Data protection declaration

COSMO CONSULT AG  (Schöneberger Str. 15, 10963 Berlin, Phone: +49 (0)30-3438 15-0, email: info@cosmoconsult.com) takes the protection of personal data very seriously. We treat your personal data as confidential and in accordance with both legislative data protection regulations and this data protection declaration.

In what follows you will find information on how Cosmo Consult collects and uses personal data, in particular what data is collected during your visit and how it is used. In section number 4 we provide you with information about your rights under the EU Data Protection Regulation and how you can exercise those rights.

We will not share your personal data with third parties without your consent or without a legal obligation; we will use it only for the technical administration of the web pages. If you are one of our customers, we will use your data for customer management and for marketing only to the extent required and legally permitted. As one of our customers, you are always entitled to revoke permission for the promotional use of your data at any time.

Personal data will only be collected or transmitted to state institutions and authorities within the context of mandatory national legislation. 

Here we now offer you the possibility to conclude an EU-DSGVO-compliant contract agreement with us: SharePoint Link
Simply log in here with your YourCOSMO user account. Find more detailled information on 3.2 Order Data Processing Agreement.
 

1.0 General

The object of this data protection declaration is the collection, processing and use of personal data by the website www.cosmoconsult.com and by Cosmo Consult Group as a service provider.

1.1 Collection and processing of personal data

Our website can generally be used without providing personal data. Personal data, such as the user's name, address, telephone number or email address, is only recorded if the user provides this information voluntarily. We use the personal data provided solely to meet your requirements.

We will process your personal data for the following purposes.

a) Contract fulfillment
We will process your data in order to be able to fulfill our contracts. This also applies to information that you provide to us in the context of pre-contractual correspondence. The specific purpose of the data processing depends on the product and the application submitted; it may also be used to analyze your needs and to determine which products and services are suitable for you. For the fulfillment of the contract we need your name, your address, and your telephone number or e-mail address, so that we can contact you. We also need your personal data in order to determine whether we can offer you products and services and if so which ones. You can find details concerning the respective purposes of the data processing in the contract documents and our general terms and conditions.
This data processing is done on the basis of Article 6 (1) b GDPR.

b) To strengthen and optimize the customer relationship
As part of our effort to continuously improve our relationship with you, we occasionally ask you to participate in our customer surveys. The results of the surveys allow us to better tailor our products and services to your needs. This data processing is done on the basis of Article 6 (1) f GDPR.

c) Data processing and data analysis for marketing purposes
Your needs are important to us, and we try to provide you with information about products and services that suit you perfectly. In the course of doing so, we make use of what we have learned during our joint business relationship and we use market research. Our main goal is to adapt our product suggestions to your needs. In this context, we guarantee that we will always process the data in accordance with applicable data protection laws. Please note: You are always entitled to revoke permission for the use of your data for this purpose at any time.

What specifically do we analyze and process?

  • The results of our marketing measures in order to determine the efficiency and relevance of our campaigns;
  • Information gathered during your visits to our website and the customer portal;
  • We analyze data to determine possible demand for our products and services.

This data processing is done on the basis of Article 6 (1) f GDPR.

d) E-mail marketing and newsletters
After you have registered via our customer portal, you will be able to receive newsletters and e-mails adapted to your needs that provide information about interesting trade fairs, news about our company, invitations to customer events, etc. To send you this information we only need your e-mail address; all other information is voluntary. You are always entitled to choose not to receive these personalized notifications and the newsletter at any time.
 
The processing of your data for this purpose is based on your consent in accordance with Article 6 (1) a of the GDPR. The effectiveness of electronically given consent such as it is used in the registration for the newsletter, is subject to certain requirements by law. This also includes documenting your declaration of consent. We therefore record the date and time when consent was given, the text of the declaration of consent, the fact that the checkbox was selected, your e-mail address and all other voluntarily provided information. We also log the date and time of the click on the confirmation link as well as the link in the confirmation e-mail. We only collect this information in order to comply with legal obligations.
You have the right to revoke your consent at any time. However, the revocation of consent does not affect the legality of the processing up to the revocation.

e) Measures for your security
The situations in which we use your personal data include:

  • We analyze your data to protect you or your company from fraudulent activities. This might be the case if, for example, you have been the victim of identity theft or if unauthorized persons have gained access to your user account in some other way;
  • To improve the reliability of our web applications, our IT support will work closely with you in case of technical problems. In this context, we also evaluate logs of page views, actions performed, etc.;
  • To ensure IT security;
  • To be able to document and prove facts for the eventuality of possible legal disputes.

