Privacy policy

1. Who is Responsible for this Website?

The responsible party in terms of the General Data Protection Regulation is:

CONCEPT X GmbH & Co. KG
Hörstkamp 7
48431 Rheine
Email: datenschutz@conceptx.de
Imprint: https://conceptx.de/en/imprint/

(hereinafter also “CONCEPT X GmbH & Co. KG” or “we”)

If you have any questions about these privacy notices or about the protection of your data by CONCEPT X GmbH & Co. KG, you can also contact our data protection officer at any time:

Carla Holterhus
Email: datenschutz@conceptx.de

2. What is it About?

When we process personal data, this means that we collect, store, transmit, delete, or otherwise use it. Personal data refers to information about natural persons who learn about the offers and services of CONCEPT X GmbH & Co. KG on this website.

If you are a customer, prospect, employee, supplier, or applicant at CONCEPT X GmbH & Co. KG, your data will also be processed within the framework of your business relationship with us or your legitimate interest in a response from us. You can find information about this in the notes on handling your personal data.

Below you will find an overview of the data processed by CONCEPT X GmbH & Co. KG when visiting this website and the purpose for which it is processed. Information on the handling of your data on the social media offerings of CONCEPT X GmbH & Co. KG can be found in the privacy policy for social media.

3. How is Your Data Processed When Visiting This Website?

3.1 Data Required to Display the Website and Ensure Its Stability and Security

When using the website, the following technically necessary data is processed for the purposes of providing our online services and user-friendliness, information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)), and security measures:

• Usage data: browser used (type, version, language); operating system used; internet service provider of the user; files retrieved on our web pages; website from which the user accessed our web pages; website that the user accesses via our website.
• Meta, communication, and procedural data: user’s IP address, date and time of access to our web pages; consent status.
• Content data: inputs in online forms).

Collection of access data and log files: Access to our online offer is logged in the form of so-called “server log files”. The server log files can include the address and name of the retrieved web pages and files, date and time of retrieval, transferred data volumes, message about successful retrieval, browser type along with version, the operating system of the user, referrer URL (the previously visited page), and typically IP addresses and the requesting provider. The server log files can be used for security purposes, e.g., to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks), and on the other hand, to ensure the utilization of the servers and their stability; legal basis: legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR); deletion of data: Logfile information is stored for a maximum of 30 days and then deleted or anonymized. Data required for further retention for evidential purposes are excluded from deletion until the respective incident is finally resolved.

The processing of the aforementioned user data takes place for the performance of pre-contractual measures or for the fulfillment of the contract according to Art. 6 Para. 1 Sentence 1 lit. b GDPR. In addition, the processing of the data can also be carried out to protect the legitimate interests of CONCEPT X GmbH & Co. KG based on a balancing of interests according to Art. 6 Para. 1 Sentence 1 lit. f GDPR. In the case of unlawful use of this website, this data also serves to investigate potential legal violations.

CONCEPT X GmbH & Co. KG also evaluates this information for statistical purposes and to improve this website, without creating personal user profiles.

Information on Providers and Services:

We use services from ALL-INKL (ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany) for the provision of information technology infrastructure and related services.

We have concluded a data processing agreement (DPA) for the use of the aforementioned service. This is a data protection contract required by law, which ensures that this service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

For more information on the handling of user data at ALL-INKL, please refer to the privacy policy of ALL-INKL: https://all-inkl.com/datenschutzinformationen/.

We use hosting and software from WordPress.com (Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland) for creating, providing, and operating our website, our blog, and other online offerings.

We have concluded a data processing agreement (DPA) for the use of the aforementioned service. This is a data protection contract required by law, which ensures that this service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Data Processing Agreement: https://wordpress.com/support/data-processing-agreements/.

For more information on the handling of user data at WordPress, please refer to the privacy policy of WordPress: https://automattic.com/de/privacy/.

3.2 Use of Cookies?

This website uses cookies. Cookies are small units of information stored on your device. This serves to make it easier for visitors to navigate the website and use certain features, and especially to be able to reuse this information at a later time. In addition to these technically and functionally required cookies, cookies may also be used for other purposes, such as targeted advertising. Further explanations can be found in the following notes.

If you do not wish cookies to be stored on your device, you can prevent this by adjusting your browser software accordingly. There, already stored cookies can also be deleted. However, deactivating technically necessary cookies may result in the website not being fully usable.

