Thank you for visiting the websites of the Haufe Group. Protecting your personal data is very important to us. The purpose of this privacy policy statement is to inform you about how your personal data is handled when you visit our websites, and about your rights in this regard.
1. Who are we and how can you reach us?
We are the
Haufe-Lexware Services GmbH & Co. KG
A Haufe Group Company
Munzinger Straße 9
79111 Freiburg
Germany
E-mail: service@haufe.de
and as a “controller” in the sense of the GDPR, we are responsible for protecting your personal data. Our data protection officer, Raik Mickler, will be happy to assist you with any questions you may have about data processing, your rights, or this privacy policy statement. He can be reached at: dsb@haufe-lexware.com.
2. What data is processed when you visit our website?
This section explains what data is collected when you visit our websites, the purposes for which it is processed, the legal basis on which the data is processed, what options you have to control the collection and processing of the data yourself, and when the data is deleted.
A. Log files
1. Data collected:
When you visit our website, your browser automatically transmits the following data to us:
- Your IP address
- The website you are coming from
- Websites that you access from our site
- The pages you click on, and
- Time when the page was accessed
- Name of your Internet service provider
- Your browser type and version
- The operating system used on your device
- The date and duration of your visit.
2. Purposes for which the data is processed:
Temporary storage of this data is necessary to display the website on your computer and to ensure that the website functions properly. We also use this data to compile statistics about how our websites are used. Another reason for collecting this data is to track and prevent unauthorized access to the web server and any improper use of the web pages, and to secure our information technology systems.
3. Legal basis:
We temporarily store this data on the basis of legitimate interests (Art. 6 (1)(f) GDPR). It is in our legitimate interest to achieve the purposes described above.
4. Storage period and control options:
The data is deleted when it is no longer needed to achieve the described purposes. Log files are deleted after a maximum of 90 days.
B. General information about cookies and targeting technologies
1. Data collected:
Our website uses “cookies”, which are small text files that are stored on your device. Cookies typically contain a unique character sequence called the cookieID which can be used to identify your browser the next time you visit our website.
We also use “tags”, i.e. small pieces of code with which we can measure our users’ behavior and determine the success of our advertising activities.
Depending on the type of cookies or tags used, different types of data are collected and processed after pseudonymization.
We use both our own cookies and cookies from other providers (third-party cookies). The third-party cookies are described in detail below, in Section 2 C.
2. Purposes for which the data is processed:
Some cookies are technically necessary for the functioning of our websites. Certain functions used on our websites cannot be offered without the use of cookies.
Functionality cookies are used to make our websites more user-friendly and to ensure that certain functionalities are available, e.g. the ability to consistently display the shopping cart icon from one page to the next with the number of items in your cart, or storage of your login data so that you can have access to the data and settings you have already entered when you return to the page.
Analysis cookies and tags enable us to generate overall statistics, e.g. the number of times a given page has been accessed, which areas of our pages are most frequently viewed, and information on locations and the average amount of time spent on each page. This helps us to improve the quality of our websites and their content.
Advertising cookies and retargeting technologies enable us to provide you with offers and information tailored to your specific needs. This helps us to provide you with a more interesting experience at our websites, and to reach out to you on other websites with personalized advertising based on your interests.
3. Legal basis:
We use technically necessary cookies and functionality cookies on the basis of legitimate interests (Art. 6 (1)(f) GDPR). It is in our legitimate interest to ensure that our websites function as intended and to provide optimal usability for visitors to our websites.
We use analytics cookies and advertising cookies, as well as tags and retargeting technologies on the basis of legitimate interests (Art. 6 (1)(f) GDPR, Recital 47). It is in our legitimate interest to tailor our websites to our customers’ specific interests.
4. Storage period and control options:
Some of the cookies we use are automatically deleted after closing the browser (so-called session cookies), while others are stored permanently on your device and enable us to recognize your browser (so-called persistent cookies).
You have full control over the use of cookies and can delete cookies in your browser, completely deactivate the storage of cookies, or selectively accept certain cookies. Use your browser’s help function to learn how you can change these settings. Note that such changes may limit the functionality of our websites.
