Welcome to our Pipewise websites. We appreciate your interest. The protection of your personal data is of high importance to us. We therefore conduct our activities in accordance with the applicable laws on the protection of personal data and on data security. Below, we inform you about which data relating to your visit are used for which purposes.
1. Controller responsible for the processing under the GDPR
The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection laws applicable in the Member States of the European Union, as well as other provisions of a data protection nature, is:
Prof. Dr.-Ing. Stein & Partner GmbH
Konrad-Zuse-Str. 6
44801 Bochum
Jasamin Teuchler
info@pipewise.org
Hereinafter referred to as “Pipewise”.
2. What is personal data?
The term “personal data” is defined in the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and in the EU GDPR. Accordingly, personal data are any information relating to an identified or identifiable natural person. This includes, for example, your civil name, your address, your telephone number or your date of birth. Learn more about what data protection actually ishere.
3. Relevant legal bases for the processing of personal data
Insofar as we obtain consent from the data subject for processing operations involving personal data, Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
Where the processing of personal data is necessary for the performance of a contract to which the data subject is party, Art. 6(1)(b) GDPR serves as the legal basis. The same applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or of another natural person make the processing of personal data necessary, Art. 6(1)(d) GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or of a third party, and the interests, fundamental rights and fundamental freedoms of the data subject do not override the first-mentioned interest, Art. 6(1)(f) GDPR serves as the legal basis for the processing.
4. Use of cookies
The websites of Pipewise use cookies. Cookies are data that are stored by the internet browser on the user’s computer system. Cookies can be transmitted to a website when it is accessed and thus enable the user to be identified. Cookies help to make the use of websites easier for users.
It is possible at any time to object to the setting of cookies by changing the corresponding setting in the internet browser. Cookies that have already been set can be deleted. Please note that if cookies are deactivated, it may not be possible to use all functions of our website to their full extent. The user data collected in this way are pseudonymised by means of technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data are not stored together with other personal data of the user. When accessing our website, users are informed by means of an information banner about the use of cookies for analytics purposes and are referred to this Privacy Notice. In this connection, a notice is also provided on how the storage of cookies can be prevented in the browser settings. The legal basis for the processing of personal data using technically necessary cookies is Art. 6(1)(f) GDPR. The legal basis for the processing of personal data using cookies for analytics purposes, where consent of the user has been obtained, is Art. 6(1)(a) GDPR. Whether and to what extent cookies are used on our website can be found in our cookie banner and in the notes set out in this Privacy Notice.
5. Creation of logfiles
Each time the website is accessed, Pipewise collects data and information by means of an automated system. These are stored in the server’s log files. The data are also stored in our system’s log files. These data are not stored together with other personal data of the user.
The following data may be collected in this connection:
(1) Information about the browser type and the version used
(2) The user’s operating system
(3) The user’s internet service provider
(4) The user’s IP address
(5) Date and time of access
(6) Websites from which the user’s system reaches our website (referrer)
(7) Websites that are accessed by the user’s system via our website
6. Duration of storage of personal data
The duration of processing is generally based on the fulfilment of the purposes set out in this Privacy Notice. As long as those purposes have not yet been fulfilled, the personal data continue to be processed.
Personal data are stored for the duration of the respective statutory retention period. After expiry of the retention period, the data are routinely erased, unless they are still required for the initiation or performance of a contract.
The controller processes and stores personal data of the data subject only for as long as is necessary to achieve the purpose of storage. In addition, storage may take place where this has been provided for by the European or national legislator in regulations of EU law, statutes or other provisions to which the controller is subject. As soon as the purpose of storage no longer applies or a storage period prescribed by the aforementioned provisions expires, the personal data are routinely blocked or erased.
7. Contact options & support
A contact form is available on the Pipewise website that can be used to make electronic contact. Alternatively, contact can be made via the e-mail address provided. If the data subject contacts the controller via one of these channels, the personal data transmitted by the data subject are stored automatically. Storage takes place solely for the purpose of processing the matter or making contact with the data subject. Disclosure to the recipients involved may take place on a purpose-bound basis. The legal basis for the processing of the data is, where consent of the user has been obtained, Art. 6(1)(a) GDPR. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6(1)(f) GDPR. If the e-mail contact is aimed at concluding a contract, an additional legal basis for the processing is Art. 6(1)(b) GDPR. The data are erased as soon as they are no longer necessary to achieve the purpose for which they were collected. For personal data from the input mask of the contact form and those transmitted by e-mail, this is the case when the respective conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the matter concerned has been conclusively clarified.
