Data protection
Introduction
We are delighted about the visit of our website. The FORCAM GmbH (hereinafter “FORCAM’“, or “us“) attaches great importance to the security of users’ data and compliance with data protection provisions. Hereinafter, we would like to inform about how personal data is processed on our website.
Controller and data protection officer
Controller:
FORCAM GmbH
Zuppinger Str. 5
88213 Ravensburg/GERMANY
Tel.: +49 (0) 75 1 / 3 66 69 0
E-Mail: info@forcam.com
External data protection officer
DDSK GmbH
– Annalena Arndt –
Dr.-Klein-Str. 29
88069 Tettnang/GERMANY
E-Mail: datenschutz@forcam.de
Terms
The specialist terms used in this Privacy Policy are to be understood as legally defined in article 4 GDPR.
Information on data processing
Automated data processing (log files etc.)
Our website can be visited without actively providing personal information about the user. However, every time our website is accessed, we automatically store access data (server log files), such as the name of the internet service provider, the operating system used, the website the user visited us from, the date and duration of the visit and the name of the file accessed, as well the IP address of the device used (for security reasons, such as to recognise attacks on our website) for a duration of 7 days. This data is solely evaluated for the purpose of improving our offering and does not enable conclusions to be drawn about the person of the user. This data is not merged with other data sources.
We process and use the data for the following purposes: to provide the website, to improve our websites and to prevent and identify errors/malfunctions and the abuse of the website.
Consent Management Tool
We use a consent management procedure on our online offering in order to be able to prove, store and manage the consent granted by our website visitors in accordance with the requirements of the GDPR. Visitors to our online offering can also manage the consent and preferences granted or withdraw consent via the service we have integrated.
The consent status is stored on the server and/or in a cookie (so-called opt-in cookie) or a comparable technology in order to be able to assign the consent to a user or their device. In addition, the time of the declaration of consent is recorded.
Fulfilment of accountability obligations, Consent management
Privacy Settings/Withdraw the consent
Borlabs Cookie
Recipient of data:
BORLABS – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany
Use of cookies (general, functionality, opt-out links etc.)
We use ‘cookies’ on our website to make visiting our website more attractive and to enable certain functions to be used. The use of cookies serves our legitimate interest in making a visit to our website as pleasant as possible and is based on article 6 (1) (f) GDPR. Cookies are standard internet technology used to store and retrieve login details and other usage information for all the users of a website. Cookies are small text files that are deposited on your end device. They enable us to store user settings, inter alia, to ensure that our website can be shown in a format tailored to your device. Some of the cookies we use are deleted after the end of a browser session, i.e. when closing the browser (known as ‘session cookies’). Other cookies remain on the user’s end device and enable us or our partner companies to recognise the browser on the next visit (known as ‘persistent cookies’).
The browser can be set so that the user is informed when cookies are to be stored and can decide whether to accept them in each individual situation, to accept them under certain circumstances, or to exclude them in general. In addition, cookies can be retrospectively deleted to remove data that the website stored on your computer. Deactivating cookies (known as ‘opting out’) can limit our website’s functionality in some respects.
Categories of data subjects:
Website visitors, users of online services
Opt-Out:
Internet Explorer: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
Firefox: https://support.mozilla.org/en-US/kb/how-do-i-turn-do-not-track-feature
Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
Safari: https://support.apple.com/en-us/HT201265
Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR)
The pertinent legal basis is specifically stated for each tool in question.
Storing of opt-in preferences, presentation of the website, assurance of the website’s functionality, provision of user status across the entire website, recognition for the next website visitors, user-friendly online offering, assurance of the chat function
Hosting (incl. Content Delivery Network)
Our online offer is hosted by an external service provider. Personal data of the website visitors to our online offer, so-called log files, are stored on the servers of our service provider. This may also be data that is collected during the active use of our website. By using a specialised service provider, we can provide our website securely and efficiently. The hosting provider we use does not process the data for its own purposes.
We also use a so-called Content Delivery Network (CDN) in order to be able to provide the content of our website more quickly. When website visitors access e. g. graphics, scripts, or other content on our website, these are provided quickly and optimally with the help of regionally and internationally distributed servers. When the files are retrieved, a connection is established to the servers of a CDN provider, whereby personal data of the website visitors are processed, e. g. the IP address, browser data or the so-called user agent.
