VERSO GmbH
represented by Florian Holl und Andreas Maslo
Agnes-Pockels-Bogen 1
80992 München
are operators (hereinafter referred to as “we” or “operator”) of the website “www.verso.de” (hereinafter referred to as “website”) as well as the web shop (www.verso.de/en/shop) (hereinafter referred to as “web shop”), through which products (hereinafter also the “platform”) and services (hereinafter also “services”) are offered. We are therefore responsible for the collection, processing and use of personal data within the meaning of the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG) and the EU General Data Protection Regulation (GDPR).
We attach great importance to the principle of data economy already when collecting data. We only collect and process personal data if you have given us your consent or if the law permits or requires us to do so. In the following, we will explain what information we collect, how we use it, and what rights you have over us in relation to the use of your information:
Important: This is a translation of the privacy policy provided for information purposes only. Only the original declaration, which is available in German, is legally valid.
The term personal data is defined in the BDSG and GDPR. It is any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. This therefore includes, for example, your civil name, address, telephone number, e-mail address or date of birth. Company-related data may also contribute to the identification or identifiability of individuals. To this extent, company-related data may also be covered by the scope of the GDPR.
Unless otherwise stated in the following paragraphs, no personal data is generally processed when using our products, services, and courses, i.e., neither automatically collected, recorded, stored or otherwise used.
We collect the following data:
What personal data do we collect?
When you visit our website, our servers temporarily store every access in a log file. The following data is collected without your intervention and stored until automatic deletion after 31 days at the latest by a computer centre commissioned by us on a server in a member state of the European Union:
– The IP address assigned to your computer,
– online identifiers (e.g., session ID, device identifier),
– the name and URL of the requested file,
– referrer URL (the previously visited page),
– the operating system of your device,
– the date and time of the request,
– the browser version you are using.
Why do we collect this data?
This data is necessary to ensure a smooth connection of the website, for statistical purposes (in particular the anonymized collection of user numbers to ensure functionality) and for the purpose of tracking cases of abusive behavior. We also need this data to ensure platform access specifically adapted to your device and operating system.
What is the legal basis for processing this data?
According to Article 6 Paragraph 1 Letter b of the GDPR, the collection of personal data necessary for the performance (or enabling) of a contract is permitted. We need the aforementioned data to prepare the conclusion of a contract with you and to offer you solutions that are tailored to your individual requirements and framework conditions.
We offer you the possibility to test our product 14 days free of charge. For this you have to register via a form provided on our website (“VERSO 14 days free trial”). In doing so, you must provide your name and a valid e-mail address so that we know from whom the request originates and so that we can process it.
Why do we collect this data?
Your data will be collected for the sole purpose of providing you with the trial version free of charge as well as contacting you again after the trial period has expired in order to receive feedback on our product.
What is the legal basis for processing this data?
Data processing for the purpose of ordering our trial version is also based on Article 6 Paragraph 1 Letter b) GDPR. The test phase anticipates a possible conclusion of a contract with you.
The personal data collected by us for the use of the registration form will be automatically deleted after completion of the order placed by you unless they are still required for the exercise of legal or (pre-) contractual rights and obligations.
What personal data do we collect?
You have the option of subscribing to a newsletter from us. This contains information on the topic of CSR, CSR best practices, news regarding VERSO GmbH and CSR-relevant events. For this we need a valid e-mail address from you. In addition, we store your IP address and the date of subscription. This also applies if you download a “curriculum” (description of all the contents of our CSR course and the time schedule) as a PDF at https://verso.de/csr-kurs/. In this case, you also enter a valid e-mail address and declare that you wish to receive our newsletter (for more information on ordering from our webshop, see Section 2. d) of this privacy policy).
Why do we collect this data?
Your e-mail address is only mandatory for sending the newsletter and will only be used for this purpose. The storage of the IP address and the date of your registration serves solely to prove a possible misuse of your e-mail address to register for our newsletter.
With whom do we share this data?
We work with HubSpot, a service of HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA (HubSpot) to send our newsletter. We have concluded an order processing agreement with HubSpot and fully implement the strict requirements of the German and European data protection authorities when using it (see https://legal.hubspot.com/dpa).
