Thank you for visiting the Haufe Group websites. Protecting your personal data is very important to us. With this privacy policy, we would like to inform you about the handling of your personal data when you visit our websites and about your rights.
1. Who are we and how can you contact us?
We, the
Haufe-Lexware Services GmbH & Co. KG
A Haufe Group company
Munzinger Strasse 9
79111 Freiburg
email: service@haufe.de
As a controller within the meaning of the EU General Data Protection Regulation (hereinafter referred to as GDPR), are responsible for protecting your personal data. Our data protection officer Raik Mickler will also be happy to answer any questions you may have about data processing, your rights or the privacy policy. You can reach him at: dsb@haufe-lexware.com.
2. What data is processed when you visit our websites?
In the following, we will inform you which data is collected when you visit our websites, for what purposes it is processed, the legal basis for data processing, what options you have to control the collection and processing of the data yourself and when the data is deleted.
A. Log files
1. Collected data
When you visit our websites, your browser automatically transmits the following data:
- your IP address
- The website you came from
- Websites that you access via our site
- the pages that you click on and
- Time of page view
- Name of your Internet service provider
- Your browser type and version
- the operating system of your device
- the date and duration of the visit.
IP addresses that are used for malicious behavior (DDoS attacks, brute force attacks, etc.) are stored and blocked by us.
2. Purposes of data processing
The temporary storage of this data is necessary to enable the website to be delivered to your computer and to ensure the functionality of the website. With the help of this data, we also gain statistical insights into how our websites are used. In addition, we collect the data in order to be able to trace and prevent unauthorised access to the web server and misuse of the websites and to secure our information technology systems.
3. Legal basis
We store this data temporarily on the basis of legitimate interests (Art. 6 para. 1 f GDPR). Our legitimate interest is to achieve the purposes described above and to ensure the security of our systems.
4. Storage period and control options
The data is deleted when it is no longer necessary to achieve the purposes. Log files are deleted after 90 days at the latest, unless the data has to be stored longer due to malicious behavior to ensure network security.
B. General information about cookies and targeting technologies
1. Collected data
So-called cookies are set when you visit our websites. These are small text files that are stored on your device. Cookies usually contain a characteristic string of characters, the so-called CookieID, which can be used to identify your browser when you visit our websites again.
In addition, we use so-called tags, which are small code elements that help us measure the behavior of our users and the success of advertising activities.
Depending on the type of cookies or tags, different data is collected and processed pseudonymized.
We use both our own cookies and cookies from other providers (third-party cookies). The third-party cookies are described in detail below in Section 2 C.
2. Purposes of data processing
Technically necessary cookies enable the website to function technically. Some functions of our websites cannot be offered without the use of cookies.
Functionality cookies are used to make our websites more user-friendly and to ensure certain functionalities, such as the cross-page shopping cart display, in which you can see how many items are currently in your shopping cart and to save your login details so that you can access the data and settings you have already entered when you visit the page again.
Analysis cookies and tags enable us to generate overall statistics, e.g. about the number of views, which areas of the websites are viewed most frequently, and information about locations and the duration of the average visit to the websites. This allows us to improve the quality of our websites and content.
Advertising cookies and retargeting technologies enable us to provide you with offers and information tailored to you. This allows us to make our websites more interesting for you and address you on other websites with personalized, interest-based advertising.
3. Legal basis
We use technically necessary cookies and functionality cookies on the basis of legitimate interests (Art. 6 para. 1 f GDPR). Our legitimate interest lies in ensuring the functioning of our websites and their optimal usability.
We use the above-mentioned cookies, tags and retargeting technologies on the basis of legitimate interests (Art. 6 para. 1 f GDPR, recital 47). Our legitimate interest lies in optimally tailoring our websites to the interests of our customers.
4. Storage period and control options
Some of the cookies we use are automatically deleted after you close the browser (so-called session cookies), others remain permanently on your device and enable us to recognize your browser (so-called persistent cookies).
