Privacy policy

We, VERSO GmbH

represented by the managing directors Matthias Graf, Andreas Maslo and Uwe Schneider

Agnes-Pockels-Bogen 1,
80992 Munich

are the operator (hereinafter referred to as “we” or “operator”) of the website “www.verso.de” (hereinafter referred to as “website”), which offers the following products and services:

• Licenses for the use of sustainability (ESG) and supply chain management software (hereinafter referred to as “ESG software”)
• Support services for the use of the ESG software and consulting services in the area of sustainability (hereinafter referred to as “sustainability-related consulting services”)
• (Further) training courses on the topic of sustainability/ESG (as part of the VERSO Academy).

We are therefore responsible for the collection, processing and use of personal data in this context in accordance with the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG) and the EU General Data Protection Regulation (GDPR).

The principle of data minimization is of great importance to us even during data collection. In addition, we only collect and process personal data if you have given us your consent to do so or if the law expressly permits or requires us to do so. In the following, we explain which data we collect, how we use it and what rights you have with regard to the use of your data:

 

1. personal data

The term “personal data” is defined in the BDSG and GDPR. This is all information relating to an identified or identifiable natural person (“data subject”); a natural person is considered identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. This includes, for example, your civil name, your address, your telephone number, your e-mail address or your date of birth. Company-related data can also contribute to the identification or identifiability of persons. To this extent, company-related data may also be covered by the scope of the GDPR.

 

2. processing of data

2.1 Processing of data when visiting our website

What personal data do we collect?

When you visit our website, our servers temporarily store every access in a log file. The following data is recorded without any action on your part and stored by a computer center commissioned by us on a server in a member state of the European Union until it is automatically deleted after 31 days at the latest:

• the IP address assigned to your computer,
• Online identifiers (e.g. session ID, device identifier),
• the name and URL of the requested file,
• Referrer URL (the previously visited page),
• the operating system of your device,
• Date and time of the request,
• the browser version you are using.

Why do we collect this data?

This data is required to ensure a smooth connection to the website, for statistical purposes (in particular the anonymized recording of user numbers to ensure functionality) and for the purpose of being able to trace cases of abusive behavior. We also need this data to ensure platform access specifically adapted to your device and operating system.

What is the legal basis for processing this data?

According to Article 6(1)(b) of the GDPR, the collection of personal data necessary for the performance (or facilitation) of a contract is permitted. We need the aforementioned data in order to prepare the conclusion of the contract with you and to offer you solutions that are tailored to your individual requirements and general conditions.

2.2 Processing of data when ordering a newsletter

What personal data do we collect?

You have the option of subscribing to our newsletter. This contains information about ESG, ESG best practices, news about VERSO GmbH and ESG-relevant events. For this purpose, we require a valid e-mail address as well as your first and last name. We also store your IP address and the date of registration.

Why do we collect this data?

Your e-mail address is only required for sending the newsletter and will only be used for this purpose. The sole purpose of storing your IP address and the date of your registration is to provide evidence of any possible misuse of your e-mail address to register for our newsletter. We process your first name and surname in order to be able to address you.

With whom do we share this data?

We work with HubSpot, a service provided by HubSpot Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141, USA (HubSpot), to send our newsletter. We have concluded an order processing contract with HubSpot in accordance with Article 28 GDPR and fully implement the strict requirements of the German and European data protection authorities when using HubSpot (see https://legal.hubspot.com/de/dpa).

The data stored during registration is transmitted to HubSpot and stored by HubSpot.  The order processing contract with HubSpot results in the transfer of data to a so-called third country (USA), i.e. a country outside the European Union. We have explained the data protection aspects of the transfer of data to third countries for you in a separate section at the end of this privacy policy (see section 9 “Data transfer to third countries”)

After registration, HubSpot will send you an e-mail to confirm your registration. This is a double opt-in procedure. This means that the newsletter will only be sent to you once you have registered for it (step 1) and clicked on the confirmation link sent to you by HubSpot (step 2). HubSpot also offers various options for analyzing how the sent newsletters are opened and used, e.g. how many users an email was sent to, whether emails were rejected and whether users unsubscribed from the list after receiving an email. For more information on how HubSpot works, please refer to section 5. b) Web analysis services of this privacy policy.

Further information on HubSpot’s data protection and processors can be found at: https://legal.hubspot.com/de/privacy-policy.

We will use the personal data collected from you as part of the e-mail newsletter exclusively for the purposes stated above. Your personal data will not be sold or passed on to third parties for the purposes of advertising, market research or opinion polling in a manner not mentioned above or not explained under point 5 b) of this data protection declaration.

