Data protection information
We, as the operator of the Websites https://dserv.de/en/ and https://ci-book.de/en/ (individually or together referred to as „Website“ or „Websites) are responsible, within the meaning of the applicable data protection laws, with specific reference to the General Data Protection Regulation (“GDPR”), for the personal data of the user ("you") of these Websites. In the following, we inform you in a clear manner, within the scope of our information obligations (Art. 13 et seq. GDPR) about which data is processed when you visit our Websites and on which legal basis this is done. You will also receive information about the rights you have vis-à-vis us and vis-à-vis the competent supervisory authority.
1. About the data controller
d-serv GmbH
Egeriaplatz 1
72074 Tuebingen
Germany
Telephone: +49 7071 795680
Telefax: +49 7071 7956833
E-mail: company@dserv.de
2. Informational use of our Website
When you call up our website merely to visit it, so-called log files are processed and automatically recorded by our system. Following log files are automatically processed:
- Used internet browser and its version
- Used operating system and corresponding device class (smartphone, tablet or desktop)
- Address of the website you came from
- Address(es) of the retrieved files
- Amount/scope of data sent
- Name of your Internet service provider
- Host name of the accessing computer
- Date and time of server request/retrieval
- Shortened IP address (network address)
The log files contain your IP address, but it will be shortened prior to storing it. So, it is not possible to link it to you and your data will also not be stored together with other personal data. The short-term processing of your data for anonymization purposes is necessary to provide our website. This purpose is also our legitimate interest to process your data on the legal basis of Art. 6 para. 1 sentence 1 lit. f GDPR.
Encryption: For security reasons and to protect the transmission of confidential content that you send to us as website operator, our websites use SSL- or TLS-based encryption. You can recognize an encrypted connection, for example, by the fact that the address bar of the browser displays "https://" and the lock symbol. If encryption is active, transmitted data cannot be read by third parties.
External website hosting: Our websites are operated on the servers of the provider Raidboxes GmbH, Hafenstraße 32, 48153 Münster. This means that the data we collect when you visit this Website is stored by our hoster. The legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. f GDPR, as it is in our legitimate interest to use the services of a professional provider for the secure and efficient provision of our Website. We have entered into a so-called order processing agreement with Raidboxes in accordance with Art. 28 GDPR.
3. Contact and registration form
You can contact us electronically via our contact form, for example to give us feedback, to send inquiries about the services we offer or to ask us general questions. Or you can register for our ci-book™ trial access. If you use these options, you will transmit the following data to us:
- Name (to address you and for abuse prevention purposes)
- Email address (to contact you)
- Phone (optional)
- Your message to us (optional)
If you contact us via the contact form, we use a tool from Pipedrive on our website; See below, point 6.1. If you register for our ci-book™ trial access, we will send you a confirmation email to verify your identity. This is to ensure that only you have sent the contact request. To send this verification email, we use the email sending tool of Mailgun Technologies Inc, Inc. 112 E Pecan St #1135 San Antonio, Texas 78205, USA ("Mailgun"). Your personal data is stored on servers in the EU. In case of processing of personal data in third countries, Mailgun relies on so-called standard contractual clauses, which are part of the processing agreement concluded with Mailgun. See more at: https://www.mailgun.com/legal/dpa/ The body of the verification email is stored by Mailgun for up to seven days. Message metadata (e.g. sender, recipient, subject, IP address) is stored by Mailgun for a period of up to 30 days. Personal data of e-mail recipients is stored by Mailgun in pseudonymized form. The legal basis for processing your data for the purpose of processing your contact is Art. 6 para. 1 sentence 1 lit. f GDPR. It is our legitimate interest to process your data transmitted to us for contacting you and to verify your identity before contacting you in order to counteract cases of abuse. The data will be stored until they are no longer required to achieve the purpose of the conversation with you and the concern of your contact has been comprehensively clarified. If your contact request aims to conclude a contract with us, the additional legal basis for the processing of your personal data is Art. 6 (1) sentence 1 lit. b GDPR. This data is stored for as long as it is required for the execution of the contract or the pre-contractual measures. Beyond that, we only store your data in order to comply with legal obligations (e.g. tax obligations) (Art. 6 para. 1 sentence 1 lit. c GDPR). In addition to the data you provide to us, we store the time (date and time) of transmission of your data to us, as well as your IP address. The processing of this data corresponds to our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) to ensure the security of our systems and to counteract misuse. This data, which we additionally collect during your contact, will be deleted as soon as it is no longer needed, at the latest when the matter of your contact has been comprehensively clarified. You can inform us at any time (see point 1 above) that you would like us to delete the data provided during the conversation. In this case, all personal data of the conversation will be deleted, if permissible, and a continuation of the conversation is not possible.
