Privacy Policy

I. Introduction

We provide information about collecting personal data when using us in the following.

  • our website https://www.smicolon.com (II.);
  • our presence on social media (III.).

"personal data" means any information relating to an identified or identifiable natural person

1. Contact details

The controller within the meaning of Art. 4 (7) General Data Protection Regulation (GDPR) is smicolon Karl-Kessler-Str 1 Munich. Mohammed Hussein and Anders T. Nordlund legally represent us.

You can reach our data protection team via the above address and datenschutz@smicolon.com.

2. Scope of data processing, objectives, and legal bases

We detail the scope of data processing, objectives, and legal bases below. In principle, the following come into consideration as the legal basis for data processing:

  • Art. 6 (1) lit. a GDPR is our legal basis for processing operations for which we obtain consent;
  • Art. 6 (1) lit. b GDPR is the legal basis insofar as the processing of personal data is necessary for the performance of a contract...
  • Art. 6 (1) lit. c GDPR applies if we fulfill a legal obligation by processing personal data...
  • Art. 6 (1) lit. f GDPR serves as the legal basis when we can rely on legitimate interests...

3. Data processing outside the European Economic Area ("EEA")

Insofar as we transfer data to service providers or other third parties outside the EEA, adequacy decisions by the EU Commission ensure the security of the data during the transfer, insofar as they exist (e.g., for Great Britain, Canada, and Israel) (Art. 45 (3) GDPR).

If no adequacy decision exists (e.g., for the USA), the legal basis for the data transfer is usually, i.e., unless we indicate otherwise, standard contractual clauses...

4. Storage Duration

Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose...

5. Rights of data subjects

Data subjects have the following rights against us about their data:

  • Right of access
  • Right to correction or deletion
  • Right to limit processing
  • Right to object to the processing
  • Right to data transferability
  • Right to revoke a given consent at any time
  • the right to complain to a data protection supervisory authority about the processing of their personal data.

6. No automatic decision making in individual cases

As a matter of principle, we do not use a fully automated decision-making process by Art. 22 GDPR...

7. Contacting us

When contacting us, e.g., by e-mail or telephone, the data (e.g., names and e-mail addresses) will be stored to answer questions...

II. Data processing on our website

1. Informative use of the website

During the informative use of our website... we collect the personal data that the browser sends to our server...

These data are:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

This data is also stored in log files. They are deleted when their storage is no longer necessary.

2. Hosting of the Website

Our website is hosted by [AWS] based on a data processing agreement (Art. 28 GDPR). The provider processes personal data transmitted via the website...

We use a content delivery network to also provide our website. The provider is Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA.

3. Contact form

When contacting us via the contact form on our website, we store the data requested there for the purpose of the message.

The legal basis for the processing is our legitimate interest... We delete the data after storage is no longer necessary or restrict processing if retention applies.

4. Booking of appointments

Site visitors can book appointments with us on our website... legal basis Art. 6 (1) lit. f GDPR.

5. Technically necessary cookies

Our website sets cookies... legal basis Art. 6 (1) lit. f GDPR.

6. Third parties

a. LinkedIn Insight Tag

We use LinkedIn Insight Tag for conversion tracking...

The legal basis for the processing is Art. 6 (1) lit. a GDPR. The processing is based on consent. Data subjects may revoke their consent by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The data will be deleted when the purpose for which it was collected no longer applies, and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://www.linkedin.com/legal/privacy-policy?

b. Google Webfonts

We use Google Webfonts... legal basis Art. 6 (1) lit. f GDPR.

The legal basis for the processing is Art. 6 (1) lit. f GDPR. We have a legitimate interest in using simple and inexpensive fonts on our website.

Further information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=en-US.

c. Calendly

We use Calendly to schedule appointments...

The legal basis for the processing is Art. 6 (1) lit. a GDPR. The processing is based on consent. Data subjects may revoke their consent by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The legal basis for transferring a country outside the EEA are standard contractual clauses. The security of the data transmitted to the third country (i.e., a country outside the EEA) is guaranteed by standard data protection clauses (Art. 46 (2) lit. c GDPR) adopted by the EU Commission by the examination procedure under Art. 93 (2) of the GDPR, which we have agreed to with the provider.

We deleted the data when the purpose for it was collected no longer applies. Further information is available in the provider's privacy policy at https://calendly.com/pages/privacy.

d. Google Tag Manager

We use Google Tag Manager for marketing and advertisement...

