Charging station for electric cars
Charging station for electric cars

Data protection information for the website and external sites of Cellforce Group GmbH

 

Show/Edit Privacy Settings

Data protection information for the website and external sites of Cellforce Group GmbH

I. General

1. Body responsible for data processing (“controller”)

Cellforce Group GmbH takes the protection of your personal data and the legal obligations to ensure data protection very seriously. The law requires full transparency regarding the processing of personal data. You as a data subject can only understand the details of the processing if you are duly informed about the purpose, nature and scope of the processing.

That is why our data protection information explains in detail which personal data we process when you use our website (www.cellforce.de) or other websites referring to our website or in any other cases described herein.

The body responsible for the data processing, i.e. the controller within the meaning of the General Data Protection Regulation (GDPR), the Bundesdatenschutzgesetz (German Federal Data Protection Act – “BDSG”) and other data protection regulations is

Cellforce Group GmbH
Jopestraße 14
72072 Tübingen
+49 152 08 91 06 36

– Referred to hereinafter as “controller” or “we” –

You can contact our data protection officer at:

Data protection officer
Jopestraße 14
72072 Tübingen
datenschutz@cellforce.de

Please be aware that, if you click the links on our website, you may be redirected to other websites which are not run by us but by third parties. We either clearly mark these links or the redirection becomes clear by a change in the browser address bar. We are not responsible for compliance with the applicable data protection regulations and for secure treatment of your personal data when you use these third-party websites.

2. Definitions

GDPR terminology
For the purposes of this data protection information, we use the terms and wording of the GDPR. The definitions (Art. 4 GDPR) are available at

https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679 .

Additional definitions:

Cookies and similar technologies
Cookies are text files which a website places on your terminal and/or which are read there. They contain combinations of letters and numbers which enable us to recognise the user and user settings when the user comes back to the website which set the cookie; they also enable the user to stay logged-in to a customer account and they enable us to statistically analyse a certain user behaviour.

The WebStorage technology enables local storage of variables and values in the user’s browser cache. The technology includes the so-called “sessionStorage” which remains stored until the browser tab is closed as well as the “localStorage” which remains stored in the browser cache until the cache is emptied by the user. The localStorage technology enables, among other things, recognition of the user and user settings when the user comes back to our website.

Data categories
If we specify the data categories we process, they include but are not limited to the following data: master data (e.g. names, addresses, dates of birth), contact data (e.g. email addresses, telephone numbers, messenger services), content data (e.g. entered texts, photos, videos, contents of documents/files), contract data (e.g. contract purpose, contract terms, customer categories), payment data (e.g. bank details, payment history, use of other payment service providers), usage data (e.g. history on our website, use of certain contents, times of access, contact history and purchasing history), connection data (e.g. device information, IP addresses, URL referrer), position data (e.g. GPS data, IP geo-localisation, points of access); diagnosis data (e.g. crash logs, performance data of the website/app, other technical data for analysing failures, breakdowns and errors).

3. Information on the data processing

We only process personal data to the extent permitted by law. We only disclose or transfer personal data to third parties in the cases described below. The personal data are protected by appropriate technical and organisational measures (e.g. pseudonymisation, encryption).

Except where we are obliged by law to store the data or disclose or transfer them to third parties (including but not limited to prosecuting authorities), the decision which personal data we process and for how long and to which extent we may disclose or transfer them to third parties depends on the specific website features you use from time to time.

4. Storage duration

The personal data are deleted as soon as the purpose of the processing or the prescribed storage period, if any, has expired unless the storage of the personal data needs to be continued for the purpose of entering into or performing a contract. If and to the extent we are obliged to inform you about the duration of storage of cookies and similar technologies, this information is made available in our consent tool.

Personal data which we process for application purposes (see below) are stored for a period of six months from completion of the application procedure.

5. Automated individual decision-making, including profiling

Automated individual decision-making including profiling does not take place.

6. Data subjects’ rights

As a data subject you have the right of access/ right to information under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to data portability under Art. 20 GDPR. The right of access/right to information and the right to erasure are subject to the restrictions under § 34, § 35 BDSG (Bundesdatenschutzgesetz – German Federal Data Protection Act).

You have the right to lodge a complaint with a supervisory authority (Art. 77 in combination with § 19 BDSG).

The supervisory authority responsible for us/our headquarters is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg

Königstraße 10a

70173 Stuttgart

You may however also lodge your complaint with another supervisory authority.

A list of the available supervisory authorities is available at:

https://www.bfdi.bund.de/ (Infothek/Anschriften und Links)

7. Controller’s notification obligations

We will communicate any rectification or erasure of your personal data or restriction of processing carried out in accordance with Art. 16, Art. 17 (1) and Art. 18 GDPR to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients if you request it.

8. Obligation to provide or disclose data

Unless stated otherwise in the explanations below regarding the applicable legal basis, you are not obliged to provide or disclose personal data to us. However, in the cases referred to in Art. 6 (1) point (b) GDPR, the personal data are necessary for entering into or performing a contract. If you do not provide use with the relevant personal data, it will be impossible for us to enter into, or perform, the contract. If you do not provide us with the data in the cases referred to in Art. 6 (1) point (a) and (f) GDPR, you will not be able to use the respective parts of our website.

You are not obliged to provide us with your personal data for the purposes of our events; you will however not be able to participate in the events without providing your data.

9. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Art. 6 (1) GDPR. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing.

The objection is not subject to formal requirements and should be sent to the contact data stated above.

10. Withdrawal of consent

Pursuant to Art. 7 (3) sentence 1 GDPR, you have the right to withdraw your consent by mail or email, without observing any other formal requirements, at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. After you have withdrawn your consent, we will delete the personal data we have processed based on your consent unless there is another legal basis for the processing of these data.

