforementioned systems, the data you provide will be transmitted to Freshworks and stored on its servers in the United States. Freshworks transmits this data to external service providers in order to offer their services. Freshworks has a certification under the so-called "EU-US Privacy Shield" (https://www.privacyshield.gov/participant?id=a2zt0000000GnbQAAS&status=Active), so that the legal requirements for the adequacy of the data protection level according to Art 45 GDPR. It is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards in the United States. Read more about Freshworks and privacy on the Freshworks website (http://freshworks.com/privacy).

The legal basis for the processing of data described above is Art. 6 (1) b and f GDPR. Their processing takes place for the purpose of examining and answering such inquiries, in particular also for carrying out pre-contractual measures on request. Our legitimate interest in the described data processing, as well as the need for direct and effective customer communication and the corresponding need-based design of the website, results from this purpose.

The legal basis for the aforementioned processing is Art. 6 (1) a GDPR. You can manage your consent to the setting of cookies at any time via our cookie/content management (cookie banner).

Your data will be automatically deleted as soon as the respective request is completed and no other, possibly legal, facts permit further storage by Perseus.

4.9 Applications

We use the online application management system, Recruitee, to advertise job vacancies on our website and to accept suitable applications. The provider is Recruitee BV, Johan Huizingalaan 763, (1066 VH) Amsterdam, Netherlands (hereafter: Recruitee). Recruitee is an online system that is integrated into our website.

Initially, certain personal access data is automatically collected when you visit our online applicant management system. This includes the requesting digital device, the browser used, the operating system of your device, the IP address, requests and responses sent to and from your device, the referrer website, and your use of the website. Furthermore, the following personal application data may be processed in the context of the application process, in particular, but not limited to, all personal data that you provide to us via the application form, particularly, name, email address, phone number, photo, cover letter, CV, LinkedIn profile, and the job you applied for, as well as status, notes and plans for your application and email communication.

If you click on the so-called social buttons in the context of the applicant management system to use the functions "Apply with LinkedIn" or "Apply with Indeed," your personal data will be processed by the respective provider of this function. In the case of the "Apply with LinkedIn" function, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, (hereafter: LinkedIn) and in the case of "Apply with Indeed," Indeed Ireland Operations Limited, 124 St. Stephen's Green, Dublin 2, Ireland (hereafter: Indeed). LinkedIn and Indeed can use cookies.

Visit the LinkedIn and Indeed websites for more privacy information. The legal basis for the processing described above is Article 6 (1) b, f GDPR and Art. 88 (1) GDPR, § 26 BDSG. The purpose of the processing is the use of an effective, secure applicant management system and its analysis and improvement in the (pre-) employment relationship. Useing the “Apply with” functions of LinkedIn and Indeed is about using modern technologies that are important to us as a modern employer. For these purposes, our legitimate interest in the above data processing results. As a matter of principle, for precautionary reasons, we store the personal data we have received from you within the framework of the application process for a period of 6 months, unless you consent to further storage or there is a statutory permission requirement. For more information, see the Recruitee Privacy Policy (https://recruitee.com/en/privacy), LinkedIn (https://www.linkedin.com/legal/privacy-policy) and Indeed (https://www.indeed.com/legal).

4.10 Registration for the newsletter

We offer subscription to a free newsletter in various places on our website for promotional emails. The data that you voluntarily enter in the input form provided for this purpose is transmitted to us during registration and stored. The requirement of your email address is mandatory in any case. The indication of any further data is voluntary and serves your personal address. At the time of sending the message, we will store your IP address, as well as the date and time of your registration in the contact form. We use a double opt-in procedure to make sure that you only receive our newsletter if you really want it. To do this, we will send you a notification email in which you confirm by clicking on a link contained in this email indicating that you actually want to receive our advertising emails or our newsletter.

The legal basis for the processing of data described above is Article 6 (1) a GDPR in conjunction with Section 7 (2) no. 3 UWG and Article 6 (1) f GDPR. The purpose of the processing is the legally secure shipping of our newsletter. For this reason, it is necessary to use a user-friendly and secure newsletter system that allows proof of consent. For this purpose, the legitimate interest in the logging of the application process results.

