1. General Guidelines and Mandatory Information
The contact details of the Data Protection Officer are:
Certif-ID International GmbH
Data Protection Officer –
Am Grauen Stein 33
D – 51105 Cologne
E-mail: [email protected]
You can reach our legally designated data protection specialist at:
[email protected] with the subject line “Data Protection Specialist” or through our postal address with the tag “Data Protection Specialist”.
2. Information about the Collection of Personal Data
In the following sections we shall inform you about the collection and further processing of personal data when you visit our website. Personal data refers to all data which relates to you personally or with which you can be identified personally, e.g. name, address, e-mail address or user behaviour.
When you contact us by e-mail or via a contact form, we shall store the personal data you submit to us (your email address, your name and your telephone number, if necessary) for purposes of responding to your questions. We shall delete the data connected with this event as soon as its storage is no longer required, or we shall restrict the processing of this data if there are any legal obligations necessitating its storage.
If we engage contracted service providers for individual functions of our service provision, or if we want to use your data for advertising purposes, we shall hereafter inform you in detail about the respective procedures. At the same time, we shall also tell you the fixed criteria for the storage duration.
The use of the contact details published in connection with the obligatory legal notice for sending not explicitly solicited advertising and information material is hereby excluded. The operators of the websites reserve the right to take express legal steps in the event of unsolicited circulation of advertising information, for example through spam e-mails.
3. Your Rights.
You can assert the following rights against us regarding your personal data:
- Right to information,
- Right to rectification or erasure of personal data,
- Right to restriction of processing,
- Right of objection to the processing,
- Right to data portability.
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
Certif-ID utilizes Amazon Web Services (AWS) to host the environment that runs Certif-ID Saas and Private Stack services. Amazon maintains multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. For more information about their certification and compliance, please visit the AWS Security website and the AWS Compliance website.
5. Data Collection
If you are simply visiting our website for information purposes, and not to register or send us any information at all, we shall still collect the following personal data which will be transmitted to our server by your browser.
- IP address
- Date and time of your inquiry
- Time zone difference to Greenwich Mean Time (GMT)
- Contents of the request (precise page)
- Access status / HTTP status code
- The respective amount of data transmitted
- Website originating the request
- Operating system and its interface
- Language and version of the browser software
Please refer to the sub-processors page for additional information on data processing.
6. Registration on this Website
You can register on our website to be able to use other functions on the website. We use the data submitted only for purposes of using the respective product or service for which you have registered. The mandatory information required during registration must be submitted in full. Otherwise, we will reject the registration.
We shall use the e-mail address submitted during registration to inform you about important changes, for example to the scope of the offer, or technically significant changes.
We shall use the e-mail address submitted during registration to inform you about important changes, for example to the scope of the offer, or technically significant changes.
Data collected during the registration is stored by us for as long as you are a registered member on our website; thereafter it will be deleted. Legal retention periods shall remain unaffected.
Instead of direct registration on our website, you can also register with Facebook Connect. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. If you decide to register using Facebook Connect and then click on the button “Login with Facebook”- / “Connect with Facebook”, you will be automatically forwarded to the Facebook platform. You can sign in there with your user details. Through this process, your Facebook profile will be linked to our website and/or services. This connection will enable us to gain access to your data which is stored on Facebook. This includes mainly:
- Your Facebook name
- Your Facebook profile and cover photo
- Facebook cover photo
- Your e-mail address stored on Facebook
- Facebook ID
- Facebook friends lists
- Facebook Likes
- Date of birth
This data is used for the setting up, provision and personalisation of your account. You can find more details in the Facebook terms and conditions and the Facebook data protection regulations. These can be accessed at: https://de-de.facebook.com/about/privacy/ and https://www.facebook.com.
8. External Providers
Apart from the purely informative use of our website, we also offer various services which you can use if interested. To do this, you generally have to give us more personal data, which we shall use to provide the respective service and for which the previously outlined principles of data processing apply.
We shall partly engage external service providers to process your data. These have been carefully selected and commissioned by us; they are bound by our instructions and are regularly monitored by us.
Furthermore, we can share your personal data with third parties if we have arranged to participate in promotions, competitions, conclusion of contracts or other similar services in collaboration with our partners. You can get more information about this by providing your personal details or in the subsequent description of the service offered.