The data stored during registration is transmitted to HubSpot and stored by HubSpot. The order processing contract with HubSpot results in the transmission of data to a so-called third country (USA), i.e., a country outside the European Union. We have explained the data protection aspects of the transfer of data to third countries in a separate section at the end of this data protection declaration (see Section 9 “Data transfer to third countries”).
After registration, HubSpot will send you an email to confirm your registration. This is the double opt-in procedure. The newsletter will therefore only be sent to you once you have registered for it (step 1) and clicked on the confirmation link sent to you by HubSpot (step 2). Furthermore, HubSpot offers various analysis options on how the sent newsletters are opened and used, e.g., to how many users an email was sent, whether emails were rejected and whether users unsubscribed from the list after receiving an email. For more information on how HubSpot works, see Section 5. b) Web analytics services of this Privacy Policy.
For more information about HubSpot’s privacy policy and data processors, please visit: https://legal.hubspot.com/privacy-policy.
We will only use the personal data collected from you as part of the email newsletter for the purposes stated above. A sale or a transfer of your personal data to third parties for purposes of advertising, market or opinion research not mentioned above or not explained in Section 5 Letter b) of this data protection declaration will not take place.
How can I unsubscribe from the newsletter?
If you no longer wish to receive newsletters from us, you can object at any time and unsubscribe from the newsletter. A message in text form to our contact details found at the end of this privacy policy (e.g., e-mail, fax, letter) is sufficient for this. Of course, you will also find a link in each newsletter to unsubscribe. When you unsubscribe from the newsletter, we also delete the personal data collected from you for the newsletter mailing.
What is the legal basis for processing this data?
According to Article 6 Paragraph 1 Letter a) GDPR, the processing of your data is based on your consent. You can revoke this consent at any time and unsubscribe from the newsletter as described.
(1) Ordering product and services via “www.verso.de/shop”.
You can order the product and/or services via our webshop www.verso.de/shop. For this purpose, you must register as a customer for future orders. As part of the ordering process, we request your consent to data processing in accordance with Article 6 Paragraph 1 Letter a) GDPR.
In the process, your personal data is entered into an input mask and transmitted to us and stored. If you place an order via our website, we collect the following data:
– First name
– Last name,
– e-mail address,
– address,
– telephone number (landline and/or mobile)
– payment data
Why do we collect this data?
The collection of this data is done
– to be able to identify you as our customer
– to be able to process, fulfil and handle your order;
– to correspond with you regarding your order;
– for direct marketing of our own similar goods or services;
– for invoicing purposes;
– to process any warranty claims, as well as the assertion of legal claims;
– to ensure the technical administration of our website;
– to manage our customer data.
With whom do we share this information?
If you choose to pay by “credit card”, payment processing is carried out by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (“Stripe”).
The data stored during the ordering process (name, address, credit card number, invoice amount, currency, and transaction number) will be transmitted to Stripe and stored by Stripe. The data entered during the ordering process will not be transmitted to other third parties. Your data will only be shared for the purpose of processing payments with Stripe and only to the extent necessary to do so. A sale or transfer of your personal data to third parties for purposes of advertising, market or opinion research does not take place.
For more information about Stripe’s privacy policy, please visit https://stripe.com/de/privacy.
We work together with “Intercom” (Intercom, Inc., 98 Battery Street, Suite 402, San Francisco, CA 94111 USA as well as 2nd Floor, Stephen Court, 18-21 Saint Stephen’s Green, Dublin 2, hereinafter “Intercom”) for the purpose of managing customer data. Insofar as data is transmitted to a third country (in particular the USA), we refer to Section 9 of this data protection declaration (data transmission to third countries).
If you have ordered one of our products and thus have access to the VERSO Platform, your e-mail address and name will be transmitted to Intercom and stored by Intercom. The aforementioned data provided by you during the order process will not be transmitted to other third parties.
Detailed information on data protection at “Intercom” can be found at https://www.intercom.com/legal/privacy
In addition, Intercom uses the following subcontracted processors to manage some of its customer data:
Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States for hosting and storage purposes.
Message Systems, Inc. (dba SparkPost), 9160 Guilford Rd, Columbia, MD 21046, for the purpose of message deliverability.