Website visitors
Usage data (e. g. websites visited, interest in content, access times), metadata and communication data (e. g. device information, IP addresses)
Optimisation and proper presentation of the website
Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR)
Optimisation and proper presentation of the website, fast website accessibility, avoidance of downtimes, high scalability
CloudFlare
Recipient of data:
Cloudflare GmbH, Rosental 7, 80331 Munich, Germany
Opt-Out-Link:
https://www.cloudflare.com/cookie-policy/
Blog and forum
We provide a blog and similar publication options on our website. This way, we want to give visitors the opportunity to contact us or to share their thoughts and suggestions.
If users publish comments and contributions on our website, we are obliged to prevent the creation and the publication of illegal content on our site. To fulfil this obligation and to protect our interests in holding ourselves harmless in case we are held liable for such a third-party contribution, we collect the IP address of the respective user. This also helps us to recognize spam.
Beyond that, the provided functions require no other information from the user that would allow conclusions about the actual person behind the user credentials. Users can also publish their contributions using a pseudonym. This way, users can decide which of their data and content we process.
- Data categories: Master data (e.g., name, address), contact data (e.g., e-mail address, telephone number), content data (e.g., text input, photographs, videos), usage data (e.g., interests, access times), meta data and communication data (e.g., device information, IP address), contract data (e.g., subject matter of the contract)
- Purposes of processing: Networking of users, building customer loyalty, services and feedback
- Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR), legitimate interest (Art. 6 para. 1 lit. f) GDPR)
- Legitimate interests: Indemnification in the event of liability, prevention, ensure security of the online content, multiply communication channels, optimize the website
Surfer sp. z o.o.
Recipient: Surfer Sp. z o.o., Plac Solny 14/3, 50-062 Wrocław, Poland
Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)
Third country transfer: Does not take place.
Privacy policy: https://surferseo.com/privacy-policy/
NitroPack
Recipient of data:
NitroPack Ltd., located at 3 Prof. Georgi Bradistilov, entr. A, 3rd floor, Sofia, Bulgaria.
https://nitropack.io/page/privacy
Online marketing
We process personal data within the framework of online marketing, particularly regarding potential interests and to measure the effectiveness of our marketing measures, with the aim of continually boosting our reach and the prominence of our online offering. We store the relevant information in cookies or use similar procedures for the purpose of measuring the effectiveness of our marketing measures and identifying potential interests. The data stored in the cookies could include the content viewed, webpages visited, settings, and the functions and systems used. However, plain data from users is not normally processed for the above purposes. If so, the data is changed so that the actual identity of the user is not known to us, nor the provider of the tool used. The changed data is often stored in user profiles. In the event that user profiles are stored, the data can be used, read, supplemented, and expanded on the server of the online marketing procedure when other online offerings are visited that use the same online marketing procedure. We can calculate the success of our adverts using summarised data that is made available to us by the provider of the online marketing procedure (known as ‘conversion measurement’). As part of these conversion measurements, we can trace whether a marketing measure caused a visitor to our online offering to decide to make a purchase. This evaluation serves to analyse the success of our online marketing.
Google Tag Manager
Recipient of data:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Google Analytics
Recipient of data:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Google: Activated Universal Analytics
Empfänger:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Google Signals
Recipient of data:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Google Optimize
Recipient of data:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Google AdWords and conversion measurement
Recipient of data:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Google Doubleclick
Recipient of data:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Google Adsense with personalized ad
Recipient of data:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
LinkendIn
Recipient of data:
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Privacy:
https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy
Legal base:
Consent (article 6 (1) (a) GDPR)
Microsoft Advertising
Recipient of data:
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Opt-Out-Link:
https://account.microsoft.com/privacy/ad-settings/signedout?ru=https:%2F%2Faccount.microsoft.com%2Fprivacy%2Fad-settings
We maintain online presences on social networks and career platforms so we can exchange information with users registered there and easily contact them. Sometimes, data belonging to social network users is used for market research and, by extension, for advertising purposes. Users’ usage behaviour, such as their stated interests, can lead to user profiles being created and used in order to adapt adverts to suit the interests of the target group. To this end, cookies are normally stored on users’ end devices, which sometimes occurs regardless of whether you are a registered user of the social network. In conjunction with the use of social media, we also make use of the associated messenger services to communicate easily with users. We would like to point out that the security of some services can depend on the user’s account settings. Even in cases of end-to-end encryption, the service provider can draw conclusions about the fact that the user is communicating with us, when they do so, and, on occasion, capture location data. Depending on where the social network is operated, the user data can be processed outside the European Union or outside the European Economic Area. This can lead to risks for users because it is more difficult for them to assert their rights, for example.
