We provide information about collecting personal data when using us in the following.
"personal data" means any information relating to an identified or identifiable natural person
The controller within the meaning of Art. 4 (7) General Data Protection Regulation (GDPR) is smicolon Karl-Kessler-Str 1 Munich. Mohammed Hussein and Anders T. Nordlund legally represent us.
You can reach our data protection team via the above address and datenschutz@smicolon.com.
We detail the scope of data processing, objectives, and legal bases below. In principle, the following come into consideration as the legal basis for data processing:
Insofar as we transfer data to service providers or other third parties outside the EEA, adequacy decisions by the EU Commission ensure the security of the data during the transfer, insofar as they exist (e.g., for Great Britain, Canada, and Israel) (Art. 45 (3) GDPR).
If no adequacy decision exists (e.g., for the USA), the legal basis for the data transfer is usually, i.e., unless we indicate otherwise, standard contractual clauses...
Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose...
Data subjects have the following rights against us about their data:
As a matter of principle, we do not use a fully automated decision-making process by Art. 22 GDPR...
When contacting us, e.g., by e-mail or telephone, the data (e.g., names and e-mail addresses) will be stored to answer questions...
During the informative use of our website... we collect the personal data that the browser sends to our server...
These data are:
This data is also stored in log files. They are deleted when their storage is no longer necessary.
2. Hosting of the Website
Our website is hosted by [AWS] based on a data processing agreement (Art. 28 GDPR). The provider processes personal data transmitted via the website...
We use a content delivery network to also provide our website. The provider is Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA.
3. Contact form
When contacting us via the contact form on our website, we store the data requested there for the purpose of the message.
The legal basis for the processing is our legitimate interest... We delete the data after storage is no longer necessary or restrict processing if retention applies.
4. Booking of appointments
Site visitors can book appointments with us on our website... legal basis Art. 6 (1) lit. f GDPR.
5. Technically necessary cookies
Our website sets cookies... legal basis Art. 6 (1) lit. f GDPR.
6. Third parties
a. LinkedIn Insight Tag
We use LinkedIn Insight Tag for conversion tracking...
The legal basis for the processing is Art. 6 (1) lit. a GDPR. The processing is based on consent. Data subjects may revoke their consent by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.
The data will be deleted when the purpose for which it was collected no longer applies, and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://www.linkedin.com/legal/privacy-policy?
b. Google Webfonts
We use Google Webfonts... legal basis Art. 6 (1) lit. f GDPR.
The legal basis for the processing is Art. 6 (1) lit. f GDPR. We have a legitimate interest in using simple and inexpensive fonts on our website.
Further information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=en-US.
c. Calendly
We use Calendly to schedule appointments...
The legal basis for the processing is Art. 6 (1) lit. a GDPR. The processing is based on consent. Data subjects may revoke their consent by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.
The legal basis for transferring a country outside the EEA are standard contractual clauses. The security of the data transmitted to the third country (i.e., a country outside the EEA) is guaranteed by standard data protection clauses (Art. 46 (2) lit. c GDPR) adopted by the EU Commission by the examination procedure under Art. 93 (2) of the GDPR, which we have agreed to with the provider.
We deleted the data when the purpose for it was collected no longer applies. Further information is available in the provider's privacy policy at https://calendly.com/pages/privacy.
d. Google Tag Manager
We use Google Tag Manager for marketing and advertisement...
The legal basis for the processing is Art. 6 (1) lit. a GDPR. The processing is based on consent. Data subjects may revoke their consent by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.
The legal basis for transferring a country outside the EEA are standard contractual clauses. The security of the data transmitted to the third country (i.e., a country outside the EEA) is guaranteed by standard data protection clauses (Art. 46 (2) lit. c GDPR) adopted by the EU Commission by the examination procedure under Art. 93 (2) of the GDPR, which we have agreed to with the provider.
Further information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=en-US.
e. Twitter Conversion Tag
We use Twitter Conversion Tag for conversion tracking...
The legal basis for the processing is Art. 6 (1) lit. a GDPR. The processing is based on consent. Data subjects may revoke their consent by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.
