1.1 Definition of personal data
Personal data is information that discloses or can disclose a user’s identity. We adhere to the principal of data avoidance. As far as possible, we shall refrain from collecting personal data.
1.2 Handling personal data
Personal data shall be used exclusively for the purpose of concluding a contract, defining its contents, or implementing or processing a contractual relationship (Article 6 (1) b GDPR).
In addition, personal data shall only be processed if we have received your express consent to do so (Article 6 (1) a GDPR) or if it concerns data whose processing is necessary for our legitimate interests and insofar as the balancing process shows that there are no overriding interests, fundamental rights, or freedoms on your part (Article 6 (1) f GDPR).
We may use contractors to process your personal data, but we shall not disclose your personal data to third parties.
The payment data required for this purpose shall only be passed on to the credit institution commissioned with the payment and, if applicable, to the commissioned and selected payment service provider to process payments.
The processing of your personal data shall take place exclusively within the EU, unless otherwise stated below.
1.3 Usage data
When someone visits the website, general technical information shall be collected. This includes IP address used, time, duration of the visit, browser type and, if applicable, the page of origin. For technical reasons, this usage data shall be registered in a log file and can be used for the purpose of evaluating the statistics of this website. This usage data shall not be linked to your other personal data in any way.
1.4 Registration data
Registration is required for full use of the functions of our website. The registration data shall be collected through your corresponding entries and used for the purpose specifically stated pursuant to your consent (Article 6 (1) a GDPR).
1.5 Duration of storage
We store your personal data after the termination of the purpose for which the data was collected for as long as this is required by (tax) law.
2. Your Rights
2.1 Right of access
You shall be permitted to request information from us about whether we are processing your personal data. Insofar as this is the case, you shall have a right to information about this personal data and to the further information mentioned in Article 15 GDPR.
2.2 Right to rectification
You shall have the right to have inaccurate personal data rectified and may request that incomplete personal data be completed pursuant to Article 16 GDPR.
2.3 Right to erasure
You shall have the right to demand that we erase the personal data concerning you without undue delay. We are obliged to delete the data immediately if one of the following grounds applies:
- Where your personal data are no longer necessary in relation to the purpose for which it was collected or processed.
- Where you withdraw your consent to the processing and there is no other lawful basis for processing the data.
- Where your personal data have been unlawfully processed.
The right to erasure shall not apply insofar as your personal data is required for the establishment, exercise, or defence of legal claims.
2.4 Right to restriction of processing
You shall have the right to request us to restrict the processing of your personal data if
- You contest the accuracy of the data, enabling us to verify the accuracy of the personal data;
- The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
- We no longer need the personal data, but they are required for the establishment, exercise, or defence of legal claims;
You have objected to processing pending the verification whether our legitimate grounds override your grounds.
2.5 Right to data portability
You shall have right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent, or a contract and the processing is carried out by automated means.
2.6 Right to withdraw
Insofar as the processing of your personal data is based on consent, you shall have the right to revoke this consent at any time.
2.7 General and right to appeal
The exercise of your above rights is free of charge for you. In the event of complaints, you shall have the right to directly contact the supervisory authority responsible for us, the state data protection commissioner.
3. Data Security
3.1 Data security
All data on our website is secured by technical and organisational measures against loss, destruction, access, modification, and distribution.
3.2 Sessions and cookies
Below you will find the domain, name and duration of the cookies used only based on your consent:
|This cookie is used to distinguish between humans and bots. This helps the website to generate valid reports about how it is used. Used only on the https://quentn.com/firma/kontakt page.
|This cookie is used to distinguish between humans and bots. Used only on the https://quentn.com/firma/kontakt page.
|Stores the user's consent status for cookies on the current domain.
If you subscribe to our newsletter, we shall use the data required for this purpose or separately provided by you to send you our email newsletter on a regular basis based on your consent pursuant to Article 6 (1) a GDPR.
Our newsletters contain tracking pixels (web bugs), which enable us to recognise whether and when an email was opened and which links in the email were followed by the personalised recipient.
We store this data so that we can optimally tailor our newsletters to the wishes and interests of our subscribers. The data that is collected is thus used to send personalised newsletters to the respective recipient.
We ask for your consent in this regard at the given point as follows: “I consent to my data and usage behaviour being electronically stored by newsletter tracking in order that I may receive personalised newsletters. By revoking my consent to receive the newsletter, the consent to the aforementioned tracking shall also be revoked.”
Upon revocation of the consent to receive the newsletter, the consent to tracking shall also be revoked.
5. Presence on Social Media Platforms
We use the following social media platforms to present our company and for communication purposes (explicit reference is made to the privacy policies and opt-out options linked below).