C. Third-party cookie and tracking technologies
Econda
a) Data collected:
We use solutions and technologies from econda GmbH, Eisenlohrstraße 43, 76135 Karlsruhe, Germany (“Econda”). Econda uses cookies to create pseudonymous user profiles that persist across multiple pages. To do this, data is collected so that your browser can be recognized. Your IP address will be made unrecognizable immediately upon receipt to prevent it from being associated with user profiles.
b) Purposes for which the data is processed:
We use Econda to optimize our websites and adapt them to our users’ needs.
c) Legal basis:
We use Econda after you have given your consent. When you visit our website, we obtain your consent via the cookie banner at the bottom edge of the page.
d) Storage period and control options:
Econda stores this data and deletes it regularly.
You can block Econda from collecting and processing your data by configuring your browser settings accordingly, or through this link [https://www.econda.de/widerruf-zur-datenspeicherung].
I) Facebook-Pixel and Facebook Custom Audience (Remarketing)
Data collected:
On our website we deploy the so-called "Facebook pixel" of the company "Facebook" (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). The Facebook pixel enables us to classify the visitors to our website into specific target groups in order to be able to display corresponding advertisements ("ads") on Facebook. The data collected (e.g. IP addresses, information about the web browser, the location of the website, buttons clicked, pixel IDs if applicable and other features) cannot be viewed by us, but can only be used within the scope of the display of certain advertisements. Within the scope of using the Facebook pixel code, so-called cookies are also used.
If you have a Facebook account and are signed in, your visit to this website will be associated with your Facebook user account.
We also partly utilise the remarketing function "Custom Audiences" of the company "Facebook". This enables users of the Site to display interest-based ads ("Facebook Ads") when visiting Facebook or other websites that also use this method. In this respect, we pursue your interest in displaying advertisements that correspond to your interests in order to make our website more appealing to you.
In order to exchange the respective data, your browser automatically establishes a direct connection with the Facebook server. We have no control over the extent and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding website of our website or clicked on an advertisement from us. If you are registered with a "Facebook" service, "Facebook" may assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible for the provider to trace and store your IP address and other identification features.
Insofar as you have consented to this, we may forward your telephone number or e-mail address to "Facebook" in order to be able to display advertisements corresponding to your interests.
To find out how Facebook pixel is deployed for advertising campaigns, please visit https://www.facebook.com/business/learn/facebook-ads-pixel
For more information about Facebook's privacy policy, please visit https://www.facebook.com/policy.php
For more information about Facebook's data processing practices, please visit https://www.facebook.com/about/privacy
Purposes for which the data is processed:
We employ these functions in order to be able to provide you with advertising offers corresponding to your interests.
Legal basis:
We process your data on the basis that you have consented to this or that we have a legitimate interest in processing the data pursuant to Art. 6 para. 1, sentence1 (a) and (f) GDPR.
Storage period and control options:
We store your data as long as we require it for the respective purpose (display of interest-based advertising) or provided you have not objected to the storage of your data or revoked your consent.
The deactivation of the function "Facebook Custom Audiences" is possible for logged in users at
https://www.facebook.com/settings/?tab=ads#_
If you are logged in to Facebook you can adjust your ad settings in Facebook at
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
Google:
Data collected:
Google Analytics: On our websites, we use Google Analytics, a web analyticss ervice provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin4, Ireland ("Google"). Google Analytics stores cookies on your device that make it possible to evaluate your use of our websites.
To do so, Google collects various data, including data to uniquely identify your browser and information about when and how often you have visited our websites, how much time you have spent on our websites, and how you have interacted with our websites (more information available here).
We have added the code "get._anonymizeIP();" to Google Analytics. This causes Google to shorten your IP address, thereby allowing for anonymous analysis. IP addresses are shortened within the EU or the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the United States and shortened there. The IP address sent by your browser for Google Analytics is not merged with other Google data. The data collected through the use of cookies is usually transmitted to a Google server in the United States and stored there. Google shares data with third parties if permission has been given, if necessary for legal reasons, or to have the third parties process this data on Google's behalf.