How can I unsubscribe from the newsletter?

If you no longer wish to receive newsletters from us, you can object at any time and unsubscribe from the newsletter. A message in text form to our contact details at the end of this privacy policy (e.g. e-mail, fax, letter) is sufficient. Of course, you will also find a link to unsubscribe in every newsletter. When you unsubscribe from the newsletter, we will also delete the personal data collected from you for sending the newsletter.

What is the legal basis for processing this data?

In accordance with Article 6(1)(a) GDPR, your data is processed on the basis of your consent. You can withdraw this consent at any time and unsubscribe from the newsletter as described above.

2.3 Processing of data when using our ESG software and utilizing our sustainability-related consulting services

What personal data do we collect?

When providing our ESG software (including any support services) and when using our sustainability-related consulting services as well as when initiating the associated contract, we process the name and contact details (e-mail, telephone, professional address, etc.) of at least one employee of our (potential) customers. Depending on the number of license users on the customer’s side, the number of persons whose personal data we process increases.

Why do we collect this data?

The processing of this data is necessary for the provision of our ESG software and for the initiation, conclusion and execution of the contract you have concluded with us, including any sustainability-related services/consulting services you may have booked.

With whom do we share this data?

In certain cases, we share the aforementioned data with so-called “delivery partners” who provide the sustainability-related services/consulting services to you on our behalf and the processors of our delivery partners. For this purpose, we have concluded a corresponding data processing agreement with the respective delivery partner as our processor in accordance with Article 28 GDPR. Whether and to what extent a delivery partner is used in the specific contractual relationship with you will be agreed with you as part of the contract concluded with you.

What is the legal basis for processing this data?

The legal basis for the processing of this data is our legitimate interest (Article 6(1)(f) GDPR) in the optimized performance of the contract by us and our delivery partners and the necessity of this data for the performance of the contract (Article 6(1)(b) GDPR); in addition, your consent in accordance with Article 6(1)(a) GDPR.

2.4 Processing of data when ordering a demo for the ESG software

What personal data do we collect?

We offer you the opportunity to get to know our ESG software free of charge via a guided demo. To do this, you must register using a form provided on our website (“Book a demo”). You will need to provide your first and last name and a valid e-mail address so that we know who sent the request and can process it.

Why do we collect this data?

Your data is collected solely for the purpose of being able to offer you the demo and to prepare a possible contractual relationship with you.

What is the legal basis for processing this data?

Data processing for the purpose of ordering our demo version is carried out on the basis of Article 6(1)(b) GDPR. The guided demo is related to a possible conclusion of a contract (in particular regarding ESG software or sustainability-related consulting services) with you.

The personal data collected by us for the use of the registration form will be automatically deleted after the conclusion of the contract or the final rejection of a contractual relationship with us, unless they are still required for the exercise of legal or (pre-)contractual rights and obligations.

2.5 Processing of data in connection with the booking of our courses in the VERSO Academy

a) Booking online courses via “www.elopage.com/s/verso”

What personal data do we collect?

We also offer the booking of online courses via our website as part of the VERSO Academy (https://verso.de/academy-esg-online-kurse/). For this we use the service of the reseller namotto.

As soon as you click on the “Book now” button in the “Academy” section of our website (“https://verso.de/academy-esg-online-kurse”) for one of the courses described there, you will leave our website and be redirected to a web store that is hosted externally for us by the elopage platform (www.elopage.com/s/verso). If you book an online course via this web store, our partner or reseller namotto Universal Brands GmbH & Co KG (“namotto”) will become your contractual partner (https://elopage.com/s/verso).

Namotto is a service of the

namotto academies and friends GmbH & Co KG

Owner Tolga Oenal

Uhlandstrasse 154

10719 Berlin

info@namottoandfriends.com

All functions on the sales page as well as the entire downstream sales and payment processing are handled by namotto. You can find namotto’s privacy policy here.

If you place an order via our individual namotto sales page, the following of your data will be processed:

• Personal master data (surname, first name, address)
• Communication data (e-mail address, telephone number)
• Contract master data (contractual relationship, product or contractual interest)
• Customer history (e.g. login, product usage, products purchased)
• Contract billing and payment data (e.g. payment method, payment status, invoices)
• Planning and control data (e.g. visitor sources, number of views, pages visited, clicks)
• Technical data (e.g. IP address, device, browser, location, Mac address)
• Content data (e.g. videos, images, texts, audios, files)

Why do we collect this data?

