In the following, we inform you about the processing of personal data when using our website. Personal data within the meaning of Art. 4 No. 1 of the EU General Data Protection Regulation (GDPR) is all information that can be personally related to you as a so-called data subject, e.g. name, address, e-mail addresses, user behavior.
1. Name and contact details of the responsible body and the company data protection officer
coeo Group GmbH, Kieler Straße 16, 41540 Dormagen, Phone.: 02133 2463-0
You can contact the responsible data protection officer at the previously mentioned address – Data Protection Department – or at dataprotection@coeo-group.ai.
2. Collection and storage of personal data and purpose of use
a) When visiting the websites
When you visit our websites, the browser used on your device automatically sends information to the server of our websites. This information is temporarily stored in a so-called log file. The following information is recorded without any action on your part and stored until it is automatically deleted:
We process the aforementioned data for the following purposes:
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.
We also use analysis services when you visit our website. You can find more detailed explanations on this in section 7 of this privacy policy.
b) When using our contact form
For questions of any kind, we offer you the opportunity to contact us via a form provided on our websites. It is necessary to provide a valid e-mail address and/or phonenumber so that we know who the inquiry is from and can answer it.
Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent.
c) When logging in via one of our service portals
If you would like to use our service portals (for debtors and for clients) in a personalized manner, you will need to log in, which you can do by scanning the QR code contained in one of our letters or using a link, for example. By logging in, we collect usage data in order to customize the presentation of the content for you and to provide you with a user-friendly, suitable and secure repayment option for the outstanding claim. The usage-related data will not be transmitted to our client or other third parties.
On the respective portal, you have the option of viewing your data and contacting us. The following information is stored:
A legitimate interest in processing arises from the optimization of communication channels and the resulting effective and user-friendly payment processing, Art. 6 para. 1 lit. f GDPR.
When you visit our website, we use the analysis service Matomo. You can find explanations on this in section 7 of this privacy policy.
d) For payment by credit card
When paying by credit card, you agree that the data you enter will be transferred to the credit card company (Visa, Master Card, American Express) via the service provider.
Your data will be transmitted on the basis of Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract). The collection and processing are based on your contractual obligation to pay the fee owed for the service provided by the client, whereby you are free to choose the method of payment. You have the option of withdrawing your consent to data processing at any time. A revocation has no effect on data processing procedures in the past.
We store your data for this purpose for as long as you or the client can assert claims against us, e.g. due to improper payment processing, for the duration of the regular limitation period of three years. This period begins at the end of the year in which the payment was processed or the processing was discontinued. The legal basis for this is our legitimate interest in defending against legal claims, Art. 6 para. 1 lit. f GDPR. We then check whether we still need your data or whether deletion would conflict with retention obligations under commercial and tax law.
3. recipient of personal data:
4. duration of storage
Personal data will be processed until the above-mentioned purposes have been fully achieved. Once the purpose has been achieved in full, the data will be deleted, provided there are no statutory retention obligations to the contrary. The controller also has a concept in place to ensure that deletion obligations are regularly reviewed. Visitor data is deleted for a maximum period of six months after visiting our websites.
5 Rights of the data subject
If the legal requirements are met, you have the following rights in accordance with Art. 15 to 22 GDPR: Right to information, correction, deletion, restriction of processing, data portability.
6 Right to object
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation. These grounds must be stated when exercising the right to object.
7. right to lodge a complaint with the supervisory authority, Art. 77 GDPR
You have the right to contact our supervisory authority if you believe that your data is being processed unlawfully. The address of the supervisory authority responsible for our company is: Die Landesbeauftragte für den Datenschutz Nordrhein-Westfalen, Kavalleriestraße 2-4, 40213 Düsseldorf.