Registered users and non-registered users of the social network
Master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text inputs, photographs, videos), usage data (e.g. websites visited, interest in content, access times), metadata and communication data (e.g. device information, IP addresses)
Increase in the reach, networking of users
Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR)
Interaction and communication on social media pages, increase in profits, findings regarding target groups
LinkedIn
Recipient of data:
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Kununu
Recipient of data:
NEW WORK AUSTRIA XING kununu onlyfly GmbH, Schottenring 2-6, 1010 Wien, Austria
Twitter
Recipient of data:
Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland
Privacy:
https://twitter.com/en/privacy
YouTube
Recipient of data:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy:
https://policies.google.com/privacy?hl=en&gl=en
Xing
Recipient of data:
New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
Privacy:
https://privacy.xing.com/en/privacy-policy
Plug-ins and integrated third-party content
We have integrated functions and content obtained from third-party providers into our online offering. For example, videos, depictions, buttons or contributions (hereinafter termed ‘content’) can be integrated. To enable visitors to our online offering to be shown content, the third-party provider in question processes the user’s IP address, inter alia, to transmit the content to the browser and display it. It is not possible to integrate third-party content without this processing taking place.
Sometimes, additional information is collected via ‘pixel tags’ or web beacons through which the third-party provider receives information about the use of the content or visitor traffic to our online offering, technical information about the user’s browser or operating system, the visit time or referring websites. The data collected in this manner is stored in cookies on the user’s end device. We have taken security precautions to prevent this data from being automatically transferred, with the aim of protecting the personal data of visitors to our online offering. This data is only transferred if the visitor uses the buttons or click on the third-party content.
Users of plug-ins or third-party content
Design of our online offering, increase in the reach of adverts on social media, sharing of contributions and content, interest-based and behavioural marketing, cross-device tracking
Legal bases:
Consent (article 6 (1) (a) GDPR)
Font Awesome
Recipient of data:
Fonticons Inc., 307 S Main St, Bentonville, Arkansas, 72712, USA
https://fontawesome.com/privacy
Consent (article 6 (1) (a) GDPR)
LinkedIn
Recipient of data:
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Google Recaptcha
Recipient of data:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy:
https://policies.google.com/privacy?hl=en-US
Legal base:
Consent (article 6 (1) (a) GDPR)
YouTube
Recipient of data:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy:
https://policies.google.com/privacy?hl=en&gl=en
Legal base:
Consent (article 6 (1) (a) GDPR)
Xing
Recipient of data:
New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
Legal base:
Consent (article 6 (1) (a) GDPR))
Online conferences, meetings and webinars
We make use of the opportunity to hold online conferences, meetings and webinars. To do so, we use offerings provided by other carefully selected providers. When actively using offerings of this nature, data regarding the participants in the communication is processed and stored on the servers of the third-party services used, provided this data is necessary for the communication process. In addition, usage data and metadata can also be processed.
GoToMeeting
Recipient of data:
LogMeIn, 320 Summer Street, Boston, MA 02210, USA
Privacy:
https://www.goto.com/company/legal/privacy
Microsoft Teams
Recipient of data:
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Privacy:
LINK KOMMT NOCH
Opt-Out-Link:
https://account.microsoft.com/privacy/ad-settings/signedout?ru=https:%2F%2Faccount.microsoft.com%2Fprivacy%2Fad-settings
TeamViewer
Recipient of data:
TeamViewer Germany GmbH, Bahnhofsplatz 2, 73033 Göppingen, Germany
Single sign-on procedure
To make our online offering even easier to use, we deploy a ‘single sign-on procedure’. This enables users to log on to our online offering with log-in details from a single sign-on provider, meaning that they do not need to have any additional log-in details as a result. The use of a single sign-on procedure requires users to already have an existing user account with a provider of the procedure in question, such as a social network. To log on with the single sign-on procedure, the user must provide their log-in details for the single sign-on procedure in the log-in window of our online offering, or if the user is already logged in on the provider’s website, confirm registration via single sign-on by clicking the appropriate button.