This data processing is done on the basis of Article 6 (1) f GDPR.

f) On the basis of your consent
If you have granted consent for the processing of your personal data for one or more specified purposes, then it is permissible for us to process your data. You may revoke your consent with a view to the future at any time without incurring any cost other than the base rate for transmission (the cost of your Internet connection). However, the revocation of consent does not affect the legality of the processing up to the revocation.
The processing of this data for this purpose is done on the basis of Article 6 (1) a of the GDPR.

g) On the basis of legal requirements or in the public interest
As a company, we are subject to a wide variety of legal requirements (for example, arising from tax legislation). In order to comply with our legal obligations, we process only the personal data that is absolutely necessary for that purpose.

In accordance with applicable data protection regulations, we do not store your personal data longer than is necessary for the purpose of the processing concerned. When the data is no longer required for the fulfillment of contractual or legal obligations, we regularly delete it, unless it is necessary to store it temporarily. The following reasons may be grounds for retaining the data:

  • There are obligations to retain data under commercial and tax law that must be complied with: time periods of up to 10 years are prescribed for the retention of data according to the regulations of the commercial code and the tax code.
  • To preserve evidence for the event of legal disputes within the framework of the statutory limitation period: civil law limitation periods can be up to 30 years, although statutes of limitation periods regularly expire after three years.

1.2 Cookies

Web pages sometimes use so-called cookies. Cookies are small text files that allow specific device-related information to be saved on the device used by the user (PC, smartphone, or similar) to access the web page. On the one hand, they serve the user-friendliness of web pages and thereby the users (e.g. saving login data) and on the other hand they serve to gather statistical data on website use in order to analyse this to improve what is on offer.

You can configure your browser in such a way that you are informed of the placement of cookies and only allow them on a case-by-case basis, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

You can manage a large number of cookies from online advertisements via the US website www.aboutads.info/choices/ or the EU website www.youronlinechoices.com/uk/your-ad-choices/

1.3 Google AdWords and conversion tracking

To call attention to our services, we place Google AdWords ads and also use Google conversion tracking as a part of this.

The Google AdWords advertisements are shown according to search queries on the Google Display Network web pages and can be controlled via the advertisement settings. When a user clicks on an advertisement, Google places a cookie on the user's computer. This is valid for approximately 30 days. You can find more detailed information on the cookie technology used in the Site Stats and in Google's Privacy Policy.

With the help of cookie technology, Google and we as a customer are informed when a user clicks on an advertisement and is sent to our web pages. This information is used exclusively for advertisement optimization and for statistical evaluation. We do not receive any information that could allow the user to be personally identified. The statistics provided to us by Google contain only the overall number of users who have clicked on our advertisements, and whether they were sent to a page of our website provided with a conversion tag, if applicable.

If you do not want this to happen, you can prevent the cookie required for this technology from being saved, for example in your browser settings. In this case your visit is not included in the user statistics.

1.4 Google AdWords and remarketing

In addition to conversion tracking, we also use the remarketing function in Google AdWords. As a result, if you have already visited our web pages and shown interest in our services, advertising messages based on your interest will be shown the next time you use the Google search function or call up web pages belonging to the Google Display Network.

Using cookies allows these tailor-made advertisements to be shown. Cookies are text files that your web browser saves on your computer when you open one of our web pages. You can find more information on the use of cookies in advertisements at Google and the partner network in the Google Privacy Policy and Terms of Service under the heading Advertising.

If you do not want to receive any interest-based advertising, you can stop Google from using cookies via the settings in the Ads Settings. The use of cookies by third-party providers can be switched off via the Network Advertising Initiative's deactivation page.

1.5 Google Analytics

This website uses Google Analytics, a web analysis service from Google Inc. ("Google"). Google Analytics uses so-called "cookies", which are text files that are saved on your computer and allow use of the website to be analysed. The information generated by the cookie on the use of this website (including your IP address, which is however anonymised with the method _anonymizeIp() so that it can no longer be assigned a connection) is sent to a Google server in the USA and saved there.

