Privacy policy

1. Who is Responsible for this Website?

The responsible party in terms of the General Data Protection Regulation is:

CONCEPT X GmbH & Co. KG
Hörstkamp 7
48431 Rheine
Email: datenschutz@conceptx.de
Imprint: https://dev.conceptx.de/en/imprint/

(hereinafter also “CONCEPT X GmbH & Co. KG” or “we”)

If you have any questions about these privacy notices or about the protection of your data by CONCEPT X GmbH & Co. KG, you can also contact our data protection officer at any time:

Carla Holterhus
Email: datenschutz@conceptx.de

2. What is it About?

When we process personal data, this means that we collect, store, transmit, delete, or otherwise use it. Personal data refers to information about natural persons who learn about the offers and services of CONCEPT X GmbH & Co. KG on this website.

If you are a customer, prospect, employee, supplier, or applicant at CONCEPT X GmbH & Co. KG, your data will also be processed within the framework of your business relationship with us or your legitimate interest in a response from us. You can find information about this in the notes on handling your personal data.

Below you will find an overview of the data processed by CONCEPT X GmbH & Co. KG when visiting this website and the purpose for which it is processed. Information on the handling of your data on the social media offerings of CONCEPT X GmbH & Co. KG can be found in the privacy policy for social media.

3. How is Your Data Processed When Visiting This Website?

3.1 Data Required to Display the Website and Ensure Its Stability and Security

When using the website, the following technically necessary data is processed for the purposes of providing our online services and user-friendliness, information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)), and security measures:

  • Usage data: browser used (type, version, language); operating system used; internet service provider of the user; files retrieved on our web pages; website from which the user accessed our web pages; website that the user accesses via our website.
  • Meta, communication, and procedural data: user’s IP address, date and time of access to our web pages; consent status.
  • Content data: inputs in online forms).

Collection of access data and log files: Access to our online offer is logged in the form of so-called “server log files”. The server log files can include the address and name of the retrieved web pages and files, date and time of retrieval, transferred data volumes, message about successful retrieval, browser type along with version, the operating system of the user, referrer URL (the previously visited page), and typically IP addresses and the requesting provider. The server log files can be used for security purposes, e.g., to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks), and on the other hand, to ensure the utilization of the servers and their stability; legal basis: legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR); deletion of data: Logfile information is stored for a maximum of 30 days and then deleted or anonymized. Data required for further retention for evidential purposes are excluded from deletion until the respective incident is finally resolved.

The processing of the aforementioned user data takes place for the performance of pre-contractual measures or for the fulfillment of the contract according to Art. 6 Para. 1 Sentence 1 lit. b GDPR. In addition, the processing of the data can also be carried out to protect the legitimate interests of CONCEPT X GmbH & Co. KG based on a balancing of interests according to Art. 6 Para. 1 Sentence 1 lit. f GDPR. In the case of unlawful use of this website, this data also serves to investigate potential legal violations.

CONCEPT X GmbH & Co. KG also evaluates this information for statistical purposes and to improve this website, without creating personal user profiles.

Information on Providers and Services:

We use services from ALL-INKL (ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany) for the provision of information technology infrastructure and related services.

We have concluded a data processing agreement (DPA) for the use of the aforementioned service. This is a data protection contract required by law, which ensures that this service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

For more information on the handling of user data at ALL-INKL, please refer to the privacy policy of ALL-INKL: https://all-inkl.com/datenschutzinformationen/.

We use hosting and software from WordPress.com (Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland) for creating, providing, and operating our website, our blog, and other online offerings.

We have concluded a data processing agreement (DPA) for the use of the aforementioned service. This is a data protection contract required by law, which ensures that this service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Data Processing Agreement: https://wordpress.com/support/data-processing-agreements/.

For more information on the handling of user data at WordPress, please refer to the privacy policy of WordPress: https://automattic.com/de/privacy/.

3.2 Use of Cookies?

This website uses cookies. Cookies are small units of information stored on your device. This serves to make it easier for visitors to navigate the website and use certain features, and especially to be able to reuse this information at a later time. In addition to these technically and functionally required cookies, cookies may also be used for other purposes, such as targeted advertising. Further explanations can be found in the following notes.