We use ‘user handles’ to carry out authentication. Inter alia, this includes a user ID plus information that the user has used the ID to log on with the procedure provider in question. We only receive this ID for the purposes of authentication, i.e. we are not permitted to process it for any purposes beyond authentication. Whether data beyond this is transferred to us, and if yes, what data, depends on the provider of the procedure in question, the user’s account settings with this provider and any data approvals selected within the framework of authentication. The data we receive from the provider of the procedure in question can vary. However, it usually encompasses an email address and a username. We cannot see the password entered, nor can we store it.
To change or delete connections between user accounts and the single sign-on procedure, the appropriate settings must be changed within the user account with the provider of the procedure in question.
Users of the function in question
User handles (e.g. username, authentication confirmation)
Authentication of users
Consent (article 6 (1) (a) GDPR)
Microsoft
Recipient of data:
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Privacy:
https://privacy.microsoft.com/en-us/privacystatement
Consent (article 6 (1) (a) GDPR)
Newsletter and mass communication (including tracking, if applicable)
On our online offering, users have the option of subscribing to our newsletter or to notifications on various channels (hereinafter referred to overall as ‘newsletters’). We only send newsletters to data subjects who have agreed to receive the newsletter, and within the framework of statutory provisions. We use a select service provider to send out our newsletter. An email address must be provided to subscribe to our newsletter. If applicable, we collect extra data, such as your name to include a personal greeting in our newsletter. Our newsletter is only sent after the ‘double opt-in procedure’ has been fully completed. If visitors to our online offering decide to receive our newsletter, they will receive a confirmation email that serves to prevent the fraudulent input of wrong email addresses and preclude a single, possibly accidental, click from causing the newsletter to be sent. The subscription to our newsletter can be ended at any time with future effect. An unsubscription (opt-out) link is given at the end of every newsletter. In addition, we are obliged to provide proof that our subscribers actually want to receive the newsletter. To this end, we collect and store their IP address, along with the time of subscription and unsubscription. Our newsletters are designed so that we can obtain findings about improvements, target groups or the reading behaviour of our subscribers. We are able to do this thanks to a ‘web beacon’ or tracking pixel that reacts to interactions with the newsletter, such as looking at whether links are clicked on, whether the newsletter is opened at all, or at what time the newsletter is read. For technical reasons, we can associate this information with individual subscribers.
Newsletter subscribers
Rechtsgrundlage:
Consent (article 6 (1) (a) GDPR)
Mail Chimp
Recipient of data:
The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA
Privacy:
https://mailchimp.com/legal/privacy/
Microsoft Dynamics 365
Recipient of data:
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Consent (article 6 (1) (a) GDPR)
Contacting us
On our online offering, we offer the option of contacting us directly or requesting information via various contact options. We use a management tool for these enquiries so that we always have an overview of contact that has been made with us. In the event of contact being made, we process the data of the person making the enquiry to the extent necessary for answering or handling their enquiry. The data processed can vary depending on the method via which contact is made with us.
Individuals submitting an enquiry
Master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text inputs, photographs, videos), metadata and communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times)
Processing requests
Consent (article 6 (1) (a) GDPR), performance of contract (article 6 (1) (b) GDPR)
Microsoft Dynamics 365
Recipient of data:
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Privacy:
https://privacy.microsoft.com/en-us/privacystatement
Microsoft Forms
Recipient of data:
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
https://privacy.microsoft.com/en-us/privacystatement
Opt-Out-Link:
https://account.microsoft.com/privacy/ad-settings/signedout?ru=https:%2F%2Faccount.microsoft.com%2Fprivacy%2Fad-settings
Google-Formular
Recipient of data:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
https://policies.google.com/privacy?hl=en-US
Events and activities
On our online offering, visitors have the opportunity to register for events and activities. The details collected by us that are necessary to initiate and perform the contract are marked as mandatory fields. The provision of data in excess of this is voluntary.