8. Newsletter
If the newsletter of our company is subscribed to, the data entered in the respective input mask are transmitted to the controller. Subscription to our newsletter takes place via a so-called double opt-in procedure. This means that, after registration, you receive an e-mail asking you to confirm your registration. This confirmation is necessary in order to ensure that no one can register using third-party e-mail addresses. When subscribing to the newsletter, the user’s IP address as well as the date and time of registration are stored. This serves to prevent misuse of the services or of the e-mail address of the data subject. The data are not transferred to unauthorised third parties. However, for the purpose of dispatching the newsletter, necessary data may be transmitted to corresponding service providers. A further exception applies where there is a statutory obligation to disclose the data. The data are used exclusively for sending the newsletter. The subscription to the newsletter may be terminated by the data subject at any time. Likewise, consent to the storage of personal data may be withdrawn at any time. A corresponding link is provided in every newsletter for this purpose. The legal basis for the processing of the data following registration for the newsletter by the user is, where consent of the user has been obtained, Art. 6(1)(a) GDPR. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7(3) of the German Act Against Unfair Competition (UWG).
8.1 Use of HubSpot
Description and purpose
We use HubSpot (HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland) for our online marketing activities. This is an integrated software solution with which we cover various aspects of our online marketing. These include, among others:
e-mail marketing (newsletters as well as automated mailings, e.g. for the provision of downloads), social media publishing & reporting, reporting (e.g. traffic sources, accesses, etc.), contact management (e.g. user segmentation & CRM), landing pages and contact forms.
Our registration service enables visitors to our website to learn more about our company, to download content and to provide their contact information as well as further demographic information. This information, as well as the content of our website, is stored on servers of our software partner HubSpot. It may be used by us to make contact with visitors to our website and to determine which services of our company are of interest to them. All information collected by us is subject to this Privacy Notice. We use all collected information exclusively to optimise our marketing activities.
Legal basis
The legal basis for the processing of your personal data is Art. 6(1)(a) GDPR (consent for the live chat, the newsletter and further performance measurement) and Art. 6(1)(f) GDPR. Our legitimate interest in the use of this service is the optimisation of our customer service and the management of our contact data.
Recipients
The recipient of your personal data is HubSpot (2nd Floor 30 North Wall Quay, Dublin 1, Ireland).
Transfer to third countries
It cannot currently be ruled out that personal data are transferred to the United States of America. For the USA, an adequacy decision has been in place since 10 July 2023 (EU–US Data Privacy Framework). The parent company HubSpot Inc. holds a corresponding certification under the EU–US Data Privacy Framework, with the result that an adequacy decision is in place for third-country transfers to HubSpot Inc. in the USA.
Duration of data storage
The data are erased as soon as they are no longer necessary to achieve the purpose for which they were collected. In addition, the data are erased if you exercise your right to erasure within the meaning of Art. 17(1) GDPR.
Withdrawal and objection
In cases of processing on the basis of Art. 6(1)(a) GDPR, you have the right to withdraw your consent at any time, see Art. 7(3) sentence 1 GDPR. This may be done informally and without giving reasons, and takes effect for the future. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal. Further information can be found above in our Privacy Notice under “Rights of the data subjects”.
In cases of processing on the basis of Art. 6(1)(f) GDPR, you have the right under Art. 21(1) GDPR to object at any time to the processing of your personal data. If you exercise this right, no further processing for this purpose will take place. Further information can be found above in our Privacy Notice under “Rights of the data subjects”.
Contractual and statutory obligation
There is no contractual or statutory obligation to provide the data.
Further data protection information
Further information on the processing of your personal data can be found here: https://legal.hubspot.com/privacy-policy
9. Rights of the data subject
If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-Ă -vis the controller:
9.1 Right of access pursuant to Art. 15 GDPR
You may request confirmation from the controller as to whether personal data concerning you are being processed by us. If such processing is taking place, you may request the following information from the controller:
• the purposes for which the personal data are being processed;
• the categories of personal data that are being processed;
• the recipients or categories of recipients to whom your personal data have been or will be disclosed;
• the envisaged period for which your personal data will be stored or, if specific information on this is not possible, criteria for determining the storage period;
• the existence of a right to rectification or erasure of your personal data, of a right to restriction of processing by the controller or of a right to object to such processing;
• the existence of a right to lodge a complaint with a supervisory authority;
• all available information on the origin of the data, where the personal data are not collected from the data subject;
• the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information as to whether your personal data are transferred to a third country or to an international organisation. In this connection, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
9.2 Right to rectification pursuant to Art. 16 GDPR
You have a right to rectification and/or completion vis-Ă -vis the controller, insofar as the processed personal data concerning you are inaccurate or incomplete. The controller is to carry out rectification without undue delay.
