Skip to main content

Data Protection Notice (Art. 13 UK-GDPR)

Data Protection Notice of IQSIGHT B.V.

With the following data protection notice, we inform you about which categories of personal data (hereinafter referred to as ‘data’) we process, for what purposes and to what extent. The data protection notice applies to all processing of personal data carried out by us, both in the context of the provision of our services and on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as ‘online offers’).

1. IQSIGHT B.V. respects your privacy

The protection of your privacy in the processing of personal data as well as the security of all business data is an important concern for us. We process personal data collected during your visit to our online offers confidentially and only in accordance with the legal provisions.

Data protection and information security are anchored in our corporate policy.

2. Controller (Art. 24 UK-GDPR)

The controller for data processing, i.e. the legal person which decides on the purposes and means of data processing in accordance with Art. 24 UK-GDPR, is:

IQSIGHT B.V.
Achtseweg Zuid 173
5651 GW Eindhoven
The Netherlands
Email: Dataprotection.Keenfinity@keenfinity-group.com
Phone: +31 (0)40 25 77 202

3. Collection, processing and usage of personal data

3.1. Categories of processed data

The following categories of data are processed:

  • Contact details (e.g. name, phone number, email address, address, company)
  • Technical data (e.g. IP address, log files, user profile data)
  • Contractual master data (e.g. contractual relationships, contractual or product interests)
  • Customer history
  • Accounting and payment data for contracts
  • Geolocation

3.2. Principles

Personal data consists of any information relating to an identified or identifiable natural person; This includes, for example, names, addresses, telephone numbers, email addresses, main contract data, contract accounting and payment data, all of which are expressions of an individual's identity.

We process personal data (including IP addresses) only to comply with a legal obligation or if you have given us your consent to process personal data in this context, e.g. by registering.

3.3. Processing purposes and legal bases

We, as well as the service providers commissioned by us, process your personal data for the following processing purposes:

  • Provision of online offers including contact form for the products and services we offer (legal basis: performance of a contract between us and the data subjects, Art. 6 (1)(b) UK-GDPR); Legitimate interest in direct marketing (Art. 6 (1) (f) UK-GDPR).
  • Providing these online offers and fulfilling the contractual obligations in accordance with our contractual terms, including invoicing and prior credit checks. Invoicing may involve the sale of receivables. (Legal basis: Performance of a contract between us and the data subjects (Art. 6 (1)(b) UK-GDPR) or our legitimate interest in carrying out efficient receivables management and avoiding bad debts with regard to the sale of receivables and credit checks, Art. 6 (1)(f) UK-GDPR).
  • Troubleshooting of performance issues as well as for security reasons. (Legal basis: Fulfilment of legal obligations in the context of data protection, Art. 6 (1) (c) UK-GDPR); legitimate interest in resolving faults and in the security of our offers Art. 6 (1)(f) UK-GDPR).
  • Self-promotion and advertising by third parties as well as market research and reach analysis within the legally permissible framework or on the basis of consent. (Legal basis: consent, Art. 6 (1)(a) UK-GDPR; legitimate interest in direct marketing, Art. 6 (1)(f) UK-GDPR).
  • Sending an email or SMS/MMS newsletter with the consent of the recipient. (Legal basis: consent, Art. 6 (1)(a) UK-GDPR).
  • Safeguarding and defending our rights. (Legal basis: Legitimate interest in the assertion, exercise or defence of legal claims, Art. 6 (1)(f) UK-GDPR).
  • Geolocation: In this process, IP addresses are shortened to the last octet before they are used to analyze user behavior. Also, your IP address is only used in its abbreviated form to determine an approximate location. Here, the country of origin is determined, and this data is then stored. (Legal basis: Legitimate interest in the provision of our services, Art. 6 (1)(f) UK-GDPR).

3.4. Registration

If you would like to use our Offerings or access the benefits of our Offerings, we may ask you to register. When you register, we collect the personal data necessary for the performance of the contract (e.g. first name, last name, e-mail address, information on the preferred payment method or account holder, if applicable) as well as other data on a voluntary basis. Mandatory information is marked with a *.

3.5. Log Files

Every time you use the Internet, your browser transmits certain information that we store in so-called log files.

We retain log files for 7 days to detect performance issues and for security reasons (e.g., to investigate attempted attacks) and then delete them. Log files that must be retained for evidentiary purposes are exempt from deletion until the respective incident has been clarified and can be passed on to the investigating authorities on a case-by-case basis.

Log files are also used for analysis purposes (without the IP address or without the full IP address). See also the web analysis module.

In particular, the following information is stored in the log files:

  • IP address (Internet Protocol address) of the terminal device used to access the online offer;
  • Internet address of the website from which the online offer is accessed (so-called origin URL or referrer URL);
  • Name of the service provider used to access the online offering;
  • Name of the files or information that was accessed;
  • the date and time and the duration of the retrieval of the data;
  • amount of data transferred;
  • operating system and information about the Internet browser used, including installed add-ons (e.g. Flash Player);
  • http status code (e.g. "Request successful" or "File requested not found").

