For CSP GmbH & Co. KG, CSP IT-Business GmbH and its subsidiaries (hereinafter called “CSP”), protection of your personal data is very important. In strict accordance with pertaining provisions, we process personal data collected during a visit on our website. We will neither publish your data nor pass them on to third parties. In the following, you will learn how we collect your data during your visit on our website and how these data are used:
- Contact information
CSP GmbH & Co. KG
CSP IT-Business GmbH
Phone +49 9953 3006 – 0
Fax +49 9953 3006 – 50
Contact data of the data protection officer
Data protection officer
80802 München (Germany)
- Terms and definitions
When visiting our website, our web servers temporarily save all hits in a protocol file. The following data are collected and saved until automated deletion: IP address of the requesting computer, name and URL of the obtained data, website from which the hit was executed, date and time of the hit, amount of data transferred, notification on whether the hit was successful, name of your internet access provider and recognition data of the used browser and operating system.
Processing of these data is done for the purpose of connection establishment (in order to enable usage of the web site), technical administration of the network infrastructure and network stability and for optimization of the web offer. The IP address will only be evaluated in case of attacks on the network infrastructure of CSP. Legal basis for the temporary saving of the data and/or the log file is article 6 subparagraph 1 point f GDPR.
Apart from this, personal data is not processed, unless you expressly agree to a further processing. Based on the explanations regarding web-analysis, pseudonymous user profiles may be created (see below).
- Contact form and approach via e-mail
If you send us requests via contact form or via e-mail, your data from the request form and/or your e-mail including the contact data specified by you in the form or e-mail will be saved by us for the purpose of processing your request and in case of any subsequent questions. We will never pass these data on without your permission. Legal basis for the processing of your data is our legitimate interest in answering your request pursuant to article 6 subparagraph 1 point f GDPR as well as, if applicable article 6 subparagraph 1 point b GDPR, if your request is aimed at formation of a contract. Your data will be deleted after complete processing of your request unless any legal duty to preserve records applies.
If you address us at campaigns via a contact form, your information from the contact form including the contact data stated by you therein will be saved. The purpose of the storage is the establishment of contact deriving therefrom, which itself is based on an interest of the company pursuant to article 6 subparagraph 1 letter f GDPR. In case no contractual relationship is formed, the data will be deleted after 12 months pursuant to article 6 subparagraph 1 letter b GDPR.
You have the possibility to register for certain services provided on our website and to thus create a user profile. Within the context of registration and creation of a user profile, we use the following personal data:
- Where applicable given name, family name, title
- E-mail address of the user
- Date and time of registration
Beyond that, additional information can be given on a voluntary basis (e.g. company). Mandatory information given for the purpose of registration are marked with an asterisk as a mandatory field in the entry screen. With your user account, you are given the possibility to use further areas of our website and to log in for the services acquired by you. In case of consent, legal basis for the processing of your data is article 6 subparagraph 1 point a GDPR and/or article 6 subparagraph 1 point b GDPR insofar as the processing of data is necessary for provision of the desired services. Your data will be deleted as soon as the user account on our website is deleted and unless any legal duty to preserve records applies. A change or deletion of your user account including the data provided by you can be done directly by you after logging in, usually in your user account area, or by initiated by sending a respective message to the responsible officer mentioned above.
- Newsletter and newsletter tracking
If you would like to receive our newsletter offered on your website with regular information on our offers and products, we need your e-mail address as a mandatory information. For sending the newsletter, we use the so-called double-opt-in procedure. This means that we only send you a newsletter once you have expressly confirmed that you consent to us sending newsletters to you. To do so, as a first step, you will receive an e-mail with a link. By clicking this link, you can confirm that, as the owner of the respective e-mail address, you would like to receive our newsletter in future. With your confirmation, you give us your consent in the sense of article 6 subparagraph 1 point a GDPR that we may use your personal data for the purpose of sending the desired newsletter (via our mailing tool CleverReach).
When you register for the newsletter, we save, among the e-mail address necessary for sending the newsletter, the IP address via which you have registered for the newsletter as well as the date and time of the registration and confirmation in order to be able to track a possible abuse at a later point in time.
You may at any time unsubscribe from the newsletter via the link inserted into the newsletter or by sending an e-mail to the responsible agent mentioned above. After you have successfully unsubscribed from our newsletter, your e-mail address will immediately be deleted from our newsletter mailing list unless you have expressly agreed to a continued usage of the registered data or a continued processing of the data is legally permissible in other respects.