You have full control over the use of cookies and can delete cookies in your browser, completely deactivate the storage of cookies or selectively accept certain cookies. Please use your browser's help features to learn how to change these settings. As a result, the functionality of our websites may be limited.
An objection in connection with the setting of cookies is only possible as part of the so-called “cookie banners” or through the settings just mentioned in your browser. In addition, you can individually control cookies using the opt-out options offered below. Unfortunately, an objection by e-mail in connection with the setting of cookies is not technically feasible.
C. Third party cookie and tracking technologies used
1. Econda
a) Collected data
We use solutions and technologies from Econda GmbH, Eisenlohrstraße 43, 76135 Karlsruhe (“Econda”). Econda uses cookies to create pseudonymous user profiles across pages. This collects data that makes it possible to recognize your browser. Your IP address is made unrecognizable immediately upon receipt to prevent it from being assigned to user profiles.
b) Purposes of data processing
We use Econda to design and optimize our websites in line with our needs.
c) Legal basis
We use Econda if you have given your consent, Art. 6 para. 1 lit. a GDPR. We obtain your consent when you access our websites via the cookie banner.
d) Storage period and control options
Econda stores this data and it is regularly deleted.
You can collect and process data by Econda by making an appropriate setting in your browser or via this link Prevent [https://www.econda.de/widerruf-zur-datenspeicherung].
2. Facebook
I) Facebook Pixel, Facebook Custom Audience (Remarketing) and Facebook Signal
a) Collected data
(a) Facebook pixel
On our website, we use the so-called “Facebook Pixel” from the company “Facebook” (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland). With the Facebook pixel, we can classify visitors to our website into specific target groups in order to be able to show you appropriate advertising on Facebook (“ads”). The collected data (e.g. IP addresses, information about the web browser, the location of the website, buttons clicked on, pixel IDs if applicable and other features) cannot be viewed by ourselves, but can only be used when displaying certain advertisements. As part of the use of the Facebook pixel code, so-called cookies are also set.
(b) Facebook Custom Audience (Remarketing):
In some cases, we also use the “Custom Audiences” remarketing function from the company “Facebook”. This allows users of the website to be shown interest-based advertisements (“Facebook ads”) as part of their visit to Facebook or other websites that also use this method.
(c) Facebook signal:
We also use Facebook Signal, a feature that makes it easier for journalists to find relevant content. We use this feature to include Facebook or Instagram posts on our site.
(d) General information about Facebook:
In order to exchange the respective data, your browser automatically creates a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and will therefore inform you to the best of our knowledge: By integrating Facebook Custom Audiences, Facebook receives the information that you have accessed the corresponding web page on our website or clicked on an ad from us. If you are registered with a “Facebook” service, “Facebook” can associate your visit with your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider will find out and store your IP address and other identifying features.
If you have consented to this, we may share your telephone number or email address with “Facebook” in order to be able to show you advertisements that match your interests.
- You can find out how the Facebook pixel is used for advertising campaigns at https://www.facebook.com/business/learn/facebook-ads-pixel
- More information about Facebook's data policy can be found at https://www.facebook.com/policy.php
- For more information on data processing by Facebook, please visit https://www.facebook.com/about/privacy
b) Purposes of data processing
We use these features to be able to provide you with advertising offers that match your interests.
c) Legal basis
We process your data because you have consented to this or because we have a legitimate interest in processing the data, Art. 6 para. 1 lit. a. and f GDPR. Our legitimate interest lies in optimizing our advertising presence and monitoring the usage of our website, as well as facilitating direct marketing via Facebook.
d) Storage period and control options
We store your data as long as we need it for the respective purpose (display of interest-based advertising) or as long as you have not objected to the storage of your data or have withdrawn your consent.
- The “Facebook Custom Audiences” feature can be deactivated for logged-in users at https://www.facebook.com/settings/?tab=ads # possible.
- You can change your Facebook ad preferences at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen Change if you are logged into Facebook. In addition, you can set cookies in your individual browser settings.
Insofar as data is transferred from Facebook to the USA, Facebook is required to comply with an appropriate level of data protection through the use of EU standard contractual clauses.