4. Contacting us by email, fax or telephone
You have the possibility to contact us by email, fax or telephone. Your personal data transmitted in this way will be stored by us. The data will be processed exclusively in order to handle your contact. The legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. f GDPR. The data will be stored until it is no longer required to achieve the purpose of the conversation with you and the concern of your contact has been comprehensively clarified. If your contact aims to conclude a contract with us, the additional legal basis for the processing of your personal data is Art. 6 (1) sentence 1 lit. b GDPR. This data is stored for as long as it is required for the execution of the contract or the pre-contractual measures. Beyond that, we only store your data in order to comply with legal obligations (e.g. tax obligations) (Art. 6 para. 1 sentence 1 lit. c GDPR). In addition to the data that you voluntarily provide to us, we may receive the time (date and time) of transmission of your data to us, as well as your IP address. The processing of this data corresponds to our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) to ensure the security of our systems and to counteract misuse. This data, which we additionally collect during your contact, will be deleted as soon as it is no longer needed, at the latest when the matter of your contact has been comprehensively clarified. You can inform us at any time (see point 1 above) that you would like us to delete the data provided during the conversation. In this case, all personal data of the conversation will be deleted, if permissible, and a continuation of the conversation is not possible.
5. Links to social networks
On our website, we use small icons and other links, each of which refers to our web presence on third-party platforms (LinkedIn, Twitter and YouTube). These are hyperlinks in each case, so no data is transferred from you automatically, but only when you click on the icons or the corresponding link and a new window opens in your browser with the website of the third-party provider.
5.1 LinkedIn
We operate an internet presence on the social media portal LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter "LinkedIn")), which we link to on our website via the LinkedIn icon. As long as you do not click on the link, LinkedIn does not receive any data from you. If you click on the link, for example to view our website on LinkedIn, LinkedIn will receive data from you (which data LinkedIn receives also depends on whether you are logged in to LinkedIn with your user profile while you click on the page or not). In addition, LinkedIn uses so-called cookies, which are stored on your end device when you visit our company site, even if you do not have your own LinkedIn profile or are not logged into it during your visit to our company site. These cookies allow Linkedin to provide its own services, to determine the performance of the services and to display relevant ads (including job ads) within and outside of LinkedIn. Cookies remain on your terminal device until you delete them. More information about the cookies used by LinkedIn can be found at https://www.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy According to its own information, LinkedIn uses this data for a wide variety of purposes and transmits it to a wide variety of recipients, including those not located within the EU. LinkedIn relies on various legal bases for this data processing, which you can find in LinkedIn's privacy policy. The privacy policy can be found at the following link: https://www.linkedin.com/legal/privacy-policy While LinkedIn uses this data under its own responsibility for various purposes, we can only see aggregated data on our LinkedIn website, i.e. statistics that no longer have any personal reference. These are called "Page Insights." You can find more information about "Page Insights" on the corresponding information page of LinkedIn at https://www.linkedin.com/help/linkedin/answer/a547077/linkedin-page-analytics-overview?lang=uk In addition, if you decide to become a follower when visiting our LinkedIn website, we also receive your name and position in the company according to the information in your LinkedIn user profile, as well as the time at which you became our follower. According to the requirements of the GDPR, we are jointly responsible with LinkedIn for data processing on our LinkedIn website (Art. 26 GDPR). Accordingly, we have entered into an agreement with LinkedIn, provided by LinkedIn, which governs this joint responsibility. You can find the agreement at the following link: https://legal.linkedin.com/pages-joint-controller-addendum As a result, LinkedIn is primarily responsible for the aggregated Insight Data. In addition, LinkedIn will comply with all obligations under the GDPR with respect to the processing of Insight Data (including, but not limited to, Articles 12 -22 GDPR and Articles 32-34 GDPR). If you send us a request regarding our LinkedIn website, we will inform LinkedIn in a timely manner. LinkedIn will respond to the request according to our agreement. Our legitimate interests in processing personal data lie in the use and linking of different communication channels, marketing via high-reach social media platforms, and analyzing and evaluating the success of our communication and marketing efforts. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Insofar as you consent to the data processing (in particular to the setting of cookies), the processing is also based on Art. 6 para. 1 sentence 1 lit. a GDPR. If you use our LinkedIn presence to contact us (for example, by creating your own posts, responding to one of our posts or by sending us private messages), we process the data you provide exclusively to process your contact request. The legal basis for the processing of your personal data is thus Art. 6 para. 1 sentence 1 lit. f GDPR. It is our legitimate interest to process your data transmitted to us in order to contact you. The data will be stored until they are no longer required to achieve the purpose of the conversation with you and the matter of your contact has been comprehensively clarified. You can inform us at any time (see point 1 above) that you would like us to delete the data provided during the conversation. In this case, all personal data of the conversation will be deleted, if permissible, and a continuation of the conversation is not possible.