9.3 Right to erasure pursuant to Art. 17 GDPR
(1) You may request the controller to erase your personal data without undue delay, and the controller is obliged to erase those data without undue delay where one of the following grounds applies:
• The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
• You withdraw the consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.
• You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
• The personal data concerning you have been unlawfully processed.
• The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject.
• The personal data concerning you have been collected in relation to the offer of information society services pursuant to Art. 8(1) GDPR.
(2) Where the controller has made your personal data public and is obliged pursuant to Art. 17(1) GDPR to erase them, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers that are processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
(3) The right to erasure does not exist insofar as processing is necessary
• for exercising the right of freedom of expression and information;
• for compliance with a legal obligation that requires processing under Union law or the law of the Member States to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) as well as Art. 9(3) GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
• for the establishment, exercise or defence of legal claims.
9.4 Right to restriction of processing pursuant to Art. 18 GDPR
You may request the restriction of the processing of your personal data under the following conditions:
• where you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
• where the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
• where the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
• where you have objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of the controller override yours.
Where the processing of your personal data has been restricted, such data may – except for storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. Where the restriction of processing has been imposed under the conditions set out above, you will be informed by the controller before the restriction is lifted.
9.5 Notification obligation pursuant to Art. 19 GDPR
If you have asserted the right to rectification, erasure or restriction of processing vis-Ă -vis the controller, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right vis-Ă -vis the controller to be informed about those recipients.
9.6 Right to data portability pursuant to Art. 20 GDPR
You have the right to receive your personal data, which you have provided to the controller, in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, where
• the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR; and
• the processing is carried out by automated means.
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where this is technically feasible. The freedoms and rights of other persons must not be adversely affected by this. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
9.7 Right to object pursuant to Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is carried out on the basis of Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions. The controller will no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims. Where your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling, insofar as it is connected with such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for those purposes. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
9.8 Right to withdraw the data protection consent pursuant to Art. 7(3) GDPR
You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal.
9.9 Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
The competent supervisory authority is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (Landesbeauftragte für Datenschutz und InformationsfreiheitNordrhein-Westfalen – LDI NRW).
9.10 Automated decision-making in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This doesnot apply if the decision
• is necessary for entering into, or the performance of, a contract between you and the controller,
• is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
• is based on your explicit consent.
However, those decisions must not be based on special categories of personal data referred to in Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
With regard to the cases referred to under (a) and (c), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
10. Integration of further third-party services and content
Description and purpose
It may occur that, within this online offering, third-party content such as videos, fonts or graphics from other websites is integrated. This always presupposes that the providers of this content (hereinafter referred to as “third-party providers”) become aware of the user’s IP address. This is because, without the IP address, they would not be able to send the content to the browser of the respective user. The IP address is therefore necessary for the display of this content. We endeavour to use only such content whose respective providers use the IP address solely for the delivery of the content. However, we have no influence over whether the third-party providers store the IP address, e.g. for statistical purposes. Insofar as this is known to us, we inform the users accordingly. Through these integrations, we wish to provide and improve our online offering.
Legal bases
The legal basis for the integration of further third-party services and content is Art. 6(1)(f) GDPR. Our overriding legitimate interest lies in the intention to ensure an appropriate presentation of our online presence and to provide user-friendly and economically efficient services on our part. Further information can be found in the respective privacy notices of the providers.
Contractual or statutory obligation to provide personal data
The provision of personal data is neither legally nor contractually required, nor is it necessary for the conclusion of a contract. You are also not obliged to provide the personal data. Failure to provide them may, however, mean that you are unable to use this function or unable to use it in full.