Participants, interested parties
Master data (e.g. name, address), contact data (e.g. email address, telephone number), Transaction data (bank details, invoices, payment history), contract data (e.g. subject of contract, term)
Contract preparation and performance
Contract preparation and performance (article 6 (1) (b) GDPR), Consent (article 6 (1) (a) GDPR)
GoTo Webinar
Recipient of data:
LogMeIn, 320 Summer Street, Boston, MA 02210, USA
https://www.logmeininc.com/en/legal/privacy
Consent (article 6 (1) (a) GDPR)
Microsoft Dynamics 365
Recipient of data:
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Download Whitepaper
On our online offering, visitors have the opportunity to download documents, so that we can provide them with recent or relevant information. In some cases, our visitors can download pdf files. A tracking in case of a download of a whitepaper takes place.
In some cases, we collect personal data including IP-address via a form before the download and make the provision of our free services dependent on a subscription to our newsletter. In this case, consent is obtained via a double-opt-in procedure both for the processing of user data for the download and separately for the subscription to download-related mailings, which are freely withdrawable separately.
The download then takes place via a download link, which we provide to our users by e-mail.
Interested users who specifically download our information material
IP-address, form-data (form of address, name, email address, telephone number)
Marketing, acquisition of new customers, sales increase
Consent (Art. 6 (1) lit. a) GDPR)
Data transfer
We transfer the personal data of visitors to our online offering for internal purposes (e.g. for internal administration or to the HR department so we can meet statutory or contractual obligations). Internal data transfer or the disclosure of data only occurs to the extent necessary, under the pertinent data protection provisions.
Legitimate interests (article 6 (1) (f) GDPR)
‘Small-group exemption’, centralised management and administration within the company to make use of synergy effects, cost savings, increased efficiency
https://forcam-enisco.net/zh/contact/
In the event of transferring personal data to a country outside the EEA in the context of internal group processing, we ensure that the processing is legally permissible in the manner we intend. In this case, we have concluded binding corporate rules/standard data protection clauses including a separate regulation of appropriate technical and organisational measures to protect the data of data subjects best possible. A copy of the guarantee used is available at Microsoft Corporation: https://learn.microsoft.com/de-de/compliance/regulatory/offering-eu-model-clauses; Google Inc.: https://support.google.com/publisherpolicies/answer/10437486?hl=de.
Storage period
In principle, we store the data of visitors to our online offering for as long as needed to render our service or to the extent that the European body issuing directives and regulations or another legislator stipulates in laws and regulations to which we are subject. In all other cases, we delete personal data once the purpose has been fulfilled, with the exception of data that we need to continue to store to comply with legal obligations (e.g. if retention periods under tax law and trade law require us to keep documents such as contracts and invoices for a certain period of time).
Automated decision-making
We do not use automated decision-making or profiling.
Legal bases
The decisive legal bases primarily arise from the GDPR. They are supplemented by national laws from member states and can, if applicable, be applied alongside or in addition to the GDPR.
Article 6 (1) (a) GDPR serves as the legal basis for processing procedures regarding which we have sought consent for a particular purpose of processing.
Article 6 (1) (c) GDPR is the legal basis for processing that is required to comply with a legal obligation.
Article 6 (1) (d) GDPR serves as the legal basis if the processing is necessary to protect the vital interests of the data subject or another natural person.
Article 6 (1) (e) GDPR serves as the legal basis for processing that is necessary to perform a task in the public interest or to exercise public force that is transferred to the controller.
Pursuant to article 17 GDPR, data subjects have the right to request that data relating to them be erased without delay. Alternatively, they can request that we restrict the processing of their data, pursuant to article 18 GDPR.
Withdrawal of consent
Some data processing procedures can only be carried out with the express consent of the data subject. Once granted, you are able to withdraw consent at any time. To do so, sending an informal note or email to datenschutz@forcam.com is sufficient. The consent of data processing operations on our online offer can be directly adjusted in our Consent Manager-Tool. The legality of the data processing carried out up to the point of withdrawal shall remain unaffected by the withdrawal.
External links
Our website includes links to online offerings from other providers. We note that we have no influence over the content of the online offerings linked to and over whether their providers comply with data protection provisions.
Amendments
We reserve the right to amend this information on data protection, in compliance with the applicable data protection provisions, if changes are made to our online offering so that it complies with the legal requirements.