5.2 Mastodon
We operate an internet presence on the social media portal Mastodon (Mastodon.Business, operated by Ossrox UG (haftungsbeschränkt), Otto-von-Guericke-Str. 40a, 39104 Magdeburg, Germany (hereinafter referred to as ‘Mastodon.Business’)), which we link to on our website. As long as you do not click on the link, Mastodon.Business will not receive any data from you. If you click on the link, for example to view our company presence on Mastodon.Business, Mastodon.Business will receive data from you (which data Mastodon.Business receives also depends on whether you are logged in to Mastodon.Business with your user profile while you click on the page or not). Mastodon.Business also uses so-called cookies, which are stored on your end device when you visit our company website, even if you do not have your own Mastodon.Business profile or are not logged into it during your visit to our company website. These cookies allow Mastodon.Business to use tracking tools, among other things. Cookies remain on your end device until you delete them. You can find more information about the cookies used by Mastodon.Business at https://mastodon.business/privacy-policy You can find an overview of this in Mastodon.Business's privacy policy at the same link shown above. Our legitimate interests in the processing of personal data lie in the use and linking of different communication channels, marketing via high-reach social media platforms, and the analysis and evaluation of the success of our communication and marketing efforts. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Insofar as you consent to data processing (in particular the setting of cookies), processing is also based on Art. 6 para. 1 sentence 1 lit. a GDPR. If you use our Twitter presence to contact us (for example, by creating your own posts, responding to one of our posts or by sending us private messages), we process the data you provide exclusively to process your contact. The legal basis for the processing of your personal data is in this respect Art. 6 para. 1 sentence 1 lit. f GDPR. It is our legitimate interest to process your data transmitted to us in order to contact you. The data will be stored until they are no longer required to achieve the purpose of the conversation with you and the matter of your contact has been comprehensively clarified. You can inform us at any time (see point 1 above) that you would like us to delete the data provided during the conversation. In this case, all personal data of the conversation will be deleted, if permissible, and a continuation of the conversation is not possible.
6. Use of service providers
We would like to point out that when processing your personal data, we may use service providers with whom we have concluded processing agreements (e.g. for website hosting). If processors in a third country (not within the EU) perform the data processing, we ensure that the level of protection of your data guaranteed by the GDPR is not undermined (Art. 44 et seq. GDPR). The legal basis for the use of service providers is Art. 6 para. 1 sentence 1 lit. f GDPR. The engagement of service providers (specialists or other service providers in areas that we cannot serve ourselves) is in our legitimate interest. If you would like to receive a copy of the appropriate or adequate safeguards, please let us know (see section 1 above)
There is currently no use of service providers (as at 05/11/2024)
7. Analytics and tracking
We have invested a great deal of effort on our part to reduce the analysis and collection of data to the minimum relevant for business purposes and product development. For the purpose of measuring reach and evaluating preferred web pages or contributions on our websites and for use within our web-based product demonstrations, for example at enterprise.ci-book.de, access data is collected anonymously without the use of cookies and evaluated with the help of the application Plausible. Plausible is not used by us as a service, but as an open source solution and is hosted on a server at Amazon Web Services EMEA SARL, Luxembourg. More information about Plausible can be found at: https://plausible.io/privacy-focused-web-analytics/ and https://plausible.io/data-policy/
8. Your Rights
If we process your data, you are a "data subject" within the meaning of the GDPR. You have the following rights: right of access, right to rectification, right to restriction of processing, right to erasure, right to information and right to data portability. In addition, you have a right to object and a right to withdraw consent and the right to lodge a complaint with a supervisory authority. Below you will find some details about the individual rights:
8.1 Right of access
You have the right to request confirmation from us as to whether we are processing your personal data. If we process your personal data, you have the right to obtain information in particular about processing purposes, categories of personal data, recipients or categories of recipients, storage period, if applicable.
8.2 Right of rectification
You have the right to have the data we have stored about you corrected and/or completed if this data is incorrect or incomplete. We will carry out the correction or completion without delay.
8.3 Right to restrict processing
Under certain circumstances, you have the right to demand that we restrict the processing of your personal data. An example of this is if you dispute the accuracy of your personal data and we need to verify the accuracy for a certain period of time. For the duration of the verification, your data will only be processed in a restricted manner. Another example of restriction is that we no longer need your data, but you need it for a legal dispute.