You can unsubscribe from our newsletter at any time, either by clicking on the unsubscribe link contained in each newsletter or by e-mail to newsletter@perseus.de. After the cancellation, your email address or any other, optionally voluntarily indicated data will be blocked immediately on our newsletter mailing list. The blocking takes place within our legitimate interest acc. Art. 6 (1) f GDPR to prove a previously given consent and the implementation of an unsubscribe request and to be able to ensure that no further newsletter is sent.

4.11 Sending and evaluation of the newsletter

We use "MailChimp" and "Mandrill" to send and statistically analyze the emails we send as part of our newsletter and transaction emails. Both are offered by the technical service provider, The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta,
GA 30308, USA (hereinafter: Rocket Science).

The emails contain the following customer data: name, email address and company. This data is transmitted to Rocket Science and stored on their servers in the United States. Rocket Science in turn transmits this data to external service providers in order to offer their services. Rocket Science uses this information for the distribution and statistical evaluation of newsletters and transaction emails. For the evaluation, the emails sent include so-called "web beacons" or "tracking pixels." These are small image files that allow the evaluation of user behavior. In this way, we can determine if a newsletter message has been opened and which links have been clicked on. In addition, technical information is collected (eg time of retrieval, IP address, browser type and operating system). This data are collected exclusively under a pseudonym and is not linked with your other personal data. It is used exclusively for the statistical analysis of newsletter campaigns, in order to better adapt future newsletters to the interests of the recipients.

In addition, "Rocket Science" may itself use the data for its own legitimate interest in the needs-based design and optimization of the service, as well as for market research purposes, eg to determine from which countries the recipients come. However, "Rocket Science" does not use the data to subscribe the subscribers to our newsletter or to pass them on to third parties.

Rocket Science is certified under the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active), so the legal requirements for the adequacy of the data protection level under Art. 45 GDPR are given. It is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards in the United States.

More about rocket science and privacy can be found on their website (https://mailchimp.com/legal/privacy). The legal basis for the processing described above is Article 6 (1) f GDPR and Art. 28 (3) 1 GDPR. Its purpose is to use a promotional effective, secure and user-friendly newsletter system in the sense of customer loyalty. This also results in our legitimate interest in data processing. Finally, we have entered into a contract processing agreement with Rocket Science to protect your information in the United States.

If you do not want a statistical evaluation of the newsletters sent to you, you can unsubscribe from the newsletter at any time (see section 4.10) or disable the display of graphics in your e-mail program by default. The evaluation data will be deleted at the latest after 12 months.

4.12 Test Phishing emails

We use SendinBlue service to send test phishing emails to PCSC users. The provider is the Sendinblue SAS, 47, rue de la Chaussee d'Antin, 75009 Paris, France (hereafter: SendinBlue).

These test phishing emails belong to the service portfolio of the PCSC and are sent exclusively to PCSC users. For this purpose, the email addresses specified by the users of the PCSC are processed on SendinBlue's servers, which are located exclusively within the European Union. SendinBlue allows us to analyze the test phishing emails sent. The aim is to see if the respective email has been opened and if and which links contained within have been clicked by the email recipient. You can find more about SendinBlue and data protection on their website (https://en.sendinblue.com/legal/privacypolicy/).

The legal basis for the processing described above is Article 6 (1) b and f and Art. 28 (3) sentence 1 GDPR. The purpose of the data processing is the implementation of the PCSC usage agreement, as well as the provision of effective PCSC awareness services for cyber security using a secure e-mail delivery system. This also results from our legitimate interest. Finally, we have concluded a contract processing contract with SendinBlue to protect your data.

The data will be deleted if the purpose of their processing has been completed, unless there are statutory, especially tax or commercial, retention requirements or the respective data subject has given their consent for further storage or other legal permission. The need for storage is regularly reviewed.

4.13 Cookies

4.13.1 Scope of processing

We use so-called cookies on our website. Cookies are text files that are stored on the user's IT system as soon as he or she accesses our website. Cookies contain characteristic strings that enable the browser to be clearly identified when the website is viewed again.

We use cookies to make our website more user-friendly. Some page elements of our website require that the calling Internet browser can be identified even after a page change within our website.

4.13.2 Purpose of the processing

Essential cookies

The purpose of using essential cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. Because of this cookies it is necessary to recognize the internet browser even after a page change within the our website. In these technically necessary cookies, data is collected, stored and transmitted to us in order to show our website. This user data collected by technically necessary cookies is not used to create user profiles.