Google Remarketing and DoubleClick: We use Google Remarketing and Google DoubleClick. This technology uses cookies to track how you use our website, and to help us recognize your browser when you visit websites that are part of the Google advertising network. To do this, the Google Analytics tracking code uses so-called DoubleClick cookies in addition to the usual Google Analytics cookies. DoubleClick cookies collect data about which third-party websites you have visited in the Google Display Network, and which ads you have clicked on. Data from first-party cookies (e.g. Google Analytics cookies) is also linked with data from third-party cookies (e.g. Google cookies for display preferences). This allows us to evaluate how advertisements are displayed and how you interact with them.
Google AdWords Conversion Tracking: We use Google AdWords Conversion Tracking. This technology stores cookies when you interact with one of our advertisements, e.g. by clicking on it. The cookies are then used to analyze what happens after you interact with an ad, such as whether you bought our product, accessed the ad from a cell phone, downloaded our app, or subscribed to a newsletter.
Google Tag Manager: Google Tag Manager is a solution that we use to manage web page tags from an interface (allowing us to integrate f. e. Google Analytics, or other Google marketing services, into our online offering). The tag manager itself (which implements the tags) does not process personal information. With regard to the processing of personal data, reference is made to the information relating to the respective Google services. The Google Tag Manager usage policy can be viewed here: https://www.google.com/intl/de/tagmanager/use-policy-html
Google reCAPTCHA: We use Google's reCAPTCHA service in some of our forms. For this service, Google collects certain data to determine whether a human being or a machine is accessing our websites; this data may include your IP address, your screen and window resolution, your browser’s language settings, the time zone where you are located, the browser's user agent and what browser plugins you have installed. We have added the code "get._anonymizeIP();" to this service. This causes Google to shorten your IP address. For more information about shortening IP addresses, see the explanation of Google Analytics above.
Google Signals: In parts we also use the function Signals of Google Inc.’s. Google Signals recognizes single users across different devices (so called Cross Device Tracking). As a result we receive anonymized data in report form. The reports show patterns in user behavior.
The function is only activated, if you
1. have a Google account,
2. are logged in to this Google account while using the according Haufe Group websites,
3. and have activated the option ‘Ads personalization’ in your Google account’s Ads Settings.
Purposes for which the data is processed:
Google Analytics: Google uses the data collected via Google Analytics on our behalf in order to evaluate how our websites are used, compile reports on website activity, and to provide other services relating to website and Internet use.
Google Remarketing and DoubleClick: We use this technology to display ads relevant to your interests on other sites in the Google advertising network. These ads relate to content that you have previously viewed on our websites.
Google AdWords Conversion Tracking: We use this technology to improve our offerings.
Google Tag Manager: We use this service to create, deploy and manage tags on our website.
Google reCAPTCHA: We use this service to distinguish whether the data entered in one of our web forms was entered by a human being or illegitimately by an automated process, which in turn helps us to protect our information technology systems.
YouTube: We use YouTube to embed videos on our websites.
Google Maps: We use Google Maps to make it easier for you to find our location, in which we have an interest. This is also the purpose of the data processing.
Google Signals: We are using the technology to recognize users across different devices. Thus we are able to present you interest based advertisements.
Legal basis:
We use the Google products listed above after you have given your consent. When you visit our website, we obtain your consent via the cookie banner at the bottom edge of the page.
We use Google reCAPTCHA on the basis of legitimate interests (Art. 6 (1)(f) GDPR). It is in our legitimate interest to prevent misuse of our forms and to protect our information technology systems.
Storage period and control options:
The data that is collected by these Google functions is stored and deleted regularly. You may prevent the use of cookies by configuring the appropriate settings on your browser. You can also prevent Google from collecting and processing this data by downloading and installing the browser add-on available at this link.
Google Dynamic Remarketing and DoubleClick and Google AdWords Conversion Tracking: You can refuse the storage of cookies and the associated data processing by deactivating personalized ads in your ad settings. You can deactivate the use of cookies by third-party providers through the Network Advertising Initiative’s opt-out page. DoubleClick cookies can also be deactivated by installing a browser plugin.