3.6. Children

This online offer is not intended for children under the age of 16.

3.7. Disclosure of data

3.7.1. Data transfer to other data controllers

In principle, your personal data will only be passed on to other controllers if this is necessary for the performance of a contract between us and you, if we ourselves or a third party have a legitimate interest in the data transfer or if you have given your consent. For details on the legal bases, see Section 3.3.

In addition, data may be transferred to other data controllers if we are required to do so by law or enforceable governmental or court orders.

3.7.2. Service providers (general)

As part of our processing of personal data, it may be transmitted to or disclosed to other bodies, companies, legally independent organisational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks, providers of services and content that are integrated into a website, sales and marketing services, contract management, payment processing, programming, data hosting and hotline services. We have carefully selected these service providers and regularly monitor them, in particular with regard to the careful handling of the data they store and their protection. In these cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

Data transfers within the group of companies: We may transfer personal data to other companies in our group of companies or provide them with access to this data. If this transfer is for administrative purposes, the transfer of the data is based on our legitimate business and commercial interests or if it is necessary for the performance of our contractual obligations or if there is the consent of the data subjects or a legal permission.

3.7.3. Payment service providers

We use third-party payment service providers.

Depending on the payment method you choose during the order process, we will pass on the data required for payment processing (e.g. bank details or credit card details) to the bank commissioned with the payment or to payment service providers commissioned by us. Sometimes, payment service providers also collect and process such data as data controllers. In this case (payment service providers are data controllers), the data protection notices or the data protection regulations of the respective payment service provider apply.

3.7.4. Receivables management

We reserve the right to have receivables collected by external service providers.

In addition, we have a legitimate interest in selling receivables to third parties and transmitting the data required for the collection of the receivables to the respective receivables purchaser. When collecting receivables, the receivables purchasers act in their own name and are responsible for the processing of the data themselves. In this respect, the data protection information of the respective receivables purchaser applies.

3.8. Disclosure to recipients outside the EEA

We may transfer personal data to recipients outside the EEA in so-called third countries.

In these cases, we ensure before the transfer that either the data recipient offers an adequate level of data protection (e.g. due to an adequacy decision of the European Commission for the respective country or due to the agreement of so-called EU model clauses with the recipient) or that you have consented to the transfer.

International data transfers

Data processing in third countries: If we transfer data to a third country (i.e. outside the United Kingdom or if this happens in the context of the use of third-party services or the disclosure or transmission of data to other persons, bodies or companies (recognisable, for example, by the postal address of the respective providers or if the data protection declaration expressly refers to the transfer of data to third countries), this is always done in accordance with the legal requirements.

For data transfers to the USA, we primarily rely on the UK-Extension to the European Commission's adequacy decision of 10 July 2023 (‘EU-US Data Privacy Framework’) (hereinafter referred to as ‘DPF’). In addition, where possible, we have concluded the UK Addendum to the Standard Contractual Clauses with the respective providers that comply with the requirements of the EU Commission and set out contractual obligations to protect your data.

This double protection ensures comprehensive protection of your data: the UK-General Data Protection Regulation (UK- GDPR) is the primary layer of protection, while the standard contractual clauses serve as additional security. Should there be changes to the DPF, the UK Addendum to the Standard Contractual Clauses serves as a reliable fallback option. In this way, we ensure that your data is always adequately protected even in the event of any political or legal changes.

For the individual service providers, we will inform you whether they are certified according to DPF and whether Standard Contractual Clauses are in place. For more information on the DPF and a list of certified companies, please visit the U.S. Department of Commerce's website at https://www.dataprivacyframework.gov/.

Appropriate security measures apply to data transfers to other third countries, in particular standard contractual clauses, explicit consents or transfers required by law. Information on third-country transfers and applicable adequacy decisions can be found in the Information Comissioner’s Office (ICO) information: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-data-transfer-agreement-and-guidance/. .

3.9. Duration of storage; Retention periods

We generally store your data for as long as it is necessary for the provision of our online offer and the associated services or we have a legitimate interest in storing the data (e.g. we may still have a legitimate interest in postal marketing when performing a contract between us and you). In all other cases, we will delete your personal data, unless it is data that we are required to keep in order to comply with legal or contractual obligations (e.g. we are required to retain documents such as contracts and invoices for 10 years due to retention periods under German tax and commercial law).

4. Credit checks

As part of our business relationships, we carry out credit checks to mitigate economic risks and protect our corporate interests. For this purpose, we collect and process company data from business partners, in particular publicly available information such as excerpts from the commercial register, annual reports, Creditreform information and information from credit reference agencies. Data processing is carried out on the basis of Art. 6 (1)(f) UK-GDPR to protect our legitimate interests. The data collected is used exclusively for the assessment of economic performance and creditworthiness and is not passed on for other purposes.

If the result of a credit check does not meet our requirements, we reserve the right to request a secure payment method (e.g. credit card) or to refuse to conclude the contract.

