Data Protection Statement

Thank you very much for your interest in our company CloudLab Sales & Management GmbH. Data protection is important to us. Hence, in this data protection statement we will explain to you how we collect and process individual-related data (short: “personal data“, i.e. data relating to an identified or identifiable person, like for example name, address, nationality, e-mail addresses, interests and hobbies, user behavior on websites). This data protection statement is based on the EU General Data Protection Regulation (short: “GDPR”).

1. Person in charge, data protection officer and representative

(1) Responsible under data protection law is CloudLab Sales & Management GmbH.
(2) The contact details of the external data protection officer are as follows:
Adrian Bettag
Adrian.bettag@bdo.li
Tel: +4232382043
(3) Our representative in the EEA/EU region can be contacted under:
Sara Risch
Sara.risch@bdo.li
Tel: +4232382037

2. Collection of personal data and purposes of data processing

(1) The processing of personal data is primarily limited to personal information obtained from our customers, our cooperation partners or other persons involved in connection with our services and products or data collected from the users on our websites, in our apps or other application.
(2) In particular, case-specifically and depending on the purpose (see below) we collect the following personal data from you:
  • Salutation / title
  • First name, last name
  • Gender
  • Adress
  • E-mail adress
  • Phone number(s)
  • Date of birth
  • Nationality
  • Hobbies / personal interests
  • Tax ID number
  • Bank data
  • IP adress
  • Company affiliation
(3) Furthermore, insofar as permitted and advisable, we case-specifically obtain and process additional data from publicly accessible sources (e.g. land register, trade register, media, internet, World-Check) or, where appropriate, receive such data from other group companies, from authorities and institutions, from your personal environment (like family, legal adviser) or from other third parties.
(4) This data is required, in particular, for the following purposes:
  • in order to identify you as our customer, cooperation partner or service provider or as a user of our websites, online services and apps
  • for correspondence with you
  • to ensure compliance with our due diligence obligations
  • for compliance with other statutory provisions
  • for conclusion and execution of service contracts
  • for conclusion and execution of purchase and sales contracts, e.g. for the purchase of products from suppliers or sales to interested parties
  • for invoicing
  • for rendering of additional services of our company or possibly in cooperation with third parties
  • in order to be able to provide the best possible and custom-tailored services for you and for further development of our service and product offerings
  • for communication with third parties (e.g. the media)
  • for the evaluation and answering of applications
  • for promotion and marketing of our services and products (unless you have objected to the use of your data for this purpose)
  • for the assertion of legal claims or in order to defend our position in general
  • in order to ensure operation of our company in general (e.g. IT, websites, apps)
  • for video surveillance as a security element for access management (incl. visitor lists and other access control)
  • for the safeguarding of other safety aspects
(5) We shall only process your personal data provided that we have a statutory or contractual basis for this or if data processing is required for the performance of a task of public interest or in the exercise of public authority. Apart from this, we shall only process data if you previously consented to this processing and haven’t revoked your consent. Or if a legitimate interest on our part prevails (e.g. continuation of the delivery of newsletters to existing customers, provided that also consent to this hasn’t been revoked). Consent can be revoked at any time.

3. Recipients of personal data and data transfer abroad

(1) We disclose your personal data to recipients or third parties only within the framework of the purposes described above, as far as permitted and appropriate. In particular, these may include:
  • Group companies
  • Service companies such as banks, asset management companies, insurance companies, IT providers, printing companies
  • Customers on our end
  • Suppliers, dealers, transport companies, subcontractors or other cooperation partners
  • Authorities, government institutions, courts
  • Associations, institutions of public interest
  • Media, press offices
(2) Such data disclosure is based either on a legal obligation (e.g. data transmission in the course of the automatic exchange of information), a contract performance (e.g. asset managers abroad), your consent, a public interest or a legitimate interest on our part, unless your interests or fundamental rights and freedoms regarding the protection of personal data legally prevail.
(3) Recipients may be located at home or abroad. In particular, we inform you that we exchange personal information between our group companies or transmit personal data to countries in which service companies are located from which we obtain services (e.g. Microsoft, SAP, Google, etc.).
In the case of recipients outside our company in the EU/EEA region or in countries with recognized data protection adequacy (e.g. Switzerland), we shall ensure the protection of your data by, where necessary and appropriate, entering into so-called contract data processing agreements – .
Should we transmit personal data to third countries which lack appropriate statutory data protection, we shall ensure an adequate level of protection in accordance with legal requirements, for example based on EU standard contractual clauses or other instruments (e.g. Binding Corporate Rules, US Privacy Shield).

4. Use of our website

In addition to the above mentioned, we inform you about the use of our websites, the use of cookies, analytics / tracking or other technologies as follows:
(1) During mere informational use of the website (i.e. if you don’t sign up or register as a user of our website or otherwise provide us with any information) we do not collect personal data, with the exception of any data your browser may transmit in order to enable you to visit the website, which may in particular include the following personal data:
  • IP adress
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Access status/HTTP status code
  • Amount of data transferred
  • Website from which the request comes
  • Browser used
  • Operating system and its interface
  • Language and version of the browser software
(2) Our website uses so-called cookies. These are small text files which are stored on your end device by the browser. Cookies do no harm.
We only use them to make our offer more user-friendly. Some cookies remain stored on your end device until you delete them. They enable us to recognize your browser next time you visit.
If you do not want this, you can set up your browser to inform you about the placing of cookies and enable you to only allow this in individual cases. However, we should point out that in this case you might not be able to make full use of all the functions of our website.