Namotto processes the aforementioned data for us as our processor. The processing of this data is necessary for the provision of our ESG online courses by namotto and for the execution of the contract you have concluded with us.

With whom do we share this data?

We share the aforementioned data with namotto and namotto’s processors. For this purpose, we have concluded a corresponding data processing agreement with namotto academies and friends GmbH & Co KG as our processor in accordance with Article 28 GDPR. For more information on namotto’s processors, see https://namottoandfriends.com/wp-content/uploads/2020/03/Datenschutz-namotto-academies-and-friends-GmbHCoKG.pdf

What is the legal basis for processing this data?

The legal basis for the processing of this data is our legitimate interest (Article 6(1)(f) GDPR) in the optimized performance of the contract by namotto and the necessity of this data for the performance of the contract (Article 6(1)(b) GDPR).

b) Registration for the waiting list for live seminars

What personal data do we collect?

If you would like to register for our live seminars on the topic of substainability and there are no places available at the time of your desired registration, you can register for a waiting list (https://verso.de/live-seminare/) and you will be informed when places become available or a new course is offered. For this purpose, we collect your first and last name and your e-mail address. We also store your IP address and the date of your registration.

Why do we collect this data?

Your e-mail address is required to inform you in the event of new or vacant course places and will only be used for this purpose. The storage of the IP address and the date of your registration serves solely to prove possible misuse of your e-mail address. We process your first name and surname in order to be able to address you.

What is the legal basis for processing this data?

In accordance with Article 6(1)(a) GDPR, your data is processed on the basis of your consent. You can withdraw this consent at any time. In addition, the processing of your data is based on Article 6(1)(b) GDPR because the list of interested parties and waiting list serves to initiate the conclusion of a contract within the framework of the Verso Academy.

We will delete your data 3 months after your final declaration that we are not interested in concluding a contract, unless you expressly request an earlier deletion or the storage of your data is necessary for the exercise of legal or (pre-)contractual rights and obligations.

c) Download the Verso Academy information package

What personal data do we collect?

To receive information about the offers and contents of the courses within the Verso Academy, you have the possibility to download an information package (https://verso.de/academy/esg-sustainability-management-in-der-praxis/#infopaket”) by clicking on “send”. For this purpose, we collect your first and last name and your e-mail address. We also store your IP address and the date of your registration.

Why do we collect this data?

Your e-mail address is only required for sending the information package and will only be used for this purpose. The sole purpose of storing your IP address and the date of your registration is to provide evidence of any possible misuse of your e-mail address to download our information package. We process your first name and surname in order to be able to address you.

What is the legal basis for processing this data?

In accordance with Article 6(1)(a) GDPR, your data is processed on the basis of your consent. You can withdraw this consent at any time. In addition, the processing of your data is based on Article 6(1)(b) GDPR because the information package serves to initiate the conclusion of a contract within the framework of the Verso Academy.

We will delete your data 6 months after completion of the course or 3 months after your final declaration that you are not interested in concluding a contract, unless you expressly request earlier deletion or the storage of your data is necessary for the exercise of legal or (pre-)contractual rights and obligations.

3. storage of your data

We store and process your personal data on rented servers in a member state of the European Union. Both we and the data centers commissioned by us protect your data using technical and organizational security measures in order to minimize risks in connection with loss, misuse, unauthorized access and unauthorized disclosure and modification of this data. For example, firewalls and data encryption are used for this purpose, as well as physical access restrictions and authorization controls for data access.

We store your personal data collected during a visit to our website (see section 2.a above) or entered by you when filling out the contact form (see section 2.b above) for a maximum of 31 days. We will store the data required to receive the newsletter until you have unsubscribed from the newsletter. The personal data collected by us for the processing of your contractual relationships or in connection therewith will be stored until the expiry of the statutory retention obligation, unless otherwise regulated above under 2.). Contractual claims generally expire in 2-3 years, during which time data is generally required to check and implement claims in connection with the purchase. In addition, other laws (e.g. the German Commercial Code) may result in retention obligations of up to 10 years.

4. disclosure of data

Apart from the other cases mentioned in this data protection declaration, your personal data will only be passed on or otherwise transmitted to third parties if this is necessary for the purpose of processing the contract or if you have given your prior consent. Anything else only applies if there is a legal obligation to do so (e.g. information to certain authorities as part of their statutory duties) or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship with you.