The credit check includes automated decision-making in accordance with Art. 22 UK-GDPR. This automated assessment assesses your company's creditworthiness based on predefined algorithmic criteria. You have the right to object to this automated decision, to involve a case worker, to express your point of view and to challenge the decision. In such cases, please contact our data protection officer.

The data is stored for the duration of the business relationship plus the statutory retention periods.

5. Reports to credit agencies

We report due receivables to credit agencies if no payment has been made despite the due date, if the transmission is necessary to protect our legitimate interests or the legitimate interests of third parties and if the other legal requirements are met. These are

  • the enforceability of the claim or if the claim is undisputed; or
  • the issuance of at least two written reminders at the due date of the claim, whereby the first reminder must have been issued at least four weeks ago and the debtor has been informed of the possibility of submitting the claim to a credit agency (in this first reminder or at least before the actual submission to the credit agency) and the claim has not been disputed; or
  • the possibility of terminating the contractual relationship without notice due to arrears and the debtor was informed of the possibility of submitting the claim to a credit agency.
  • In addition, we may report conduct in breach of contract (e.g. fraudulent behaviour, abuse) to credit reference agencies if this is necessary to protect our legitimate interests or the legitimate interests of third parties and there is no reason to believe that the interests of the data subject worthy of protection outweigh or that these legitimate interests outweigh them.

6. Use of cookies

Cookies and tracking mechanisms may be used as part of our online service. Cookies are small text files that may be stored on your device when you visit our online service. Tracking is possible with various technologies. In particular, we process information with the help of pixel technology and/or log file analysis.

6.1. Categories

We distinguish between cookies that are strictly necessary for the technical functions of the Online Service and those cookies and tracking mechanisms that are not absolutely necessary for the technical functioning of the Online Service. In principle, the use of the online service is also possible without cookies, which serve non-technical purposes.

Technically necessary cookies

By technically necessary cookies, we mean cookies, without which the technical provision of the online service cannot be guaranteed. These include, for example, cookies that store data to ensure smooth playback of video or audio material. These cookies are deleted when you leave the website.

Technically unnecessary cookies and tracking mechanisms

We only use such cookies and tracking mechanisms if you have given us your consent in advance. The exception to this is the cookie that stores the status of your privacy settings (selection cookie). The use of this cookie is based on our overriding legitimate interest in accordance with Art. 6 (1)(f) UK-GDPR. Convenience cookies are not currently used.

Marketing cookies and tracking mechanisms:

Through the use of marketing cookies and tracking mechanisms, we and our partners are able to provide you with offers based on your interests and resulting from an analysis of your user behaviour:

Statistics: With the help of statistical tools, we measure, for example, the number of page views you receive.

Conversion tracking: Our conversion tracking partners place a cookie on your computer (‘conversion cookie’) when you have come to our website via an ad from the respective partner. Usually, these cookies are no longer valid after 30 days. If you visit certain pages of our website and the cookie has not yet expired, we and the relevant conversion partner can recognise that a particular user has clicked on the advertisement and has been redirected to our website as a result. This can also be done across multiple devices. The information obtained with the help of the conversion cookie is used to compile conversion statistics and to record the total number of users who clicked on the respective ad and were redirected to a website with a conversion tracking tag.

Retargeting: These tools create user profiles using third-party advertising cookies or third-party advertising cookies, known as ‘web beacons’ (invisible graphics, also known as pixels or web beacons), or similar technologies. These are used for interest-based advertising and to check the frequency with which the user watches certain advertisements. The respective provider is the data controller for the processing of the data in connection with the tool. The providers of the tools may also share information with third parties for the purposes mentioned above. In this context, please note the data protection information of the respective provider.

We use the following tools for this purpose:

