Privacy Policy

Privacy Policy

We are delighted that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to take this opportunity to inform you about which of your personal data we collect when you visit our website and for what purposes it is used.

This privacy policy applies to our website, which can be accessed under this domain and the various subdomains (“our website”).

Objection to advertising emails

We hereby object to the use of contact data published in the imprint, the privacy policy, and other contact data published on the website for the purpose of sending unsolicited advertising and information materials. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, for example through spam emails.

Who is responsible and how can I contact them?

Responsible for the processing of personal data within the EU General Data Protection Regulation (GDPR)

Smart Reporting GmbH

Erika-Mann-Straße 69

80636 Munich

Data protection officer

Stephan Krischke, privacy@jacobian.com

What is this about?

This privacy policy meets the legal requirements for transparency in the processing of personal data. This includes all information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address, or user behavior when visiting a website. Information that we cannot relate to your person (or only with disproportionate effort), e.g., through anonymization, is not personal data. The processing of personal data (e.g., collection, retrieval, use, storage, or transmission) always requires a legal basis and a defined purpose.

Stored personal data will be deleted as soon as the purpose of processing has been achieved and there are no legitimate reasons for further storage of the data. We will inform you about the specific storage periods or criteria for storage in the individual processing operations. Irrespective of this, we store your personal data in individual cases for the assertion, exercise, or defense of legal claims and in the event of statutory retention obligations.

Who receives my data?

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only pass on your personal data to third parties if:

§ you have given us your express consent to do so in accordance with Art. 6 (1) (a) GDPR,

§ the transfer is permissible under Art. 6 (1) lit. f GDPR to safeguard our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,

§ if there is a legal obligation to disclose the data under Art. 6 (1) lit. c GDPR, and

§ this is legally permissible and necessary for the performance of contractual relationships with you pursuant to Art. 6 (1) (b) GDPR.

To protect your data and, if necessary, enable us to transfer data to third countries (outside the EU/EEA), we have concluded agreements on order processing based on the standard contractual clauses of the European Commission. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 (1) (a) GDPR may serve as the legal basis for the transfer to third countries. This does not apply to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

Within the scope of the processing operations described in this privacy policy, personal data may be transferred to the USA. US investigative authorities may require US companies to disclose personal data without the data subjects being able to take effective legal action against this. This means that there is a possibility that your personal data may be processed by US investigative authorities. We have no influence on these processing activities. Data transfer to the US is carried out in accordance with Art. 45 (1) GDPR based on the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified under the EU-US Data Privacy Framework (EU-US DPF). In cases where no adequacy decision by the European Commission exists (including US companies that are not certified under the EU-US DPF), we have agreed on other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR. Unless otherwise specified, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE. If the standard contractual clauses are not sufficient to establish an adequate level of security or if it is not possible to conclude the standard contractual clauses, your consent pursuant to Art. 49 (1) (a) GDPR may serve as the legal basis for the transfer.

Do you use cookies?

Cookies are small text files that we send to your device's browser and store there when you visit our website. As an alternative to using cookies, information can also be stored in your browser's local storage. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to perform various analyses so that, for example, we can recognize the browser you are using when you visit our website again and transmit various information to us (non-necessary cookies). Cookies enable us, among other things, to make our website more user-friendly and effective for you by tracking your use of our website and determining your preferred settings (e.g., country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your device. They cannot execute programs or contain viruses.

We provide information about the respective services for which we use cookies in the individual processing operations. Detailed information about the cookies used can be found in the cookie settings or in the Consent Manager of this website.

What rights do I have?

Under the conditions of the legal provisions of the General Data Protection Regulation (GDPR), you as the data subject have the following rights:

§ Information pursuant to Art. 15 GDPR about the data stored about you in the form of meaningful information about the details of the processing and a copy of your data;

§ Rectification pursuant to Art. 16 GDPR of incorrect or incomplete data stored by us;

§ Deletion pursuant to Art. 17 GDPR of the data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;

§ Restriction of processing in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed, the processing is unlawful, we no longer need the data and you refuse to have it deleted because you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR.

§ Data portability pursuant to Art. 20 GDPR, insofar as you have provided us with personal data within the scope of consent pursuant to Art. 6 (1) (a) GDPR or based on a contract pursuant to Art. 6 (1) (b) GDPR and this has been processed by us using automated procedures. You will receive your data in a structured, commonly used, and machine-readable format, or we will transmit the data directly to another controller, insofar as this is technically feasible.