Functional cookies

We use functional cookies to store personalized data, such as your language preference, in anonymous form so that it can be automatically called up again the next time you visit our website. Functional cookies can also be used to enable requested functions such as the playing of videos. The data is not passed on to third parties and does not track your movement on other websites.

Cookies for analysis and statistics

Cookies for analyses and statistics: Statistics cookies collect information pseudonymously. This information helps us to understand how our visitors use the website, for example which pages are clicked on most frequently. This enables us to adapt our content and functions to their interests. If deactivated, problems with individual functions of the website may occur.

Marketing and other third party cookies

Marketing cookies and third party cookies are used by us to measure the success of marketing measures, e.g. whether you have visited a website. They can also be used to control these accordingly, e.g. to limit the frequency of an advertisement displayed. It is possible that this information is shared with third parties, such as advertisers. Often these cookies are also linked to page functionalities of third parties.

4.13.3 Legal basis of the processing

The processing of data by means of technically necessary cookies is carried out for the fulfilment of the contract in accordance with Art. 6 (1) b GDPR.

The processing of cookies to ensure information security and for optimal presentation of the website is in our legitimate interest in accordance with Art. 6 Abs. (1) f GDPR.

We process cookies that are not technically necessary and for which there is no legitimate interest, only if you have given us your consent in each case. This is requested at the beginning of the website visit via the cookie management function. The consent is voluntary and can be revoked at any time with effect for the future. The legal basis for this is Art. 6 Abs. (1) a GDPR.


4.13.4 Recipients or categories of recipients

The cookie data is shared with our internal departments and with our contractors who host and provide IT resources.

4.13.5 Transfers from third countries
4.13.5.1 EU cookies

In principle, information stored in cookies is not transferred to third countries, unless user identification is necessary.

4.13.5.2 Google

Personal data is transferred to affiliated companies of Google Ireland Ldt.(Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) in the USA and to Google Inc. (Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The appropriate level of protection for the transfer of personal data to the USA is guaranteed by an adequacy finding of the EU Commission in accordance with Art. (45) 9 GDPR. The adequacy decision (EU-US data protection shield, Privacy Shield) requires self-certification of the US companies subject to this decision. Google Inc. is certified accordingly.

4.13.5.3 Hotjar

Hotjar Ltd, Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta, www.hotjar.com/legal/policies/terms-of-service 

4.13.5.4 Linkedin

The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. LinkedIn has submitted to the Privacy Shield Agreement and is certified. Further information can be found here: www.privacyshield.gov/participant

Further information on data protection with the third-party provider LinkedIn can be found on the following website: www.linkedin.com/legal/privacy-policy.

4.13.5.5 Double Click

See Google.

4.13.5.6 Vimeo

Vimeo LLC, 555 West 18th Street New York 10011. United States. Vimeo is certified according to the Privacy Shield.

4.13.5.7 Freshworks

Freshworks, Inc., 2950 S.Delaware Street, Suite 201, San Mateo, CA 94403, USA. Freshchat is certified under the Privacy Shield.

4.13.5.8 Taboola

We use the Taboola service. This service is provided by Taboola, Inc. 1115 Broadway, 7th floor, New York, New York 10010, USA ("Taboola"). Taboola has its registered office in the so-called third country USA, which means that a level of data protection equivalent to that in the EU is generally lacking. Taboola transmits personal data in accordance with the contractual clauses and thereby offers an adequate level of data protection in accordance with Art. 46 GDPR.

4.13.5.9 Facebook

We use services from Facebook Ireland - 4 Grand Canal Square, Dublin 2, Ireland.

4.13.6 Duration of storage

The personal data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of processing of the data for the purpose of providing the website, this is the case when the respective session has ended. Cookies are stored on the user's IT system and transmitted from there to our server. Therefore you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the storage of cookies. Cookies already stored can be deleted at any time. This can also be done automatically.

4.13.7 Possibility of objection and removal

The data subject has the right to object at any time, for reasons arising from his or her particular situation, to the processing of personal data concerning him or her carried out pursuant to Art. 6 (1) e or f GDPR (Art. 21 (1) GDPR). From then on, the controller will no longer process the personal data unless he can demonstrate compelling reasons for processing that are worthy of protection and outweigh the interests, rights and freedoms of the data subject, or the processing is for the purpose of asserting, exercising or defending and defending legal claims. If cookies for our website are deactivated, it may not be possible to use all the functions of the website, e.g. the shopping basket of the shop, to their full extent.