The withdrawal is not subject to formal requirements and should be sent to the contact data stated above.

You can also withdraw your consent(s) by deactivating the relevant data processing services directly in our consent tool. Please be aware that you have to withdraw your consent on every single device from which you have accessed our website and consented to the data processing.

II. Data processing in connection with the use of our website

Generally, the use of the website and its features necessarily involves the processing of personal data.

Google Tag Manager
We use the Google Tag Manager to embed contents of third-party providers. This is a technical solution which does not itself store or read cookies or similar technologies requiring consent, but merely controls the conditions under which the other programs used on our website and described below are activated.

Provision of the website
Purposes of data processing: Functioning and optimisation of the website and ensuring the security of our information technology systems if our website is used for mere information purposes (without using additional features such as contact forms or social media plug-ins).

Legal basis: Art. 6 (1) point (f) GDPR.

Data categories: connection data.

Data recipients: The data are only transferred to third parties if this is necessary for the operation of our website. For such purpose, the personal data are transferred to the following recipients: IONOS SE Elgendorfer Straße 57, 56410 Montabaur.

Intended transfer to third countries: None.

Do we store personal data on your terminal based on your consent or do we read such data? No.

Applications (application form and applications sent by email)

Purposes of data processing: Processing of your application and implementation of the application procedure.

Legal basis: Art. 6 (1) point (b) GDPR.

Data categories: master data, contact data, content data, contract data; and, if applicable, connection data, usage data and special categories of personal data within the meaning of Art. 9 (1) GDPR (depending on the specific job advertisement; we only store those data relating to your application which you disclose to us and which we are allowed to process for application purposes).

Data recipients: Personio GmbH, Rundfunkplatz 4, 80335 München.

Intended transfer to third countries: None.

Do we store personal data on your terminal based on your consent or do we read such data? No.

Contact requests

Purposes of data processing: Processing of your contact request.

Legal basis: Art. 6 (1) point (f) GDPR; Art. 6 (1) point (b) GDPR (when the request leads to subsequent contract conclusion or pertains to an existing contract)

Data categories: depending on the type of the request. Usually: contact data and master data.


Data recipients:
None.

Intended transfer to third countries: None.

Do we store personal data on your terminal based on your consent or do we read such data? No.

Google Analytics

Purposes of data processing: Statistical analysis; optimisation and customisation of our website design based on your clicks and user behaviour.

Legal basis: Art. 6 (1) point (a) GDPR.

Data categories: usage data, connection data.

Data recipients: Google Ireland Ltd., Gordon House, Barrow Street Dublin 4 Ireland.

Intended transfer to third countries: in individual cases: USA (based on the standard data protection clauses of the European Commission, Art. 46 (2) point (c) GDPR).

duration of storage: 30 minutes.

Borlabs

Purposes of data processing: When you visit our website, certain information is read or stored on your terminal if this is absolutely necessary for the operation of our website. This includes information which “Borlabs” processes to ensure that only those cookies are set or read which are technically indispensable for the operation of our website or to which you have consented. We have selected the operator by criteria relating to data protection by design and by default.

Legal basis: Art. 6 (1) point (c), (f) GDPR.

Data categories: usage data, connection data.

Data recipients: Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg.

Intended transfer to third countries: None.

Do we store personal data on your terminal based on your consent or do we read such data? No

III. Information on external sites of Cellforce Group GmbH

LinkedIn (profile)

Purposes of data processing: We established a site about our company on the “LinkedIn” platform underhttps://www.linkedin.com/company/cellforce-group. When you access that site, LinkedIn processes personal data concerning you. We receive statistics regarding the use of that site which are derived from your data.

Legal basis: Art. 6 (1) point (f) GDPR.

Data categories: master data, contact data, content data, usage data, connection data; position data, where applicable.

Data recipients: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

(as joint controller according to Art. 26 GDPR – the key elements of the contract concluded for such purpose are available at:

https://legal.linkedin.com/pages-joint-controller-addendum)

Intended transfer to third countries: in individual cases: USA and other third countries (based on the standard data protection clauses of the European Commission, Art. 46 (2) point (c) GDPR).

Do we store personal data on your terminal based on your consent or do we read such data? No

Data subjects’ rights: The implementation of your rights as a data subject is the responsibility of LinkedIn. LinkedIn provides information about your rights as a data subject at: https://www.linkedin.com/legal/privacy-policy

You may also send any request regarding your rights to us, we will promptly pass it on to LinkedIn.

Twitter

Purposes of data processing: We established a profile on the “Twitter” platform underhttps://twitter.com/CELLFORCE_Group. When you access that site, Twitter processes personal data concerning you. We receive statistics regarding the use of that site which are derived from your data.

Legal basis: Art. 6 (1) point (f) GDPR.

Data categories: master data, contact data, content data, usage data, connection data; position data, where applicable.

Data recipients: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“Twitter”).

Intended transfer to third countries: in individual cases: USA.

Do we store personal data on your terminal based on your consent or do we read such data? No.

XING (profile)

Purposes of data processing: We established a profile on the “XING” platform under https://www.xing.com/pages/cellforce-group . When you access that site, New Work processes personal data concerning you.

Legal basis: Art. 6 (1) point (f) GDPR.

Data categories: master data, contact data, content data, usage data, connection data; position data, where applicable.

Data recipients: New Work SE, Dammtorstraße 30, 20354 Hamburg (“XING”).

Intended transfer to third countries: in individual cases: USA and other third countries (based on the standard data protection clauses of the European Commission, Art. 46 (2) point (c) GDPR and based on adequacy decisions, Art. 45 GDPR).

Do we store personal data on your terminal based on your consent or do we read such data? No.