11. Data transfer to third countries
The controller may transfer personal data to a third country. In principle, the controller can ensure an appropriate level of protection for the processing operations through various appropriate safeguards. It is possible to carry out data transfers on the basis of an adequacy decision, binding corporate rules, approved codes of conduct, standard data protection clauses or an approved certification mechanism pursuant to Art. 46(2)(a) to (f) GDPR.
Where the controller carries out a transfer to a third country on the basis of Art. 49(1)(a) GDPR, you are informed at this point about the possible risks of a data transfer to a third country.
There is a risk that the third country which receives your personal data may not ensure a level of protection equivalent to the protection of personal data in the European Union. This may be the case, for example, if the EU Commission has not issued an adequacy decision for the third country in question, or if certain agreements between the European Union and the third country in question are declared invalid. Specifically, in some third countries, risks exist with regard to the effective protection of EU fundamental rights through the use of surveillance laws (for example in the USA). In such a case, it is the responsibility of the controller and the recipient to assess whether the rights of the data subjects in the third country enjoy a level of protection equivalent to that in the Union and whether they can also be effectively enforced.
The level of protection guaranteed Union-wide for natural persons by the General Data Protection Regulation should not be undermined when personal data are transferred from the Union to controllers, processors or other recipients in third countries or to international organisations, including where personal data are onward transferred from a third country or an international organisation to controllers or processors in the same or another third country or to the same or another international organisation.
12. Data recipients
Insofar as this is permitted or required by law, or insofar as you have consented, we also share your personal data with other recipients that provide services for us. We limit the disclosure of your personal data to the necessary extent. In some cases, our service providers receive your personal data as processors and are then strictly bound by our instructions when handling your personal data (data processing agreement pursuant to Art. 28 GDPR). In other cases, the recipients act independently with the data we transmit to them. The following categories of service providers/recipients may receive your data:
• providers of e-mail marketing via newsletter
• providers of hosting services for the operation of our servers
• service providers in the field of recruitment to support the selection of applicants
• service providers for development work, including programming, development, maintenance and support of software applications
• service providers for postal services
• external legal advisors
• marketing agencies / website maintenance
• further IT service providers (e.g. system houses)
• other services and tools
The service providers engaged by us must comply with strict confidentiality requirements. They are granted only the access to your data necessary to perform the tasks assigned to them.
In the event of a suspected criminal offence, data may be disclosed to law enforcement authorities.
12.1 Google Analytics & Conversion Tracking
Description and purpose
This website uses the “Google Analytics” service offered by Google LLC for the analysis of website usage by users. The service uses “cookies” – text files which are stored on your end device. The information collected by the cookies is generally transmitted to a Google server in the USA and stored there. Where applicable, Google Analytics is used on this website with the extension “gat._anonymizeIp();” in order to ensure anonymised collection of IP addresses (so-called IP masking). Please also note the following information on the use of Google Analytics: the user’s IP address is truncated within Member States of the EU and of the European Economic Area. As a result of this truncation, the personal reference of your IP address is removed. Within the framework of the data processing agreement that the website operators have concluded with Google LLC, Google uses the information collected to compile an evaluation of website usage and website activity and provides services associated with internet usage.
Legal basis
The legal basis for the processing of your personal data is Art. 6(1)(a) GDPR if anonymised data collection by means of the “gat._anonymizeIp” code does not take place. Otherwise, in particular in the case of the use of “gat._anonymizeIp”, the legal basis is Art. 6(1)(f) GDPR. Our overriding legitimate interest lies in the hosting of this website.
Recipients
The recipient of your personal data is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Transfer to third countries
The personal data are transferred to the USA. The transfer is subject to appropriate safeguards pursuant to Art. 46 GDPR. To this end, we have concluded standard contractual clauses pursuant to Art. 46(2)(c) GDPR with the data importer. In addition, we are aware of our responsibility and, where necessary, take further measures to safeguard the rights and freedoms of natural persons that ensure the protection of personal data.
Duration of data storage
The data are erased as soon as they are no longer necessary to achieve the purpose for which they were collected. In addition, the data are erased if you exercise your right to erasure within the meaning of Art. 17(1) GDPR.
Withdrawal and objection
You have the right to withdraw your consent to non-anonymised data collection at any time, see Art. 7(3) sentence 1 GDPR. This may be done informally and without giving reasons, and takes effect for the future. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal. Further information can be found above in our Privacy Notice under “Rights of the data subjects”.