Distribution of our e-mail newsletter is executed by our technical service provider CleverReach GmbH & Co. KG, Mühlenstr. 43, D-26180 Rastede (“CleverReach”), to which company we will pass on your data provided by you during your newsletter subscription. This disclosure takes place pursuant to article 6 subparagraph 1 point f GDPR and serves our legitimate interest in using a promotionally effective, secure and user-friendly newsletter system. The data provided by you for receiving the newsletter (e.g. E-mail address) are stored on the servers of CleverReach in Germany and/or Ireland.
CleverReach uses this information for sending the newsletters and for statistical evaluation of the newsletters on our instructions. For evaluation, the dispatched e-mails contain so-called web beacons and/or tracking pixel which illustrate one-pixel image files which are stored on our website. This way, it can be established whether a newsletter message has been opened, and which links, if any, have been clicked. With the help of so-called conversion tracking, it is also possible to analyze whether, after clicking a link in our newsletter, a predefined action has taken place (e.g. Download of a file on our website). Moreover, technical information is gathered (e.g. Point in time of download, IP address, type of browser and operating system). These data are exclusively gathered in a pseudonymized manner and are not linked to any additional personal data; direct connection to a person is impossible. These data only serve for statistical analysis of newsletter campaigns. The results of these analyses may be used to better adapt future newsletters to the interests of recipients.
If you would like to object to this data analysis for statistical evaluation purposes, you will have to unsubscribe from our newsletter. We have entered into an order processing agreement with CleverReach wherein CleverReach undertakes to protect the data of our clients and not to disclose them to third parties. You can find further information on the data analysis of CleverReach here: https://www.cleverreach.com/en/features/reporting-tracking/
- Use and disclosure of personal data
Any use of your personal data only takes place for the aforementioned purposes and only within the scope necessary. Your data is not disclosed to third parties. Disclosure of your personal data to governmental institutions and authorities will only be executed within the framework of mandatory national regulations or if disclosure is necessary in case of attacks on our network infrastructure for general or criminal prosecution. There will be no disclosure for any other purposes.
Cookies are used on our website in order to store the data for technical control of the session in the storage of your browser. Depending on the configuration of your browser, the data will be deleted at closing of your browser. If we want to store personal data in a cookie (for example a user recognition) as an exception, we will separately notify you about this.
Insofar as personal data is being processed by individual cookies implemented by us, the processing is done pursuant to article 6 subparagraph 1 point b DDPR either for execution of the contract or pursuant to article 6 subparagraph 1 point f GDPR for keeping a legitimate interest in the best possible functionality of the website as well as a customer-friendly and effective organization of the visit on our website.
Of course, it is also possible to visit our website without cookies. However, most browsers automatically accept cookies. You can prevent the saving of cookies by defining this in your browser settings. Cookie settings may be administrated in the respective browser by visiting the following link:
If you do not accept cookies, this might impair functionality of our website.
CSP does not create user profiles relating to persons. However, section 15 subsection 3 of the German Teleservices Act (TMG) allows for the purposes of market research, promotion and individual design of offers to utilize user profiles under a pseudonym unless the user objects to this.
Our website uses Opentracker, a web analysis service of the Opentracker Association from the Netherlands (“Opentracker”). Opentracker uses so-called cookies. These are text files which are saved on the computer and which enable an analysis of the usage of the website by you. The information generated by the cookie about your usage of the website are usually transferred to a server of Opentracker in the Netherlands and stored there. We only use Opentracker with activated IP anonymization. This means, the IP-address of users is shortened by Opentracker within the member states of the European Union or in another contractual country of the Agreement on the European Economic Area, which excludes the possibility to link the IP-address directly to a particular individual. Processing is done pursuant to article 6 subparagraph 1 point f GDPR and/or section 15 subsection 3 German Teleservices Act on the basis of our legitimate interest on statistical analysis of user behavior for optimization and promotion purposes.
