Scope of application
Processing of personal data and purposes of processing
We host the content of our website with the following provider:
This website is hosted externally. The personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact details, names, website accesses and other data generated by a website.
External hosting is carried out for the purpose of contract fulfilment vis-à-vis our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO).
If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and §25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.
Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.
We use the following hoster:
hostNET Medien GmbH
For the technical support of the website and hosting we have engaged the following service provider:
ALEKS & SHANTU GmbH
Seelower Str. 4
We have concluded an order processing agreement (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that this service only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.
Visiting our website
You can visit the website www.servicefactum.de without having to disclose any information about your identity. The browser used on your end device only automatically sends information to the server of our website (e.g. browser type and version, date and time of access) to enable the website to establish a connection. This also includes the IP address of your requesting end device. This is temporarily stored in a so-called log file and automatically deleted after 9 weeks at the latest.
The IP address is processed for technical and administrative purposes of connection establishment and stability, in order to ensure the security and functionality of our website and to be able to pursue any illegal attacks on it if necessary.
The legal basis for the processing of the IP address is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the aforementioned security interest and the necessity of a trouble-free provision of our website. We cannot draw any direct conclusions about your identity from the processing of the IP address and other information in the log file.
When comments or other contributions are written and published on our website, we store the IP address, the user name and the date of creation. This data is collected for security reasons, as the service provider may be prosecuted for illegal content (prohibited propaganda, insults, etc.), even if it was created by third parties. In such a case, the data will be used to establish the identity of the author.
If you register for our Touchpoint, we will use the data you provide solely for the purpose of sending you our “Touchpoint” newsletter to the email address you have provided, contacting you to inform you of circumstances relevant to this service or registration, or emailing you marketing-relevant content relating to ServiceFactum. Except for our SendinBlue service (see below for details), the data will not be shared with third parties.
A valid email address is required to receive the touchpoint. The IP address from which you register for the Touchpoint and the date of registration are also stored. This data serves us as proof in case of misuse, if a foreign e-mail address is registered for the Touchpoint. In order to ensure that an e-mail address is not improperly entered into our distribution list by third parties, we use the so-called “double opt-in procedure” in accordance with applicable law. As part of this procedure, the potential recipient can be added to a distribution list. The user then receives a confirmation e-mail to legally confirm the registration. Only if this confirmation is given is the address actively included in the distribution list. The ordering of the newsletter, the sending of the confirmation e-mail and the receipt of the registration confirmation are logged.
You have the option at any time to revoke your consent to the storage of the data, your e-mail address and their use for the delivery of the Touchpoint. You will find a link for revocation in every issue of Touchpoint as well as on the website. In addition, the contact options mentioned above in this document are also open to you for unsubscribing.
We use the data provided to us exclusively for the delivery of the requested information and offers. We use the service of Sendinblue GmbH, Köpernicker Str. 126, 10179 Berlin (hereinafter: Sendinblue) as a specialised service provider for sending the newsletter. We have concluded an order processing contract with Sendinblue for the processing of personal data. Through this contract, Sendinblue assures that they process the data in accordance with the GDPR and ensure the protection of the rights of the data subject. The servers are located in Germany and Europe respectively. There is no data transfer to countries outside the EEA.
Server log files
The server log files are anonymous data that are collected when you access our website. This data does not allow any personal conclusions to be drawn about you, but for technical reasons it is indispensable for the provision and presentation of our content. They also provide us with statistical data and contribute to the continuous optimisation of our content. Typical log files include the date and time of access, the amount of data, which browser is used for access and in which version, the operating system used, the domain name of your provider, the page from which you came to our site (referrer URL) and your IP address. Log files also enable a precise check to be made in the event that there is a suspicion of illegal use of our website.
Disclosure of personal data to third parties
Disclosure of data to third parties
Except in the aforementioned cases of processing on behalf of third parties, we will only pass on your personal data to third parties if:
- you have given your express consent to this in accordance with Art. 6 Para. 1 Sentence 1 lit. a DSGVO;
- this is necessary for the fulfilment of a contract with you in accordance with Art. 6 Para. 1 S. 1 lit. b DSGVO,
- in the event that there is a legal obligation for the disclosure pursuant to Art. 6 Para. 1 Sentence 1 lit. c DSGVO.
The data passed on may only be used by the third party for the purposes stated.
Third country transfer
A transfer of personal data to a third country or an international organisation only takes place if we inform you about it and the prerequisites of Art. 44 ff. DSGVO are given.