5. cookies and web analysis services

a) Cookies

Interactions with our website are tracked using cookies and the technologies mentioned below in order to customize our website for you. Cookies are small files that are stored on your hard disk or device. When you visit our website again from the same device, the information stored in the cookies is sent back to our website. Because these are cookies set by us, they are referred to as “first party cookies”. If the cookie was set by another website, it is referred to as a “third party cookie”. In this case, the cookie information is sent back to this website.

We use the information stored and returned on the cookie to ensure easier navigation and a high degree of user-friendliness of our website.

We use different types of cookies, which are subdivided as follows and are each subject to different legal bases when used. We explain these legal bases and the functions of the respective cookies in the presentation of the respective tools in which they are specifically used.

• Technically necessary cookies
• Functional and performance cookies
• Technically not necessary cookies

You can deactivate the use of cookies individually in your browser. Of course you can then still visit our website, but the functionality cannot be ruled out.

aa) Technically necessary cookies

Technically necessary cookies enable the use of our website; they are essential for login or shopping cart functions, for example. They are used by us as first party cookies so that the stored information is sent back to our website. Due to their importance for the functionality of our website, technically necessary cookies can be used without your consent. Furthermore, these cookies cannot be deactivated individually (however, it is possible to deactivate all cookies via your browser; for technical details, see below).

The legal basis for the use of technically necessary cookies is Article 6(1)(b) GDPR, as accessing our website serves to initiate a contract, as well as Article 6(1)(f) GDPR, as we have an overriding legitimate interest in the functionality of our website.

bb) Functional and performance cookies

Functional cookies enable our website to save your details and preferences (e.g. user name, language setting) to make it easier for you to use our website. The functional cookies we use do not affect your browsing history or your activity on other websites. In addition, the functional cookies we use are first-party cookies.

Performance cookies collect information about the use of our website. This information is used to improve functionality and user-friendliness. For example, these cookies collect information about the frequency with which content is clicked on or about the scrolling behavior of our website. We also record the duration of the website visit, the areas and subpages accessed, the user’s location and the proportion of mobile devices used for this purpose. Your IP address is transmitted to us for technical reasons , but is anonymized and therefore does not enable identification. The performance cookies we use are first-party cookies.

The legal basis for the use of functional and performance cookies is our legitimate interest in optimizing our website in accordance with Article 6 (1) (f) GDPR.

cc) Technically not necessary cookies

Technically unnecessary cookies are all cookies that are neither technically necessary cookies nor functional or performance cookies. We use technically unnecessary cookies to evaluate your browsing behavior and to show you personalized advertising on and outside our website. In this way, we want to meet your interests. Insofar as we also evaluate your user behavior on other websites and show you personalized advertising there, we use marketing cookies with a remarketing function as so-called third-party cookies, which not only enable advertising on other websites, but also the analysis of your overall user behavior. Google Analytics and Google Ads are examples of the use of such tools (see below for details).

The legal basis for the use of technically unnecessary cookies is your consent in accordance with Article 6(1)(a) GDPR. You can revoke this consent at any time.

When you use our website or our web stores for the first time, we will inform you immediately about all cookies used by us and their purpose. Only if you agree to the use of technically unnecessary cookies will these cookies be stored on your hard disk.

We use the WordPress plugin “Borlabs Cookie” to collect, manage and store your consent. The Borlabs cookie stores your consent. It is technically necessary and is therefore set by us due to our overriding interest in documenting consent and revocations in accordance with Article 6 (1) (f) GDPR. If you delete your cookies, we will ask you for your consent again the next time you visit our website.

b) Web analysis services

aa) HubSpot

We use the web analysis service HubSpot, a service provided by HubSpot Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141, USA (HubSpot). We use HubSpot both to check and evaluate the success of our advertising campaigns (so-called conversion tracking) and for the purpose of being able to show you targeted advertising on other websites that matches your interests as a result of analyzing your browsing history (so-called retargeting function). The information generated by the cookie about your use of our website may be transferred to a HubSpot server in the USA and stored there (for data transfer to third countries, see section 9 “Data transfer to third countries” in this privacy policy). HubSpot acts as our processor within the meaning of Article 28 GDPR (for the processor agreement that we have concluded with HubSpot, see section 2. c) of this privacy policy)

For this purpose, HubSpot uses technically unnecessary cookies (marketing cookies) and so-called “web beacons”. These are stored on your end device and enable us to analyze your visit to our website. For example, HubSpot collects your location, the type of browser used, the duration of the visit, the subpages accessed, your IP address and other data) and analyzes your web activity on this basis.

