The protection of your personal data during the collection, processing and use of personal data on the occasion of your visit to our homepage is an important concern for us. We would like to inform you below about the nature and extent of the processing of personal data via this website in accordance with Article 13 of the General Data Protection Regulation (GDPR).
I. Details of the Responsible Authority
Phone: +49 (0)228 280 7700
Fax: +49 (0)228 280 7728
Chief Executive Officers: Ralf Engler, Sebrus Berchtenbreiter
Commercial Register: Bonn 19 HRB 9093
Tax number: 205/5739/0583
DE No.: DE 212241003
II. Information on the Data Protection Officer
If you have any questions regarding data protection, please contact our external Data Protection Officer:
Mr. Arndt Halbach of GINDAT GmbH
Wetterauer Str. 6, 42897 Remscheid
Phone: 02191 / 909 430
III. Data processing via the website
Your visit to our website is logged. Initially, the following data, which your browser transmits to us, is recorded:
- the IP address currently used by your PC or your router
- date and time
- browser type and version
- the operating system of your PC
- the pages you have viewed
- name and size of the requested file(s)
- as well as the URL of the referring website, if applicable.
This data is only collected for the purposes of data security, to improve our web offer and for error analysis on the basis of Art. 6 para.1 f DSGVO. The IP address of your computer is only evaluated anonymously (shortened by the last 3 digits). Furthermore, you can visit our website without providing any personal information.
We point out that data transmission over the Internet (eg communication by e-mail) may have security gaps. A full protection of the data against access by third parties is not possible. You should therefore send us confidential data by other means, e.g. by postal mail.
Personal data (e.g. your name, address or contact details) that you provide to us voluntarily, e.g. in the context of an inquiry or in any other way, will be stored by us and processed only for correspondence with you and only for the purpose for which you provided us with this data. The processing of this data is based on Art. 6 para.1 a; 6 para. 1 f. DSGVO.
You can register on our website to use additional functions on the site. We use the data provided only for the purpose of using the particular offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration. For important changes, for example regarding the range of services or technically necessary changes, we will use the e-mail address provided during registration to inform you accordingly. The processing of the data entered during registration is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing already carried out remains unaffected by the revocation. The data collected during registration will be stored by us as long as you are registered on our website and will then be deleted. Legal retention periods remain unaffected.
Collection of personal data
With the registration at custlab the following information about the users of our service is collected: e-mail address, country, name, first name, date of birth and gender. All these details are mandatory fields. All other details that you provide in your member profile are optional. With your express consent, your details will be used to send you a targeted invitation to online surveys by e-mail. All personal information collected by us will only be stored by us if you have expressly given us permission to do so, e.g. by accepting our General Terms and Conditions (GTCs).
We offer you the option to subscribe to a newsletter via our homepage. When subscribing, personal data will be collected from you. To ensure that the newsletter has been requested by you or your e-mail address, you will first receive a confirmation e-mail. Only when you click on the activation link contained therein will you be added to our e-mail distribution list and receive the newsletter. The subscription to the newsletter is logged for verification purposes (IP address, date, time). You have the option to unsubscribe from the newsletter at any time by notifying us; specifically, you can also use the link at the end of each newsletter to unsubscribe. The legal basis is Article 6 paragraph 1a DSGVO.
Secure data transmission
To protect the security of your data during transmission, we use a state-of-the-art encryption process (SSL) via HTTPS.
IV. Recipients of personal data
We may use service providers to perform and manage processing operations by means of commissioned data processing.
Specifically, we have used service providers for sending the newsletter and for hosting our website.
The contractual relationships with our service providers are regulated in accordance with the provisions of Art 28 DSGVO, which contain the legally required clauses on data protection and data security.
V. Data collection through Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. The basis for the data processing is Art. 6 para. 1 f) DSGVO.
In case of activation of IP anonymization on this website, your IP address will, however, be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. We point out that on this website Google Analytics has been extended by the code "anonymizelp" to ensure an anonymized version of the IP address.
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
The basis for the data processing is Art. 6 para.1 f DSGVO.
VI. Cint AB
This site uses the service of Cint AB, Stockholm, Sweden for certain online survey invitations.