If you do not wish cookies to be stored on your device, you can prevent this by adjusting your browser software accordingly. There, already stored cookies can also be deleted. However, deactivating technically necessary cookies may result in the website not being fully usable.

Necessary Cookies:

We use cookies that are necessary for the operation and delivery of functions in order to make the use of this website secure and user-friendly. Only in this way can users navigate the web pages and operate the modules or functions of the website. Without these cookies, the use of the website may not be possible or only to a limited extent. For some functions, it is necessary that the browser is recognized even after a page change.

The data collected with the help of these necessary cookies is not used to create user profiles. The following data is stored and transmitted in the cookies:

  • Current session ID
  • Usage of certain website content, for example, frequency or extent of use
  • Acknowledgment of certain website content, such as product notes

Since websites have no memory, cookies inform the server which pages should be displayed to the visitor. This has the advantage that the visitor does not have to remember everything or navigate through the entire page again.

Almost all of the technically and functionally necessary cookies used are session cookies, so-called “Session-Cookies”. The data stored in them are automatically deleted at the end of your visit.

The cookies used by us on our website are:

The processing of data using technically and functionally necessary cookies is based on § 25 para. 2 TTDSG.

3.3 Contact Form and Email Contact

A contact form is available on our web pages, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored:

  • Name
  • Email address
  • Free field for individual text
  • User’s IP address
  • Date and time of sending

Alternatively, contact can be made using the email addresses provided on the web pages. In this case, the personal data of the user transmitted with the email will be stored by us. The legal basis for processing the data is Art. 6 Para. 1 lit. f GDPR. If the contact aims at concluding a contract, then Art. 6 Para. 1 lit. b GDPR is the legal basis.
The data is used exclusively for processing the contact and the subsequent communication. In this context, the data will not be passed on to third parties. The personal data from the input mask of the contact form and those sent by email will be deleted when the respective communication with the user has ended, i.e., as soon as it can be inferred from the circumstances that the relevant matter has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days.

3.4 Information Applications of Other Providers

Consent with Borlabs Cookie

Our website uses the consent technology of Borlabs Cookie to obtain your consent to store certain cookies in your browser or to use certain technologies and to document this in compliance with data protection regulations. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (hereinafter Borlabs). When you enter our website, a Borlabs cookie is stored in your browser, which stores the consents you have given or the revocation of these consents. These data are not passed on to the provider of Borlabs Cookie. The collected data will be stored until you request us to delete them, delete the Borlabs cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention periods remain unaffected. Details on Borlabs Cookie’s data processing can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

The use of the Borlabs Cookie consent technology is carried out to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 Para. 1 lit. c GDPR.

Google Ads

Google Ads is an online advertising service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google is the responsible entity.

We use Google Ads to display online advertising that matches your interests. Google uses DoubleClick cookies to measure the success of our advertising campaigns through the collection of parameters such as ad impressions or clicks by users. For example, we receive statistical evaluations from Google about which ads were clicked how often and at what prices. However, we do not receive information about the use of advertising media that allows conclusions to be drawn about individual users.

Based on the statistics created by Google Analytics, we can form target groups (e.g., for devices on which a specific product page was accessed) and transmit these to Google via Google Ads. These target groups consist of a list of Advertising IDs filtered within Google Analytics according to certain criteria (which, for example, are also stored in the “DoubleClick cookie”). Google uses these target groups so that you are primarily addressed in online marketing for products in which you are interested (e.g., because you have already informed yourself about them on our website). More information on how Google processes your data for advertising ads can be found in Google’s privacy policy and Google Ads help.

The legal basis for data processing is your consent according to Art. 6 Para. 1 Sentence 1 lit. a GDPR or § 25 Para. 1 TTDSG.

Data transfer to the USA is based on the EU-US Data Privacy Framework (DPF) and the EU Commission’s standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

More information on how Google Analytics handles user data can be found in Google’s privacy policy: https://policies.google.com/privacy.

