Privacy Policy for the Use of Website


Thank you for visiting our website. The protection of your personal data (hereinafter: Data) is very important to us. This Privacy Policy is designed to give you an overview of what data we collect and process when you visit our website and contact us and what rights you have in relation to the processing of your Data.


I. Who are we and how can you contact us?


We,

CPU 24/7 GmbH
August-Bebel-Straße 26-53
14482 Potsdam

as the controller are responsible for protecting your Data.

If you have any questions regarding data protection or your rights or regarding this data protection information please do not hesitate to contact our group data protection officer. He can be reached by post at:

CPU 24/7 GmbH
Data protection officer
August-Bebel-Straße 26-53
14482 Potsdam

as well as by email at: datenschutzbeauftragter@cpu-24-7.com




II. What data is processed when you visit our website?


A. Log-Files


Description and scope of the data processing:

When you visit our website your browser automatically transmits the following Data:

  • Your IP address, which is anonymised
  • Date and time of access
  • Website from which the site is being accessed (referrer URL)
  • Your browser or user agent and its version (if sent via browser)
  • If necessary, your operating system
  • Purposes of the data processing:

    The temporary storage of this data is necessary to enable delivery of the website to your computer and to ensure the functionality of the website. In addition, we collect the data in order to be able to track and prevent inadmissible access to the web server and the misuse of the web pages and to secure our information technology systems.

    Legal basis:

    We store this Data temporarily on the basis of legitimate interests (Article 6(1)(f) GDPR). Our legitimate interest lies in achieving the purposes described above. Term of storage and control options: The Data will be erased as soon as it is no longer required to achieve the purposes. Log files are deleted after 7 days by default.

    B. Own Cookies


    Description and Scope of Data Processing:

    We set cookies when users create a customer account on our website. These are small text files that are stored on your device. As a rule, cookies contain a unique character string, the so-called cookieID, with which your browser can be identified when visiting our webpages again. We use session cookies to navigate within a session and to access user-defined areas after language selection and authentication.

    Purpose of Data Processing:

    Session cookies serve to make our webpages more user-friendly and to guarantee certain functionality (e.g. login to the customer accounts, authentication).

    Legal basis:

    We use cookies based on our legitimate interests (Art. 6 (1) GDPR). Our legitimate interest lies in ensuring the functionality of our webpages as well as their usability.

    Duration of Storage and Control Options:

    Session cookies are automatically deleted after closing the browser. You maintain full control over the use of cookies and may delete cookies in your browser, disable the storage of cookies altogether, selectively accept certain cookies and, if necessary, set your browser to notify you if a cookie is to be set. Please use the help functions of your browser to find out how to change these settings. This limits the functionality of our websites.

    Deactivate Cookies in Firefox
    Deactivate Cookies in Internet Explorer
    Deactivate Cookies in Chrome

    C. Cookie and Tracking Technologies of Third-Party Providers


    Description and Scope of Data Processing: Youtube

    Our website hosts embedded videos of the provider YouTube LLC , a subsidiary of Google LLC. . We have activated YouTube’s extended privacy mode. If you click on a video, Google sets cookies on your device. With the help of cookies, Google collects and evaluates a variety of data (including device-related information, log data, location-based information, application numbers, and visits to websites that use Google advertising services). The data collected using cookies are usually transmitted to a Google server in the USA and stored there. Compliance with data protection standards and your rights is ensured by certification from Google under the EU-US Privacy Shield.

    Google transmits data to third parties insofar as consent has been given, it is required for legal reasons or third parties process this data on behalf of Google.

    For more information, please see Google Data Protection Policy.

    Purpose of Data Processing:

    Google uses information collected through cookies, for example, to provide and maintain the services, to develop new services, and to provide customised content (advertising, search results).

    Legal Basis:

    We use YouTube on the basis of our legitimate interest (Article 6 (1) (f) GDPR). Our legitimate interest is to be able to host videos about our products and services on our website.

    Duration of Storage and Control Options:

    You can prevent the storage of Google cookies by a corresponding setting in your browser. This may limit the functionality of YouTube videos and services.

    In addition, by configuring the privacy settings in your Google Account / Google Advertising preferences, you can set how Google processes your data and how Google uses your data for promotional purposes. Google Advertising preferences



    III. What Data are Processed when Using our Customer Area?


    A. Creation of a Customer Accounts and User Profile


    Description and Scope of Data Processing:

    We collect the following basic data, when you create a customer account with us:

  • Your first and last name,
  • Your work email address,
  • The organisation you work for and the organisation's master data (billing address, address, VAT ID)
  • Your preferred language (German or English)
  • The basic data are compulsory. In addition, you can voluntarily provide your work telephone number. We store this data in your user profile. In addition, we also store your encrypted password and the user ID generated by us.

    Purpose of Data Processing:

    These basic data are required when creating the customer account in order to identify you and to ensure that only corporate customers register with us. We also need the basic data in order to provide you with the customer area functionality.

    Legal Basis:

    We process your data for performance of pre-contractual and contractual measures, which are based on your request (Art. 6 (1) (b) GDPR) and on the basis of our legitimate interests (Art. 6 (1) (f) GDPR). Our legitimate interest lies in enabling you to create a customer account and to provide the functionalities of the customer area.

    Duration of Storage and Control Options:

    By default, your data is stored from registration until deletion of your customer account. You can change, correct and delete your customer account at any time in your user profile.

    B. Reservation and ordering Products and Services


    Description and Scope of Data Processing:

    When you reserve and order products and services through your customer account, we process the details of the products and services you have selected (in particular technical details of the servers, software and licenses), of uploads and downloads, of the price, of any benefit offers/discounts and the period of use as well as the specified basic data. When placing an order, we provide you with login details for the ordered servers. During the order procedure, we also process additional data, e.g. order status, incoming payments, payment defaults, business correspondence) as well as changes to the basic data communicated by you.