  • Name: Meta-Pixel
    Provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland
    Together with Meta Platforms Ireland Ltd., we are responsible for the processing of your personal data in the context of the processing of your personal data in our online offer via MetaPixel. We have entered into a joint controller agreement with Meta Platforms Ireland Ltd. to set out our respective responsibilities for fulfilling our obligations under the UK-GDPR with respect to joint processing. The main content of the agreement can be accessed at any time via the following link: https://www.facebook.com/legal/controller_addendum. In particular, it regulates which security measures Meta Platforms Ireland Ltd. must observe (https://www.facebook.com/legal/terms/data_security_terms) and how data subject rights can be asserted against Meta Platforms Ireland Ltd. Function: Meta Platforms Ireland Ltd. processes your personal data on the basis of your consent in accordance with Art. 6 (1)(a) UK-GDPR via the Meta pixel in order to compile campaign reports, track conversions and click events and target advertising outside of our websites (retargeting), using HTTP headers (including IP address, device and browser characteristics, URL, referrer URL and yourself), pixel-specific data (including pixel ID and meta cookie), click behavior, optional values (e.g., conversions, page type), form field names (such as ‘email’, ‘address’, ‘quantity’ for purchasing a product or service). We do not receive any personal data about you from Meta Platforms Ireland Ltd., only anonymised campaign reports on the website audience and ad performance. You can opt out of receiving interest-based advertising from Meta Platforms Ireland Ltd. by changing your advertising preferences on the Meta website. Alternatively, you can explicitly object to the use of cookies by third parties by visiting the Digital Advertising Alliance's opt-out page at http://optout.aboutads.info/?c=2&lang=EN or the http://www.youronlinechoices.com page. For more information, please visit: https://www.facebook.com/privacy/policy/version/9620322271328999.
  • Name: LinkedIn Insight Tag
    Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland..
    Function: LinkedIn processes your personal data on the basis of your consent via the "LinkedIn Insight Tag" pixel for the purpose of creating campaign reports, tracking conversions, click events and targeted advertising outside our websites (retargeting) based on URL, referrer URL, IP address shortened or hashed (in the case of cross-device retargeting), Devices and browser properties (user agent) and timestamps. We do not receive any personal data from you from LinkedIn, only anonymized campaign reports about the website audience and ad performance. LinkedIn storage period: Pseudonymization after 7 days, permanent deletion after 180 daysFor more information, please visit: https://www.linkedin.com/legal/privacy-policy
  • Name: Google Ads Remarketing Tag
    Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
    Function: Google processes your personal data on the basis of your consent via the pixel ‘Google Ads Remarketing Tag’ for the purpose of creating campaign reports, tracking conversions, click events and targeted advertising outside our websites (retargeting) based on e.g. URL, referrer URL, membership in remarketing lists defined by us. You may also use the above information to associate you with your Google Account and add you to remarketing lists. We do not receive any personal data from you from Google, only anonymized campaign reports about the audience and ad performance. You can opt out of receiving interest-based ads from Google by either changing your advertising preferences on Google's website under https://www.google.com/settings/ads/onweb#display_optout. Alternatively, you can disable the use of cookies by third parties by visiting the Network Advertising Initiative's opt-out page at http://www.networkadvertising.org/managing/opt_out.asp or by managing the use of device identifiers through the device settings. For instructions, see https://support.google.com/ads/ans-wer/1660762#mob. For more information, please visit: https://policies.google.com/privacy
  • Name: X Ads (Retargeting or Conversion Tracking)
    Provider: X Corp., 865 FM 1209 Building 2, Bastrop, TX 78602, USA.
    Function: X Corp. processes your personal data on the basis of your consent in accordance with Art. 6 (1)(a) UK-GDPR for the analysis of user behavior data, such as websites visited, content accessed, time of visit, etc., as well as device-related data, such as applications and operating systems used. X Ads uses cookies and identifiers to connect the website to another third-party platform such as X. A non-reversible and non-personal hash value is generated from your usage data and transmitted to X for analysis and marketing purposes. In addition, a so-called ‘X Pixel’ can be used to track the actions of users after they have seen or clicked on an X ad. With ‘cross-device personalization’, X can also link all of a user's devices. Since the data is stored and processed by X, a connection to the respective user profile on x.com may also be possible under certain circumstances. In the course of processing, the data may be transmitted to a server of X Corp. in the USA. X Corp. is certified according to the Data Privacy Framework (DPF) and thus ensures an adequate level of protection of your data in accordance with European data protection law. You can download the certificate here: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active
    Anonymized data will be deleted within 6 months. Data that may be able to identify a specific user on X will be deleted within 90 days. For more information on the duration of storage, please contact the provider or call https://legal.x.com/ads-terms/international.html. You can opt out of X's data collection by adjusting the settings in your X account or by going to https://x.com/settings/account/personalization. If you wish to opt out of interest-based advertising from certain third parties, you can do so under https://optout.aboutads.info and https://optout.networkadvertising.org. Further information on the purpose and scope of the data collection and the further processing and use of the data as well as the data protection settings can be found in the privacy policy of X: https://x.com/en/privacy.

Please note that when using the tools, your data may be transferred to recipients outside the United Kingdom where there is no adequate level of data protection in accordance with the UK-GDPR. For more details, see the description of each marketing tool below.

6.2 Overview of the marketing tools and cookies we use

In this section you will find an overview of the marketing tools and cookies we use.

  • Name of the tool: Google Analytics
    Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
    Function: Google Ireland Limited processes your personal data (IP address, device and browser characteristics [user agent]) on the basis of your consent in accordance with Art. 6 (1)(a) UK-GDPR for the analysis of user behaviour (page views, number of visitors and visits, downloads), creation of pseudonymous user profiles on the basis of cross-device data Information of logged-in Google users (cross-device tracking), enrichment of pseudonymous user data with target group-specific information from Google, retargeting, UX testing, conversion tracking and retargeting in connection with Google Ads.
  • Name of the tool: Google Optimize
    Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
    Function: Google Ireland Limited processes your personal data on the basis of your consent in accordance with Art. 6 (1)(a) UK-GDPR via cookie for the purpose of analysing cross-site user behaviour and testing the user experience (UX).
  • Name of the tool: Google Tag Manager
    Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
    Function: Google Ireland Limited processes your personal data on the basis of your consent in accordance with Art. 6 (1)(a) UK-GDPR for the administration of website tags via a user interface and integration of program codes into our online offer.
  • Name of the tool: Google Ads
    Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
    Function: Google Ireland Limited processes your personal data on the basis of your consent in accordance with Art. 6 (1)(a) UK-GDPR via the pixel ‘Google Ads Remarketing Tag’ for the purpose of creating campaign reports, tracking conversions, click events and targeted advertising outside our websites (retargeting) by e.g. URL, Referrer URL or membership in remarketing lists defined by us. The above information may also be used to link you to your Google Account and add you to remarketing lists. We do not receive any personal data about you from Google, only anonymized campaign reports about the audience and ad performance.