5. Use of other web services

5.1 Google Analytics
On our websites we use Google Analytics. Google Analytics is a web analysis service provided by Google Inc. in the USA which uses cookies. Web analysis means the collection, analysis and evaluation of data about the behavior of users of internet pages. A web analysis service collects data on, for example, the web page from which an affected person came to a website, which sub-pages of a page were accessed or how often and for how long a sub-page was viewed. This kind of web analysis is mainly utilized to optimize a website and for the cost-benefit-analysis of internet advertisements.
The purpose of Google Analytics is to analyze the flow of visitors on our website. Google uses the obtained data and information, among other things, to evaluate the use of our website, to compile online reports for us, which point up the activity on our website, and to provide further services in connection with the use of our website. Google may combine data on your behavior on other websites you visited. If you are a registered customer of Google, Google will recognize you accordingly. Thereupon, the further processing of personal data is subject to the data protection regulations of Google. Cookies are used to store personal information, for example the time of access, the location from which a page was accessed and the frequency of site visits by the person concerned. With every visit to our internet sites, this personal data, including the IP address of the internet connection used by the person concerned, is transmitted to Google in the USA. Google may under certain circumstances disclose personal data collected through this technical process to third parties.
The person concerned can prevent the placing of cookies by our websites, as illustrated above, at any time by means of a corresponding setting in the internet browser used and thus permanently object to the placing of cookies. Such setting in the internet browser used can also prevent Google from placing cookies on your device (e.g. computer, notebook, tablet). Additionally, a cookie already placed by Google Analytics via an internet browser or other software program can be deleted at any time.
For further information, please get in touch directly with Google, in particular under the following links:
5.2 Google Adwords
Google AdWords has been integrated by the controller on this website. Google AdWords is an internet advertising service that allows advertisers to place ads in the search engine results of Google as well as in Google’s advertising network. Google AdWords allows advertisers to predefine certain keywords, with the aid of which an ad is only displayed in Google’s search engine results if the user retrieves a keyword-relevant search result from the search engine. In the Google advertising network, ads are distributed on websites relevant to the topic according to an automatic algorithm and under consideration of the predefined keywords.
Operating company of the Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is the promotion of our website by means of displaying interest-based advertisements on the websites of third-party companies and in search engine results of the Google search engine as well as displaying of third-party advertising on our own website.
If a person concerned is redirected to our website via a Google ad, Google places a so-called conversion cookie on the information-technological system of the person concerned. A general explanation on cookies and their use was already given above. A conversion cookie expires after thirty days and is not used to identify the person concerned. Provided the conversion cookie hasn’t expired yet, it enables us to track whether specific sub-pages of our website, for example the shopping cart of an online shop system, have been visited. The conversion cookie allows for both Google and us to comprehend whether a person concerned who was redirected to our website via an AdWords ad did generate a revenue, i.e. whether the person has made or canceled a purchase.
Google uses the data and information obtained by means of the conversion cookie to generate visitor statistics for our website. We then use these visitor statistics to calculate the total number of users who have been redirected to our website via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad in order to optimize our AdWords ads for the future. Neither our company nor other advertising clients of Google AdWords receive any information from Google by means of which the person concerned could possibly be identified.
By means of conversion cookies, personal information, for example the websites visited by the person concerned, is saved. With each visit to our internet sites, personal data, including the IP address of the internet connection used by the person concerned, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may under certain circumstances disclose personal data collected through this technical process to third parties.
The person concerned can prevent our website from placing cookies at any time, as explained above, by selecting a corresponding setting in the internet browser used and by doing so permanently object to the placing of cookies. Such setting in the internet browser used would also prevent Google from placing a conversion cookie on the information-technological system of the person concerned. Furthermore, a cookie already placed by Google AdWords can be deleted at any time via the internet browser or other software programs.
The person concerned has the option to object to Google’s interest-based advertising. In order to do so, the person concerned has to call up the link www.google.de/settings/ads from every internet browser they use and select the desired settings there.
Further information as well as Google’s applicable data protection regulations can be viewed here.
5.3 Google Fonts

Use of Google Fonts:
Google Fonts is a service of Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) that grants us access to a font library; we use these fonts to design our website. To integrate the fonts we use, your browser must connect to a Google server in the USA and download the font required for our website. Google receives the information that our website has been accessed from your IP address. For more information about Google Fonts, please see Google’s privacy policy, which you can access here.