Google uses this information to evaluate your user behaviour on the website, to compile reports on website activities for the website operator and to provide other services associated with website and Internet usage. Google may transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google. Google will never connect your IP address with other data from Google. You can prevent the installation of cookies by using the appropriate setting in your browser software. However, we would like to inform you that in this case you may no longer be able to use all of this website's functions to their full extent. By using this website you consent to the processing of the data recorded on you by Google in the previously described way and for the previously described purpose.

You can object to the future collecting of data by Google Analytics by installing a deactivation add-on for your browser (https://tools.google.com/dlpage/gaoptout?hl=en-GB). As an alternative to the browser add-on or for when browsing with mobile devices, please click on this link to prevent the gathering of data by Google Analytics from this website in future (the opt-out only functions in this browser and only for this domain). This will store an opt-out cookie on your device. If you delete the cookies in this browser, you must click on this link again.

1.6 Use of the XING button

Our website uses functions from the XING network. The provider is XING AG, Dammtorstrasse 29–32, 20354 Hamburg, Germany. Every time one of our pages is accessed that contains XING functions, a connection is made to XING servers. To our knowledge, no personal data is stored in the process. In particular, no IP addresses are stored and user behaviour is not evaluated.

You can find more information on data protection and the XING share button in XING's privacy policy at https://www.xing.com/app/share?op=data_protection.

1.7 Use of Facebook Social Plugins

Our website uses Social Plugins ("plugins") from the social network facebook.com, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA ("Facebook"). Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is legally responsible for all users outside of the USA and Canada. The Facebook Social Plugins are characterised by one of the Facebook logos (white "f" on a blue tile, the term "like" or a "thumbs up" symbol) or are provided with the "Facebook Social Plugin" add-on. The list and the appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.

If you access a website that contains such a plugin, your browser will establish a direct connection with Facebook's servers. The content of the plugin is transmitted from Facebook directly to your browser and embedded in the website by the browser. As a website provider, we have no influence on the scope of the data that Facebook gathers using this plugin and therefore inform you of the following, according to our present knowledge:

The embedded Facebook Social Plugins transmit to Facebook the information that a user accessed the corresponding website. If the user is logged in to Facebook at the time, Facebook can assign the visit to the user's Facebook account. If an interaction occurs between the user and the plugin, for example if the user presses the "Like" button or writes a comment, the corresponding information will be sent from the browser directly to Facebook and will be stored there. Even if a user is not a member of Facebook, there is the possibility that Facebook will find out the user's IP address and store it. According to Facebook, in Germany only anonymised IP addresses are saved.

To find out more about the purpose and scope of data gathering and the further processing and use of the data by Facebook, and your rights and configuration options for the protection of your privacy in this respect, please see Facebook's data policy: https://www.facebook.com/about/privacy/.

If you are a member of Facebook and do not want Facebook to collect information about you via our web pages and to link with your member data saved on Facebook, you must log out of Facebook before visiting our website. Additional settings and objections to the use of data for advertising purposes are available within the Facebook profile settings: www.facebook.com/settings.

1.8 Use of Google+ plugins (for example, the "+1" button)

On our website we use so-called social plugins ("plugins") from the social network Google+, which is operated by Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA ("Google"). Google+ plugins are characterised, for example, by buttons with the "+1" symbol on a white or coloured background. You can find an overview of Google+ plugins and their appearance here: https://developers.google.com/+/plugins.

If you access a page from our website that contains such a plugin, your browser will establish a direct connection with Google's servers. The content of the plugin is transmitted from Google directly to your browser and embedded in the page. As a result of this embedding, Google obtains the information that your browser accessed the corresponding page of our website, even if you do not have a profile with Google+ or are not currently logged in to Google+. This information (including your IP address) is sent from your browser directly to a Google server in the USA and is saved there.

If you are logged in to Google+, Google may immediately assign the visit to our website to your Google+ profile. If you interact with the plugins, for example by pressing the "+1" button, the corresponding information is also sent directly to a Google server and is saved there. The information will also be published to Google+ and displayed there to your contacts.

To find out more about the purpose and scope of data gathering and the further processing and use of the data by Google, and your rights and configuration options for the protection of your privacy in this respect, please see Google's privacy policy: http://www.google.com/intl/de/+/policy/+1button.html.

If you do not want Google to immediately assign the data collected via our website to your Google profile, you must log out of Google+ before visiting our website. You can also completely prevent Google plugins from loading by using add-ons for your browser, for example with the "NoScript" script blocker (http://noscript.net/).