6.3. Management of cookies and tracking mechanisms

You can manage your settings for cookies and tracking mechanisms in the browser and/or in our privacy settings.

Note: The settings you make only apply to the browser you are using.

Disabling all cookies

If you wish to disable all cookies, please disable cookies in your browser settings. Please note that this may affect the functionality of the website.

Managing your preferences regarding non-technical cookies and tracking mechanisms

When you visit our website, you will be asked in a cookie layer whether you agree to the use of cookies or tracking mechanisms that are not technically necessary.

In our privacy settings, you can revoke your consent with effect for the future or give your consent at a later date.

6.4. Use of a consent management platform

On our website, we use the consent management application of a consent manager provider to obtain your consent to the storage of certain cookies on your device and to document them in compliance with data protection regulations. The provider of this technology is Consentmanager GmbH, Eppendorfer Weg 183, 20253 Hamburg, Germany – a company of Consentmanager AB, Håltegelvägen 1b, 72348 Västerås, Sweden (hereinafter referred to as the ‘Consent Manager Provider’).

When you visit our website, a connection is made to the servers of the Consent Manager provider in order to obtain your consents and other explanations regarding the use of cookies. The Consent Manager provider then stores a cookie in your browser in order to be able to assign or revoke your consent. The data collected in this way will be stored until you ask us to delete it, delete the cookie of the Consent Manager provider yourself or the purpose for which the data is stored no longer applies. Mandatory statutory retention obligations remain unaffected. We use the services of the consent manager provider to obtain the consent required by law in accordance with Art. 6 (1)(a) UK-GDPR for the use of cookies. The legal basis for the use of the consent management application is our legitimate interest in accordance with Art. 6 (1) (c) UK-GDPR. For more information on data protection at Consent Manager, please refer to Consentmanager's privacy policy: https://www.consentmanager.net/de/datenschutz/.

7. Use of our mobile applications

In addition to our online offerings, we offer mobile applications (‘apps’) for iOS and Android devices that enable extended use of our service. When using our apps, we collect certain personal data, in particular device information, usage statistics and technical data for functional optimization. Data processing is carried out on the basis of Art. 6 (1)(b) and (f) UK-GDPR for the performance of a contract and to protect our legitimate interests. We take technical and organizational measures in accordance with Art. 32 UK-GDPR to protect your data from unauthorized access. The permissions used in the apps are limited to the minimum necessary for functionality. The data will only be passed on to third parties within the framework of the legal regulations and only to the extent necessary for the provision of services.

7.1. Data Processing by App Store Operators

Please note that the operators of the app stores (Apple App Store, Google Play Store) process personal data independently and under their own responsibility. This includes information collected when you download, purchase, and install apps, as well as when you manage App Store accounts. Data processing by App Store operators is subject to their respective privacy policies and terms of use. We have no influence on the data collection and processing by these platforms. We encourage you to review the privacy policies of Apple Inc. and Google LLC to understand how these vendors handle your personal information. The operators of the app stores are responsible for compliance with the data protection regulations in their respective data processing.

8. Social Media Presences

We maintain social media presences and process user data in order to communicate with users or provide information about us.

We would like to point out that user data may be processed outside the European Union (EU) or the European Economic Area (EEA). This can result in risks for users, such as making it more difficult to enforce their rights.

In addition, user data within social networks is usually processed for market research and advertising purposes. For example, usage profiles can be created based on the user behaviour and the resulting interests of the users. The latter, in turn, can be used to place ads inside and outside social networks, for example, that presumably correspond to the interests of the users. As a rule, cookies are stored on the users' computers in which the user's behaviour and interests are stored. In addition, data may also be stored in the user profiles regardless of the devices used by the users (in particular if they are members of the respective platforms and are logged in there).

For a detailed description of the respective forms of processing and the options for objection (opt-out), we refer to the data protection information and information provided by the operators of the respective social networks.

In the case of requests for information and the exercise of the rights of data subjects, we also point out that these can be exercised most effectively with the providers. Only they have access to the user's data and can directly take appropriate measures and provide information. If you still need help, you can contact us.

  • Types of data processed: contact details (e.g. postal and e-mail addresses or telephone numbers); Content data (e.g., text or image messages and posts, and related information, such as authorship or time of creation); Usage data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: communication; Feedback (e.g., collecting feedback via online form); Public relations.
  • Storage and deletion: Deletion according to the information in the section ‘General information on data storage and deletion’. Legal basis: Legitimate interests (Art. 6 (1)(f) UK-GDPR).