By clicking on one of the following links you can object to the data processing of the respective services (so-called opt-out) or find the necessary contact in the data protection declaration:

Google Analytics und Optimize

Cookie policy: developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Data privacy statement: policies.google.com/privacy 

Hotjar 

Cookie policy: help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies 

Data privacy statement: www.hotjar.com/legal/policies/privacy 

LinkedIn Marketing Solutions / LinkedIn Ads 

Cookie policy www.linkedin.com/legal/cookie_policy

Data privacy statement: www.linkedin.com/legal/privacy-policy;

Facebook Connect / Facebook Custom Audience  / Facebook Pixel 

Cookie policy www.facebook.com/policy/cookies/

Data privacy statement: www.facebook.com/privacy/explanation 

Google Ads (Double Click, Google Audience)

Cookie policy: support.google.com/admanager/answer/2839090

Data privacy statement: policies.google.com/privacy

Vimeo 

Cookie policy vimeo.com/cookie_policy 

Data privacy statement: vimeo.com/privacy 

Freshworks 

Cookie policy: www.freshworks.com/list-of-cookies/

Data privacy statement: www.freshworks.com/privacy/

Google Tagmanager 

Data privacy statement: policies.google.com/privacy

4.13.8 Obligation to provide (Art. 13 II lit. e DSGVO)

The provision of your data for processing cookies is voluntary. If you do not provide us with your data, we may not be able to address your IT system and you may not be able to use our website or not use it to its full extent.

4.14 Google Analytics

We use the internet analytics service, Google Analytics. The provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA (hereafter: Google). Google uses cookies to create anonymous usage profiles. The information generated by the respective cookie about your use of our website, such as browser type and version, operating system used, referrer URL, IP address, time of server request, are usually transmitted to a Google server in the US and stored there. In order to ensure that your IP address is only anonymous, we have extended the code "gat._anonymizeIp ()" (so-called IP masking) on our website to Google Analytics. As a result, your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.

The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google information. You can prevent the storage of cookies by setting your browser software accordingly. However, this may mean that you can only use our website and its functionalities to a limited extent. In addition, you can prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address), as well as the processing of this data by Google, by using this link (https: // tools .google.com / dlpage / gaoptout? hl = en) Download and install the available browser plugin. An opt-out cookie is set, which prevents the future collection of your data when visiting our website. Google is certified under the so-called EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active), so that the legal requirements for the adequacy of the data protection level acc. Art. 45 GDPR. It is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards in the United States. For more information about privacy at Google in general (http://support.google.com/analytics/answer/6004245?hl=en) and in the context of Google Analytics in particular, visit the Google website (https: // www .google.com / intl / en / policies / privacy).

The legal basis of the processing described above is Article 6 (1) f GDPR (in conjunction with § 15 (3) TMG) and Art. 28 (3) 1 GDPR. Google processes the information collected through the cookies on our behalf for the purpose of evaluating your use of our website, to provide reports on the activities on our website and to provide other services related to the use of our website and the Internet for the purpose of their needs- based design. These ticks result in our legitimate interest in the processing described above.

The legal basis for the aforementioned processing is Art. 6 (1) a GDPR. You can manage your consent to the setting of cookies at any time via our cookie/content management (cookie banner).

Finally, we've entered into a contract processing agreement with Google to protect your data in the United States. The stored data of users is automatically deleted or rendered anonymous after 14 months.

4.15 Google AdWords Conversion Tracking

We also use the internet analytics service, Google Conversion Tracking. The provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA (hereafter: Google). In this way, we can determine if you have reached our website through a so-called Google AdWords ad. Google uses cookies. The information generated by these cookies is transmitted by Google for evaluation on a server in the United States and stored there. They are not for your personal identification. If you visit our website due to a Google AdWords ad published by us and the cookie has not yet expired, we and Google may recognize that you have clicked on the ad and have been redirected accordingly.