1.9 Use of Twitter plugins (for example, the "Tweet" button)

On our website we use so-called social plugins ("plugins") from the microblogging service Twitter, which is operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA ("Twitter"). The plugins are characterised by a Twitter logo, for example in the form of a blue "Twitter bird". You can find an overview of Twitter plugins and their appearance here: twitter.com/about/resources/Buttons.

If you access a page from our website that contains such a plugin, your browser will establish a direct connection with Twitter's servers. The content of the plugin is transmitted from Twitter directly to your browser and embedded in the page. As a result of this embedding, Twitter obtains the information that your browser accessed the corresponding page of our website, even if you do not have a profile with Twitter or are not currently logged in to Twitter. This information (including your IP address) is sent from your browser directly to a Twitter server in the USA and is saved there.

If you are logged in to Twitter, Twitter may immediately assign the visit to our website to your Twitter account. If you interact with the plugins, for example by pressing the "Tweet" button, the corresponding information is also sent directly to a Twitter server and is saved there. The information will also be published to your Twitter account and displayed there to your contacts.

To find out more about the purpose and scope of data gathering and the further processing and use of the data by Twitter, and your rights and configuration options for the protection of your privacy in this respect, please see Twitter's privacy policy: twitter.com/privacy.

You can change your privacy settings on Twitter in the account settings at twitter.com/account/settings.

If you do not want Twitter to immediately assign the data collected via our website to your Twitter account, you must log out of Twitter before you visit our website. You can also completely prevent Twitter plugins from loading by using add-ons for your browser, for example with the "NoScript" script blocker (http://noscript.net/).

1.10 Use of LinkedIn plugins

On our website we use so-called social plugins ("plugins") from the social network LinkedIn, which is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA ("LinkedIn"). You can recognise LinkedIn plugins on our website by the LinkedIn logo or the "recommend" button.

If you access a page from our website that contains such a plugin, your browser will establish a direct connection with LinkedIn's servers. The content of the plugin is transmitted from LinkedIn directly to your browser and embedded in the page. As a result of this embedding, LinkedIn obtains the information that your browser accessed the corresponding page of our website, even if you do not have a profile with LinkedIn or are not currently logged in to LinkedIn. This information (including your IP address) is sent from your browser directly to a LinkedIn server in the USA and is saved there.

If you are logged in to LinkedIn, LinkedIn may immediately assign the visit to our website to your LinkedIn account. If you interact with the plugins, for example by pressing the "LinkedIn" button, the corresponding information is also sent directly to a LinkedIn server and is saved there. The information will also be published to your LinkedIn account and displayed there to your contacts.

To find out more about the purpose and scope of data gathering and the further processing and use of the data by LinkedIn, and your rights and configuration options for the protection of your privacy in this respect, please see LinkedIn's privacy policy: www.linkedin.com/legal/privacy-policy.

1.11 Contact requests

Some pages on our website offer you the option of contacting us. We will only use information transmitted in this way to process your request. Data collected in this way will not be passed on to third parties or reconciled with data that may have been collected by other components of our website.

1.12 Comments and contributions

If you leave comments on the blog or contribute to our website in any other way, your IP addresses will be saved. This measure serves to protect us if illegal content (offensive comments, forbidden political propaganda etc.) is present in comments and/or other contributions. In this case, we as the website operator can be prosecuted for the illegal comment or contribution and are therefore interested in the author's identity.

1.13 Newsletter

We will inform you of what we offer via a newsletter. To subscribe to our newsletter you need a valid email address, which you must also confirm. To do this, we will send a confirmation email to the email address you have provided. You will receive the information you have requested from us only after confirming this email. The "Name" field is declared as an obligatory field in the newsletter as it makes it possible for us to address you personally.

When you register for our newsletter, we will save your IP address and the date and time of your registration. This helps to protect us if a third party misuses your email address and subscribes to our newsletter without your knowledge. The data collected in this way will be used exclusively for the delivery of our newsletter. We will not collect additional data or pass your data on to third parties. There will also not be any reconciliation of data collected in this way with data that may have been collected by other components of our website.

You may revoke your consent to the saving and using of this data at any time. The revocation can be initiated via a link in the newsletter or by sending a message to the address provided in the imprint.

1.14 Objection to advertising emails

The use of contact data published in compliance with German legislation on providing company information for sending advertisements and informational material that is not expressly requested is hereby rejected. The operators of the web pages expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, for example via spam emails.