Note that such changes may limit the functionality of our websites.
For more information, see the Google Privacy Policy Statement.
Eloqua (Oracle):
Data collected
We use the service Eloqua of the provider ORACLE Deutschland B.V. & Co. KG, Riesstrasse 25, 80992 Munich. Eloqua sets a permanent cookie on your browser respective registration website.
Purpose for which the data is processed:
We use Eloqua to analyse the use of our websites so that we can continually improve them.
Legal basis:
We use Eloqua if you have consented to this. We obtain your consent when you call up our websites via the cookie banner, Art. 6. para. 1 lit. a DSGVO.
Storage period and control options:
Eloqua stores your data and this deleted regularly. You can prevent the collection and processing of data by Eloqua by making the appropriate setting in your browser or via the following link.
For more information, see Oracle's privacy policy.
LinkedIn Insights Tag:
Data collected: On this website we use the LinkedIn Insight Tag. The LinkedIn Insight Tag creates a LinkedIn „Browser Cookie“, which collects the following data:
- IP address,
- time stamp,
- page Activities,
- demographic data from LinkedIn, if the user is an active LinkedIn user.
Purpose of data processing: We process your data to rate campaigns and gather information about website visitors who may have reached us through our LinkedIn campaigns.
Legal basis: We process your data because you have consented to this or because we have a legitimate interest in processing the data, Art. 6 para. 1 sentence 1 lit. a. and f EU-GDPR.
Storage duration and control options: We save your data as long as we need them for the respective purpose (campaign evaluation), as long as you have not objected to the storage of your data or have revoked your consent.
The collected data is encrypted. More information can be found here. Here you will find the LinkedIn privacy policy, as well the LinkedIn Opt-Out.
Lead forms
If you submit a so-called lead form on the LinkedIn website, we process your personal data in order to be able to provide the information you have requested. Subject to you consent, we will transfer the information you enter in the lead form to our customer database (CRM system) and link it to any other information you provide, in order to provide you with future offers that suit you preferences. If you have consented to this, you may revoke the relevant use of your data at any time. You may revoke your consent at any time:
1. In repect of your LinkedIn data within 90 days click here;
2. In respect of the data stored at Haufe at any time by email to dsb@haufe-lexware.com
Microsoft:
Data collected:
Bing Universal Event Tracking: We use Bing Universal Event Tracking (“UET”), a service of Microsoft Corporation, One Microsoft Way, Redmond WA 98052-6399, USA (“Microsoft”). When you access our websites through ads provided by Bing Ads, a cookie is placed on your computer. In addition, a UET tag is integrated on our websites. A UET tag is a code that is used together with the cookie to store pseudonymized data about how the website is used. In combination with the cookie, the tag records pseudonymized data to track what actions you perform on our websites after clicking on an ad from Bing Ads. The data collected include the amount of time spent on the website, which areas of the website were viewed, and what ad led you to the website. In addition, Microsoft can use cross-device tracking to track your usage across multiple electronic devices. The collected data is sent to a Microsoft server in the United States.
Bing Webmaster Tools: Bing Webmaster Tools from Microsoft stores both cookies and so-called “beacons” on your computer. Beacons, or tracking pixels, are small invisible graphics that can be used to register whether a web page has been accessed.
Purposes for which the data is processed:
Bing Universal Event Tracking: UET enables us to track your activities on our websites when you have accessed our websites via ads from Bing Ads; this, in turn, enables us to improve our online offerings. Cross-device tracking enables Microsoft to display personalized advertising.
Bing Webmaster Tools: This tool allows Microsoft to provide its Bing services and to optimize search results.
Legal basis:
We use Bing Tracking Tools after you have given your consent. When you visit our website, we obtain your consent via the cookie banner at the bottom edge of the page.
Storage period and control options:
Microsoft stores the data for a period of no more than 180 days. You can prevent your data from being collected and processed by deactivating the use of cookies. Note that such changes may limit the functionality of the websites in question. You can use this link to deactivate cross-device tracking.