§ Objection pursuant to Art. 21 GDPR to the processing of your personal data, insofar as this is based on Art. 6 (1) (e), (f) GDPR and there are reasons for this arising from your particular situation, or the objection is directed against direct marketing. The right to object does not apply if there are compelling legitimate grounds for the processing or if the processing is for the establishment, exercise, or defense of legal claims. If the right to object does not apply to individual processing operations, this will be indicated there.

§ Revocation pursuant to Art. 7 (3) GDPR of your consent with effect for the future.

§ Complaint pursuant to Art. 77 GDPR to a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace, or our company headquarters.

How is my data processed in detail?

Below, we provide information about the individual processing operations, the scope and purpose of data processing, the legal basis, the obligation to provide your data, and the respective storage period. There is no automated decision-making in individual cases, including profiling.

Provision of the website

Type and scope of processing

When you visit and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

§ IP address of the requesting computer

§ Date and time of access

§ Name and URL of the file accessed

§ Website from which access is made (referrer URL)

§ Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

Our website is not hosted by us, but by a service provider who processes the data on our behalf in accordance with Art. 28 GDPR.

Purpose and legal basis

The processing is carried out to protect our overriding legitimate interest in displaying our website and ensuring security and stability based on Art. 6 (1) lit. f GDPR. The collection of data and storage in log files is essential for the operation of the website. There is no right to object to the processing due to the exception under Art. 21 (1) GDPR. Insofar as further storage of the log files is required by law, processing is carried out based on Art. 6 (1) lit. c GDPR. There is no legal or contractual obligation to provide the data, but it is technically impossible to access our website without providing the data.

Storage period

The data is stored for the duration of the website display and, for technical reasons, for a maximum of 7 days thereafter.

Contact form

Type and scope of processing

When you contact us (e.g., via contact form or email), personal data is collected. The data collected in the case of a contact form can be seen in the respective contact form. In addition, you can voluntarily provide additional information that you consider necessary for processing the contact request.

When you contact us, your personal data will not be passed on to third parties.

Purpose and legal basis

Your data is processed for the purpose of communicating and processing your request based on your consent in accordance with Art. 6 (1) (a) GDPR. If your request relates to an existing contractual relationship with us, the processing is carried out for the purpose of fulfilling the contract based on Art. 6 (1) (b) GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing the information in the mandatory fields. If you do not wish to provide this data, please contact us by other means.

Storage period

If contact is made based on your consent, we store the data collected for each request for a period of three years, beginning with the completion of your request or until you revoke your consent.

If contact is made within the framework of a contractual relationship, we store the data collected for each request for a period of three years from the end of the contractual relationship.

Presence on social media platforms

We maintain fan pages, accounts, or channels on the networks listed below to provide you with information and offers within social networks and to offer you additional ways to contact us and find out about our offers. Below, we provide information about what data we or the respective social network process about you in connection with your access to and use of our fan pages/accounts.

Data that we process about you

If you wish to contact us via Messenger or direct message on the respective social network, we generally process your username that you use to contact us and, if necessary, store other data you provide to the extent necessary to process/respond to your request.

The legal basis for this is Art. 6 (1) sentence 1 f) GDPR (processing is necessary to safeguard the legitimate interests of the controller).

(Static) usage data that we receive from social networks

We receive statistics about our accounts that are automatically provided via Insights functions. The statistics include the total number of page views, likes, information about page activity and post interactions, reach, video views, and information about the ratio of men to women among our fans/followers.

The statistics only contain aggregated data that cannot be traced back to individual persons. They are not identifiable to us.

We cannot draw any conclusions about individual users from the statistical information transmitted. We only use this information to respond to the interests of our users and to continuously improve our online presence and ensure its quality.

What data social networks process about you

You do not need to be a member of the respective social network to view the content of our fan pages or accounts, and no user account for the respective social network is required.

Please note, however, that when you visit the respective social network, it also collects and stores data from website visitors without a user account (e.g., technical data to display the website to you) and uses cookies and similar technologies, over which we have no influence. Details can be found in the privacy policy of the respective social network (see the corresponding links above).

If you want to interact with the content on our fan pages/accounts, e.g., comment on, share, or like our posts/contributions and/or contact us via messenger functions, you must first register with the respective social network and provide personal data.

We have no influence on the data processing by social networks in the context of your use. To the best of our knowledge, your data is stored and processed in particular in connection with the provision of the services of the respective social network, and also for the analysis of usage behavior (using cookies, pixels/web beacons, and similar technologies), on the basis of which advertising based on your interests is displayed both within and outside the respective social network. It cannot be ruled out that your data may also be stored by social networks outside the EU/EEA and passed on to third parties.