These social media platforms may process personal data outside the EU; in this respect, we refer to the above privacy policies of the social media platforms.
The respective social media platforms may create usage profiles from your usage behaviour and the resulting interests and actions on your part and save cookies on your computer in which your usage behaviour is stored. If you have an account on the respective social media platform and are logged in, your usage behaviour may even be stored independently of the device. Your usage profile can be used, for example, to place advertisements that are supposed to match your interests.
We process personal data exclusively for communicating with you via the social media platform you have selected and for optimising our online presence and ensure that no interests on your part are affected here that outweigh this legitimate interest on our part (Article 6 (1) f GDPR). Insofar as you have already granted the respective operator of the social media platform effective consent to the corresponding data processing, the processing of your personal data shall also be based on this consent (Article 6 (1) a GDPR).
6. Third-Party Services
6.1 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") and collects and stores data via this web analytics service, from which user profiles are created using pseudonyms. The usage profiles created in this way are used to evaluate visitor behaviour to design and improve the offer presented on this website in line with requirements. Google Analytics uses "cookies", which are small text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is generally transmitted to a Google server in the USA and stored there. If IP anonymisation is activated on this website, however, your IP address shall be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. The full IP address shall only be transmitted to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google shall use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics shall not be merged with other Google data. The usage profiles kept under a pseudonym shall also not be merged with personal data about the user without the user's explicit and separately declared consent. The processing is carried out exclusively based on your consent (Article 6 (1) a GDPR).
6.2 Use of Google Maps
This website uses Google Maps, a mapping service provided by Google and operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). When using Google Maps, data on the use of Maps functions by visitors to the websites is also collected, processed, and used. The processing takes place exclusively based on your consent (Article 6 (1) a GDPR).
6.3 Use of Google ReCAPTCHA
6.4 Google Ads Conversion
We use the Google Ads Conversion, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), to draw attention to our offers on external websites with the help of advertising media (Google Ads).
These ads are delivered by Google via “ad servers”. Ad server cookies are used for this purpose, through which certain parameters for measuring success, such as display of the ads or clicks by users, can be measured. If you access our website via a Google ad, Google Ads shall store a cookie on your device. These cookies generally lose their validity after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information are usually stored as analysis values for this cookie.
If you visit our page because of such an ad and the cookie stored on your computer has not yet expired, both we and Google can recognise that you clicked on the ad and were redirected to this page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked across Ads customers' websites. We ourselves do not collect or process any personal data in the advertising measures. We only receive statistical evaluations from Google, on the basis of which we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users based on this information.
Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and can therefore only inform you that Google, through the integration of the above-mentioned service, has the possibility to assign your visit to our website to your Google account, provided that you are registered there. In addition, there is the possibility that Google learns your IP address and stores it, regardless of the existence or non-existence of a user account.
6.5 Use of YouTube
6.6 Social media links
We have our own social media pages with third-party providers that can be reached via links from this website. By using the links, you shall be taken to the respective websites of the third-party providers (e.g., Facebook, Instagram). To avoid unnecessary data transmission, we recommend that you log out of the respective third-party provider before using a corresponding link, so that usage profiles cannot be created by the third-party provider simply by using the link.
6.7 Use of Vimeo
6.8 Use of Facebook Pixel, Facebook Custom Audiences and Facebook-Conversion
We use the “Custom Audiences” remarketing function operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94304, USA (“Facebook”). The entity responsible for processing information collected by Facebook is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This feature allows us to target website visitors with Facebook advertising. Personalised and interest-related Facebook ads shall be shown when Facebook pages are visited for this purpose. This function is made possible on our website due to a remarketing pixel from Facebook, which is implemented on the page. When you visit our website, the pixel establishes a direct connection to the Facebook server if you have consented to the placement of the pixel or have activated the plugin. The Facebook server shall be informed regarding which of our webpages the user has visited. Facebook presents this information in your personal Facebook user account. With the help of the Facebook pixel, we can further track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad and how they behaved on it ("conversion").
If you do not want Facebook to associate the information it has collected directly with your Facebook user account, you can disable the "custom audiences" remarketing feature in your account settings under: https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fsettings%2F%3Ftab%3Dads#_=_bearbeiten. To do this, you must be logged into Facebook. The use of the Facebook pixel and storing "conversion cookies" is based on Article 6 (1) a GDPR.
6.9 Drift live chat
- Contact details (first and last name, email address; only for use outside of the corresponding usage times, the use of a pseudonym is possible)
- Your messages
We use this data exclusively to answer your messages in the best possible and personalised way. It is our genuine desire to process your chat request and we shall do so pursuant to Article 6 (1) f GDPR. You are responsible for the content of your messages. Only the personal details that you share with us in the chat shall be collected. It may be necessary for us to collect further details, e.g., your email address or telephone number, in order to answer your query. However, we shall only collect personal details that are necessary to proceed and answer your query. If you do not wish to provide any data, you can end the chat at any time.