For more information on Bing’s analytics services, please visit the Bing Ads website. For more information on data privacy at Microsoft and in Bing, see the Microsoft Privacy Statement.
Social plugins:
We use social plugins from the following social media sites:
Facebook, which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto CA 94304, USA (“Facebook”).
Twitter, which is operated by Twitter Inc, 795 Folsom St., Suite 600, San Francisco CA 94107, USA (“Twitter”).
Instagram, which is operated as a product of Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA
LinkedIn, which is operated by LinkedIn Corporation, 1000 W. Maude Ave, Sunnyvale, California 95085, USA ("LinkedIn").
XING, which is operated as a product of New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
When you visit a website that contains one of these plugins, your browser establishes a direct connection to the servers of the associated social media site. This integration provides the social media site with information about the website you have visited, even if you do not have a user profile or are not currently logged in. If you are logged in, Facebook can associate the website visit to your Facebook account. When you interact with the plugins, the associated information is sent to the social media site and stored there. Your IP address is stored in shortened form. Once collected, the data is transmitted directly from your browser to one of the social media site’s servers in the United States and stored there.
Purposes for which the data is processed:
The social plugins allow you to share website content on social media sites.
Legal basis:
We use social plugins after you have given your consent. When you visit our website, we obtain your consent via the cookie banner at the bottom edge of the page.
Storage period and control options:
You can block social media sites from collecting and processing your data by configuring your browser settings accordingly.
If you do not want social media sites to directly associate the information collected through our websites with your user profile, you must log out before visiting our websites. For more information, see the Facebook and Twitter, Instagram, LinkedIn and XING privacy policy statements.
Usercentrics:
Data collected:
We use the consent management service Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany ("Usercentrics"). Usercentrics is used on the website as a processor for the purpose of consent management.
The following data is collected: opt-in and opt-out data, referrer URL, user agent, user settings, consent ID, time of consent, consent type, template version, banner language.
Purposes for which the data is processed:
We use Usercentrics to comply with the legal obligations of consent storage.
Legal basis:
We use Usercentrics to comply with our legal obligation, Art. 6 para. 1 p. 1 lit. c DSGVO.
Storage period and control options:
The consent data (consent and revocation of consent) is stored for three years. The data will then be deleted immediately.
For more information, please see the Usercentrics privacy policy.
3. What data is processed when you contact us, order a newsletter and open a user account?
This sections explains what data is collected and processed when you contact us, order a newsletter or open an account; for what purposes and by which recipients it is processed; on what legal basis the data is processed; and when the data is deleted.
A. Contacting us
Data collected:
When you contact us through a contact form or via email, we collect and process the data you provide, such as your contact information, your name and your request. All data that you share with us is transmitted from your browser to our server in encrypted form.
Purposes for which the data is processed:
Data processing is performed by our customer service department or by service providers working on our behalf, exclusively on the basis of your request and in order to process that request.
Legal basis:
We process your data for the implementation of precontractual and contractual measures that are performed at your request (Art. 6 (1)(b) GDPR).
Storage period:
We store your data for as long as we need it for the specific processing purpose, or to guarantee or comply with statutory retention periods.
Transfers to third countries:
We deploy, among others, the service provider Salesforce.com (salesforce.com EMEA Limited, Company No. 05094083, registered in England; Floor 26 Salesforce Tower, 110 Bishopsgate, EC2N 4AY London; UK) for the administration of your data.
In principle Data is processed in European data centres, data mayalso be transmitted to third countries such as the USA whilst undertaking maintenance and support measures. In order to ensure that your data is adequately protected in such cases, we have obligated the service provider Salesforce Inc. to ad here to a data protection level that complies with EU law, using the corresponding EU standard contractual clauses for the transfer of personal data to processors established in third countries.
B. Customer surveys
Data collected:
For online surveys, we use the services of Netigate Deutschland GmbH, Untermainkai 27-28, 60329 Frankfurt am Main, Germany. Netigate processes the information provided by users for the sole purpose of evaluating surveys on our behalf, and as long as no personal data is requested, such as names or email addresses, it stores the information anonymously, i.e., in particular, without the users’ IP addresses. If personal data (e.g. name, mailing address, company, etc.) that goes beyond the topic of the survey is also requested in connection with the survey, we point out separately in connection with the survey that the data in question is additional, voluntarily provided data that we collect and use.