Insofar as this involves data transfers to third countries, we refer to Section 9 of this Privacy Policy (Data Transfer to Third Countries).
What is the legal basis for the processing of this data?
Data processing is carried out in response to your order and/or registration and is necessary for the appropriate processing of your order and for the mutual fulfilment of obligations arising from the purchase contract in accordance with Article 6 Paragraph 1 Page 1 Letter b) of the GDPR.
(2) Booking of online courses via “www.elopage.com/s/verso“
We also offer the booking of online courses via our website as part of the VERSO Academy. For this purpose, we use the service namotto.
As soon as you click on the button “Register now” or “Register now for only X €” in the “Academy” area of our website (“https://verso.de/csr-kurs/”) for one of the courses described there, you will leave our website and be redirected to a webshop that is hosted externally for us by the platform elopage (www.elopage.com/s/verso). If you book an online course via this webshop, our partner or reseller namotto Universal Brands GmbH & Co KG (“namotto”) will become your contractual partner (Please find here the link to the processing by namotto).
Namotto is a service of
namotto academies and friends GmbH & Co KG
Owner Tolga Oenal
Uhlandstrasse 154
10719 Berlin
info@namottoandfriends.com
All functions on the sales page as well as the entire downstream sales and payment processing are carried out by namotto. You can find namotto’s privacy policy here.
When you place an order through our individual namotto sales page, the following of your data will be processed:
– Personal master data (surname, first name, address)
– Communication data (e-mail address, telephone number)
– Contract master data (contractual relationship, product, or contractual interest)
– Customer history (e.g., login, product usage, purchased products)
– Contract billing and payment data (e.g., payment method, payment status, invoices)
– Planning and control data (e.g., visitor sources, number of calls, pages visited, clicks)
– Technical data (e.g., IP address, device, browser, location, Mac address)
– Content data (e.g., videos, images, texts, audios, files).
Why do we collect this data?
Namotto processes the aforementioned data on our behalf. The processing of this data is necessary for the provision of our CSR online courses by namotto as well as for the performance of the contract you have concluded with us.
With whom do we share this data?
We share the aforementioned data with namotto and namotto’s processors. For this purpose, we have concluded a corresponding order processing agreement with namotto academies and friends GmbH & Co KG as our order processor in accordance with Paragraph 28 GDPR. For more detailed information on namotto’s order processors, see https://namottoandfriends.com/wp-content/uploads/2020/03/Datenschutz-namotto-academies-and-friends-GmbHCoKG.pdf.
What is the legal basis for processing this data?
The legal basis for the processing of this data is our legitimate interest (Article 6 Paragraph 1 Letter f) GDPR) in optimized contract performance by namotto as well as the necessity of this data for contract performance (Article 6 Paragraph 1 Letter b) GDPR).
We store and process your personal data on rented servers in a member state of the European Union. Both we and the data centres contracted by us protect your data by technical and organizational security measures in order to minimize risks in connection with loss, misuse, unauthorized access and unauthorized disclosure and modification of this data. For example, firewalls and data encryption are used for this purpose, as well as physical access restrictions and authorization controls for data access.
We store your personal data collected during a visit to our homepage (see Section 2.a) above) or entered by you when filling out the contact form (see Section 2.b) above) for a maximum of 31 days. We will store the data required to receive the newsletter until you have unsubscribed from the newsletter. The personal data collected by us for the processing of your order will be stored until the expiry of the legal obligation to keep records. Contractual claims usually expire in 2-3 years, as long as data is usually needed to check and implement claims in connection with the purchase. In addition, other laws (e.g., the Commercial Code) may result in retention obligations of up to 10 years.
Apart from the other cases mentioned in this data protection declaration, your personal data will only be disclosed to third parties or otherwise transferred if this is necessary for the purpose of processing the contract or if you have given your prior consent. Something else only applies if there is a legal obligation to do so (e.g., information to certain authorities within the scope of their legal duties) or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship with you.
Interactions with our website are tracked using cookies and the technologies mentioned below in order to customize our website for you. Cookies are small files that are stored on your hard drive or terminal device. When you visit our website again from the same device, the information stored in the cookies is sent back to our website. Because these are cookies set by us, they are referred to as “first party cookies”. Insofar as the cookie was set by another website, this is referred to as a “third party cookie”. In this case, the information of the cookie is sent back to this website.