The legal basis for transferring a country outside the EEA are standard contractual clauses. The security of the data transmitted to the third country (i.e., a country outside the EEA) is guaranteed by standard data protection clauses (Art. 46 (2) lit. c GDPR) adopted by the EU Commission by the examination procedure under Art. 93 (2) of the GDPR, which we have agreed to with the provider.
The data will be deleted when the purpose for which it was collected no longer applies, and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://twitter.com/en/privacy.
f. Google Conversion Tag
We use Google Conversion Tag for conversion tracking...
The legal basis for the processing is Art. 6 (1) lit. a GDPR. The processing is based on consent. Data subjects may revoke their consent by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.
The legal basis for transferring a country outside the EEA are standard contractual clauses. The security of the data transmitted to the third country (i.e., a country outside the EEA) is guaranteed by standard data protection clauses (Art. 46 (2) lit. c GDPR) adopted by the EU Commission by the examination procedure under Art. 93 (2) of the GDPR, which we have agreed to with the provider.
The data will be deleted when the purpose for which it was collected no longer applies, and there is no obligation to retain it. Further information is available in the provider's privacy policy athttps://policies.google.com/privacy?hl=en-US.
g. Google Analytics
We use Google Analytics for analytics...
The legal basis for the processing is Art. 6 (1) lit. a GDPR. The processing is based on consent. Data subjects may revoke their consent by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.
The legal basis for transferring a country outside the EEA are standard contractual clauses. The security of the data transmitted to the third country (i.e., a country outside the EEA) is guaranteed by standard data protection clauses (Art. 46 (2) lit. c GDPR) adopted by the EU Commission by the examination procedure under Art. 93 (2) of the GDPR, which we have agreed to with the provider.
The data will be deleted when the purpose for which it was collected no longer applies, and there is no obligation to retain it. Further information is available in the provider's privacy policy athttps://policies.google.com/privacy?hl=en-US.
We use Hubspot for analytics...
The legal basis for the processing is Art. 6 (1) lit. a GDPR. The processing is based on consent. Data subjects may revoke their consent by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.
The legal basis for transferring a country outside the EEA are standard contractual clauses. The security of the data transmitted to the third country (i.e., a country outside the EEA) is guaranteed by standard data protection clauses (Art. 46 (2) lit. c GDPR) adopted by the EU Commission by the examination procedure under Art. 93 (2) of the GDPR, which we have agreed to with the provider.
The data will be deleted when the purpose for which it was collected no longer applies, and there is no obligation to retain it. Further information is available in the provider's privacy policy at:https://legal.hubspot.com/privacy-policy.
We are represented in social media networks...
If users contact us via our profiles... Art. 6 (1) lit. f GDPR.
1. Facebook
We maintain a profile on Facebook. The operator is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here:https://www.facebook.com/policy.php.
A possibility to object to data processing arises via settings for advertisements:https://www.facebook.com/settings?tab=ads.
We are joint controllers for processing the data of visitors to our profile based on an agreement within the meaning of Art. 26 GDPR with Facebook. Facebook explains precisely what data is processed at:https://www.facebook.com/legal/terms/information_about_page_insights_data.
Data subjects can exercise their rights both against Facebook and against us. However, according to our agreement with Facebook, we are obliged to forward requests to Facebook. Data subjects will therefore receive a faster response if they contact Facebook directly.
2. Twitter
We maintain a profile on Twitter. The operator is Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The privacy policy is available here:https://twitter.com/de/privacy.
One way to object to data processing is via the settings for advertisements:https://twitter.com/personalization.
3. LinkedIn
We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy is available here:https://www.linkedin.com/legal/privacy-policy?_l=de_DE.
One way to object to data processing is via the settings for advertisements:https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
We maintain a profile on Xing. The operator is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany The privacy policy is available here:https://privacy.xing.com/en/privacy-policy.
One way to object to data processing is via the settings for advertisements:https://privacy.xing.com/en/privacy-policy/terms-used-in-our-privacy-policy
This Privacy Policy was updated in November 2022. We reserve the right to update it with effect for the future.