Provided that our service providers or partners have their headquarters in a country outside the European Economic Area (EEA), we shall inform you about the consequences of this state of affairs in the description of the service offered.
If you have consented to the processing of your data, you can always revoke this consent at any time. After you have expressed such a revocation to us, it will influence the permissibility of processing your personal data.
Provided that we are basing the processing of your personal data on the need to balance interests, you can raise an objection to this processing of your data. This is the case if the processing is not required in particular to fulfil a contract with you, a fact which we endeavour to outline in the subsequent description of the respective functions.
You can of course object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us of your objection to the use of your data for advertising through the following contact address:
By e-mail to [email protected] or by post to CERTIF-ID International GmbH, Am Grauen Stein 33, 51105 Köln, Germany.
Last updated March 20, 2019
With your consent, you can subscribe to our newsletter, through which we can keep you informed about our latest interesting offers. The goods and services advertised are mentioned in the declaration of consent.
We use what is known as the “double opt-in procedure” for subscription to our newsletter. This means that after registration, we shall send you a message to the e-mail address you indicated, in which we shall request you to confirm that you wish to receive the newsletter. If you don’t confirm the registration, we shall block the information you submitted and it will then be deleted automatically. In addition, we shall also store the IP address you used and the time of registration and confirmation. The purpose of this procedure is to verify your registration and to enable us to clarify any possible misuse of your personal data, if necessary.
The only mandatory piece of information for the sending of our newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to enable us to address you personally. After your confirmation, we shall store your e-mail address to send you the newsletter. The legal basis for this is Art. 6(1)(1)(a) of the GDPR.
You can revoke your consent for the newsletter any time and also unsubscribe from the same.You can perform the revocation by clicking on the link provided in each newsletter e-mail, or by sending a message to the contact address given in our legal notice. After unsubscription, the data will only be stored anonymously.
We would like to let you know that we evaluate your user behaviour when we send you the newsletter. To do this evaluation, the e-mails sent contain “web beacons” or “tracking pixels”, which are one-pixel files stored on our website. To do this evaluation, we shall link the data specified in Part 4 of this policy and the web beacons with your e-mail address and an individual ID. The links contained in the newsletter also contain this ID.
You can object to this tracking any time by unsubscribing from the newsletter. It is possible to unsubscribe through a link in each newsletter. The information you submitted will be stored for as long as you are subscribed to the newsletter. After you have unsubscribed, we shall keep your data for purely statistical reasons.
11. Analysis Tools and Advertising
Last updated March 20, 2019
a) LinkedIn Conversion Tracking
This website uses LinkedIn conversion tracking, a web analysis service of the LinkedIn Corporation. LinkedIn conversion tracking uses what are known as ‘cookies’, i.e. text files which are stored on your computer via the LinkedIn insight tag, and which allow website usage to be analysed.
The information collected by the LinkedIn insight tag about your usage of our website is encrypted. The cookie is stored in the LinkedIn member’s browser until the member deletes the cookie or it expires (the expiry date is on a rolling basis, six months after the member’s browser last loaded the insight tag).
LinkedIn members can opt out of LinkedIn conversion tracking and block/delete cookies at
https://www.linkedin.com/psettings/advertising/, as well as disable demographic features. There is no separate opt-out option for third-party impressions or click tracking for campaigns that run on LinkedIn in since all underlying campaigns respect LinkedIn member settings.
In addition, you can prevent cookie storage by adjusting your browser software or third-party provider tools accordingly. Please note that, in this case, you will not be able to use all the functions of this website to their full extent.
We use LinkedIn conversion tracking to analyse the usage of our website and to continually improve the website. We can improve the experience we offer and make it more interesting for you as a user by using the statistics that are collected. The legal basis for using LinkedIn conversion tracking Article 6, Paragraph 1, Sentence 1, lit. f of the EU GDPR.