In the case of anonymised data collection, you have the right under Art. 21(1) GDPR to object at any time to the processing of your personal data. If you exercise this right, no further processing for this purpose will take place. Further information can be found above in our Privacy Notice under “Rights of the data subjects”.
Contractual and statutory obligation
There is no contractual or statutory obligation to provide the data.
Further data protection information
Further information on the processing of your personal data can be found here: https://policies.google.com/privacy?hl=en&gl=en
12.2 Google Tag Manager
Description and purpose
We use Google Tag Manager (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) on our website. Google Tag Manager enables us to manage website tags via an interface and is a cookie-free domain that does not collect any personal information, but can trigger other tags that collect data. Google pseudonymises the data, and the IP address transmitted by your browser within the framework of Google Analytics is not merged with other Google data.
Legal basis
The legal basis for the processing of your personal data is Art. 6(1)(a) GDPR.
Recipients
The recipient of your personal data is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Transfer to third countries
The personal data are transferred to the United States. The transfer is subject to appropriate safeguards pursuant to Art. 46 GDPR. To this end, where necessary, we have concluded appropriate safeguards within the meaning of Art. 46(2) GDPR with the data importer. In addition, we are aware of our responsibility and, where necessary, take further measures to safeguard the rights and freedoms of natural persons that ensure the protection of personal data.
Duration of data storage
The data are erased as soon as they are no longer necessary to achieve the purpose for which they were collected. In addition, the data are erased if you exercise your right to erasure within the meaning of Art. 17(1) GDPR.
Withdrawal
You have the right to withdraw your consent at any time, see Art. 7(3) sentence 1 GDPR. This may be done informally and without giving reasons, and takes effect for the future. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal. Further information can be found above in our Privacy Notice under “Rights of the data subjects”.
Contractual and statutory obligation
There is no contractual or statutory obligation to provide the data.
Further data protection information
Further information on the processing of your personal data can be found here: https://policies.google.com/privacy?hl=en&gl=en
12.3 Cookiebot by Usercentrics
Description and purpose
This website uses the cookie consent technology of Usercentrics in order to obtain your consent to the storage of certain cookies on your end device and to document and record this in a manner compliant with data protection law. As soon as you enter this website, the following personal data are transmitted to Usercentrics:
• your consent(s) or the withdrawal of your consent(s)
• your IP address
• information about your browser (HTTP agent, HTTP referrer)
• information about your end device
• the time of your visit to the website
The following further data are also collected:
• opt-in and opt-out data
• referrer URL
• user agent
• user settings
• consent ID and consent number
• information as to whether implicit or explicit consent has been given
• time (date and time) of consent
• type of consent
• template version
• banner language
In addition, Usercentrics stores a cookie in your browser in order to be able to assign the consents granted, or their withdrawal, to you. The data collected in this way are stored until you request us to erase them, you delete the Usercentrics cookie yourself, or the purpose for the data storage no longer applies. Mandatory statutory retention obligations remain unaffected.
Legal basis
Usercentrics is used in order to obtain the legally required consents for the use of cookies. The legal basis for the processing of your personal data is Art. 6(1)(c) GDPR.
Recipients
The recipient of your personal data is Usercentrics GmbH, Sendlinger StraĂźe 7, 80331 Munich, Germany.
Transfer to third countries
No transfer of your personal data to a third country takes place. We are, however, aware of our responsibility and regularly review the applicable framework conditions and legal developments. In the event of a transfer to a third country, we will adapt this information as quickly as possible.
Duration of data storage
The data are erased as soon as they are no longer necessary to achieve the purpose for which they were collected. In addition, the data are erased if you exercise your right to erasure within the meaning of Art. 17(1) GDPR.
Contractual and statutory obligation
Furthermore, the personal data which we are legally required to collect must be provided, or the provision of these data is necessary for compliance with a legal obligation. The legal obligation is laid down by Union law or the law of the Member States to which the controller is subject. In the present case, the legal obligation arises from Art. 7 GDPR. Failure to provide the data would mean that this legal obligation cannot be fulfilled.
Further data protection information
Further information on the processing of your personal data can be found here: www.usercentrics.com/privacy-policy/
13. Security
We have implemented extensive technical and organisational safeguards to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly reviewed and adapted to technological progress. Furthermore, data protection at our company is continuously ensured through ongoing auditing and optimisation of the data protection organisation.
14. Final provisions
Pipewise reserves all rights to make changes and updates to this Privacy Notice.