On behalf of the operator of this website, Opentracker will use this information to evaluate your usage of the website, to generate reports about the website activities and to provide further services connected to website usage and internet usage for the website operator. The IP-address disclosed by your browser in the process of Opentracker will not be combined with other data of third parties. The data will be deleted after 14 months. The terms of service of Opentracker and information on data protection may be seen by visiting the following link: https://www.opentracker.net/company/legal
You may prevent the storage of cookies by choosing the respective setting in your browser-software; however, we point to the fact that, in this case, you may not be able to use all functions of our website to the full extent.
Google web fonts
This page uses so-called web fonts for uniform illustration of font types which are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google web fonts allows us to use external fonts, so-called Google fonts. When hitting our Internet presence, the required Google font is loaded by your web browser into your browser cache in order to correctly display texts and font types. This is necessary so that your browser can display an optically improved illustration of our texts. If your browser does not support this function, a standard font type from your computer will be used for display. Integration of these web fonts is done by a server call, usually a server of Google in the US. It is thereby transferred to the server which page of our internet presence you have visited. Moreover, the IP-address of the browser of your terminal device of the visitor is saved by Google.
We use Google web fonts for the purpose of optimization, especially in order to improve usage of our Internet presence for you and to make the design more user-friendly. This is also where our legitimate interest pursuant to article 6 subparagraph 1 point f GDPR lies.
Google has submitted to the Privacy Shield Agreement between the European Union and the US and is certified. As a result, Google undertakes to adhere to standards and provisions of the European data protection law. You will find further information on this subject by clicking the following link: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
On our website, we use social plugIns of the social network YouTube (www.youtube.com) and for WordPress.
This website uses the YouTube embedding function for display and playback of videos of the provider “YouTube” (YouTube is a part of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland).
In doing so, the extended data protection mode, which only starts storage of user information after playback of the video(s), is used. If playback of embedded YouTube-videos is started, the provider uses “YouTube” cookies to collect information on user behavior. According to notes of “YouTube”, these serve, among others, the purpose to gather video statistics, to improve user friendliness and to prevent abusive behavior. If you are logged on to Google, your data will be directly allocated to your account once you click on a video. If you do not wish the allocation with your profile at YouTube, you will have to log off before activating the button. Google will save your data (even for users that are not logged in) as user profiles and evaluate them. Such evaluation is done in particular pursuant to article 6 subparagraph 1 point f GDPR on the basis of Google’s legitimate interest in showing personalized adds, market research and/or needs-oriented design of its website. You have the right to object the creation of such user profiles, whereby you have to address YouTube for executing this objection.
Independent of playback of embedded videos, a connection to the Google network “DoubleClick” is established upon each hit of the website, a process that might initiate further data processing steps beyond our influence.
Google LLC with its headquarters in the US has been certified pursuant to the US-European data protection agreement “Privacy Shield” that guarantees adherence to the data protection level in force in the EU.
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our website. Provider of this is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
The intention with reCAPTCHA is to check whether data entry on our websites (e.g. in a contact form) is being performed by a human or by an automated program. To do this, reCAPTCHA analyses the behavior of the website visitor based on different features. This analysis starts automatically once the website visitor enters the website. For analysis, reCAPTCHA evaluates different pieces of information, e.g.
- duration of the stay of a website visitor on our website
- mouse movements done by the user.
The data collected during analysis are passed on to Google.
reCAPTCHA analyses run completely in the background. Website visitors will not be pointed to the fact that an analysis takes place. Data processing is done on the basis of article 6 subparagraph 1 point f GDPR. We have a legitimate interest in protecting out web offer against abusive automated spying and unwanted, automated mailings (Spam).
On the part of CSP, no storage of personal data is done from the usage of reCAPTCHA. In general, it is clear that personal data of the affected person is deleted or blocked as soon as the purpose for the storage is no longer there.
We use the visitor tracking pixel (“Conversion Pixel”) of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 930, USA (“Facebook”). By calling up the Pixel from your browser, Facebook may see whether a Facebook ad was successful (and, e.g., led to an online purchase). Facebook only supplies us with statistical data without relation to any specific person. You can find Facebook’s data usage policy here https://www.facebook.com/ads/preferences/. In order to revoke your consent to Pixel, please go to https://www.facebook.com/ads/preferences/
We use Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data generated is used in order to optimize our website as well as advertisement measures. Google processes the data on website-usage on our instructions and undertakes by contract to measures ensuring confidentiality of the processed data. During your visit on our website, among others, the following data is recorded: Websites that have been called up, your behavior on the sites, your approximate location, your IP-address, technical information such as browser, internet provider, terminal device, screen resolution, source of your visit. This data is transferred to a server of Google in the US. Google Analytics stores cookies in your web browser for the duration of two years since your last visit. In order to recognize you again on your next website visit, these cookies are furnished with a randomly generated user ID. The recorded data is saved together with the randomly generated user ID, thus enabling evaluation of pseudonymous user profiles. This user-related data will be automatically deleted after 14 months. Other data will be stored indefinitely in aggregated form. If you do not agree to the recording, you can prevent it with the singular installation of https://tools.google.com/dlpage/gaoptout?hl=en.