1.15 Amendment to the data protection declaration

We reserve the right to amend this data protection declaration from time to time based on updates of this website. We therefore recommend that you visit this website regularly to make sure that you agree with the amendments.

1.16 Revocation, amendments, corrections and updates

You have the right to access the information on your stored personal data, its origin and recipients, and the purpose of data processing free-of-charge and at any time, and you also have the right to correct, block or delete this data. For this purpose and in case of additional questions on the topic of personal data, you may contact us at any time at the address provided in the imprint.

2.0 Data Protection Officer

If you have questions regarding the processing of your personal data or require additional information on the topic of data protection, please do not hesitate to contact our data protection manager.

Mr Marco Schröder

2b Advice GmbH

Joseph-Schrumpeter-Straße 15

53227 Bonn
Germany

3.0 Members of the Joint Controllership Agreement

As the joint controllership body, COSMO CONSULT Group, the companies listed here have entered into a data protection agreement in accordance with Article 26 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: GDPR) as amended.

3.1 Overview of all Partners and Contractors

COSMO CONSULT has concluded data processing agreements with strategic partners and other service providers in accordance with Article 28 GDPR with effect for all companies of the group. COSMO CONSULT uses the service providers listed as approved subcontractors.Here you can find the Overview of all Contractors and Partners.

3.2 Order Data Processing Agreement

Article 28 ff. EU-GDPR lays out detailed statutory rules on the processing of personal data by service providers.  If you pass on personal data of your company, business partners or customers, it is important that you do so in a manner that is legally compliant and in accordance with the new EU Regulation.

If you have your customer data processed directly or remotely by COSMO CONSULT or if you make it available to us for the purpose of processing service requests, we are now offering the opportunity for you to conclude an EU-GDPR-compliant contract agreement with us that guarantees you complete legal certainty. In order to make the necessary processes as convenient and transparent as possible for you, an application form is available under the following link:SharePoint Link
Simply log in here with your YourCOSMO user account.
In the online form you can then enter the specific details about the type and scope of the data to be processed. On the basis of this, we will create a processor contract tailored to your needs. Please note: No additional costs arise for you in connection with the application or preparing or concluding the contract!

3.3 Data protection and Data Security at COSMO CONSULT

COSMO CONSULT has taken measures in the areas of construction, personnel, organization and technology that ensure the security of objects and data, as well as uninterrupted operations.
The technical and organizational data-protection measures deal with the following:

  • Organizational control, physical access control, system access control, data access control, transfer control, order control, availability control and the separation requirement
  • Type of data exchange, provision of data, nature and circumstances of processing, data storage as well as the kind of and environment for data transmission
  • Measures to permanently secure the confidentiality, integrity, availability and capacity of the systems and services and the ability to rapidly restore the availability of and access to personal data in the event of a physical or technical incident. A procedure for periodically reviewing, assessing and evaluating the effectiveness of these measures.

As a general principle, the technical and organizational measures of COSMO CONSULT are affected by technological progress and continuing development.  COSMO CONSULT will take all measures necessary to increase security. You can download the current documentation of the technical and organizational measures "Data Protection and Data Security at COSMO CONSULT" here.

4.0 Rights of affected persons

You always have the right to receive information about your stored personal data, its origin, the recipients of that data as well as the the purpose of the data processing free of charge at any time. If the data is not correct, you are entitled to require us to correct it or, if it is incomplete, to remedy that. If we have given your data to third parties with your consent, we will inform them of this action in certain legal circumstances.

If the data processing is done in the public interest or on the basis of a balance of interests, you have the right to object to the data processing for reasons arising from your particular situation.
If your data is no longer needed for the original purpose, you have revoked your consent and there is no other legal basis for processing the data, or if your data is being processed unlawfully, you are entitled to require us to delete your data. This also applies if your objection to the processing is legally effective or your data must be deleted to fulfill a legal obligation.
Please note that before deleting your data, we must confirm that there is no legitimate reason or legal obligation to process your personal data.

You are entitled to demand that the processing of your data be restricted if you dispute the accuracy of the data, we still need the data in order to assert legal claims, the data is being processed unlawfully or you have objected to the processing and the review of your case is still pending.

If you provide us with personal data, you have the right to receive that data on request in a transferable and machine-readable format or to have that data provided to another person named by you.

Of course, you also have the right to lodge a complaint with the competent authority at any time if our conduct in relation to your personal data gives you grounds to do so.