Necessary Cookies:

We use cookies that are necessary for the operation and delivery of functions in order to make the use of this website secure and user-friendly. Only in this way can users navigate the web pages and operate the modules or functions of the website. Without these cookies, the use of the website may not be possible or only to a limited extent. For some functions, it is necessary that the browser is recognized even after a page change.

The data collected with the help of these necessary cookies is not used to create user profiles. The following data is stored and transmitted in the cookies:

• Current session ID
• Usage of certain website content, for example, frequency or extent of use
• Acknowledgment of certain website content, such as product notes

Since websites have no memory, cookies inform the server which pages should be displayed to the visitor. This has the advantage that the visitor does not have to remember everything or navigate through the entire page again.

Almost all of the technically and functionally necessary cookies used are session cookies, so-called “Session-Cookies”. The data stored in them are automatically deleted at the end of your visit.

The cookies used by us on our website are:

The processing of data using technically and functionally necessary cookies is based on § 25 para. 2 TTDSG.

3.3 Contact Form and Email Contact

A contact form is available on our web pages, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored:

• Name
• Email address
• Free field for individual text
• User’s IP address
• Date and time of sending

Alternatively, contact can be made using the email addresses provided on the web pages. In this case, the personal data of the user transmitted with the email will be stored by us. The legal basis for processing the data is Art. 6 Para. 1 lit. f GDPR. If the contact aims at concluding a contract, then Art. 6 Para. 1 lit. b GDPR is the legal basis.
The data is used exclusively for processing the contact and the subsequent communication. In this context, the data will not be passed on to third parties. The personal data from the input mask of the contact form and those sent by email will be deleted when the respective communication with the user has ended, i.e., as soon as it can be inferred from the circumstances that the relevant matter has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days.

3.4 Information Applications of Other Providers

Consent with Borlabs Cookie

Our website uses the consent technology of Borlabs Cookie to obtain your consent to store certain cookies in your browser or to use certain technologies and to document this in compliance with data protection regulations. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (hereinafter Borlabs). When you enter our website, a Borlabs cookie is stored in your browser, which stores the consents you have given or the revocation of these consents. These data are not passed on to the provider of Borlabs Cookie. The collected data will be stored until you request us to delete them, delete the Borlabs cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention periods remain unaffected. Details on Borlabs Cookie’s data processing can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

The use of the Borlabs Cookie consent technology is carried out to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 Para. 1 lit. c GDPR.

Google Ads

Google Ads is an online advertising service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google is the responsible entity.

We use Google Ads to display online advertising that matches your interests. Google uses DoubleClick cookies to measure the success of our advertising campaigns through the collection of parameters such as ad impressions or clicks by users. For example, we receive statistical evaluations from Google about which ads were clicked how often and at what prices. However, we do not receive information about the use of advertising media that allows conclusions to be drawn about individual users.

Based on the statistics created by Google Analytics, we can form target groups (e.g., for devices on which a specific product page was accessed) and transmit these to Google via Google Ads. These target groups consist of a list of Advertising IDs filtered within Google Analytics according to certain criteria (which, for example, are also stored in the “DoubleClick cookie”). Google uses these target groups so that you are primarily addressed in online marketing for products in which you are interested (e.g., because you have already informed yourself about them on our website). More information on how Google processes your data for advertising ads can be found in Google’s privacy policy and Google Ads help.

The legal basis for data processing is your consent according to Art. 6 Para. 1 Sentence 1 lit. a GDPR or § 25 Para. 1 TTDSG.

Data transfer to the USA is based on the EU-US Data Privacy Framework (DPF) and the EU Commission’s standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

More information on how Google Analytics handles user data can be found in Google’s privacy policy: https://policies.google.com/privacy.

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It is only used for the management and deployment of the tools integrated through it. However, Google Tag Manager does collect your IP address, which can also be transmitted to Google’s parent company in the United States.

The use of this service is based on your consent according to Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the EU-US Data Privacy Framework (DPF) and the EU Commission’s standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

More information on how Google Analytics handles user data can be found in Google’s privacy policy: https://policies.google.com/privacy.