Since the actual data processing is carried out by the social network provider, our access to your data is limited. Only the social network provider is authorized to access your data in full. For this reason, only the provider can directly take and implement appropriate measures to fulfill your user rights (request for information, request for deletion, objection, etc.). The most effective way to assert your rights is therefore directly with the respective provider.

Purpose and legal basis

We collect your data via our profile solely for the purpose of enabling communication and interaction with us. This collection usually includes your name, message content, comment content, and the profile information you have made “publicly” available.

The processing of your personal data for the above-mentioned purposes is based on our legitimate business and communication interest in offering an information and communication channel in accordance with Art. 6 (1) f) GDPR. If you, as a user, have given your consent to the respective provider of the social network for data processing, the legal basis for processing extends to Art. 6 (1) a), Art. 7 GDPR.

LinkedIn page

LinkedIn is a social network operated by LinkedIn Inc. based in Sunnyvale, California, USA, which enables the creation of private and professional profiles of natural persons and company profiles. Users can maintain their existing contacts and make new ones within the social network. Companies and other organizations can create profiles on which photos and other company information can be uploaded to present themselves as employers and recruit employees. Other LinkedIn users have access to this information and can write their own articles and share this content with others. The network focuses on professional exchanges on specialist topics with people who have the same professional interests.

When users use or visit the network, LinkedIn automatically collects data from them, such as their username, job title, and IP address. This is done with the help of various tracking technologies. LinkedIn provides users with information, offers, and recommendations based on the data collected in this way, among other things.

We collect your data via our company profile solely for the purpose of enabling communication and interaction with us. This collection usually includes your name, message content, comment content, and the profile information you have made “public.”

The processing of your personal data for the above-mentioned purposes is based on our legitimate business and communication interests in offering an information and communication channel in accordance with Art. 6 (1) f GDPR. If you as a user have given your consent to data processing to the respective social network provider, the legal basis for processing extends to Art. 6 (1) a, Art. 7 GDPR.

We are jointly responsible with LinkedIn for the personal content of our company profile. Data subject rights can be asserted with LinkedIn Inc. and with us.

We do not make any decisions regarding the data collected on the LinkedIn site using tracking technologies.

Further information about LinkedIn can be found at: https://about.linkedin.com.

Further information about data protection at LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy.

Further information on the storage period/deletion and guidelines on the use of cookies and similar technologies in the context of registration and use on LinkedIn can be found at: https://de.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy.

Technology

SSL/TLS encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data, or contact requests that you send to us as the operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

AWS CloudFront

Type and scope of processing

We use AWS CloudFront to properly deliver the content of our website. AWS CloudFront is a service provided by Amazon Web Services, Inc., which acts as a content delivery network (CDN) on our website.

A CDN helps to deliver the content of our online offering, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to Amazon Web Services, Inc. servers, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of AWS CloudFront.

Purpose and legal basis

The use of the content delivery network is based on our legitimate interests, i.e., interest in the secure and efficient provision and optimization of our online offering in accordance with Art. 6 (1) lit. f. GDPR.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Amazon Web Services, Inc. Further information can be found in the privacy policy for AWS CloudFront: https://aws.amazon.com/de/privacy/.

CDNJS

Type and scope of processing

We use CDNJS to ensure the proper delivery of our website content. CDNJS is a service provided by Cloudflare, Inc., which acts as a content delivery network (CDN) on our website.

A CDN helps to deliver content from our online offering, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to Cloudflare, Inc. servers, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of CDNJS.

Purpose and legal basis

The use of the content delivery network is based on our legitimate interests, i.e., our interest in the secure and efficient provision and optimization of our online offering in accordance with Art. 6 (1) lit. f GDPR.

Storage

We have no influence on the specific storage period of the processed data; this is determined by Cloudflare, Inc. For further information, please refer to the privacy policy for CDNJS: https://www.cloudflare.com/privacypolicy/.

Embedly

Type and scope of processing

We use Embedly to ensure the proper provision of content on our website. Embedly is a service provided by A Medium Corporation, which acts as a content delivery network (CDN) on our website.

A CDN helps to deliver content from our online offering, in particular files such as videos and images, more quickly with the help of regionally or internationally distributed servers. When you access this content, you connect to servers belonging to A Medium Corporation, 760 Medium Street San Francisco, CA 94102, United States, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Embedly.