LinkedIn

Social Network – We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not further processing) of visitor data, which is used to compile the ‘page insights’ (statistics) of our LinkedIn profiles. This data includes information about the types of content users view or interact with and the actions they take. It also collects information about the devices used, such as IP address, operating system, browser type, language settings and cookie data, as well as information from user profiles such as function, country, industry, hierarchical level, company size and employment status. For more information on LinkedIn's processing of user data, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

We have entered into a special agreement with LinkedIn Ireland (‘Page Insights Joint Controller Addendum’, https://legal.linkedin.com/pages-joint-controller-addendum), which specifically regulates the security measures that LinkedIn must observe and in which LinkedIn has agreed to comply with the rights of data subjects (i.e. users can, for example, submit requests for information or deletion directly to LinkedIn). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with LinkedIn. The joint responsibility is limited to the collection and transfer of data to LinkedIn Ireland Unlimited Company, a company based in the EU. LinkedIn Ireland Unlimited Company is solely responsible for the further processing of the data, in particular with regard to the transfer of data to the parent company LinkedIn Corporation in the USA; Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 (1)(f) UK-GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Legal basis for third-country transfers: Data Privacy Framework (DPF); Standard Contractual Clauses (https://legal.linkedin.com/dpa); Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Plugins, Embedded Features, and Content

We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as ‘third-party providers’). This can be, for example, graphics, videos or city maps (hereinafter referred to as ‘content’).

The integration always requires that the third-party providers of this content process the IP address of the users, since without the IP address they would not be able to send the content to their browser. The IP address is therefore required for the display of these contents or functions. We make every effort to only use content whose respective providers use the IP address only for the delivery of the content. Third-party service providers may also use pixel tags (invisible graphics, also known as ‘web beacons’) for statistical or marketing purposes. By using pixel tags, information such as visitor traffic on the pages of this website can be evaluated. The pseudonymised information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information on the use of our online offer, but may also be linked to such information from other sources.

Information on legal bases: If we ask users for their consent to the use of the third-party providers, the legal basis for processing their data is consent. Otherwise, the users' data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

  • Types of Data Processed: Usage Data (e.g., page views and dwell time, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and features); Meta, communication and transaction data (e.g. IP addresses, time data, identification numbers, persons involved); Location data (information about the geographical location of a device or person).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: To provide our online services and ease of use; Reach measurement (e.g. access statistics, recognition of returning visitors); Tracking (e.g., interest/behavioral profiling, use of cookies); target group formation; Marketing; Profiles with user-related information (creating user profiles).
  • Storage and deletion: deletion as indicated in the section ‘General information on data storage and deletion’; Storing cookies for up to 2 years (unless otherwise specified, cookies and similar storage methods may remain stored on users' devices for up to two years). (Legal basis: consent (Art. 6 (1)(a) UK-GDPR); Legitimate interests (Art. 6 (1)(f) UK-GDPR).

Further information on the processing, processes and services:

  • Google Maps:
    Our online services use the map services of Google Maps. Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’).
    To load the map, you need to activate the appropriate plugin. If you activate the plugin, data will be transmitted to Google and the Google DoubleClick advertising network will be contacted. This may trigger further data processing operations over which we have no control. When the map is loaded, cookies are also used. Further information on the scope and purpose of data collection, processing and use by Google Maps, on possible transfers of personal data to third countries, such as the USA, on your rights and the data protection options available to you can be found in Google's privacy policy: Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland; Legal basis: Consent pursuant to Art. 6 (1)(a) UK-GDPR; Website: https://mapsplatform.google.com/; Privacy Policy: https://policies.google.com/privacy.
  • X plugins and content
    Plugins and buttons of the platform ‘X’ – This may include, for example, content such as images, videos or texts and buttons that allow users to share content from this online offer within X. Vendor: X Corp., 865 FM 1209 Building 2, Bastrop, TX 78602, USA; Legal basis: Legitimate interest according to Art. 6 (1)(f) UK-GDPR; Website: https://x.com/d; Privacy Policy: https://x.com/de/privacy, (Settings: https://x.com/personalization); Data Processing Agreement: https://privacy.x.com/en/for-our-partners/global-dpa; Legal bases for third-country transfers: Standard Contractual Clauses (https://privacy.x.com/en/for-our-partners/global-dpa).
  • YouTube videos: This website uses videos from the video platform YouTube. YouTube is a platform where you can play video files. It is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and its parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In order to increase the protection of your data when visiting our online services, YouTube content is deactivated by default and integrated into the site in ‘extended data protection mode’. This means that a connection to YouTube, including a transmission of log data to YouTube, is only established when you interact with the player. This will be deemed to be your consent. If you interact with the active YouTube player, data will also be transmitted to Google as the data controller and contact will be established with the Google DoubleClick advertising network, which may trigger further data processing operations over which we have no control. You can withdraw your consent at any time with effect for the future by reloading the website. Further information on the scope and purpose of the data collected, the further processing and use of the data by Google, your rights and the data protection settings you can choose can be found in the privacy policy of YouTube.In our online offers are embedded in videos stored on YouTube. The integration of these YouTube videos takes place via a special domain using the component ‘youtube-nocookie’ in the so-called ‘extended data protection mode’. In the ‘extended data protection mode’, only information including your IP address and details about the browser and your device can be stored on your device in cookies or by means of comparable processes that YouTube needs for the output, control and optimization of the video display until the start of the video. As soon as you play the videos, further information may be processed by YouTube in order to analyze the usage behavior and store it in the user profile as well as to personalize content and ads. The storage period of the cookies can be up to two years. Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 (1)(a) UK-GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Legal basis for third-country transfers: Data Privacy Framework (DPF), Further information: https://support.google.com/youtube/answer/171780?hl=en-GB&sjid=14528114815653255983-EU#zippy=%2Cturn-on-privacy-enhanced-mode