3rd Google
a) Google Ads Conversion Tracking (formerly Google Adwords):
(1) Collected data:
We use Google Ads conversion tracking. This technology sets cookies when you interact with one of our ads, for example when you click on it. Cookies are used to analyze what happens after you have interacted with an advertisement, e.g. whether you have purchased our product, accessed the ad from a mobile phone, downloaded our app or signed up for a newsletter.
(2) Purposes of data processing
We use this technology to improve our offerings.
(3) Legal basis of data processing
We use the Google product described if you have consented to the processing of your data. We obtain your consent when you access our websites via the cookie banner, Art. 6 para. 1 lit. a DSGVO.
(4) Storage period and control options:
The data collected via Google functions is stored and regularly deleted.
You can prevent cookies from being saved by making the appropriate settings in your browser.
You can also prevent Google from collecting and processing the data by using the following link Download and install available browser add-ons.
You can object to the storage of cookies and the associated data processing by using your advertising settings Deactivate personalized advertising. You can use cookies by third parties via the Network Advertising Initiative deactivation website deactivate.
As a result, the functionality of our websites may be limited.
For more information, see the Google privacy policy.
b) Google Analytics
(1) Collected data
On our websites, we use Google Analytics, a web analysis service provided by Google Ireland Limited, based in Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics places cookies on your device, which make it possible to evaluate your use of our websites. For this purpose, Google collects data, for example, to uniquely identify your browser, information about when and how often you visited our websites, how long you stayed on our websites and how you interacted with our websites (for more information, please find here [http://www.google.de/policies/technologies/types/]).
We have added the code “get._anonymizeIp ();” to Google Analytics. This causes Google to abbreviate your IP address and enable anonymized evaluation. IP addresses are abbreviated within the EU or the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. The data collected using cookies is usually transferred to a Google server in the USA and stored there. Google is committed to complying with European data protection standards and your rights through the use of EU standard contractual clauses. Google transmits data to third parties insofar as consent has been given, this is necessary for legal reasons or third parties process this data on behalf of Google.
(2) Purposes of data processing
On our behalf, Google uses the data collected via Google Analytics to evaluate the use of our websites, to compile reports on website activity and to provide other services related to website activity and Internet usage.
(3) Legal basis
We use the Google product described if you have consented to the processing of your data. We obtain your consent when you access our websites via the cookie banner, Art. 6 para. 1 lit. a DSGVO.
(4) Storage period and control options
The data collected via Google functions is stored and regularly deleted.
You can prevent cookies from being saved by making the appropriate settings in your browser.
You can also prevent Google from collecting and processing the data by using the following link [https://tools.google.com/dlpage/gaoptout?hl=de] download and install available browser add-ons.
As a result, the functionality of our websites may be limited.
For more information, see the Google privacy policy.
c) Google Maps
(1) Collected data
This website uses the Google Maps product from Google LLC.
Responsible for data processing is:
Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America
The terms of use of Google Maps can be found at
https://www.google.com/intl/de_de/help/terms_maps.html
(2) Purpose of data processing
Using Google Maps makes it easier for you to find our location, which we are interested in. This is also the purpose of data processing.
(3) Legal basis for data processing
We use the Google product described if you have consented to the processing of your data. We obtain your consent when you access our websites via the cookie banner, Art. 6 para. 1 lit. a DSGVO.
(4) Storage period and control option
The data is deleted as soon as it is no longer required for our recording purposes.
Data processing is absolutely necessary in order to be able to display the location information on our website, which is why it cannot be dispensed with. There is therefore no disposal option.
d) Google reCAPTCHA:
(1) Collected data:
We use Google's reCAPTCHA service for some forms. Google collects certain data to determine whether a person or a machine is accessing our websites, e.g. your IP address, your screen and window resolution, the language set in your browser, the time zone in which you are located, the browser's user agent and installed browser plug-ins. We've added the code “get._anonymizeIp ();” to the service. This causes Google to abbreviate your IP address. You can read more about abbreviating the IP address in the Google Analytics explanations above.