Purpose and legal basis

Storage period

The specific storage period of the processed data cannot be influenced by us but is determined by A Medium Corporation. Further information can be found in the privacy policy for Embedly: https://embed.ly/legal/privacy.

Google Fonts

Type and scope of processing

We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To obtain these fonts, you connect to servers of Google Ireland Limited, whereby your IP address is transmitted.

Purpose and legal basis

The use of Google Fonts is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG.

Storage period

The specific storage period of the processed data cannot be influenced by us but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Fonts: https://policies.google.com/privacy.

HubSpot Forms

Type and scope of processing

We have integrated HubSpot Forms into our website. HubSpot Forms is a service provided by HubSpot, Inc. and offers marketing automation software for marketing services and products, including SEO and content creation, lead management, email marketing, and web analytics.

HubSpot Forms is used to store data entered in forms, e.g., when contacting us via the contact form. The data provided may be stored in our customer relationship management system (CRM system).

In this case, your data will be transferred to the operator of HubSpot Forms, HubSpot, Inc., Cambridge, Massachusetts, US.

Purpose and legal basis

We process your data using HubSpot Forms for the purpose of processing the contact request and handling it in accordance with Art. 6 (1) lit. b. GDPR.

The use of HubSpot Forms and the integrated services is subject to our legitimate interest pursuant to Art. 6 (1) lit. f. GDPR, the optimization of our marketing measures and the improvement of our service quality on the website.

Storage period

We have no influence on the specific storage period of the processed data; this is determined by HubSpot, Inc. For further information, please refer to the privacy policy for HubSpot Forms: https://legal.hubspot.com/privacy-policy.

JSDelivr CDN

Type and scope of processing

We use JSDelivr CDN to ensure the proper delivery of our website content. JSDelivr CDN is a service provided by Prospect One, which acts as a content delivery network (CDN) on our website.

A CDN helps to deliver content from our online offering, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Prospect One, Krolewska 65a, Krakow, Malopolskie 30-081, Poland, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of JSDelivr CDN.

Purpose and legal basis

Storage period

We have no influence on the specific storage period of the processed data; this is determined by Prospect One. Further information can be found in the privacy policy for JSDelivr CDN: https://www.jsdelivr.com/privacy-policy-jsdelivr-net.

Unpkg CDN

Type and scope of processing

We use Unpkg CDN to ensure the proper provision of content on our website. Unpkg CDN is a service provided by Cloudflare, Inc., which acts as a content delivery network (CDN) on our website.

Purpose and legal basis

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Cloudflare, Inc. Further information can be found in the privacy policy for Unpkg CDN: https://www.cloudflare.com/privacypolicy/.

Vimeo Video

Type and scope of processing

We have integrated Vimeo Video into our website. Vimeo Video is a component of the video platform of Vimeo, LLC, where users can upload content, share it via the Internet, and receive detailed statistics.

Vimeo Video allows us to integrate content from the platform into our website.

Vimeo Video uses cookies and other browser technologies to evaluate user behavior, recognize users, and create user profiles. This information is used, among other things, to analyze the activity of the content listened to and to create reports.

When you access this content, you connect to servers of Vimeo, LLC, 555 W 18th St, New York, New York 10011, whereby your IP address and, if applicable, browser data such as your user agent are transmitted.

Purpose and legal basis

The use of Vimeo Video is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TDDDG.

Storage period

We have no influence on the specific storage period of the processed data; this is determined by Vimeo, LLC. Further information can be found in the privacy policy for Vimeo Video: https://vimeo.com/privacy.

Webflow

Type and scope of processing

Our website was created using the Webflow website builder. Webflow is a service provided by Webflow, Inc. and offers web development technology, web design and layout tools, domain hosting, and other applications for marketing and workflow management.

We use Webflow for web hosting and the display of our website, among other things. In addition, Webflow collects statistical data about visits to our website.

The following data is usually transmitted: website accessed, date and time of access, amount of data transferred, notification of whether an access was successful, browser type and version, user's operating system, previously visited website (referrer), and IP address.

This log data is processed exclusively for the above-mentioned purposes, as well as to maintain the security, functionality, and optimization of Webflow's offering.

Purpose and legal basis

The use of the service is based on our legitimate interests, i.e., interest in the secure and efficient provision and optimization of our online offering in accordance with Art. 6 (1) lit. f. GDPR.

Storage period

We have no influence on the specific storage period of the processed data; this is determined by Webflow, Inc. For further information, please refer to the privacy policy for Webflow: https://webflow.com/legal/privacy.

Jacobian privacy policy