9. Means of communication on social media presences

On our social media presences (e.g. LinkedIn, Facebook), we use communication tools to process your messages sent through this social media platform and to offer you support.

When you send a message through our social media presences, the message will be processed to process your request (and, if applicable, any additional data we receive from the social media provider in connection with that message, such as your name or files).

In addition, we may analyze the data in an aggregated and anonymized form to better understand how our social media platform is being used.

We will forward the personal information you provide (e.g., surname, first name, title, email address, if applicable) to the affiliated Keenfinity company responsible for processing your request (e.g. if your request relates to a product distributed by another affiliated Keenfinity company). The legal basis for the processing of your data is our legitimate interest (Art. 6 (1)(f) UK-GDPR) or, if applicable, an existing contractual relationship (Art. 6 (1)(b) UK-GDPR). The processed personal data will be deleted no later than 180 days after receipt of your message.

10. Newsletter

You can register for newsletters as part of our online offerings. We offer the so-called double opt-in option, i.e. we will only send you a newsletter by email if you have expressly confirmed the activation of the newsletter service by clicking on the link in a notification. If you no longer wish to receive the newsletter, you can unsubscribe at any time by withdrawing your consent. You can withdraw your consent to email newsletters by clicking on the link included in the relevant newsletter email. Alternatively, you can contact us using the contact details provided in the ‘Contact’ section. Please note that subscribing to the newsletter may involve a transfer of your data to recipients outside the United Kingdom where there is no adequate level of data protection under the UK-GDPR, as set out in 3.8 above.

We use the following tools:

Name: Optimizely Campaign
Provider: Optimizely North America, Inc., 119 5th Ave 7th floor, New York, NY 10003, USA
Conction: If you sign up for our newsletters from Keenfinity group affiliates, Optimizely North America, Inc. Your personal data (e-mail address, first and last name) on the basis of your consent in accordance with Art. 6 (1)(a) UK-GDPR. For more information on the processing of your personal data, please visit: https://www.optimizely.com/legal/privacy-notice/. Legal basis for third-country transfers: Data Privacy Framework (DPF).

Name: Constant Contact Email Marketing
Provider: Constant Contract, Inc., 1601 Trapelo Road, Waltham, MA 02451, U.S.A.
Conction: If you sign up for our newsletter from U.S.-based subsidiaries of the Keenfinity Group, Constant Contract, Inc. Your personal data (e-mail address, first and last name) on the basis of your consent in accordance with Art. 6 (1)(a) UK-GDPR. For more information on the processing of your personal data, please visit: https://www.constantcontact.com/legal/privacy-notice. GDPR Addendum: https://www.constantcontact.com/legal/gdpr-addendum. Legal basis for third-country transfers: Data Privacy Framework (DPF).

11. Forms

We offer various forms on our website, such as forms for contacting specialist departments (‘contact forms’), registration forms (e.g. for events), forms for requesting product and information material (e.g. e-guides and webinar recordings) (‘marketing forms’). The data collected differs and is visible in the respective form. Required fields in marketing forms, such as name, last name and email address, company affiliation, and country, are marked with an asterisk (*).

The legal basis for the processing of your data in contact forms is our legitimate interest in answering questions in accordance with Art. 6 (1)(f) UK-GDPR. Processing is considered complete when the matter in question has been resolved. The storage and use of the data transmitted by you serves exclusively to process your contact request or the recording of contacts and the associated administration. Legal retention obligations can prevent immediate deletion.

If you submit the mandatory field data in marketing forms, you agree to the use of your personal data in accordance with Art. 6 (1)(a) UK-GDPR. You can withdraw your consent at any time.

12. Use of the Keenfinity ID on our online offerings

Use of the Keenfinity ID service for central authentication on Keenfinity online offerings

Users of our online services have the option of authenticating themselves centrally for the use of our online services via our single sign-on (SSO) service Keenfinity ID. As part of the provision of the Keenfinity ID, we collect the personal data required for the provision of the Keenfinity ID (e-mail address and password) in accordance with Art. 6 (1)(b) UK-GDPR and record your consent to our contractual terms and conditions. Your acknowledgement of this Data Protection Notice with date and time.