(2) Purposes of data processing
We use this service to differentiate whether an entry in one of our web forms is made by a human or abused automation/machine and thus to protect our technical systems.
(3) Legal basis of data processing
We use Google reCAPTCHA on the basis of legitimate interests (Art. 6 (1) FDSGVO). Our legitimate interest is to prevent misuse of our forms and to protect our technical systems.
(4) Storage period and control options:
The data collected via Google functions is stored and regularly deleted.
You can prevent cookies from being saved by making the appropriate settings in your browser.
You can also prevent Google from collecting and processing the data by using the following link Download and install available browser add-ons.
As a result, the functionality of our websites may be limited.
For more information, see the Google privacy policy.
e) Google Remarketing and Double Click (now more Google AdManagers):
(1) Collected data:
We use Google Remarketing and Google AdManager. This technology sets cookies that evaluate how you use our website and make it possible to recognize your browser when you visit websites that belong to the Google advertising network. In addition to Google Analytics cookies, the Google Analytics tracking code uses so-called DoubleClick cookies for this purpose. These collect data about which third-party websites in the Google Display Network you have visited and which advertising you have clicked on. In addition, data from first-party cookies (e.g. Google Analytics cookies) and third-party cookies (e.g. Google cookie for display preferences) are linked. This enables us to evaluate the display of advertisements and your interaction with these advertisements.
(2) Purposes of data processing
We use this technology to present you with interest-based ads on other websites in the Google advertising network. The advertisements relate to content that you have previously viewed on our websites.
(3) Legal basis of data processing
We use the Google products described if you have consented to them. We obtain your consent when you access our websites via the cookie banner, Art. 6 para. 1 lit. a DSGVO.
(4) Storage period and control options:
You can object to the storage of cookies and the associated data processing by deactivating personalized advertising via your advertising settings. You can use cookies by third parties via the Network Advertising Initiative deactivation website deactivate. Alternatively, you can deactivate DoubleClick cookies by installing a browser plug-in.
As a result, the functionality of our websites may be limited.
For more information, see the Google privacy policy.
f) Google Tag Manager
Google Tag Manager is a solution that allows us to manage so-called website tags via an interface (and thus integrate Google Analytics and other Google marketing services into our online offering, for example). The tag manager itself (which implements the tags) does not process any personal data. With regard to the processing of personal data, reference is made to the information on the respective Google services. Google Tag Manager usage guidelines can be found here:
https://www.google.com/intl/de/tagmanager/use-policy.html
g) YouTube:
(1) Collected data:
We use YouTube to integrate videos on our website. You can reach them at YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA94043, USA.
When you visit Haufe Group websites that include YouTube videos, your IP address is sent to YouTube and cookies are installed on your computer.
When you click on the video, your IP address is sent to YouTube and YouTube learns that you have watched the video. If you are logged in to YouTube at this time, this information is also assigned to your user account. We have no knowledge of and no influence on the possible collection and use of your data by YouTube.
(2) Purposes of data processing
We use YouTube to embed product videos on our websites.
(3) Legal basis of data processing
We use the Google product described if you have consented to the processing of your data. We obtain your consent when you access our websites via the cookie banner, Art. 6 para. 1 lit. a DSGVO.
(4) Storage period and control options:
The data collected via Google functions is stored and regularly deleted.
You can prevent cookies from being saved by making the appropriate settings in your browser.
You can also prevent Google from collecting and processing the data by using the following link Download and install available browser add-ons.
As a result, the functionality of our websites may be limited.
For more information, see the Google privacy policy.
4. LinkedIn Insights Tag and Conversion Tracking:
a) Collected data
We use the LinkedIn Insight Tag for this website. The LinkedIn Insight Tag creates a LinkedIn “browser cookie” which collects the following data:
- IP address,
- timestamp,
- page activity,
- LinkedIn demographic data if the user is an active LinkedIn member.