Additional third-party information: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA;
LinkedIn has joined the EU-U.S. Privacy Shield https://www.privacyshield.gov/EU-US-Framework
b) Bing Ads
The website uses the remarketing function “Bing Ads” provided by Microsoft Corporation One Microsoft Way, Redmond, WA 98052-6399, USA. (“Microsoft Advertising”). Microsoft Bing Ads stores a cookie on your computer if you have reached our website via a Microsoft Bing advert. This enables Microsoft Bing and us to determine that someone has clicked on an advert, been forwarded to our website and reached a previously determined target page (conversion page). We learn only the total number of users that have clicked on a Bing advert and then been forwarded to the conversion page. No personal information regarding the identity of the user is passed on.
If you do not want information on your behaviour to be used by Microsoft as described above, you can refuse the setting of the cookie required for this purpose – for example by configuring the browser setting that disables the automatic setting of cookies generally. You can also prevent the collection of data generated by the cookie relating to your use of the website and the processing of this data by Microsoft by opting out at the following link: http://choice.microsoft.com/en/opt-out. Further information on data protection and the cookies used by Microsoft and in the context of Bing Ads is available on the Microsoft website at https://privacy.microsoft.com/en-us/privacystatement.
c) Facebook Custom Audiences
The website also uses the remarketing function “Custom Audiences” provided by Facebook Inc. (“Facebook”). Through this function, website users are shown interest-related adverts (“Facebook ads”) when visiting the social network Facebook or other websites that also use the function. In this way, we are pursuing our desire to show you adverts of interest to you to make our website more interesting.
Through the marketing tools used, such as Facebook pixels, your browser automatically establishes a direct connection to the Facebook server. We have no influence on the scope and further use of the data that is collected through use of this tool by Facebook and are therefore providing you with information based on what we know: Through the integration of Facebook Customer Audiences, Facebook receives the information that you have accessed the relevant page on our website or that you have clicked on one of our adverts. If you are registered with a Facebook service, Facebook can link the visit to your account. Even if you are not registered with Facebook or are not logged in, the provider may learn and store your IP address and other identifying features.
To disable the “Facebook Custom Audiences” function, logged-in users should go to https://www.facebook.com/settings/?tab=ads#_möglich.
The legal basis for the processing of your data is Art. 6(1)(1)(f) GDPR. Further information on data processing by Facebook can be found at https://www.facebook.com/about/privacy .
d) DoubleClick Ad Exchange
Through the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected through use of this tool by Google and are therefore providing you with information based on what we know: Through the integration of DoubleClick, Google receives the information that you have accessed the relevant section of our website or that you have clicked on one of our adverts. If you are registered with a Google service, Google can link the visit to your account. Even if you are not registered with Google or are not logged in, the provider may learn and store your IP address.
You can prevent participation in this tracking process in a number of ways: a) by configuring your browser software accordingly; in particular, the suppression of third-party cookies means that you will not receive adverts from third-party providers; b) by disabling the cookies for conversion tracking, by setting your browser to block cookies from the domain “www.googleadservices.com”, at https://www.google.com/settings/ads; this setting is deleted if you delete your cookies; c) by disabling interest-related adverts from providers who are part of the “About Ads” self-regulation campaign via the link http://www.aboutads.info/choices; this setting is deleted if you delete your cookies; d) by permanently deactivating your Firefox, Internet Explorer or Google Chrome browser at the link http://www.google.com/settings/ads/plugin. Please note that in this case, you may not be able to use fully all the functions on this website.
The legal basis for the processing of your data is Art. 6(1)(1)(f) GDPR. Further information on DoubleClick by Google is available at https://www.google.com/doubleclick and http://support.google.com/adsense/answer/2839090, and on data protection in general at Google: https://www.google.com/intl/en/policies/privacy. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. Google has joined the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
12. Social Media and Other Logins
Last updated March 20, 2019
a) Social media plug-ins
We currently use the following social media plug-ins on our website:
WhatsApp, Facebook, Twitter, Pinterest, Xing, LinkedIn
We use the two-click solution. This means that when you visit our site, no personal data is sent initially to the plug-in providers. You can identify the provider of the plug-in by the marking on the box, via the provider’s initial letters or logo. We give you the opportunity to communicate directly with the plug-in provider via the button. The plug-in provider will receive the information that you have visited the relevant page on our website only if you click on the marked field and thereby activate it. In addition, the data specified in Part 1, Section 3 of this policy will be transmitted. In the case of Facebook and Xing, according to these providers, the IP address is anonymised immediately after being collected in Germany. When the plug-in is activated, your personal data is therefore sent to the relevant plug-in provider and stored there (in the case of US providers, in the USA). Because the plug-in providers carry out data collection using cookies in particular, we recommend deleting all cookies via the security settings in your browser before clicking on the greyed-out box.