Purposes for which the data is processed:
We use Netigate to optimize our products and services and adapt them to our users’ needs.
Legal basis:
We use Netigate when you complete a questionnaire that uses this service. By submitting your answers, you give your consent.
Storage period:
For surveys with personal data, the personal data is automatically deleted after 13 months.
C. Newsletters
Data collected:
When you subscribe to our newsletter, we collect and process the data you provide, such as your name and email address.
Newsletters that contain Eloqua technologies use tracking technologies. These technologies are used to collect information about whether our emails are opened and which links you click on.
Purposes for which the data is processed:
We process the data so that we can deliver the newsletter to you.
We use the data collected through Eloqua to find out which topics are of interest to you. We then use this information to improve the emails that we send you and the services we provide, and to link them to existing tracking or profiling information.
Legal basis:
After you register for a newsletter on one or more particular topics, we process your data with your consent so that we can keep you informed about the selected topics via email, as well as sending you relevant ads. Our approach here is based on the double opt-in principle, i.e. when you order a topic newsletter on our website, we send you a confirmation email with a registration link. Only after clicking on this link will you be added to our newsletter list.
We use Eloqua with your consent.
If we have obtained your email address in connection with the sale of a product, we use it to send you information about similar products on the basis of legitimate interests (Art. 6 (1)(f) GDPR). It is in our legitimate interest to address you directly with our advertising.
Storage period:
We store your data for as long as we need it for the specific processing purpose.
4. What rights do you have and how can you exercise them?
A. Revocation of consent
If you have consented to the processing of your personal data, you can revoke that consent at any time with future effect. Note that such revocation has no effect on the legality of previous data processing, and that it does not extend to data processing for which a statutory justification exists, and which may therefore take place even without your consent.
B. Additional rights of data subjects
In addition, you have the following rights as a data subject under Articles 15 to 21 and 77 of the EU General Data Protection Regulation (GDPR), provided that the statutory requirements are met:
Information:
You can request at any time that we provide you with information as to which of your personal data we process and how, and that we provide you with a copy of the stored personal data that relates to you, Art. 15 GDPR.
Correction:
You can request the correction of incorrect personal data and the completion of incomplete personal data, Art. 16 GDPR.
Deletion:
Regarding the deletion of your personal data: Please note that the right to deletion excludes data that we require for the execution and processing of contracts, and for the assertion, exercise and defense of legal claims, as well as data for which statutory, regulatory or contractual retention requirements apply, Art. 17 GDPR.
Restriction of processing:
Under certain circumstances, you may request that processing be restricted, e.g. if you believe that your data is incorrect, that the processing of your data is unlawful, or if you have objected to the processing of your data. The result of such a request is that your data may only be processed to a very limited extent without your consent, e.g. for the assertion, exercise and defense of legal claims or to protect the rights of other natural and legal persons, Art. 18 GDPR.
Objection to data processing:
You have the option to object at any time to data processing for purposes of direct advertising. In addition, if special reasons apply, you can object at any time to data processing on the basis of a legitimate interest, Art. 21 GDPR.
Data portability:
You have the right to receive the data that you have provided to us, and that we process based on your consent or in order to fulfill a contract, in a common, machine-readable format and, to the extent that this is technically feasible, to request that this data be transmitted directly to third parties, Art. 20 GDPR.
C. How to contact us
You can exercise your rights via the following contact channels:
Haufe Group
Mr. Raik Mickler
Data protection officer
Munzinger Straße 9
79111 Freiburg (Germany)
Email: dsb@haufe-lexware.com
You can also revoke your consent to receive the newsletter at any time by clicking the corresponding link in each newsletter.
D. Right of appeal to a regulatory authority
If you believe, for example, that our data processing is unlawful or that we have not protected the rights described above to the required extent, you have the right to file a complaint with the competent data protection authority.
Revision: March 2021