You can prevent the storage of cookies by setting your browser software accordingly. However, this may mean that you can only use our website and its functionalities to a limited extent. In addition, you can specifically set your browser so that cookies from the domain www.googleadservices.com are generally blocked. Finally, you can take advantage of Google's settings and opt-out options at http://www.google.com/ads/preferences. Google is certified under the so-called EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active), so that the legal requirements for the adequacy of the data protection level acc. Art. 45 GDPR. It is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards in the United States. For more information about privacy at Google in general (https://www.google.com/intl/en/policies/privacy) and Google AdWords Conversion Tracking (https://services.google .com / sitestats / en.html).

The legal basis for the processing described above is Article 6 (1) f GDPR (in conjunction with § 15 para. 3 TMG). The purpose of processing is the evaluation of our website and the creation of reports on the user activities to design and optimize our website and our advertising as needed. For this purpose, our legitimate interest in processing arises. The above-mentioned cookies lose their validity after 30 days and are automatically deleted.

4.16 DoubleClick

We use the online marketing tool DoubleClick. Provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA (hereafter: Google). We use DoubleClick to show you tailored ads in your web browser, to improve campaign performance reports, or to prevent you from seeing the same ads multiple times.

Google uses cookies and uses a so-called cookie ID to determine which ads are displayed in which browser and can thus prevent them from being displayed multiple times. In addition, DoubleClick uses these cookie IDs to track conversions related to ad requests, such as when a user views a DoubleClick ad and later uses the same browser to visit the advertiser's website and buy something there. The cookie ID also contains technical information about the browser and the operating system, referring websites, the time of visit and further information on the use of the online offer as well as the IP address of the users. If you're registered with a service provided by Google, Google may associate the visit with your account.

The legal basis for the aforementioned processing is Art. 6 (1) a GDPR. You can manage your consent to the setting of cookies at any time via our cookie/content management (cookie banner)

You can prevent the storage of cookies by setting your browser software accordingly. However, this may mean that you can only use our website and its functionalities to a limited extent. You can also set your browser to generally block cookies from the domain www.googleadservices.com. Finally, you can take advantage of Google's settings and opt-out options at http://www.google.com/ads/preferences. Google is certified under the so-called EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active), so that legal requirements for data protection level acc. Art. 45 GDPR are met. It is an agreement between the European Union and the United States, designed to ensure compliance with European data protection standards in the United States. For more information about privacy at Google in general (https://www.google.com/intl/en/policies/privacy) and more specifically about Double Click (https://www.google.com / doubleclick).

The legal basis for the processing described above is Article 6 (1) f GDPR. Purposes of the processing are analysis as well as appropriate design and optimization of our website and our advertising. For these purposes, our interest in the above-described data processing is legitimate.

4.17 Google Tag Manager

Finally, we use the Google Tag Manager system on our website. The provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA (hereafter: Google). Google Tag Manager measures the reach of the online advertising used on our website, but does not
process personal information.

4.18 Hotjar

We use the internet analysis service, Hotjar, on our website. The provider is Hotjar Ltd., Level 2, St Julian's Business Center, 3, Elia Zammit Street, St Julian's STJ 1000, Malta (hereafter Hotjar). This allows the navigation of the users of our website to be understood (so-called heatmaps). This allows us to analyze how you use our website to improve its ease of use. Hotjar uses cookies. As a result, interactions such as mouse movements and user feedback are recorded anonymously. Furthermore, technical information, such as operating system, browser, geographic origin, resolution and type of device are evaluated. The information generated by the cookie about your use of our website is usually transmitted to a Hotjar server in Ireland and stored there. This information is not personal and will not be disclosed by Hotjar to third parties. The IP address transmitted by Hotjar from your browser will not be merged with other Hotjar data. You can prevent the storage of cookies by setting your browser software accordingly.

The legal basis for the aforementioned processing is Art. 6 (1) a GDPR. You can manage your consent to the setting of cookies at any time via our cookie/content management (cookie banner)

However, this may mean that you can only use our website and its functionalities to a limited extent. In addition, you can specifically set your browser via the following link to block tracking via Hotjar (https://www.hotjar.com/legal/compliance/opt-out). More information about "Hotjar" can be found at: www.hotjar.com. The privacy policy of "Hotjar" is available at https://www.hotjar.com/privacy.

The legal basis for the processing described above is Article 6 (1) sentence 1 lit. f) GDPR. The purpose of the processing is analysis of the behavior of users of our website as well as the needs-based design and optimization of our website. Our legitimate interests in this processing arises from this purpose.