    Purpose of Data Processing:

    We use the data to process your reservation request, to place your order, to provide you with the ordered products and services and to process the orders further (e.g. for general contract and order management, to record incoming payments, to process open receivables, and to provide information about our customer service).

    Legal Basis:

    We process your data for performance of pre-contractual and contractual measures, which are based on your request (Art. 6 (1) (b) GDPR) and on the basis of our legitimate interests (Art. 6 (1) (f) GDPR). Our legitimate interest lies in processing and concluding your orders and reservations.

    Duration of Storage and Control Options:

    We store your data for as long as we need it for the specific processing purpose. In addition, we store certain Data for the duration of the statutory limitation periods (usually three years, in individual cases up to 30 years) and for as long as is prescribed by statutory retention periods (e.g. as defined in the Commercial Code (HGB), the Fiscal Code [AO]) (usually ten years).




    IV. What Data are Processed when Using our Storage Media?


    Description and Scope of Data Processing:


    Your login information (username and encrypted password) is stored when using our storage media. In addition, the following data is stored in our log files:

  • Username
  • Time of access
  • Duration of access
  • In addition, we also save the configuration of your home directory.

    We store the calculation data that you process on our servers. Usually, the calculation data contain no personal data.

    Purpose of Data Processing:

    We require the login data to enable you to log in and access the storage media. We require the logfiles to ensure safe operation of the storage media. We store the configuration data of your home directory in order to save you additional configuration effort.

    Legal Basis:

    We process your data for performance of contractual measures and on the basis of our legitimate interests (Article 6 (1) (f) GDPR). Our legitimate interest lies in enabling you to access the storage medium.

    Duration of Storage and Control Options:

    The log files are stored anonymously for 7 days. The configuration data for the home directory is stored for the duration of the customer account.

    We store the calculation data for 14 days.




    V. What Data is processed when you contact us?


    Description and scope of the data processing:

    We collect and process the Data you have provided, such as your contact data, your name and your address, if you contact us via a contact form or by email. All Data that you provide to us is transferred between your browser and our servers in encrypted form.

    Purposes of the data processing:

    The data processing is performed exclusively on the basis of and for the processing of your query.

    Legal basis:

    We process your Data to conduct pre-contractual and contractual measures which are taken in response to your query (Article 6(1) (b) GDPR).

    Term of storage and control options:

    We store your Data for as long as we need it to answer your query. In addition, we store certain Data for the duration of the statutory limitation periods (usually three years, in individual cases up to 30 years) and for as long as is prescribed by statutory retention periods (e.g. as defined in the Commercial Code (HGB), the Fiscal Code [AO]) (usually ten years).




    VI. Who receives your data?


    A. Within CPU24/7 GmbH


    Within CPU24/7 GmbH, access to your data is only provided to those persons who require this for the purposes described.

    B. Affiliated Service Providers


    We transmit your data to the extent necessary to service providers who support us with:

  • Communication,
  • Legal advice and data protection
  • These service providers are contractually obliged to comply with data protection and confidentiality requirements. Service providers who are contract processors have signed a contract to ensure that data is processed strictly in accordance with our instructions.




    VII. What rights do you have and how can you exercise these?


    A. Withdrawal of consent


    You can withdraw any consents you have granted to us to process your personal data at any time with effect for the future. Please note that the withdrawal will have no impact on the legality of the data processing performed up to this point and that it does not extend to such data processing for which statutory authorisation exists and which can therefore be performed without your consent.

    B. Other rights of data subjects


    In addition, you have the following data subject rights according to Articles 15 to 21 and 77 of the General Data Protection Regulation (GDPR) where the legal preconditions are fulfilled:

    Access:

    You can at any time demand that we provide you with information on the Data of yours that we process and demand a copy of the data we have stored on you, Article 15 GDPR. Please note that further copies of the data stored on you may be subject to a charge.

    Correction:

    You can demand the correction of incorrect Data and the completion of incomplete Data, Article 16 GDPR.

    Erasure:

    To erase your Data Please note that the erasure does not include Data required for the execution and processing of contracts and to assert, exercise and defend against legal claims as well as Data for which statutory, supervisory or contractual retention obligations exist, Article 17 GDPR.

    Restriction of processing:

    You can under certain circumstances demand the restriction of the processing, e.g. if you believe that your Data is incorrect, if the processing is illegal or you have raised a complaint about the data processing. This will mean that without your consent your Data may only be processed in a very restricted way, e.g. to assert, exercise or defend against legal claims or to protect the rights of other natural or legal entities, Article 18 GDPR.

    Objection to the processing:

    You have the option to object to the data processing for direct advertising purposes at any time. In addition, you can object at any time to data processing performed on the basis of a legitimate interest if there is particular reason for doing so, Article 21 GDPR.

    Data portability:

    You have the right to receive the Data you have provided to us and which we process on the basis of your consent or in order to fulfil the contract in a structured, commonly used and machine-readable format and the right to demand a direct transfer of this Data to third parties within the realms of what is technically possible, Article 20 GDPR.

    C. Contact routes


    You can exercise your rights via the following contact routes

    by post to:

    CPU 24/7 GmbH
    Data protection officer
    August-Bebel-Straße 26-53
    14482 Potsdam

    as well as by email to datenschutzbeauftragter@cpu-24-7.com

    D. Right to lodge a complaint with a supervisory authority


    If, for example, you believe that our data processing is illegal or that we have not granted the above-mentioned rights to the required extent, you have the right to lodge a complaint with the competent supervisory authority.



    Last updated May 2019