As part of conversion tracking, HubSpot creates and transmits reports on the respective user behavior and thus enables us to evaluate the success of our online advertising and to present you with targeted advertising on our website.

As part of the retargeting function, the analysis of your browsing behavior that HubSpot performs on our behalf enables us to show you interest-based advertising on other websites. For this purpose, we can also use the technically unnecessary cookies (marketing cookies) set by HubSpot to merge the personal data stored when you subscribe to the newsletter (see section 2.c)) with the other data collected by HubSpot in order to present you with advertising offers that are of interest to you.

You can prevent the storage of cookies by setting your browser software accordingly or delete cookies whose use you have consented to. HubSpot also provides you with detailed information on how to manage the use of cookies, see https://legal.hubspot.com/de/cookie-policy. However, we would like to point out that if you prevent or delete cookies, you may not be able to use all the functions of our website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by HubSpot and the processing of this data by HubSpot by revoking your consent.

The legal basis for the use of HubSpot is your consent in accordance with Article 6(1)(a) GDPR. You can revoke this consent at any time.

You can find more information on the function and data protection by HubSpot under the following link: https://legal.hubspot.com/de/privacy-policy.

bb) Google

For the purposes of statistical analysis, we use Google Analytics on our website, a web analysis service provided by Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). Google Analytics uses its own cookies. These store text files on your computer that enable your use of the website to be analyzed. The information generated by the cookie about your use of our website is usually transferred to a Google server in the USA and stored there (for data transfer to non-secure third countries, see section 9 “Data transfer to third countries” in this privacy policy). To prevent the personalization of this data, your IP address is anonymized by shortening it. We are therefore unable to determine to which user an IP address can be assigned. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and only anonymized there. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity and internet usage.

Google is obliged not to merge the IP address transmitted by your browser as part of Google Analytics with other data. You can also prevent the storage of cookies by selecting the appropriate settings in your browser software. However, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by revoking your consent and generally by clicking on the following link. An opt-out cookie will be set to prevent the future collection of your data when you visit this website: https://tools.google.com/dlpage/gaoptout?hl=de.

Insofar as data processing by Google Analytics involves the transfer of data to third countries and these have not previously been anonymized, please refer to section 9 of this privacy policy (data transfer to third countries).

You can find more information about Google Analytics at

http://www.google.com/analytics/terms/de.html or at

http://www.google.com/intl/de/analytics/privacyoverview.html and

https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=2790009.

The legal basis for data processing by Google Analytics is your consent in accordance with Article 6(1)(a) GDPR. You can withdraw this consent at any time.

cc) Google Ads

Google Ads Conversion

Google Ads Conversion is also used to display personalized advertising. With the help of Google Ads, we can present our products on other websites. We can deduce the success of our advertising campaigns from the user behavior on our website, e.g. by evaluating the number of clicks and frequency of use or by determining whether you have reached our website through a Google ad. For this purpose, Google places cookies on your end device, which are not technically necessary. Google can use the ads to recognize your browser and your browsing history. We do not process any personal data through these advertising measures; it is not possible for us to identify website visitors. We determine the success of our advertising campaigns on the basis of statistical evaluations that Google transmits to us in pseudonymized form.

Google Ads establishes an automatic connection between your browser and Google’s servers in the USA (for data transfer to third countries, see section 9 “Data transfer to third countries” in this privacy policy). Since we have no influence on further data processing by Google, we are only informing you on the basis of our current knowledge: Ads cookies inform Google that you have accessed our website and in which area and, if applicable, which of our ads you have clicked on. If you have a Google account, Google can assign this information to your account. If you are not registered with Google or are not logged into your customer account, your IP address can be assigned, which is collected and stored by Google.

The legal basis for the use of Google Ads is your consent in accordance with Article 6(1)(a) GDPR. You can withdraw this consent at any time.

Google Ads Remarketing

Within our integration of Google Ads, we also use the remarketing function of this service. This enables us to display personalized advertising to visitors to our website on other websites in the Google network (e.g. as part of the Google search function or on YouTube) or on other websites. For this purpose, Google evaluates which offers on our website a visitor is particularly interested in and thus enables the placement of targeted advertising on other websites. For this purpose, Google places marketing cookies (technically unnecessary cookies) on the user’s end device. The cookies are used to identify the browser, but not the user’s person.

Information on the processing of personal data by Google can be found under the following links:

http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html.

Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.

Prevention of the setting of cookies:

You can prevent participation in this tracking process in various ways:

1. Deactivation of all cookies in your browser or by
2. Installation of the corresponding Google Plug
   Ins: https://www.google.com/settings/ads/plugin;

In this case, the usability of our website may be restricted.