8.4 Right to erasure
In certain situations, you have the right to request that we delete your personal data immediately. This is the case, for example, if we no longer need your personal data for the purposes for which we collected the data or if we have processed your data unlawfully. Another example would be if we process your data based on your consent, you revoke your consent and we do not process the data based on any other legal basis. However, your right to erasure does not always exist. For example, we may process your personal data to comply with a legal obligation or because we need it for a legal dispute.
8.5 Right to be informed
If you have exercised your right to rectify, erase or restrict the processing of your data, we are obliged to notify all recipients to whom we have disclosed your personal data of the rectification, erasure or restriction of the processing of your data, unless this proves impossible or involves a disproportionate effort.
8.6 Right to data portability
Under certain conditions, you have the right to receive the personal data you have provided to us in a structured, common and machine-readable format and the right to have this data transferred to another controller. This is the case if we process the data either on the basis of your consent or on the basis of a contract with you and that we process the data using automated processes. In this context, you have the right to obtain that we transfer your personal data directly to another controller, insofar as this is technically feasible and the freedoms and rights of other persons are not thereby impaired.
8.7 Right to object
You have the right to object at any time to the processing of your personal data based on Article 6 para. 1 sentence 1 lit. e or lit. f GDPR for reasons arising from your particular situation. This also applies to profiling based on these provisions. We will no longer process your personal data after an objection, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing. This also applies to profiling, insofar as it is related to direct advertising. If you object to the processing of your personal data for direct marketing purposes, we will no longer process them for these purposes.
8.8 Right to withdraw consent
Pursuant to Art. 7 para. 3 GDPR, you have the right to revoke your consent at any time. The revocation of consent does not retroactively invalidate the lawfulness of the processing.
8.9 Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy. In particular, you may exercise your right to lodge a complaint in the Member State of your residence, your place of work or the place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR. You can find an overview of the respective data protection commissioners of the federal states as well as their contact details under the following link: https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html
9. Validity and last amendment of these data protection provisions
Version: August 2022; updated in November 2024.
Cookie-Policy
We have invested a great deal of effort to avoid the use of cookies. Should we or required third-party services nevertheless need to set cookies, the following information applies.
Important notice
You can ensure yourself that no cookies are stored on your computer at all, or that the storage of only certain cookies is permitted. You can select this in your Internet browser settings. You can also view and delete the stored cookies there. Cookies are data records or information that are sent by the web server to the visitor's browser when visiting a website and are stored by the browser on the visitor's end device (computer, smartphone, or similar) for later retrieval. A cookie therefore enables the visitor's Internet browser to be identified when he or she calls up the website again. There are session cookies, which are cookies that are deleted when the browser is closed, and there are persistent cookies, which are stored on the hard drive until their preset expiration date is reached or until they are actively removed by the visitor. Some of the cookies that you may find on websites come from third parties that help the website operator to analyze the impact of its website content and the interests of its visitors, to measure the performance of its website or to place tailored advertising and other content on its or other websites. Websites may use both first party cookies (only visible from the domain one is visiting) and third party cookies (visible across domains and regularly set by third parties).
In this context, the following types of cookies may be set:
Technically necessary cookies: these are mandatory in order to navigate the website, use basic functions and ensure the security of the website; they do not collect information about the visitor for marketing purposes, nor do they store which web pages the visitor has visited. The legal basis for setting technically necessary cookies is Section 25 para. 2 TTDSG and, if personal data is contained in the cookies, Article 6 para. 1 sentence 1 lit. f GDPR. Optional cookies: These are so-called analysis and marketing cookies. Analysis cookies collect information about how a visitor uses a website, which pages he visits and, for example, whether errors occur during website use. Marketing cookies are used to display tailored advertisements on the website or third-party offers to the visitor and to measure the effectiveness of the website operator's offers. These are cookies that are not technically necessary. The legal basis for the setting of these cookies is the consent of the visitor pursuant to Section 25 para. 1 TTDSG and, if personal data is contained in the cookies, Article 6 para. 1 sentence 1 lit. a GDPR
Possibility of revocation and removal
As communicated in the introduction to this section, you can enable or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been stored by your internet browser can be deleted there at any time. If cookies are restricted or disabled for our website, it may not be possible to use all functionalities
1. Technically necessary cookies:
We currently do not set any technically necessary cookies on our Websites.
2. Optional Cookies:
We currently do not set any optional cookies on our Websites.
3. Validity and last amendment of this Cookie-Policy:
Version: August 2022; updated in November 2024.