Using this technology, we can generate reports on the performance of our ads and information about website interaction. For this purpose, the LinkedIn Insight Tag is integrated into this website, which creates a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time.
b) Purposes of data processing
We process your data to evaluate campaigns and collect information about website visitors who may have reached us via our campaigns on LinkedIn.
c) Legal basis
We process your data because you have consented to this or because we have a legitimate interest in processing the data, Art. 6 para. 1 lit. a. and f EU GDPR. Our legitimate interest lies in determining the reach of our advertisements and analyzing user behavior on our websites.
d) Storage period and control options
We store your data as long as we need it for the respective purpose (campaign evaluation) or as long as you have not objected to the storage of your data or have withdrawn your consent. The data collected is encrypted. You can find more information here. Here you can find the LinkedIn privacy policy, as well as the LinkedIn Opt-Out.
5. Microsoft:
a) Bing Universal Event Tracking:
(1) Collected data:
We use Bing Universal Event Tracking (“UET”), a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). When you access our websites via ads on Bing Ads, a cookie is set on your computer. A UET tag is also integrated into our websites. This is a code that, in conjunction with the cookie, is used to store pseudonymized data about the use of the website. In combination with the cookie, the tag collects pseudonymous data to track what actions you take on our websites after you have clicked on an ad on Bing Ads. Among other things, the time spent on the website, which areas of the website were accessed and which ad brought you to the website are collected. In addition, Microsoft can track your usage behavior across several of your electronic devices through so-called cross-device tracking. The information collected is transferred to a Microsoft server in the USA, and Microsoft undertakes to maintain an appropriate level of data protection through the use of EU standard contractual clauses.
(2) Purposes of data processing:
UET allows us to track your activity on our websites when you reach our websites via Bing Ads ads and enables us to improve our offerings. Cross-device tracking allows Microsoft to display personalized advertising.
(3) Legal basis of data processing
We use Bing Tracking Tools when you have consented to them. We obtain your consent when you access our websites via the cookie banner, Art. 6 para. 1 lit. ADSGVO.
(4) Storage period and control options:
The data is stored by Microsoft for a maximum period of 180 days. You can prevent the collection and processing of data by deactivating the setting of cookies. As a result, the functionality of the websites may be limited. Cross-device tracking can be found at the following link Deactivate [http://choice.microsoft.com/de-de/opt-out]
You can find more information about Bing's analysis services at Bing Ads website. You can find more information about data protection at Microsoft and Bing in the Microsoft privacy policy.
b) Bing Webmaster Tools:
(1) Collected data
Microsoft's Bing Webmaster Tools store cookies and so-called beacons on your computer. Beacons or tracking pixels are small invisible graphics that can be used to register whether a website has been accessed.
(2) Purposes of processing
With the help of this tool, Microsoft can deliver its Bing services and optimize search results.
(3) Legal basis:
We use Bing Tracking Tools if you have given your consent. We obtain your consent when you access our websites via the cookie banner, Art. 6 para. 1 lit. a DSGVO.
(4) Storage period and control options:
The data is stored by Microsoft for a maximum period of 180 days. You can prevent the collection and processing of data by deactivating the setting of cookies. As a result, the functionality of the websites may be limited. Cross-device tracking can be found at the following link deactivate.
You can find more information about Bing's analysis services at Bing Ads website. You can find more information about data protection at Microsoft and Bing in the Microsoft privacy policy.
6. Eloqua (Oracle):
a) Collected data
We use the Eloqua service from ORACLE Deutschland B.V. & Co. KG, Riesstraße 25, 80992 Munich. Eloqua sets a persistent cookie on your browser on the respective login website.
b) Purposes of data processing
We use Eloqua to analyze the use of our websites so that we can constantly improve them.
c) Legal basis
We use Eloqua when you have given your consent. We obtain your consent when you access our websites via the cookie banner, Art. 6 para. 1 lit. a DSGVO.
d) Storage period and control options
Eloqua stores your data and it is deleted regularly. You can allow Eloqua to collect and process data by making an appropriate setting in your browser or link prevent.
For more information, see Oracle Privacy Notices.
7. Social plugins:
a) Collected data:
We use social plug-ins from social networks
- Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”).
- Instagram, which is operated as a product by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.