Google Analytics

This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use Google Analytics to measure and analyze the use of our website based on a pseudonymous user identification number. This identification number does not contain unique data, such as names or email addresses. It is used to assign analysis information to an end device in order to recognize which content users have accessed within one or several usage processes, which search terms they have used, have revisited them, or have interacted with our website. Similarly, the time of use and its duration, as well as the sources of the users who refer to our website and technical aspects of their end devices and browsers, are stored. Pseudonymous profiles of users are created with information from the use of various devices, where cookies can be used. Google Analytics logs and stores no individual IP addresses for EU users. However, Analytics provides coarse geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, IP address data is used exclusively for this derivation of geolocation data before it is immediately deleted. They are not logged, are not accessible, and are not used for further purposes. When Google Analytics collects measurement data, all IP queries are conducted on EU-based servers before traffic is forwarded to Analytics servers for processing. The use of this service is based on your consent according to Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the EU-US Data Privacy Framework (DPF) and the EU Commission’s standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

More information on how Google Analytics handles user data can be found in Google’s privacy policy: https://policies.google.com/privacy.

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Cloudflare

We use the service “Cloudflare”. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter “Cloudflare”). Cloudflare offers a globally distributed content delivery network with DNS. Technically, the information transfer between your browser and our website is routed through Cloudflare’s network. This enables Cloudflare to analyze the traffic between your browser and our website and to act as a filter between our servers and potentially malicious traffic from the internet. Cloudflare may also use cookies or other technologies for recognizing internet users, which are used solely for the purpose described here. The use of Cloudflare is based on our legitimate interest in as error-free and secure a provision of our web offer as possible (Art. 6 Para. 1 lit. f GDPR).

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.cloudflare.com/privacypolicy/. Further information on security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/.

The company has certification under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards in data processing in the USA. Each company certified under the DPF commits to adhering to these data protection standards. More information about this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a data protection contract required by law, which ensures that this service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

reCAPTCHA

We integrate the “reCAPTCHA” function of the service provider Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) to determine whether entries (e.g., in online forms) are made by humans and not by automatically operating machines (so-called “bots”). The processed data may include IP addresses, information about operating systems, devices or used browsers, language settings, location, mouse movements, keystrokes, duration spent on websites, previously visited websites, interactions with reCaptcha on other websites, possibly cookies, and results of manual recognition processes (e.g., answering posed questions or selecting objects in images). Data processing is based on our legitimate interest to protect our online offer from abusive automated crawling and spam. The legal basis for processing the data is Art. 6 Para. 1 lit. f GDPR.

Further information on data protection at Google can be found here (https://policies.google.com/privacy). Of course, you always have the option to object to the processing via the Opt-Out plugin (https://tools.google.com/dlpage/gaoptout?hl=de).

unpkg

On our website, scripts and stylesheets are loaded from the content delivery network unpkg.com. The integration always requires that third-party providers of these contents process the IP addresses of the users* because they could not send the contents to their browser without the IP address. The IP address is therefore necessary for the display of these contents or functions. The following types of data of the users* are processed: Meta/communication data (e.g., device information, IP addresses). We use the content delivery network (CDN) unpkg to enable faster loading times, reduced web server utilization, and lower bandwidth usage (thus optimizing performance) and to make our website user-friendly. With the CDN, website content such as scripts and stylesheets are delivered faster via a network of regionally distributed servers. For this purpose, your browser must connect to unpkg’s servers. This gives unpkg knowledge that our website was accessed via your IP address. If the relevant files have already been loaded on another page from the CDN, your browser will usually automatically access the copy stored in the cache instead. We use unpkg based on our legitimate interest (Art. 6 Para. 1 S. 1 lit. f GDPR). The person responsible for unpgk, Michael Jackson, assures via his Twitter account that unpkg does not collect, evaluate or store any accruing data: https://twitter.com/mjackson/status/987342097773617152

4. Who Receives Your Data?

Data is only transferred to third parties if you have given your consent or if there is a legal obligation to do so.

Under these conditions, recipients of personal data can particularly be:

• Law enforcement authorities
• Other companies within the CONCEPT X GmbH & Co. KG

Appointed service providers may also receive such data if they meet the special confidentiality requirements of CONCEPT X GmbH & Co. KG. This may particularly include companies in the categories of IT services, consulting, as well as sales and marketing. Corresponding data protection agreements are then made with these service providers.

5. When Will Your Data Be Deleted?

Data mentioned in these notes will be deleted when they are no longer needed for their original purpose. This only does not apply if their – temporary – further processing is necessary for other purposes.

If a different retention period is defined for certain services, you will find this in the description of the respective service.