As part of the termination of your Keenfinity ID user contract by clicking on the following link (‘Delete account’), you can also arrange for the deletion of your personal data via our HYPERLINK "https://www.keenfinity-group.com/xc/en/contact/" contact options.

In connection with the provision of the Keenfinity ID, personal data is exchanged with other companies in the Keenfinity Group. Against this background, your personal data may also be transferred to third countries outside the European Economic Area (EEA). To this end, we have taken appropriate security measures within the Keenfinity Group to ensure a high level of protection.

If you would like to use your Keenfinity ID to sign up for offers from other companies in the Keenfinity group (‘Service Providers’), you will do so in a login form provided by us. If you are actually registered for the Keenfinity ID with the data entered there, we will confirm your eligibility to the respective service provider and transmit your email address as well as the technical confirmation of the successful log-in, which they need in order to be able to provide you with the use of the specific service. This includes your name, address, and Keenfinity ID. Your password will not be transmitted to the respective service provider.

13. External links

Our online offers may contain links to third-party websites – from providers who are not affiliated with us. We have no control over the collection, processing and use of personal data that may be transmitted to the third party (such as the IP address or the URL of the page on which the link is located) when the link is clicked, as the behaviour of third parties is inherently beyond our control. We do not accept any responsibility for the processing of this personal data by third parties.

14. Security

Our employees and the companies that provide services on our behalf are bound by a duty of confidentiality and compliance with applicable data protection laws.

We take all necessary technical and organizational measures in accordance with Art. 32 UK-GDPR to ensure an appropriate level of security and to protect your data managed by us, in particular against the risks of accidental or unlawful destruction, manipulation, loss, alteration or unauthorized disclosure or access. Our security measures are continuously improved in line with technological progress.

15. Your rights

To assert your rights, please use the details provided in the ‘Contact’ section. Please make sure that it is possible to clearly identify yourself.

Right of access (Art. 15 UK-GDPR):
You have the right to obtain confirmation from us as to whether or not your personal data is being processed and, if so, to obtain access to your personal data.

Right to rectification (Art. 16 UK-GDPR):
You have the right to request the correction of inaccurate or completion of your personal data.

Right to erasure (‘right to be forgotten’) (Art. 17 UK-GDPR):
If the legal requirements are met, you have the right to request the deletion of your data. This does not apply to data that is required for billing or accounting purposes or that is subject to a statutory retention period. However, if access to this data is not required, its processing will be restricted (see below).

Right to restriction of processing (Art. 18 UK-GDPR):
If the legal requirements are met, you have the right to request a restriction of the processing of your data.

Right to data portability (Art. 20 UK-GDPR):
You have the right to receive the data you have provided in a structured, commonly used and machine-readable format or – as far as technically possible – to request that we transmit this data to a third party.

Right to object (Art. 21 UK-GDPR):
In addition, you can object to the processing of your personal data for direct marketing purposes at any time. Please note that for organisational reasons, there may be overlaps between your objection and the use of your data in the context of an ongoing campaign.

Objection to data processing on the legal basis of ‘legitimate interest’ (Art. 6 (1)(f) UK-GDPR):
In addition, you have the right to object to the processing of your personal data at any time, provided that this is based on "legitimate interest". We will then stop processing your data unless we can demonstrate compelling legitimate grounds under the law that outweigh your rights.

Withdrawal of consent (Art. 7 (3) UK-GDPR):
If you have consented to the processing of your data, you have the right to withdraw this consent at any time with effect for the future. The lawfulness of the data processing prior to your withdrawal remains unchanged.

Right to lodge a complaint with the supervisory authority (Art. 77 (1) UK-GDPR):
You have the right to lodge a complaint with a supervisory authority. You can appeal to the supervisory authority which is responsible for your place of residence or your state or to the supervisory authority responsible for us:

Autoriteit Persoonsgegevens (AP)
Hoge Nieuwstraat 8
P.O. Box 93374
2509 AJ The Hague
Tel. +31 70 888 8500
Fax +31 70 888 8501
Website: https://autoriteitpersoonsgegevens.nl/

16. Changes to the Privacy Policy

We reserve the right to change our security and privacy practices. In such cases, we will amend our Privacy Notice accordingly. Therefore, please note the current version of our privacy policy, as it is subject to change.

17. Contact

If you wish to contact us, please use the address listed under "Controller (Art. 24 UK-GDPR)"

To exercise your rights or to report data protection incidents, please use the following email address: dataprotection.keenfinity@keenfinity-group.com.

For suggestions and complaints regarding the processing of your personal data, we recommend that you contact our Data Protection Officer:

IT-Security Coach GmbH
Olper Hütte 5b
57462 Olpe
Germany
Telephone: +49 276183363100
Email: dataprotection@itsecuritycoach.com

Effective date: 17.12.2025
Last modified: 05.01.2026