- LinkedIn, which is operated by LinkedIn Corporation, 1000 W. Maude Ave., Sunnyvale, California 94085, USA (“LinkedIn”)
- Twitter, which is operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”).
- XING, which is operated as a product by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
When you visit a website that contains such a plug-in, your browser creates a direct connection to the servers of the respective social network. Through this integration, the social network receives data about which website you have visited, even if you do not have a user profile or are not currently logged in. If you are logged in, Facebook can associate the visit with your Facebook account. When you interact with the plug-ins, the corresponding information is transmitted to the social network and stored there. Your IP address is stored in abbreviated form. The data collected is transmitted directly from your browser to a social network server in the USA and stored there.
b) Purposes of data processing:
The social plug-ins enable you to share content from websites on social networks.
c) Legal basis:
We use social plug-ins if you have consented to them. We obtain your consent when you access our websites via the cookie banner, Art. 6 para. 1 lit. a DSGVO.
d) Storage period and control options:
You can prevent the collection and processing of data by social networks by setting your browser accordingly.
If you do not want social networks to directly associate the data collected via our websites with your user profile, you must log out before visiting our websites. For more information, see Facebook's privacy policy, instagram, linkedin, twitter and XING.
8. Usercentrics
a) Collected data:
We use the consent management service Usercentrics GmbH, Sendlinger Str. 7,80331 Munich, Germany (“Usercentrics”). Usercentrics is used on the website as a contract processor for the purpose of consent management. The following data is collected: opt-in and opt-out data, referrer URL, user agent, user settings, consent ID, time of consent, consent type, template version, banner language.
b) Purposes of data processing:
We use Usercentrics to comply with legal obligations to store consent.
c) Legal basis:
We use Usercentrics to comply with our legal obligation, Art. 6 (1) (c) GDPR.
d) Storage period and control options:
The consent data (consent and withdrawal of consent) are stored for three years. The data is then immediately deleted.
For more information, see the Usercentrics Privacy Policy.
9. Webflow
a) Collected data:
When using Webflow Tracking, we collect the following data: IP address, browser type and version, browser fingerprint, geographical location, screen resolution, HTTP header, browser language, log data, and other similar data required to provide the service.
b) Purpose of data processing:
The data collected is used to analyze the use of our website.
c) Legal basis:
The processing of data is based on your consent, Art. 6 para. 1 lit. a DSGVO.
d) Storage period:
The data will be stored for as long as is necessary to fulfill the above purposes or until you object to data processing or withdraw your consent. The data will then be deleted, provided that there are no legal storage obligations to the contrary.
e) Control options:
You have the right to object to the processing of your data or to withdraw your consent at any time with effect for the future. In addition, you can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to fully use all functions of our website.
For more information, see Webflow Privacy Policy.
For more information, see Webflow Cookie Policy.
3rd What data is processed when you contact us?
In the following, we will inform you which data is collected and processed when you contact us, order a newsletter, open an account or purchase online products, for what purposes and by which recipients they are processed, on what legal basis the data is processed and when the data is deleted.
A. Contacting
a) Collected data
We collect and process the data you provide, such as your contact details, your name and your request, when you contact us via e-mail. All data that you send to us is transmitted in encrypted form between your browser and our server.
b) Purposes of data processing
Data processing is carried out by our customer service or service providers commissioned by us exclusively on the basis and to process your request.
c) Legal basis
We process your data to carry out pre-contractual and contractual measures, which are carried out at your request (Art. 6 para. 1 b GDPR).
d) Storage period
We store your data for as long as we need it for the specific processing purpose, to guarantee or to fulfill legal retention periods.
e) Transfer to third countries:
We use, among others, the service provider Salesforce.com (salesforce.com EMEA Limited, Company No. 05094083, registered in England; Floor 26 Salesforce Tower, 110 Bishopsgate, EC2N 4AY London; UK) to manage your data.
Here, data is generally processed in European data centers. As part of maintenance and support measures, data may also be transferred to the third country USA. In order to be able to guarantee adequate protection of your data even in these cases, we have required the service provider Salesforce Inc., using the relevant EU standard contractual clauses, to comply with a level of data protection in accordance with EU law.