6. Is Your Data Transferred to a Third Country or an International Organization?

Data received by CONCEPT X GmbH & Co. KG through the visit of this website are generally not transferred to international organizations or third countries (countries outside the European Economic Area – EEA). As far as CONCEPT X GmbH & Co. KG uses analysis services, you will find the explanations above under number 3.

7. Is Your Data Used for Automated Decision-Making or Profiling?

Data from the visit of this website is not used for automated decision-making as defined in Art. 22 GDPR.

8. Data Protection Information in the Application Process

We process applicant data solely for the purpose and within the framework of the application process in accordance with legal requirements. The processing of applicant data is carried out to fulfill our (pre)contractual obligations within the application process in the sense of Art. 6 Para. 1 lit. b. GDPR Art. 6 Para. 1 lit. f. GDPR if data processing becomes necessary for us, e.g., in the context of legal procedures.

The application process requires that applicants disclose their applicant data to us. The necessary applicant data are, if we offer an online form, marked as such, otherwise arise from the job descriptions and generally include personal details, postal and contact addresses, and documents belonging to the application, such as cover letter, resume, and certificates. In addition, applicants can voluntarily provide us with additional information.

By submitting the application to us, applicants agree to the processing of their data for the purposes of the application process, according to the nature and extent set out in these data protection notices. To the extent that special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are voluntarily communicated within the framework of the application process, their processing is additionally carried out according to Art. 9 Para. 2 lit. b GDPR (e.g., health data, such as disability status or ethnic origin). To the extent that special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are requested from applicants during the application process, their processing is additionally carried out according to Art. 9 Para. 2 lit. a GDPR (e.g., health data, if these are necessary for the exercise of the profession).

Applications can be submitted to us via an online form on our website. The data is transmitted to us encrypted according to the state of the art.

If applicants send their applications via email, it should be noted that emails are generally not sent encrypted and the applicants themselves must ensure encryption. Therefore, we cannot take responsibility for the transmission path of the application between the sender and reception on our server and therefore recommend using an online form.

If we cannot offer you a position, there is the possibility of including you in our applicant pool. In the event of inclusion, all documents and information from the application will be transferred to the applicant pool to contact you in the event of suitable job offers. The inclusion in the applicant pool occurs exclusively based on your explicit consent (Art. 6 Para. 1 lit. a GDPR). The granting of consent is voluntary and is not related to the ongoing application process. The affected person can revoke their consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, unless there are legal retention reasons. The data from the applicant pool will be irrevocably deleted no later than two years after the consent has been given.

The data provided by the applicants can be further processed by us in the event of a successful application for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the general legal retention and deletion periods apply. We delete the data within the framework of the application process, subject to a legitimate revocation by the applicants, according to the relevant legal provisions after the conclusion of the respective staffing process. Access and use of personal data by our company is then no longer possible.

9. What Rights Do You Have Regarding the Processing of Your Data?

You have the following rights against CONCEPT X GmbH & Co. KG concerning your personal data:
Right to information
Right to correction or deletion
Right to restriction of processing
Right to data portability
Right to revoke consent granted

9.1 Information about Your Right to Object According to Art. 21 GDPR

Right to Object on a Case-by-Case Basis

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is based on Art. 6 Para. 1 Sentence 1 lit. e GDPR (data processing in the public interest) and Art. 6 Para. 1 Sentence 1 lit. f GDPR (data processing based on a balance of interests); this also applies to profiling based on these provisions as defined in Art. 4 No. 4 GDPR.

If you object, CONCEPT X GmbH & Co. KG will no longer process your personal data unless it can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

Objection to the Processing of Your Data for Direct Marketing

In individual cases, CONCEPT X GmbH & Co. KG processes your personal data for direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling to the extent that it is associated with such direct marketing.

If you object to processing for direct marketing purposes, CONCEPT X GmbH & Co. KG will no longer process your personal data for these purposes.

The objection can be made informally and should preferably be addressed to:

CONCEPT X GmbH & Co. KG
Hörstkamp 7
48431 Rheine
Email: datenschutz@conceptx.de

You also have the right to lodge a complaint with a data protection supervisory authority in connection with the processing of your personal data.

10. Changes and Updates to the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We adjust the privacy policy as soon as changes in the data processing we carry out make it necessary. We will inform you as soon as the changes require your participation (e.g., consent) or any other individual notification.

If we provide addresses and contact information of companies and organizations in these privacy notices, please note that the addresses can change over time and we ask you to verify the information before making contact.

Date: December 11, 2023