We have no influence on the data collected or on the data processing operations, nor do we know the full scope of the data collection, the purposes of the processing or the retention periods. We also have no information regarding the erasure of the collected data by the plug-in providers.
The plug-in provider stores the data collected regarding you as usage profiles and uses these for advertising and market research purposes and/or for ensuring that its website is designed in accordance with requirements. Such use is carried out in particular (including for users who are not logged in) for the purposes of displaying appropriate advertising and informing other users on the social network about your activities on our website. You have a right to object to the creation of these user profiles. To assert this right, you must contact the relevant plug-in provider. Via the plug-ins, we offer you the opportunity to interact with social networks and other users so that we can improve the experience we offer and make it more interesting for you as a user. The legal basis for the use of plug-ins is Art. 6(1)(1)(f) GDPR.
The data transfer takes place irrespective of whether or not you have an account with the plug-in provider and are logged into your account. If you are logged into your account with the plug-in provider, your data collected on our website will be linked directly to this account. If you click on the activated button and e.g. link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend regularly logging out after using a social network, in particular before activating the button, as in this way you can prevent a link being made by the plug-in provider to your profile.
Further information on the purpose and scope of the collection and processing of data by the plug-in provider is available in the privacy policies of these providers listed below. In these privacy policies, you can also find further information on your associated rights and setting options for protecting your privacy.
Addresses of the relevant plug-in providers and URLs for their privacy policies:
WhatsApp / Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;
https://www.whatsapp.com/legal/#terms-of-service further information on data collection
Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA;
https://www.google.com/policies/privacy/partners/?hl=en. Google has joined the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;
http://www.facebook.com/policy.php; further information on data collection:
http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has joined the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA;
https://twitter.com/privacy. Twitter has joined the EU-U.S. Privacy Shield,
Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA (“Pinterest”)
https://policy.pinterest.com/en/privacy-policy further information on data collection
Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has joined the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
b) Integration of YouTube videos
We have integrated YouTube videos in our website. These videos are stored on http://www.youtube.com and can be played directly from our website. The videos are all integrated in “enhanced data protection mode”, meaning that no data regarding you as a user is transmitted to YouTube if you do not play the videos. The data specified in paragraph 2 is transmitted only when you play the videos. We have no influence over this data transmission.
Through the visit to the website, YouTube receives the information that you have accessed the relevant page on our website. In addition, the data specified in Part 4 of this policy will be transmitted. This takes place irrespective of whether you have a user account with YouTube that you are logged into or whether no user account exists. If you are logged in on Google, your data will be linked directly to your account. If you do not want your data to be linked to your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses it for advertising and market research purposes and/or for ensuring that its website is designed in accordance with requirements. Such an evaluation is carried out in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users on the social network about your activities on our website. You have a right to object to the creation of these user profiles. To assert this right, you must contact YouTube.
https://www.google.com/intl/en/policies/privacy. Google also processes your personal data in the USA and has joined the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
c) Integration of Google Maps
We use Google Maps on this website. This enables us to display interactive maps directly on the website and provides you with convenient use of the map function.
When you visit the website, Google receives the information that you have accessed the relevant page on our website. In addition, the data specified in Part 4 of this policy will be transmitted. This takes place irrespective of whether you have a user account with Google that you are logged into or whether no user account exists. If you are logged in on Google, your data will be linked directly to your account. If you do not want your data to be linked to your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses it for advertising and market research purposes and/or for ensuring that its website is designed in accordance with requirements. Such an evaluation is carried out in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users on the social network about your activities on our website. You have a right to object to the creation of these user profiles. To assert this right, you must contact Google.
Further information on the purpose and scope of the collection and processing of data by the plug-in provider is available in the provider’s privacy policies. Here, you can also find further information on your associated rights and setting options for protecting your privacy: http://www.google.com/intl/en/policies/privacy. Google also processes your personal data in the USA and has joined the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.