4.19 Facebook pixels

We use the so-called Facebook Pixel on our website. The provider is the Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA and Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (hereafter: Facebook). When you visit our website, a connection is established between your browser and the Facebook server. Certain data, including the IP address, are transmitted to Facebook. If you are a registered member of Facebook, Facebook can, in principle, connect the transmitted data with your Facebook profile and thus use it for the display of targeted advertisements. By using the Facebook pixel, we can track your usage behavior after viewing or clicking on a Facebook ad. Regardless of the digital device, you may object to Facebook's Facebook pixel processing
described above (https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen ).

Facebook has a certification under the so-called EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active), so that the legal requirements for the adequacy of the data protection level acc. Art. 45 GDPR are met. It is an agreement between the European Union and the United States, designed to ensure compliance with European data protection standards in the United States. On the Facebook page, you will find further information on data protection in Facebook’s data usage policy (https://de-de.facebook.com/privacy/explanation), as well as special information about Facebook Pixel (https: //de-de.facebook. com / business / help / 651294705016616).

The legal basis for the aforementioned processing is Art. 6 (1) a GDPR. You can manage your consent to the setting of cookies at any time via our cookie/content management (cookie banner). The purpose of the processing is to analyze and optimize our website and our advertising. Our legitimate interests in processing arises from this purpose.

4.20 Outbrain

We use the technology of Outbrain UK Ltd., 5 New Street Square, EC4A 3TW, London, Great Britain (Outbrain) on our website. We use it to evaluate the usage behavior of visitors to our website, in order to optimize their ads. Outbrain uses cookies to collect certain data: device source, browser type, anonymized IP address of the user. This is never combined with other personal data.

You can prevent the storage of cookies by setting your browser software accordingly. However, this may mean that you can only use our website and its functionalities to a limited extent. You can also opt out of data processing for the respective digital device on the Outbrain website (https://www.outbrain.com/legal/privacy). You will also find further information on data protection by Outbrain there. The legal basis for the processing described above is Article 6 (1) f GDPR. The purpose of the processing is to analyze and optimize our website and our advertising. Our legitimate interests in processing results from this purpose. Outbrain stores the data stored for a period of 24 months. After that, it will be deleted.

4.21 Use of Vimeo Plugins

We embed videos on our website using the technologies of Vimeo Inc., 555 West 18th Street, NY, New York 10011, USA (hereafter: Vimeo). When you visit our website, you will be connected to the Vimeo servers. Vimeo uses cookies and stores the information about your visit to our website, as well as your IP address and any interactions with the Vimeo plug-ins we use, eg clicking on a start button to play a video. If you are registered as a member of Vimeo and logged in, Vimeo assigns this information to your user account. In addition, Vimeo can use Google Analytics via a so-called iframe, in which the videos are integrated. We have no influence on that.

You can prevent the storage of cookies by setting your browser software accordingly. However, this may mean that you can only use our website and its functionalities to a limited extent. You can prevent an assignment to your Vimeo user account by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo. For Google Analytics, see para. X.

According to its own statement, Vimeo uses standard data privacy clauses in accordance with Art. 46 GDPR, so that the legal requirements for the adequacy of the data protection level acc. Art. 46 GDPR are provided (https://vimeo.com/transfer_statement). For more information on privacy (https://vimeo.com/privacy), visit the Vimeo website. The legal basis of the processing described above is Art. 6 (1) f GDPR. The purpose of data processing is the optimal presentation of our website and content.

The legal basis for the aforementioned processing is Art. 6 (1) a GDPR. You can manage your consent to the setting of cookies at any time via our cookie/content management (cookie banner).

4.22 Webinars

We conduct webinars on our website. You can participate in a webinar if you have previously registered for it via our website. To conduct webinars, we use the GoToMeeting system offered by LogMeIn Ltd, Bloodstone Building Block C, 70 Sir John Rogersons's Quay, Dublin 2, Ireland, which is part of LogMeIn, Inc., 320 Summer Street, Boston, MA 02210, USA (LogMeIn). When you participate in our webinars, your following personal information is collected and stored by LogMeIn: Title, first name, last name, company, address, email, PCSC member or non-member yes/no, technical information such as length of participation, webcam usage, IP address, operating system. The data may be transferred to the USA. LogMeIn is certified under the so-called EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000013fAAA&status=Active), so that the legal requirements for the adequacy of the data protection level according to Art. 45 GDPR are met. It is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards in the United States. Visit LogMeIn's website for more privacy information at LogMeIn (https://www.logmeininc.com/en/gdpr/gdpr-compliance).