B. CRM customer relationship management
1. Collected data:
- First name
- surname
- salutation
- Name and address of the company or law firm
- email address
- phone number
- contact details
- contact history
- Interests data
- Data on purchased goods or services
- Contract data/offers
2. Purposes of data processing:
Maintaining customer relationships and relationships with prospects (Customer Relationship Management)
3. Legal basis:
We process your data to carry out pre-contractual and contractual measures, which are carried out at your request (Art. 6 para. 1 b DSGVO) or on the basis of legitimate interests (Art. 6 para. 1 b GDPR)
4. Storage period:
If you do not purchase any of our products and there are no legal retention periods, all personal data will be deleted after 3 years at the latest.
4. What data is processed when you register on the website and apply to us?
Information on data processing during the application process can be found in the specific Privacy statement for the application process.
5. What rights do you have and how can you exercise them?
A. Withdrawal of consent
You can withdraw any consent you have given to the processing of your personal data at any time with effect for the future. Please note that the revocation has no effect on the lawfulness of previous data processing and that it does not extend to data processing for which there is a legal basis for permission and which may therefore also be processed without your consent.
B. Further rights of data subjects
In addition, under Articles 15 to 21 and 77 of the EU General Data Protection Regulation (GDPR), you are entitled to the following data subject rights if the legal requirements are met:
1. Information
At any time, you can request that we provide you with information about which of your personal data we process and how and to provide you with a copy of the personal data you have stored, Article 15 GDPR.
2. Correction
You can request the correction of incorrect personal data and the completion of incomplete personal data, Art. 16 GDPR. You can request the correction of incorrect personal data and the completion of incomplete personal data, Art. 16 GDPR.
3. Deletion
Regarding the deletion of your personal data: Please note that data that we need to execute and process contracts and to assert, exercise and defend legal claims as well as data for which there are legal, regulatory or contractual storage obligations are excluded from deletion, Art. 17 GDPR.
4. Restriction of processing
You can request the restriction of processing under certain circumstances, e.g. if you believe that your data is incorrect, if the processing is unlawful or you have objected to data processing. As a result, your data may only be processed to a very limited extent without your consent, e.g. to assert, exercise and defend legal claims or to protect the rights of other natural and legal persons, Article 18 GDPR.
5. Objection to data processing
You have the option to object to data processing for direct marketing purposes at any time. In addition, if there are special reasons, you can object at any time to data processing that is carried out on the basis of a legitimate interest, Article 21 GDPR.
6. Data portability
You have the right to receive the data that you have provided to us and which we process on the basis of your consent or to fulfill the contract in a common, machine-readable format and to request direct transmission of this data to third parties as far as is technically feasible, Article 20 GDPR.
C. Contact routes
You can exercise your rights via the following contact channels:
Haufe Group
Mr. Raik Mickler
data protection officer
Munzinger Strasse 9
79111 Freiburg
email: dsb@haufe-lexware.com
Communicate with us in encrypted form
You can withdraw your consent to data processing through cookies and tracking technologies by making appropriate settings in your browser or using the opt-out options described in detail under 2. C.
You can also withdraw your consent to receive the newsletter at any time by clicking on the corresponding link in each newsletter.
D. Right to lodge a complaint with a supervisory authority
For example, if you believe that our data processing is unlawful or we have not granted the rights described above to the extent necessary, you have the right to lodge a complaint with the competent data protection supervisory authority.
6. General information on transfers to third countries
The contractually agreed data processing is provided exclusively in a member state of the European Union (European data centers) or in another state party to the Agreement on the European Economic Area. However, as part of maintenance and support measures, data may also be transferred to the third country USA. We always ensure an appropriate level of protection for data transmission by introducing appropriate protective measures in accordance with Art. 44 ff. GDPR. For each of these third-country transfers, a contract was concluded with the respective recipient with standard data protection clauses of the European Commission (Art. 46 para. 2 letters c and d GDPR).
Status: March 2025