For this purpose, the personal data necessary for sending invitation e-mails and the optionally entered profile data (sociodemographics, questionnaires) are made available to Cint AB.
Cint AB checks the fit accuracy of online surveys to this profile data and, if suitable, sends invitation e-mails to these surveys on behalf of promio.net GmbH.
To protect your requests via internet form we use the service reCAPTCHA of the company Google Inc. (Google). The query helps determine whether the entry is entered by a human or improperly by automatic machine processing. The query includes sending the IP address and any other data required by Google for the service reCAPTCHA to Google. For this purpose your submission will be transmitted to Google and further used there. Your IP address will, however, be shortened by Google within member states of the European Union or in other states which are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.
This service is performed in accordance with Art. 6 para. 1 sentence 1 letter f DSGVO
VIII. Social Media / Plugins
Facebook plugins (Like & Share button)
On our pages we have integrated plugins of the social network Facebook, provider Facebook Inc. 1 Hacker Way, Menlo Park, California 94025, USA. You can recognize the Facebook plugins by the Facebook logo or the "Like Button" ("Like") on our page. An overview of the Facebook plugins can be found here:
If you do not want Facebook to be able to assign visits to our pages to your Facebook user account, please log out of your Facebook user account.
You can change your privacy settings on Twitter in the account settings at https://twitter.com/account/settings.
Some of the cookies we use are deleted immediately after closing your browser (so-called session cookies).
Other cookies remain on your end device and make it possible to recognize your browser on your next visit (persistent cookies).
Data processing in connection with cookies is only used to provide the necessary functionality of our online offer and is based on our legitimate interest according to Art. 6 I f) DSGVO.
If you do not wish cookies to be used, you can set your browser to reject cookies. Please note, that in this case you may not be able to use all features of our website.
X. Your rights
According to §§ 15-21 DSGVO, you can assert the following rights in relation to the personal data processed by us if the conditions described therein are met.
Right of information
You have a right to receive information about the personal data that concerns you and is processed by us.
Right of rectification
You can request the correction of incomplete or incorrectly processed personal data.
Right to erasure
You have the right to have personal data concerning you deleted, in particular if one of the following reasons applies
- your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
- you revoke your consent on which the processing of your data was based
- you have asserted a right of objection against the processing
- your data has been processed unlawfully.
However, the right to deletion does not exist if the legitimate interests of the party responsible are in conflict. These can be e.g.
- personal data are necessary for the assertion, execution or defense of legal claims.
- deletion is not possible due to the obligation to retain data
If data cannot be deleted, there may be a right to restrict processing (subsequently).
Right to restrict processing
You have the right to demand the restriction of processing your personal data if
- you deny the accuracy of the data and we therefore check the correctness,
- the processing is unlawful and you refuse deletion and request a restriction in use instead
- we no longer need the data, but you do in order to assert, execute or defend legal claims,
- you have filed an objection against the processing of your data but it is not yet certain whether our justified reasons outweigh your reasons
Right to data transmission
You have the right to receive the personal data concerning you that you have provided us with in a structured, standard and machine-readable format and you have the right to transfer this data to another responsible party without interference from us, as long as the processing is based on consent or a contract and the processing by us is carried out with the help of automated procedures.
Right of withdrawal
The individual concerned shall have the right to object at any time, on grounds to his or her specific situation, to the processing of personal data concerning him or her, which is carried out on the basis of Article 6(1) letters (e) or (f); this also applies to profiling based on these provisions. If the processing of your personal data is based on consent, you have the right to revoke this consent at any time.
XI. Indicative time limits for data erasure
Unless there is a statutory retention requirement, the data will be deleted or destroyed when it is no longer necessary for the purpose of the data processing. Different terms apply to the retention of personal data. Data relevant for tax purposes is usually stored for 10 years, other data is usually kept for 6 years according to commercial law regulations. The duration of storage may also be governed by the statutory limitation periods, which, for example, under sections 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases may be up to thirty years.
XII. Right of appeal to a supervisory authority
Under Art. 77 DSGVO, every individual has a right of appeal to a supervisory authority if he or she believes that the processing of personal data about him or her violates the DSGVO. The competent supervisory authority in data protection matters is the data protection officer of the federal state in which our company is located.