The legal basis of the processing described above is Art. 6 (1) b and f GDPR. Finally, a contract processing contract was signed with LogMeIn. The purpose of the processing is to conduct webinars and provide the required technologies accordingly. That is in the legitimate interests of Perseus.

4.23 Shariff Sharing functions

We use the so-called Shariff sharing function on our website. In this way, certain content on our website, such as blog posts, can be shared by our users within certain social networks while maintaining adequate privacy. Normally, the use of so-called social plugins leads to the recording of the IP address and the logging of the further activities of the visitors of such websites, even if the respective visitor does not click on a so-called social button, at all, to connect him with the respective social network. We do not want this and therefore use the Sharrif method. Direct contact to the respective social network is only established when you actively click on the social button of a social network to share a contribution.

4.24 Questionnaire Security Scoring

Visitors to our website may request from Perseus, subject to the conditions specified therein, a so-called privacy scoring of their own domain. It is necessary to complete a questionnaire. Perseus uses the Typeform system for this. The provider of Typeform is TYPEFORM SL, Bac de Roda 163, 08018 Barcelona, Spain (hereafter: Typeform).

By using the aforementioned system, the data you provide in each case, your IP address as well as information about the devices you are using and your browser will be transmitted to Typeform. You can find more information about Typeform and data protection on the Typeform website (https://admin.typeform.com/to/dwk6gt).

The legal basis for the processing of data described above is Art. 6 (1) b and f GDPR. Their processing is for the purpose of examining and answering the requirement of security scoring. For this purpose, we also have a legitimate interest in the described data processing, as well as the need for direct and effective customer communication and the corresponding needs-based design of the website or the form within the security scoring offered by Perseus.

Your data will be automatically deleted as soon as the respective request is completed and no other, possibly legal, facts permit further storage by Perseus.

4.25 CylancePROTECT

We use the intelligent security software, CylancePROTECT, from our partner, Cylance by Blackberry, as part of the Perseus 360° cyber security package. The supplier of CylancePROTECT is Cylance Deutschland GmbH, Prinzregentenstraße 11, 80538 Munich (Headquarters USA: 400 Spectrum Center Dr., Suite 900 Irvine, CA 92618). Cylance's software analyzes software and activities on our customers' computers to identify malicious programs, determine the security status of the system, and respond to potential threats.

The legal bases of the processing described above are Art. 6 (1) b and f GDPR. The processing is done to protect our customers’ and clients’ computer and data systems. This is our legitimate interest in processing. To protect your privacy, we have entered into a contract processing agreement with Cylance. You can find more information about privacy on the Cylance website (https://www.cylance.com/en-us/company/about-us/privacy-notice.html).

4.26 Taboola

We use the Taboola service. This service is provided by Taboola, Inc. 1115 Broadway, 7th floor, New York, New York 10010, USA ("Taboola"). Taboola has its registered office in the so-called third country USA, meaning the level of data protection equivalent to the EU is generally lacking. Taboola transmits personal data in accordance with the contractual clauses and thereby offers an adequate level of data protection in accordance with Art. 46 GDPR.

This service enables us to provide user-specific recommendations for content and advertisements based on surfing behaviour and customer interests in order to improve the user-friendliness of our offer. Taboola collects and processes the following data using cookies: Target page, subsequent page, pages visited, clicks, data to convert the user status. The data is transferred to the servers of Taboola in the USA.

Further information on data protection can be found in the Taboola Privacy Policy.

The legal basis for the aforementioned processing is Art. 6 (1) a GDPR. You can manage your consent to the setting of cookies at any time via our cookie/content management (cookie banner)

4.27 LinkedIn Insight tag

We use the LinkedIn Insight tag service. This service is provided by the LinkedIn Ireland Unlimited Company, (Wilton Place, Dublin 2, Ireland, "LinkedIn") The purpose of this feature is to target website visitors with a LinkedIn account with interest-based advertising on the LinkedIn social network.