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It is only used for the management and deployment of the tools integrated through it. However, Google Tag Manager does collect your IP address, which can also be transmitted to Google’s parent company in the United States.

The use of this service is based on your consent according to Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the EU-US Data Privacy Framework (DPF) and the EU Commission’s standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

More information on how Google Analytics handles user data can be found in Google’s privacy policy: https://policies.google.com/privacy.

Google Analytics

This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use Google Analytics to measure and analyze the use of our website based on a pseudonymous user identification number. This identification number does not contain unique data, such as names or email addresses. It is used to assign analysis information to an end device in order to recognize which content users have accessed within one or several usage processes, which search terms they have used, have revisited them, or have interacted with our website. Similarly, the time of use and its duration, as well as the sources of the users who refer to our website and technical aspects of their end devices and browsers, are stored. Pseudonymous profiles of users are created with information from the use of various devices, where cookies can be used. Google Analytics logs and stores no individual IP addresses for EU users. However, Analytics provides coarse geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, IP address data is used exclusively for this derivation of geolocation data before it is immediately deleted. They are not logged, are not accessible, and are not used for further purposes. When Google Analytics collects measurement data, all IP queries are conducted on EU-based servers before traffic is forwarded to Analytics servers for processing. The use of this service is based on your consent according to Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the EU-US Data Privacy Framework (DPF) and the EU Commission’s standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

More information on how Google Analytics handles user data can be found in Google’s privacy policy: https://policies.google.com/privacy.

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Microsofrt Advertising

We use the Microsoft Advertising service provided by Microsoft Ireland Operations Limited (Ireland/EU) on our website. Microsoft Advertising is an online marketing service that uses the Universal Event Tracking (UET) tool to help us display targeted adverts via the Microsoft Bing search engine. Microsoft Advertising uses cookies for this purpose. This involves processing personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about device and browser settings.

Microsoft Advertising collects data via UET that we can use to track target groups thanks to remarketing lists. For this purpose, a cookie is stored on the end device used when you visit our website. This enables Microsoft Advertising to recognise that our website has been visited and to display an advertisement when Microsoft Bing or Yahoo is subsequently used. The information is also used to create conversion statistics, i.e. to record how many users have reached our website after clicking on an advert. This tells us the total number of users who clicked on our advert and were redirected to our website. However, we do not receive any information with which users can be personally identified.

Further information on these processing activities, the technologies used, stored data and the storage period can be found in the settings of our Consent Management Tool. Processing only takes place with your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time via our Consent Management Tool.
You can also deactivate personalised advertising at Microsoft at: https://account.microsoft.com/privacy/ad-settings/. Further information on data protection at Microsoft can be found here: https://privacy.microsoft.com/en-us/privacystatement.

reCAPTCHA

We integrate the “reCAPTCHA” function of the service provider Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) to determine whether entries (e.g., in online forms) are made by humans and not by automatically operating machines (so-called “bots”). The processed data may include IP addresses, information about operating systems, devices or used browsers, language settings, location, mouse movements, keystrokes, duration spent on websites, previously visited websites, interactions with reCaptcha on other websites, possibly cookies, and results of manual recognition processes (e.g., answering posed questions or selecting objects in images). Data processing is based on our legitimate interest to protect our online offer from abusive automated crawling and spam. The legal basis for processing the data is Art. 6 Para. 1 lit. f GDPR.

Further information on data protection at Google can be found here (https://policies.google.com/privacy). Of course, you always have the option to object to the processing via the Opt-Out plugin (https://tools.google.com/dlpage/gaoptout?hl=de).

SalesViewer

We use SalesViewer (SalesViewer GmbH, Huestraße 30, 44787 Bochum, Germany) on our website on the basis of legitimate interests (Art. 6 para. 1 lit. f GDPR). Our interests consist in identifying companies or organisations from website visitors and creating profiles of potential interested parties with information about the company name, location, contact details, industry, website, referring website, search terms used and usage behaviour, technical data about the system and browser used and the IP address. No data is stored or read on the user’s device. Only the data transmitted by the user’s browser is processed and pseudonymised as part of the recognition process and only compared with company-related databases. A javascript-based code is used for this purpose, which is used to collect company-related data and the corresponding usage. The data collected using this technology is encrypted using a non-reversible one-way function (known as hashing). The data is immediately pseudonymised and is not used to personally identify the visitor to this website.