We run our website with the content management system (CMS) WordPress and the following enhancements: BackUpWordPress, CleverReach Newsletter Integration, Contact Form 7, Contact Form DB, Cookie Consent, CryptX, Email as Username for WP-Members, Hide Admin Bar Toolbar, Integration: Yoast SEO & qTranslate-X, Manage Notification E-mails, MCE Table Buttons, Members, Nav Menu Roles, Peter’s Login Redirect, qTranslate slug, qTranslate-X, Quick Page/Post, Redirect Plugin, Really Simple CAPTCHA, Really Simple SSL, Slider Revolution, WP-Members and Yoast SEO.
CSP is also active on the following social media platforms:
CSP uses organizational and technical measures in order to secure and protect your personal data administrated by us against accidental or deliberate destruction, manipulation, loss or access by unauthorized third parties. Regarding these protective measures, we are regularly certified pursuant to ISO/IEC 27001 by TÜV Süd. We continuously enhance our security measures proportionately to technological development.
- Duration of storage of personal data
The duration of storage of personal data corresponds to the relevant legal retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the relevant data are routinely deleted. Insofar as data are necessary for the fulfillment of a contract or for conclusion of a contract or if we have a legitimate interest in continuously storing the data, the data will be deleted as soon as they are no longer required or as soon as to make use of your right of revocation or right of objection.
- Links to websites of other providers
- Your rights
In the following you will find information on the sort of rights of affected parties that you are granted in the applicable data protection regulation against the responsible parties regarding processing of your personal data:
The right to request information pursuant to article 15 GDPR on your personal data processed by us. In particular, you may request information on the purpose of processing, on the category of personal data, on the category of recipients to which data is or was disclosed, on the planned duration of storage, on the existence of a right of amendment, deletion, limitation of the processing or of objection, on the existence of a right of complaint, on the origin of your data, insofar as it has not been recorded with us, as well as on the existence of an automated decision making including profiling and, if applicable, conclusive information on the details.
The right pursuant to article 16 GDPR to request the prompt rectification of wrong data or the completion of your personal data saved with us.
The right pursuant to article 17 GDPR to request the deletion of your personal data saved with us, insofar as the processing is not required for the execution of the right of free speech and information, for fulfillment of legal obligations, for reasons of public interest or for enforcement, execution or defense of legal claims.
The right pursuant to article 18 GDPR to request the limitation of processing of your personal data insofar as the accuracy of the data is denied by you, insofar as the processing is unlawful and you object to deletion and we no longer need the data, but you still require it for enforcement, execution or defense of legal claims or if you have lodged an objection against the processing pursuant to article 21 GDPR.
The right pursuant to article 20 GDPR to receive the personal data that you have provided for us in a structured, common and machine-readable format or to request transfer of such to another responsible party.
The right pursuant to article 77 GDPR to file a complaint with a supervisory authority. Normally, you may address the supervisory authority of the Federal State in which we have our above-mentioned headquarters or the authority of your usual residence or place of work.
Right of revocation of a given consent pursuant to article 7 subparagraph 3 GDPR. You have the right to revoke a previously given consent to the processing of data at any time and with effect for the future. In case of revocation, we will promptly delete the data insofar as the further processing cannot be based on the legal foundation of processing without need for consent. With the revocation of the consent, lawfulness of the processing on the grounds of the given consent up to the point of revocation is not affected.
Right of objection
Insofar as your personal data is processed by us on the basis of a legitimate interest pursuant to article 6 subparagraph 1 section 1 point f GDPR, you have the right pursuant to article 21 GDPR to file an objection against the processing of your personal data as long as this is done for reasons which are derived from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct advertisement, you have a general right of objection without the necessity of specifying a particular personal situation.