5.4 Newsletter

On the website of CloudLab Sales & Management GmbH users have the opportunity to sign up for the newsletter of our company. Which personal data exactly is transmitted to the controller upon subscription to the newsletter depends on the input mask used for this purpose.
CloudLab Sales & Management GmbH periodically informs their customers and business partners about company offers by way of a newsletter. The newsletter sent out by our company can categorically only be received by the respective person if (1) the respective person has a valid e-mail address and (2) the respective person signs up for our newsletter. For legal reasons, a confirmation e-mail is sent to the e-mail address provided for the newsletter dispatch by the person concerned using the double opt-in procedure. This confirmation e-mail is used to check whether the owner of the e-mail address as the person concerned authorized the receipt of the newsletter.

Upon subscription to the newsletter we also store the IP address assigned by the internet service provider (ISP) for the computer system used by the person concerned at the time of subscription as well as the date and time of registration. Collection of this data is necessary in order to enable us to retrace (possible) misuse of the e-mail address of a person concerned at a later date and thus serves as a legal safeguard for the controller.
The personal data collected as part of a newsletter subscription is used exclusively for the dispatch of our newsletter. Furthermore, subscribers to the newsletter may also be informed by e-mail should this be necessary for the operation of the newsletter service or the registration for this service, as might be the case in the event of modifications to the newsletter offer or changes in the technical circumstances. None of the personal data collected in the context of the newsletter service is disclosed to third parties. The newsletter subscription can be terminated by the person concerned at any time. Consent to the storage of personal data for the dispatch of the newsletter granted by the person concerned can be revoked at any time. For the purpose of revoking this consent, a corresponding link can be found in every newsletter. It is also possible to unsubscribe from the newsletter at any time, directly on the website of the controller or by means of informing the controller in any other suitable manner.
5.5 Tracking services
The newsletters of CloudLab Sales & Management GmbH contain so-called tracking pixels. Tracking pixels are miniature graphics embedded in e-mails sent in HTML format in order to enable a log file recording and a log file analysis. This way, a statistical evaluation of the success or failure of online marketing campaigns can be carried out. The embedded tracking pixels allow CloudLab Sales & Management GmbH to detect whether and when an e-mail was opened by a person concerned and which of the links in the e-mail were clicked by the person concerned.
Such personal data collected via the newsletter tracking pixels will be stored and interpreted by the controller in order to optimize the newsletter distribution and further adjust the content of future newsletters to the interests of the person concerned. This personal data is not disclosed to third parties. Persons concerned shall be entitled to revoke any declaration of consent given in this regard via the double opt-in procedure at any time. Upon revocation this personal data shall be deleted by the controller. If a person unsubscribes from the newsletter, CloudLab Sales & Management GmbH shall automatically interpret this as a revocation.
5.6 Other web services

For the use of other online services, like for example social media (XING, LinkedIn, Facebook, Slack, etc.), YouTube, Vimeo, etc., in addition to the EU General Data Protection Regulation, which is to be observed as predominant, the providers’ own data protection statements, which are available on the respective websites of the providers, are applicable.
We publish videos on You Tube. Hence, You Tube’s «Community-Richtlinien», in which also their data protection agreement can be found, are applicable as well.

6. Data protection for applications and in the application process

We collect and process personal data of applicants for the purpose of handling application processes. Processing can be done on paper or electronically via e-mail or by filing in a web form. If an employment contract is concluded with an applicant, the personal data received will be processed under consideration of legal provisions for the purpose of execution of the employment relationship. Otherwise, the application documents shall be deleted three months after rejection, given that deletion does not oppose any legitimate interests on our part, for example in the context of a burden of proof concerning equality of treatment.

7. Storage period

We strictly only retain your personal data for as long as necessary for the purpose for which it was collected in accordance with this data protection statement. However, in certain cases we may be legally required to store data over a longer period of time. In this case we will ensure that your personal data is treated in accordance with this data protection statement throughout this entire period.

8. Your rights

(1) You have the right, at any time and free of charge, to request information about the personal data stored about you and its origin, recipients or categories of recipients, to which this personal data is disclosed as well as the purpose of storing.

(2) You also have the right to request at any time that we correct, delete or limit the processing of your personal data. Furthermore, you have the right to data portability.
(3) You also have the right to object to the processing of your data by us at any time.
(4) If you have previously consented to the use of personal data, you can revoke this consent at any time without having to justify this revocation.
(5) Furthermore, you have the right to complain directly to the Office of the Federal Commissioner for Data Protection and Information Security in Bonn or Berlin.
(6) Should you wish to exercise the above mentioned rights, please contact the address given in paragraph 1.

9. Data security

We rely on current technical measures to ensure data security, in particular to protect your personal information against potential risks during data transfer as well as against disclosure to third parties. These measures are adjusted according to the current state of the art.

10. Amendments

In the course of further technical development of our service offer and in accordance with statutory regulations we will constantly update our data protection statement as well. All changes and amendments to this data protection statement will be published on our website. Please read the currently valid version of this data protection statement regularly. Subject to applicable law, any changes to the data protection statement shall become effective as soon as the updated data protection statement is published. Should we already have collected data about you and/or be subject to a legal duty to inform, we will also notify you about any significant changes of our data protection statement and ask you for your consent should this be required by law.

Version: 13.06.2018