You can object to the collection and storage of data at any time with effect for the future by clicking on this link HERE to prevent SalesViewer from collecting data on this website in the future. An opt-out cookie for this website will be stored on your device. If you delete your cookies in this browser, you must click this link again. Further information on how SalesViewer handles personal data can be found here: https://www.salesviewer.com/en/privacy-policy/

Web analysis, monitoring and optimisation via Matomo

Web analysis is used to evaluate the flow of visitors to our online offering and may include behaviour, interests or demographic information about visitors (e.g. age, gender as pseudonymous values). With the help of web analysis, we can, for example, recognise at what time our online offer, its functions or content are most frequently used or invite visitors to reuse them. We can also understand which areas require optimisation. In addition to web analysis, we can also use test procedures, e.g. to test and optimise different versions of our online offering or its components. For these purposes, profiles, i.e. data summarised for a usage process, can be created and information stored in a browser or in an end device and read out from it. The information collected includes, among other things, websites visited and the elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data from us or from the providers of the services we use, location data may also be processed.
In addition, the IP addresses of users are stored. However, we use an IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored in the context of web analysis, A/B testing and optimisation, but pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective processes.

Possibility of objection:

We therefore use Matomo exclusively to analyse the surfing behaviour of our users. The software is set in such a way that no separate cookie is set and therefore returning users cannot be recognised.

If individual pages of our website are accessed, the following data is stored:

  • Two bytes of the IP address of the user’s accessing system
  • The website accessed
  • The website from which the user accessed the accessed website (referrer)
  • The subpages that are accessed from the accessed website
  • The time spent on the website
  • The frequency with which the website is accessed

The software is set so that the IP addresses are not saved in full, but 2 bytes of the IP address are masked. In this way, it is no longer possible to assign the shortened IP address to the calling computer.

When using Matomo, we process usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) of users (e.g. website visitors, users of online services). We process the data for the purposes of remarketing, target group formation, reach measurement (e.g. access statistics, recognition of returning visitors), recognition of profiles with user-related information (creation of user profiles), provision of our online offer and user-friendliness as well as tracking (e.g. interest/behaviour-related profiling, use of cookies). To protect personal data, we use IP masking (pseudonymisation of the IP address). Personal data is collected on the basis of consent (Art. 6 para. 1 sentence 1 lit. a GDPR). A legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) is also a possible legal basis for data collection.

4. Who Receives Your Data?

Data is only transferred to third parties if you have given your consent or if there is a legal obligation to do so.

Under these conditions, recipients of personal data can particularly be:

  • Law enforcement authorities
  • Other companies within the CONCEPT X GmbH & Co. KG

Appointed service providers may also receive such data if they meet the special confidentiality requirements of CONCEPT X GmbH & Co. KG. This may particularly include companies in the categories of IT services, consulting, as well as sales and marketing. Corresponding data protection agreements are then made with these service providers.

5. When Will Your Data Be Deleted?

Data mentioned in these notes will be deleted when they are no longer needed for their original purpose. This only does not apply if their – temporary – further processing is necessary for other purposes.

If a different retention period is defined for certain services, you will find this in the description of the respective service.

6. Is Your Data Transferred to a Third Country or an International Organization?

Data received by CONCEPT X GmbH & Co. KG through the visit of this website are generally not transferred to international organizations or third countries (countries outside the European Economic Area – EEA). As far as CONCEPT X GmbH & Co. KG uses analysis services, you will find the explanations above under number 3.

7. Is Your Data Used for Automated Decision-Making or Profiling?

Data from the visit of this website is not used for automated decision-making as defined in Art. 22 GDPR.