For this purpose, the LinkedIn Insight tag of LinkedIn was implemented on the website. This tag is used to establish a direct connection to the LinkedIn servers when visiting the website. This tag is used to tell the LinkedIn servers which of our pages have been visited by the website visitor. If a LinkedIn account exists LinkedIn assigns this information to the personal LinkedIn user account. Within LinkedIn, the website visitor and LinkedIn member will then see personalised LinkedIn ads based on their interests.

For more information about LinkedIn, please see the LinkedIn privacy policy.

LinkedIn has adhered to and certified the LinkedIn Privacy Shield Agreement. You can find more information here: www.privacyshield.gov/participant

The legal basis for the processing described above is Art. 6 (1) a GDPR. You can manage your consent to set cookies at any time via our cookie/content management tool (cookie banner).

4.28 Google Optimize 

We also use the Internet site analysis and test service Google Optimize. The provider is Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (hereinafter: Google).

Google Optimize is a tool integrated into Google Analytics and analyses the use of different variants of this website. This helps to improve the user-friendliness according to the behaviour of the website visitors. New functions and contents of the website are only played out to a part of the website visitors and the change in usage is statistically evaluated. All results are compiled in Google Analytics and usually sent to a server in the USA. We use Google Optimize with active IP address anonymization. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.

The legal basis for the aforementioned processing is Art. 6 (1) a GDPR. You can manage your consent to set cookies at any time via our cookie/content management tool (cookie banner).

By using a browser plug-in you can prevent the information collected by cookies (including your IP address) from being sent to Google and used by Google. The following link leads you to the corresponding plug-in: 

tools.google.com/dlpage/gaoptout

5. Rights of the person concerned

If personal data are processed by you, you are affected within the meaning of the GDPR. You therefore have the following rights in relation to the person responsible:

5.1 Right to information, Art. 15 GDPR

Pursuant to Art. 15 GDPR, you have the right to request confirmation from us as to whether or not we process personal data relating to you. If this is the case, you can request the following information about the following from us: Purposes of processing; category of personal data to be processed; recipients or categories of recipients to whom your data has been or will be disclosed; planned storage period or, if it is not possible to provide concrete details in this regard, criteria for determining the storage period; existence of a right to rectification, deletion, limitation of processing or objection; existence of a right of appeal to a supervisory authority; origin of your data if it has not been collected from us; existence of automated decision-making including "profiling" and, if applicable, the existence of a "data protection" system of meaningful information on its details; transfer of personal data to a third country or to an international organization; suitable guarantees in accordance with Art. 46 GDPR in connection with the transfer.

5.2 Right to rectification

Pursuant to Art. 16 GDPR, you have the right to demand immediate correction or completion of your personal data stored by us.

5.3 Right to restriction of processing

Pursuant to Art. 18 GDPR, you have the right to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing pursuant to Art. 21 GDPR.

5.4 Right to cancellation

Pursuant to Art. 17 GDPR, you have the right to demand the deletion of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or for assertion, exercise or defense of legal claims is required.

5.5 Right to information

If you have asserted the right to rectification, deletion or limitation of processing to Perseus as the responsible body, we are required, in accordance with. Art. 19 GDPR to notifiy all recipients to whom the personal data relating to you has been disclosed of this rectification or deletion the data or limitation processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed by Perseus about these recipients.

5.6 Data transferability

Pursuant to Art. 20 GDPR, you have the right to receive your personal data, which you have provided us, in a structured, common and machine-readable format or to request a transfer to another person responsible.

5.7 Right of objection

Pursuant to Art. 21 GDPR, you have the right to revoke your previously granted consent to us at any time. We will then no longer process your personal information, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.

If the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to "profiling" insofar as it is associated with such direct mail. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

5.8 Right to revoke the data protection consent declaration

Pursuant to Art. 7 (3) GDPR, you have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

5.9 Right to complain to a supervisor

Pursuant to Art. 77 GDPR, you have the right to complain to a supervisor. Typically, you can contact the supervisor of your usual whereabouts, workplace, or the location of the alleged violation.

6. Timeliness and changes to this Privacy Policy

This privacy policy applies in its current version. We reserve the right to update this privacy policy at any time, in particular due to the further development of our website and the IT technology or software used on it and/or legal changes. The current privacy policy can be accessed and printed at any time on the website at https://www.perseus.de/en/data-protection.

Modify Cookie Settings