A third country is a country outside the European Economic Area (EEA) in which the GDPR is not directly applicable. A third country is considered unsafe if the EU Commission has not issued an adequacy decision for this country pursuant to Article 45 (1) of the GDPR confirming that adequate protection for personal data exists in the country.
The USA is a so-called unsafe third country. This means that the USA does not offer a level of data protection comparable to that in the EU. The following risks exist when personal data is transferred to the USA. There is a risk that US authorities may gain access to the personal data on the basis of the surveillance programmes PRISM and UPSTREAM based on Section 702 of FISA (Foreign Intelligence Surveillance Act), as well as on the basis of Executive Order 12333 or Presidential Police Directive 28. EU citizens do not have effective legal protection against these accesses in the US or the EU.
In this data protection information, we inform you when and how we transfer personal data to the USA or other unsecure third countries. We only transfer your personal data if
- sufficient guarantees are provided by the recipient in accordance with Art. 46 DSGVO for the protection of the personal data,
- you have expressly consented to the transfer, after which we have informed you of the risks, in accordance with Art. 49 Para. 1 lit. a) DSGVO,
- the transfer is necessary for the fulfilment of contractual obligations between you and us
- or another exception from Art. 49 DSGVO applies.
Guarantees according to Art. 46 of the GDPR can be so-called standard contractual clauses. In these standard contractual clauses, the recipient assures to sufficiently protect the data and thus to guarantee a level of protection comparable to the GDPR.
PageSense: When you visit our website, anonymised usage data is collected by means of the ZOHO service PageSense (https://zoho.eu/pagesense). PageSense only records visits and clicks on our website completely anonymously. There is no traceability to individual visitors. PageSense only enables us to check the general use of our website in the form of a heat map and, as a result, to show you important content at the right place on the individual web pages. No usage data or personal data is collected or stored.
Cookies are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware. Information is stored in the cookie that is related to the specific end device used. However, this does not mean that we gain direct knowledge of your identity.
Furthermore, a cookie is stored in your browser in order to be able to allocate the consent granted to you or its revocation. The data collected in this way is stored until you request us to delete the data, delete the cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.
You can set or revoke your consent for individual processing by cookies at any time in the Cookie Consent Tool. You can access the tool here: LINK to the Consent tool
Cookies are also used to make our website technically available.
Use of Google Analytics (GA4)
We use Google Analytics on our website, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: “Google”). In this context, pseudonymous usage profiles are created and cookies are used.
The information generated by the cookie about the use of our website (e.g. IP address of the accessing computer, time of access, referrer URL and information about the browser and operating system used) is transmitted to Google servers in the USA and processed there.
The use of Google Analytics is based on your consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO. Google processes the information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity and internet usage for the purposes of market research and tailoring these internet pages to your needs.
We have concluded an order processing contract with Google for the use of Google Analytics. Through this contract, Google assures that they process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject.
We only use Google Analytics with IP anonymisation activated. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address is not merged with other Google data.
We do not use the Universal Analytics with User ID offered by Google.
If necessary, the collected data will be transferred to third parties if this is required by law or if third parties process the data on our behalf.
The user data collected via cookies is automatically deleted after 365 days.
The information generated by the cookies set by Google Analytics about the use of our website is transferred to Google servers in the USA and processed there. The transmitted data are only pseudonyms, a conclusion to your name is not possible. We have concluded a contract with Google that includes the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (for data transfer to the USA, see the passage “Drittstaatenübermittlung”).
In addition, we will only transfer your data if you expressly consent to the processing by Google. In this case, you also consent to the transfer of your data to the USA in accordance with Art. 49 (1) a DSGVO, knowing the risks described in section 4.2.
You can revoke your consent for the future at any time via our Consent Management Tool. You can access the tool here: LINK to the Consent tool.
On our website we use a plugin of the internet service Google Maps. Google Maps is operated by Google Inc, 1600 Amphitheater Parkway, Mountain View, CA 94043 in the USA. By using Google Maps on our website, data about the use of this website and your IP address are transmitted to a Google server in the USA and also stored there. We have no knowledge of exactly what data is transferred and how it is used by Google. In this context, Google denies that this data is linked with information from other Google services and that personal data is collected. However, Google may pass this data on to third parties.
We have concluded a contract with Google incorporating the EU standard contractual clauses. This ensures that a level of protection comparable to that in the EU exists (for data transfer to the USA, see the passage “Drittstaatenübermittlung”).
In addition, we will only transfer your data if you expressly consent to the processing by Google. In this case, you also consent to the transfer of your data to the USA in accordance with Art. 49 (1) a DSGVO, knowing the risks described in the passage “Drittstaatenübermittlung”.