The legal basis for the processing is Art. 6 (1) lit. a GDPR. The processing is based on consent. Data subjects may revoke their consent by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The legal basis for transferring a country outside the EEA are standard contractual clauses. The security of the data transmitted to the third country (i.e., a country outside the EEA) is guaranteed by standard data protection clauses (Art. 46 (2) lit. c GDPR) adopted by the EU Commission by the examination procedure under Art. 93 (2) of the GDPR, which we have agreed to with the provider.

Further information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=en-US.

e. Twitter Conversion Tag

We use Twitter Conversion Tag for conversion tracking...

The legal basis for the processing is Art. 6 (1) lit. a GDPR. The processing is based on consent. Data subjects may revoke their consent by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The legal basis for transferring a country outside the EEA are standard contractual clauses. The security of the data transmitted to the third country (i.e., a country outside the EEA) is guaranteed by standard data protection clauses (Art. 46 (2) lit. c GDPR) adopted by the EU Commission by the examination procedure under Art. 93 (2) of the GDPR, which we have agreed to with the provider.

The data will be deleted when the purpose for which it was collected no longer applies, and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://twitter.com/en/privacy.

f. Google Conversion Tag

We use Google Conversion Tag for conversion tracking...

The legal basis for the processing is Art. 6 (1) lit. a GDPR. The processing is based on consent. Data subjects may revoke their consent by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The legal basis for transferring a country outside the EEA are standard contractual clauses. The security of the data transmitted to the third country (i.e., a country outside the EEA) is guaranteed by standard data protection clauses (Art. 46 (2) lit. c GDPR) adopted by the EU Commission by the examination procedure under Art. 93 (2) of the GDPR, which we have agreed to with the provider.

The data will be deleted when the purpose for which it was collected no longer applies, and there is no obligation to retain it. Further information is available in the provider's privacy policy athttps://policies.google.com/privacy?hl=en-US.

g. Google Analytics

We use Google Analytics for analytics...

The legal basis for the processing is Art. 6 (1) lit. a GDPR. The processing is based on consent. Data subjects may revoke their consent by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The legal basis for transferring a country outside the EEA are standard contractual clauses. The security of the data transmitted to the third country (i.e., a country outside the EEA) is guaranteed by standard data protection clauses (Art. 46 (2) lit. c GDPR) adopted by the EU Commission by the examination procedure under Art. 93 (2) of the GDPR, which we have agreed to with the provider.

The data will be deleted when the purpose for which it was collected no longer applies, and there is no obligation to retain it. Further information is available in the provider's privacy policy athttps://policies.google.com/privacy?hl=en-US.

h. Hubspot Tag

We use Hubspot for analytics...

The legal basis for the processing is Art. 6 (1) lit. a GDPR. The processing is based on consent. Data subjects may revoke their consent by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The legal basis for transferring a country outside the EEA are standard contractual clauses. The security of the data transmitted to the third country (i.e., a country outside the EEA) is guaranteed by standard data protection clauses (Art. 46 (2) lit. c GDPR) adopted by the EU Commission by the examination procedure under Art. 93 (2) of the GDPR, which we have agreed to with the provider.

The data will be deleted when the purpose for which it was collected no longer applies, and there is no obligation to retain it. Further information is available in the provider's privacy policy at:https://legal.hubspot.com/privacy-policy.

III. Data processing on social media platforms

We are represented in social media networks...

If users contact us via our profiles... Art. 6 (1) lit. f GDPR.

1. Facebook

We maintain a profile on Facebook. The operator is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here:https://www.facebook.com/policy.php.

A possibility to object to data processing arises via settings for advertisements:https://www.facebook.com/settings?tab=ads.
We are joint controllers for processing the data of visitors to our profile based on an agreement within the meaning of Art. 26 GDPR with Facebook. Facebook explains precisely what data is processed at:https://www.facebook.com/legal/terms/information_about_page_insights_data.

Data subjects can exercise their rights both against Facebook and against us. However, according to our agreement with Facebook, we are obliged to forward requests to Facebook. Data subjects will therefore receive a faster response if they contact Facebook directly.

2. Twitter

We maintain a profile on Twitter. The operator is Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The privacy policy is available here:https://twitter.com/de/privacy.

One way to object to data processing is via the settings for advertisements:https://twitter.com/personalization.

3. LinkedIn

We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy is available here:https://www.linkedin.com/legal/privacy-policy?_l=de_DE.

One way to object to data processing is via the settings for advertisements:https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

4. Xing

We maintain a profile on Xing. The operator is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany The privacy policy is available here:https://privacy.xing.com/en/privacy-policy.

One way to object to data processing is via the settings for advertisements:https://privacy.xing.com/en/privacy-policy/terms-used-in-our-privacy-policy

IV. Updates to this Privacy Policy

This Privacy Policy was updated in November 2022. We reserve the right to update it with effect for the future.