We use the information stored and returned on the cookie to ensure ease of navigation and a high level of user-friendliness of our website.
We use different types of cookies, which are divided as follows and are each subject to different legal bases when they are used. We explain these legal bases as well as the functionality of the respective cookies in the presentation of the respective tools in which they are specifically used.
– Technically necessary cookies
– Functional and performance cookies
– Technically not necessary cookies
You can deactivate the use of cookies individually in your browser. Of course, you can then still visit our website, but a restriction of functionality cannot be ruled out.
Technically necessary cookies
Technically necessary cookies enable the use of our website, they are essential for login or shopping cart functions. They are used as first party cookies by us, so that the stored information is sent back to our website. Due to their importance for the functioning of our website, technically necessary cookies can be used without your consent. Furthermore, these cookies cannot be deactivated individually (however, it is possible to deactivate all cookies via your browser; for technical details, see below).
The legal basis for the use of technically necessary cookies is Article 6 Paragraph 1 Letter b) DSVO, since calling up our website serves to initiate a contract, and also Article 6 Paragraph 1 Letter f) GDPR, since we have an overriding legitimate interest in the functionality of our website.
Functional and performance cookies
Functional cookies allow our website to store your once-executed details and preferences (e.g., username, language setting) in order to make it easier for you to use our website. The functional cookies we use and therefore do not affect your browsing history or activity on other websites. In addition, the functional cookies we use are first-party cookies.
Performance cookies collect information about the use of our website. This information is used to improve functionality and user-friendliness. For example, these cookies collect information about the frequency with which content is clicked or about scrolling behavior from our website. We also record the duration of the website visit, the areas and subpages called up, the user’s location and the proportion of mobile devices used for this purpose. Your IP address is transmitted to us for technical reasons but anonymized and thus does not allow identification. The performance cookies we use are first-party cookies.
The legal basis for the use of functional and performance cookies is our legitimate interest in optimizing our website in accordance with Article 6 Paragraph 1 Letter f) GDPR.
Technically unnecessary cookies
Technically unnecessary cookies are all cookies that are neither technically necessary cookies nor functional or performance cookies. We use technically non-essential cookies to evaluate your browsing behavior and display personalized advertising on and off our website. In this way, we want to meet your interests. Insofar as we also evaluate your user behavior on other websites and display personalized advertising to you there, we use marketing cookies with remarketing function as so-called third-party cookies, which not only enable advertising on other websites, but also the analysis of your overall usage behavior. An example of the use of such tools are Google Analytics and Google Ads (see below for details).
The legal basis for the use of technically unnecessary cookies is your consent pursuant to Article 6 Paragraph 1 Letter a) GDPR. You can revoke this consent at any time.
When using our website or our webshops for the first time, we will immediately inform you of all cookies used by us and their purpose. Only if you consent to the use of technically unnecessary cookies, these cookies will be stored on your hard drive.
To collect, manage and store your consent, we use the WordPress plugin “Borlabs Cookie”. The Borlabs cookie stores their consent. It is technically necessary and is therefore set by us due to our overriding interest in documenting consent and revocations in accordance with Article 6 Paragraph 1 Letter f) DSVO. If you delete your cookies, we will ask you for your consent again the next time you visit our website.
HubSpot
We use the web analytics service HubSpot, a service provided by HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA (HubSpot). We use HubSpot both to check and evaluate the success of our advertising campaigns (so-called conversion tracking) and for the purpose of being able to show you targeted advertising on other websites that matches your interests as a result of the analysis of your browsing history (so-called retargeting function). The information generated by the cookie about your use of our website may be transmitted to and stored by HubSpot on servers in the United States (for data transmission to third countries, see Section 9 “Data transmission to third countries”, in this privacy policy). HubSpot acts as our order processor within the meaning of Article 28 GDPR (for the order processor agreement that we have concluded with HubSpot, see Section 2. c) of this data protection declaration).
For this purpose, HubSpot uses technically unnecessary cookies (marketing cookies) and so-called “web beacons”. These are stored on your terminal device and enable us to analyse your visit to our website. For example, HubSpot collects for us your location, the type of browser used, the duration of the visit, the subpages accessed, their IP address and other data) and analyses your web activity on this basis.