You can revoke your consent for the future at any time via our Consent Management Tool. You can access the tool via the link at the end of the website.
Our website uses facebook pixel, the code of which has been inserted on our website. This java script code loads some functionality that allows Facebook to track your user actions. When you visit our website, the Facebook pixel is triggered and stores your activity in one or more cookies. This allows Facebook – if you are logged in to your user account – to match the data with the account. For us as the website operator, this data is anonymous, cannot be viewed and is only used for marketing and advertising purposes. In this case, the visit to our website is automatically assigned to your Facebook account.
Facebook processes your data in the USA. More details on processing in the USA can be found above under 4.2 Third country processing.
As third country processing is subject to consent according to the rules of the GDPR, you can give or revoke your consent to this in the cookie consent banner. LINK to the Consent Banner.
Facebook Conversion API
We use the tracking tool Facebook Conversion API of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a subsidiary of Facebook Inc. 1601, Willow Road Menlo Park, CA 94025, USA.
The Conversions API establishes a direct connection between your marketing-relevant data and Meta’s systems in order to optimise the performance of the ads. In connection with the Conversions API, we use the following data:
- Email address
- Telephone number
- First and last name
- State and country
- User IDs
- IP address
- Client User Agent (the browser you use and your operating system)
- Click IDs
- Browser ID
- Product IDs
- Advertising ID
- Facebook Login ID
We transmit this data to Facebook. In the process, the data is also transmitted to Facebook in the USA.
There is no EU Commission adequacy decision for data transfers to the USA. Facebook ensures an adequate level of data protection via the EU standard contractual clauses. You can access a copy of the contractual clauses here: https://www.facebook.com/legal/EU_data_transfer_addendum
The legal basis for data processing is your consent in accordance with Art. 6 (1) a) DSGVO.
You can revoke your consent for data processing by Facebook Conversion API for our web domain at any time with future effect by adjusting your consent or revocation in our Consent Tool. LINK to the Consent Banner
We embed videos from YouTube. YouTube videos are integrated via the data protection-friendly mode, provided you have consented to this in the Consent Banner. This means that data such as your IP address is only transmitted when you click on a video. Your data will be transmitted to the USA. The USA is an insecure third country, which means that no level of data protection comparable to that in the EU is guaranteed. There is no adequacy decision of the EU Commission for the USA. In the USA, there is a risk that government agencies will gain access to the data. Only pseudonyms are transmitted. It is not possible to draw conclusions about your person. You can find more details on processing in the USA above under 4.2 Third country processing.
We use the tool “Bookings” to arrange appointments between clients and employees. (hereinafter: “online booking”).
The data controller for data processing directly related to the implementation of online bookings is ServiceFactum GmbH, Mühlfelder Straße 14,82211 Herrsching.
We use Microsoft Bookings under an Office365 licence agreement with Microsoft, to make appointments with us via our website.
Office365 and Microsoft Bookings are a service of Microsoft Ireland Operations, Ltd. As part of the licensing agreement, we have concluded a commissioning contract with Microsoft based on the EU standard terms and conditions (SCC). This guarantees a minimum level of data protection.
Microsoft reserves the right to process customer data for its own business purposes. This represents a data protection risk for users of Microsoft Bookings.
Please note that we have no influence on Microsoft’s data processing. To the extent that Microsoft Bookings processes personal data in connection with Microsoft’s legitimate business operations, Microsoft is an independent data controller for such use and, as such, is responsible for compliance with all applicable laws and obligations of a data controller.
In the course of using Bookings, we collect the following personal data:
- Display name
- E-mail address
- Position in the company
- Date and time
You may at any time and free of charge request information about which personal data we have stored about you, as well as its origin, the recipient and the purpose of the data collection and data processing.
You also have the right to request that your data be corrected, blocked or deleted. This does not apply to data that is retained due to legal requirements or is necessary for the proper processing of business. The data is stored in a blocking file for control purposes so that the data can be blocked at any time. If we do not collect the data due to statutory retention obligations, we will delete your data at your request or as soon as it is no longer required for the purposes for which it was collected. If they are subject to statutory retention obligations, your data will be blocked.
You also have the right to lodge a complaint with a data protection supervisory authority.
Subject to change
In order to ensure that our data protection declaration always complies with the applicable legal requirements, we reserve the right to make changes at any time. This also applies in the event that the data protection declaration has to be adapted due to new or changed services. The new data protection statement will then apply from your next visit to our website.