The legal basis for the use of Google Ads Remarketing is your consent in accordance with Article 6(1)(a) GDPR. You can withdraw your consent at any time.

6. our social media presence

a) Our Facebook fan page

You can also contact us via our fan page at Facebook Ireleand Ltd, 4 Grand Canal Swuare, Dublin 2, Ireland, within their social network Facebook. There we also present news about our products and provide you with further product-related information. This may result in Facebook collecting statistical data for us, for example by transmitting statistical data on likes, comments, etc. to us. At the same time, Facebook may also collect your personal data on its own responsibility and for its own purposes. If Facebook collects data on our behalf, the principles set out in this privacy policy apply, in particular your rights set out in this policy. The legal basis for the processing of your personal data by us is Article 6(1)(b) GDPR and Article 6(1)(f) GDPR. According to Article 6(1)(f) GDPR, we may process personal data if this is in our legitimate interest and does not result in undue disadvantages for you. Our interest in presenting our product range and communicating with you is to be classified as a legitimate, overriding interest.

Facebook collects data for its own purposes in accordance with the principles established by Facebook. However, if you wish to contact Facebook in this regard, you can also contact us and we will forward your request to Facebook.

b) Our LinkedIN profile

We operate a profile on the social platform LinkedIn (https://www.linkedin.com/company/versogmbh/), a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. As the operator of a LinkedIn profile, we can view the information stored in your public LinkedIn profile if you have such a profile and are logged into it when you access our LinkedIn profile. In addition, LinkedIn provides us with anonymous usage statistics that we use to improve the user experience when visiting our LinkedIn profile. We do not have access to the usage data that LinkedIn collects to compile these statistics. This data processing serves our legitimate interest in improving the user experience when visiting our LinkedIn profile in line with our target group. The legal basis for data processing is therefore Article 6(1)(f) GDPR.

LinkedIn also uses cookies that are stored on your device when you visit our LinkedIn profile, even if you do not have your own LinkedIn profile or are not logged into it during your visit to our profile. These cookies allow LinkedIn to create user profiles based on your preferences and interests and to show you customized advertising (inside and outside LinkedIn). Cookies remain on your device until you delete them. When you access a LinkedIn page, the IP address assigned to your device is transmitted to LinkedIn. According to LinkedIn, this IP address is anonymized on servers within the European Economic Area (EEA) and deleted after 90 days For details, please refer to LinkedIn’s privacy policy: https://de.linkedin.com/legal/privacy-policy. We have no influence on the latter data processing by LinkedIn, are not involved in the results of the data processing and have no interest in it.

7. rights of data subjects

You have the right:

• to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
• in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
• in accordance with Art. 17 GDPR, to demand the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
• in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
• in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller
• in accordance with Art. 7 para. 3 GDPR, to revoke your consent once given to us at any time. The consequence of this is that we may no longer continue the data processing that was based on this consent in the future and
• to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 (1) sentence 1 letter f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.

In one of the cases mentioned above and for further questions about the use of your personal data, please contact us:

VERSO GmbH

Agnes-Pockels-Bogen 1

80992 Munich

datenschutz@verso.de

 

The Data Protection Officer (DPO) of VERSO GmbH is

DIE-DIGITALLOTSEN I Henrik Simmack
Cybersecurity ▪ Information security ▪ Data protection

Behind Gardens 8, 72459 Albstadt
www.die-digitallotsen.com ▪ office@die-digitallotsen.com

8. Mobile devices

The provisions of this privacy policy also apply to mobile access and the use of mobile devices.

9. data transfer to third countries

If the data processing described in this privacy policy involves the transfer of data to third countries outside the European Union, your data will only be transferred if there is a so-called adequacy decision by the European Commission (Article 46 GDPR). In this case, the EU Commission confirms that the level of data protection in the third country is comparable to that in the EU. We also use so-called standard contractual clauses of the EU Commission and internal data protection agreements to protect your data when it is transferred to third countries.

If these options are not sufficient to protect your data when it is transferred to a third country, we will only transfer your data to a third country if you have consented to this in accordance with Article 49 GDPR after being informed of the associated risks.

Article 49 GDPR also allows data to be transferred to a third country if this transfer is necessary for the performance of a contract. If we transfer data to a third country for this reason, we would like to point out that the above-mentioned risks also exist in this case.

This document is a translation; in case of any doubt or dispute, only the German version shall be considered authoritative.