As part of conversion tracking, HubSpot creates and transmits reports on the respective user behavior and thus enables us to evaluate the success of our online advertising and to present you with targeted advertising on our website.
As part of the retargeting function, the evaluation of your browsing behavior, which HubSpot performs on our behalf, enables us to show you interest-based advertising on other websites. For this purpose, the technically unnecessary cookies (marketing cookies) set by HubSpot also allow us to merge the personal data stored when you ordered the newsletter (see Section 2.c)) with the other data collected by HubSpot in order to present you with the advertising offers that are of interest to you.
You can prevent the storage of cookies by making the appropriate settings in your browser software or delete cookies that you have consented to the use of. Furthermore, HubSpot informs you in detail about possibilities to manage the use of cookies, cf. https://legal.hubspot.com/cookie-policy. However, we would like to point out that if you prevent or delete cookies, you may not be able to use all functions of our website to their full extent. Furthermore, you can prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by HubSpot, as well as the processing of this data by HubSpot, by revoking your consent.
The legal basis for the use of HubSpot is your consent pursuant to Article 6 Paragraph 1 Letter a) GDPR. You can revoke this consent at any time.
For more information on the function and data protection by HubSpot, please see the following link: https://legal.hubspot.com/privacy-policy.
For statistical analysis purposes, we use Google Analytics on our website, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). Google Analytics uses its own cookies. In doing so, text files are stored on your computer that enable an analysis of your use of the website. The information generated by the cookie about your use of our website is usually transmitted to a Google server in the USA and stored there (for data transmission to non-secure third countries, see Section 9 “Data transmission to third countries” in this privacy policy). To prevent the personalization of this data, your IP address is anonymized by shortening it. We are therefore unable to determine to which user an IP address can be assigned. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and only anonymized there. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage.
Google is obliged not to merge the IP address transmitted by your browser as part of Google Analytics with other data. You can also prevent the storage of cookies by selecting the appropriate settings on your browser software. However, we would like to point out that in this case you may not be able to use all functions of our website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by revoking your consent and generally by clicking on the following link. An opt-out cookie will be set that prevents the future collection of your data when visiting this website: https://tools.google.com/dlpage/gaoptout?hl=de.
Insofar as data processing by Google Analytics results in the transfer of data to third countries and this data has not previously been anonymized, please refer to Section 9 of this privacy policy (Data transfer to third countries).
You can find more information about Google Analytics at
http://www.google.com/analytics/terms/de.html or at
http://www.google.com/intl/de/analytics/privacyoverview.html and
https://support.google.com/analytics/answer/2838718?hl=de&ref_topic=2790009.
The legal basis for data processing by Google Analytics is your consent pursuant to Article 6 Paragraph 1 Letter a) GDPR. You can revoke this consent at any time.
Google Ads
Google Ads Conversion
Google Ads Conversion is also used to display personalized advertising. With the help of Google Ads (“Ads”), we can present our products on other websites. From the user behavior on our website, we can derive the success of our advertising campaigns, for example, by evaluating the number of clicks and frequency of use or by determining whether you have reached our website through a Google ad. For this purpose, Google sets cookies on your terminal device, which are not technically necessary. By means of the Ads, Google can recognize your browser and your browsing history. We do not process any personal data through these advertising measures, and it is not possible for us to identify website visitors. We determine the success of our advertising campaigns by means of statistical evaluations, which Google transmits to us pseudonymously.
Google Ads establishes an automatic connection between your browser and Google’s servers in the USA (for data transmission to third countries, see Section 9 “Data transmission to third countries”, in this privacy policy). Since we have no influence on the further data processing by Google, we inform you only on the basis of our current knowledge: Through the Ads Cookies, Google is informed that and in which area they have accessed our website and, if applicable, which of our advertisements they have clicked on. If they have a Google account, Google can associate this information with their account. If you are not registered with Google or are not logged in to your customer account, an assignment to your IP address can be made in any case, which is collected and stored by Google.
The legal basis for the use of Google Ads is your consent pursuant to Article 6 Paragraph 1 Letter a) GDPR. You can revoke this consent at any time.