8. Data Protection Information in the Application Process

We process applicant data solely for the purpose and within the framework of the application process in accordance with legal requirements. The processing of applicant data is carried out to fulfill our (pre)contractual obligations within the application process in the sense of Art. 6 Para. 1 lit. b. GDPR Art. 6 Para. 1 lit. f. GDPR if data processing becomes necessary for us, e.g., in the context of legal procedures.

The application process requires that applicants disclose their applicant data to us. The necessary applicant data are, if we offer an online form, marked as such, otherwise arise from the job descriptions and generally include personal details, postal and contact addresses, and documents belonging to the application, such as cover letter, resume, and certificates. In addition, applicants can voluntarily provide us with additional information.

By submitting the application to us, applicants agree to the processing of their data for the purposes of the application process, according to the nature and extent set out in these data protection notices. To the extent that special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are voluntarily communicated within the framework of the application process, their processing is additionally carried out according to Art. 9 Para. 2 lit. b GDPR (e.g., health data, such as disability status or ethnic origin). To the extent that special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are requested from applicants during the application process, their processing is additionally carried out according to Art. 9 Para. 2 lit. a GDPR (e.g., health data, if these are necessary for the exercise of the profession).

Applications can be submitted to us via an online form on our website. The data is transmitted to us encrypted according to the state of the art.

If applicants send their applications via email, it should be noted that emails are generally not sent encrypted and the applicants themselves must ensure encryption. Therefore, we cannot take responsibility for the transmission path of the application between the sender and reception on our server and therefore recommend using an online form.

If we cannot offer you a position, there is the possibility of including you in our applicant pool. In the event of inclusion, all documents and information from the application will be transferred to the applicant pool to contact you in the event of suitable job offers. The inclusion in the applicant pool occurs exclusively based on your explicit consent (Art. 6 Para. 1 lit. a GDPR). The granting of consent is voluntary and is not related to the ongoing application process. The affected person can revoke their consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, unless there are legal retention reasons. The data from the applicant pool will be irrevocably deleted no later than two years after the consent has been given.

The data provided by the applicants can be further processed by us in the event of a successful application for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the general legal retention and deletion periods apply. We delete the data within the framework of the application process, subject to a legitimate revocation by the applicants, according to the relevant legal provisions after the conclusion of the respective staffing process. Access and use of personal data by our company is then no longer possible.

9. What Rights Do You Have Regarding the Processing of Your Data?

You have the following rights against CONCEPT X GmbH & Co. KG concerning your personal data:
Right to information
Right to correction or deletion
Right to restriction of processing
Right to data portability
Right to revoke consent granted

9.1 Information about Your Right to Object According to Art. 21 GDPR

Right to Object on a Case-by-Case Basis

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is based on Art. 6 Para. 1 Sentence 1 lit. e GDPR (data processing in the public interest) and Art. 6 Para. 1 Sentence 1 lit. f GDPR (data processing based on a balance of interests); this also applies to profiling based on these provisions as defined in Art. 4 No. 4 GDPR.

If you object, CONCEPT X GmbH & Co. KG will no longer process your personal data unless it can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

Objection to the Processing of Your Data for Direct Marketing

In individual cases, CONCEPT X GmbH & Co. KG processes your personal data for direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling to the extent that it is associated with such direct marketing.

If you object to processing for direct marketing purposes, CONCEPT X GmbH & Co. KG will no longer process your personal data for these purposes.

The objection can be made informally and should preferably be addressed to:

CONCEPT X GmbH & Co. KG
Hörstkamp 7
48431 Rheine
Email: datenschutz@conceptx.de

You also have the right to lodge a complaint with a data protection supervisory authority in connection with the processing of your personal data.

10. Changes and Updates to the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We adjust the privacy policy as soon as changes in the data processing we carry out make it necessary. We will inform you as soon as the changes require your participation (e.g., consent) or any other individual notification.

If we provide addresses and contact information of companies and organizations in these privacy notices, please note that the addresses can change over time and we ask you to verify the information before making contact.

Date: July 31, 2024