The chat data is processed by Drift on a server outside the EEA. Insofar as you do not consent to data collection via, and data storage in, Drift's external system, we offer you alternative contact options for submitting queries by email, telephone, or post.
You can view information regarding Drift’s data protection here: https://www.drift.com/privacy-policy/
We use the ticket system and website chat of Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102 to process customer queries. Necessary data such as surname, first name, telephone number and email address are collected for Zendesk via our website in order to be able to answer your information request. In addition, you can set cookies with the help of Zendesk. These cookies are necessary to ensure the technical functionality of the website and to protect the website from bot-controlled attacks. The following data may be collected and processed as part of the contact forms that are integrated using Zendesk:
- Email addresses
- The following data is collected and processed using Zendesk's cookies: IP addresses
We have completed an agreement for contract data processing with Zendesk and implement the German data protection authorities’ exhaustive list of strict guidelines when using Zendesk. The legal basis for processing with Zendesk is Article 6 (1) sentence 1 a, insofar as your consent exists, b, insofar as the processing of your query applies to the preparation or implementation of a contractual relationship, and f, insofar as no contractual relationship exists, in which case our legitimate interest is in answering your query.
If the data provided in the contact forms is used to provide contractual services to data subjects, the legal basis for processing is Article 6 (1) b GDPR. Furthermore, Article 6 (1) a GDPR serves as the legal basis if you have consented to data processing. The data processing that takes place via the cookies is based on Article 6 (1) f GDPR - a legitimate interest. Our legitimate interest is that we need to ensure the functionality and security of our website. Personal data is kept for as long as it is necessary to fulfil the purpose of processing. The data is deleted as soon as it is no longer required to achieve its purpose.
In the context of processing via Zendesk, data may be transferred to the USA. Transfer security is periodically guaranteed by standard contractual clauses and Binding Corporate Rules. If these standard contractual clauses and Binding Corporate Rules are not sufficient to establish an adequate level of security, Article 49 (1) a GDPR can serve as a legal basis.
Please note: If you contact us via the ticket system or the website chat, personal data may be transferred to service providers in third countries. These third countries do not have an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes without the possibility of a redress procedure. Transfer security is regularly ensured via standard contractual clauses and, in the case of Zendesk, via Binding Corporate Rules, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses or Binding Corporate Rules do not establish an adequate level of security, your acknowledgement of the data protection declaration in the context of the contact forms is deemed to be consent within Article 49 (1) a GDPR, which justifies a data transfer to insecure third countries.
6.11 Payment Service Providers
We have commissioned the payment service provider Stripe (Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) to handle our payment process. For this purpose, Stripe shall pass on the information provided to us during the ordering process together with information about your order (name, address, account number, bank sort code, credit card number if applicable, invoice amount, currency, and transaction number) in accordance with Article 6 (1) b GDPR. Your data shall only be passed on for the purpose of processing payments with the payment service provider Stripe Payments Europe Ltd. and only to extent necessary. You can find more information about Stripe's data protection at the URL https://stripe.com/de/privacy#translation.
Payment processing on our website can also be carried out via the payment service provider ConCardis. If you choose to pay by credit card via the payment service provider ConCardis, payment shall be processed via the payment service provider ConCardis LLC, Helfmann-Park 7, 65760 Eschborn, to whom we shall pass on the information you provided during the ordering process, together with information about your order, in accordance with Article 6 (1) b GDPR. Your data shall be passed on solely for the purpose of processing payments with the payment service provider ConCardis and only to the necessary extent. Further information regarding ConCardis' data protection can be found in the ConCardis data protection declaration: www.concardis.com/datenschutzerklaerung.
Within the scope of claims management, we work with Creditreform Berlin Brandenburg Wolfram LLC & Co. KG, Karl-Heinrich-Ulrichs-Straße 1, 10787 Berlin. In the event of an open claim, we pass on the related and necessary data. The legal basis for the transmission of this data results from Article 6 (1) f GDPR (our legitimate interest). Within the scope of the debt collection process, data is transmitted to the competent court, the bailiff and, if necessary, to an agency required to collect the debt. Further information regarding Creditreform Berlin Brandenburg Wolfram LLC & Co. KG can be found at https://www.creditreform.de/berlin/datenschutz.
7. Contact Us
To contact us regarding data protection, feel free to use the following contact options.
The data controller under GDPR:
Telephone: +49 (0) 331 231 843 99