Google Ads Remarketing
Within our integration of Google Ads, we also use the remarketing function of this service. This enables us to display personalized advertising to visitors to our website on other websites in the Google network (e.g., as part of the Google search function or on YouTube) or on other websites. For this purpose, Google evaluates which offers on our website a visitor is specifically interested in and thus enables the placement of targeted advertising on other websites. For this purpose, Google sets marketing cookies (technically unnecessary cookies) on the end devices of the users. The cookies identify the browser, but not the person of the user.
Information on the processing of personal data at Google can be found under the following links:
http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html.
Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org.
Preventing Cookie Setting:
You can prevent participation in this tracking process in several ways:
1. disabling all cookies in your browser or by.
2. installing the corresponding Google plug-in: https://www.google.com/settings/ads/plugin;
In this case, the usability of our website may be limited.
The legal basis for the use of Google Ads Remarketing is your consent in accordance with Article 6 Paragraph 1 Letter a) GDPR. You can revoke your consent at any time.
You can also contact us via our fan page at Facebook Ireleand Ltd., 4 Grand Canal Swuare, Dublin 2, Ireland, within their social network Facebook. There we also present news regarding our products and keep further product-related information ready for you. This may result in the collection of statistical data by Facebook on our behalf, for example, by Facebook transmitting statistical data on likes, comments, etc. to us. At the same time, Facebook may also collect your personal data on its own responsibility and for its own purposes. If the data collection is carried out by Facebook for us, the bases listed in this privacy policy apply, in particular your rights outlined in this statement. The legal basis for the processing of your personal data by us is Article 6 Paragraph 1 Letter b) GDPR as well as Article 6 Paragraph 1 Letter f) GDPR. According to Article 6 Paragraph 1 Letter f) GDPR, we may process personal data if this is done in our legitimate interest and does not cause excessive disadvantages for you. Our interest in presenting our product range and communicating with you can be classified as a legitimate, overriding interest.
The collection of data by Facebook for its own purposes is carried out in accordance with the principles established by Facebook. However, if you wish to contact Facebook in this respect, you can also contact us, and we will then forward your request to Facebook.
You have the right:
– In accordance with Paragraph 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
– in accordance with Article 16 GDPR, to demand the immediate correction of incorrect or completion of your personal data stored by us;
– pursuant to Article 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
– pursuant to Article 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing pursuant to Article 21 GDPR;
– pursuant to Article 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
– in accordance with Article 7 Paragraph 3 GDPR, to revoke your consent once given to us at any time. This has the consequence that we may no longer continue the data processing, which was based on this consent, for the future; and
– complain to a supervisory authority in accordance with Article 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
If your personal data is processed on the basis of legitimate interests pursuant to Article 6 Paragraph 1 Sentence 1 Letter f) GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.
In any of the aforementioned cases, as well as for further questions about the use of your personal data, please contact:
Florian Holl
VERSO GmbH
Agnes-Pockels-Bogen 1
80992 Munich
In addition, you have the right to lodge a complaint with the competent data protection authority at any time.
The provisions of this privacy policy also apply to mobile access and use of mobile devices.
If the data processing described in this Privacy Policy involves the transfer of data to third countries outside the European Union, your data will generally only be transferred if there is a so-called adequacy decision by the European Commission (Article 46 GDPR). In this case, the EU Commission confirms that a level of data protection comparable to that of the EU exists in the third country. We also make use of so-called standard contractual clauses of the EU Commission and internal data protection agreements to protect your data when it is transferred to third countries.
If these options are not sufficient to protect your data when it is transferred to a third country, we will only transfer your data to a third country if you have consented to this in accordance with Article 49 of the GDPR after being informed in advance about the associated risks. In the case of data transfers to the USA, we accordingly draw your attention in particular to the existing risk that a level of data protection comparable to that in the EU may be more difficult, in particular because authorities in the USA (above all intelligence services and security authorities) can access your data. You may not be able to assert your data protection rights with the same efficiency as within the EU.
Article 49 GDPR also allows data to be transferred to a third country if this transfer is necessary for the performance of the contract. Should we resort to a transfer to a third country for this reason, we would like to point out that the risks mentioned above (e.g., in the USA) also exist in this case.
 |  |  |  |  |