8. web analysis through Matomo
It is important for every website operator to know how their website is used by visitors. We use the open source web analysis service Matomo for this purpose. In this process, the data is first anonymized when it is collected and then evaluated in aggregated form. Matomo runs on our servers; the data is not passed on to third parties. Your Internet browser automatically transmits data to our server as soon as you access our website. The date and time of access, URL (address) of the referring website, file retrieved, amount of data sent, the http response code, browser type and version, any browser extensions, operating system and your IP address (in abbreviated and anonymized form) are transmitted. As the website operator, we have a legitimate interest in the analysis of user behavior in accordance with Art. 6 para. 1 lit. f GDPR in order to optimize our website. The information generated by the cookie is not used to personally identify the visitor to this website and is not merged with other data about the visitor. When you log in to our service portal (for more information, see 2 c) of this data protection notice), the usage data transmitted to us by the cookie is evaluated by us – without being forwarded to third parties – and used together with other data relating to your request in order to offer you an optimal service and suitable payment options. Matomo supports the “Do Not Track” procedure of current web browsers. If you want to prevent the analysis of your web behavior in general, we recommend that you activate this option in your browser. Alternatively, you can use the following button to prevent Matomo web analysis on our website: You can find more information on the privacy settings of the Matomo software at the following link: https://matomo.org/docs/privacy/7.
9. social links
Our website contains links to the services LinkedIn, Xing, Kununu and YouTube, for which we have our own websites. After clicking on the embedded graphic, you will be redirected to the website of the respective provider.
If you click on a link to corresponding services on our website, your browser establishes a direct connection with the servers of the respective provider. By clicking on the link, the provider receives the information that your browser has accessed the corresponding page of our website, even if you do not have your own user account with the respective provider or are currently logged in there. This information is transmitted directly from your browser to a server of the respective provider and stored there.
If you are logged in with a provider, the provider can assign the visit to our website directly to your user account. The respective provider can use this information for the purposes of advertising, market research and needs-based design of its service. For this purpose, the provider creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you by the provider, to inform other users about your activities on our website and to provide other services associated with the use of the provider.
If you do not want the provider to assign the data collected via our website to your user account, you must log out of the respective provider before visiting our website.
We use our websites on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR in order to be able to present our company to the outside world in a variety of ways and to provide the user with additional information.
Consent to data processing in accordance with Art. 6 para. 1 lit. a GDPR may also be the legal basis if you have given this to the platform operator.
You will receive detailed information about the data processing of the platform operators on the respective objection options, the rights to information as well as specific information on the respective platforms via the following data protection notices of the respective operators:
a. LinkedIn
Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Specific information on LinkedIn company pages: When you visit our LinkedIn company page, LinkedIn processes your personal data. This data is transmitted to us by LinkedIn in anonymized form as part of LinkedIn Analytics. This anonymized data is statistical data of our subscribers. In addition, we receive your profile name from LinkedIn if you interact with us or our page, for example by liking or commenting on posts or following our pages.
b. XING
Provider: XING SE, Dammtorstraße 30, 20354 Hamburg, Germany
Specific information on Xing company profile: When you visit our Xing company profile, Xing processes your personal data. In addition, we receive your profile name from Xing if you interact with us or our page, for example by liking or commenting on amounts or following our profile.
c. Kununu
Provider: Kununu GmbH, Neutorgasse 4-8, Top 3.02, 1010 Vienna, Austria
Specific information on kununu company profile: When you visit our kununu company profile, kununu processes your personal data, and we also receive your profile name from kununu if you interact with us or our page, for example by liking or commenting on posts or following our profile. We also use the kununu Reputation Manager and therefore receive a direct email notification as soon as a review is submitted about us.
d. Youtube
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Specific information about YouTube accounts or channels: By visiting our website and playing the videos, YouTube/Google receives the information that you have accessed the corresponding subpage of our website. If you are logged in to Google, this data is assigned directly to your account. If you do not wish to be associated with your YouTube profile, you must log out before activating the button. The data collected by YouTube is transmitted to the USA, which is considered a third country with an insecure level of data protection according to the GDPR. We have no knowledge of the further processing and the duration of storage by YouTube.
10. live chat
In our service portal, we offer you the option of using a live chat to contact our employees directly. When the chat is initialized, the date, time and duration of access as well as the IP address and the content of the communication are transmitted and assigned to the respective claim file managed by us.
The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR, whereby our legitimate interest is based on the processing of your request, the analysis of continuous quality improvement and the tracking of cases of abuse.
The chat log is stored in the claim file so that it can be accessed in the event of queries. After payment of the outstanding claim or termination of the debt collection procedure, we will check after three years whether we still need your data or whether statutory retention obligations prevent deletion. We reserve the right to statistically evaluate anonymized data records.
11. Data security
We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, you will not be able to access our website. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
12. Up-to-dateness and amendment of this privacy policy
This privacy policy is currently valid and is dated January 2021. Due to the further development of our website or due to changes in legal or official requirements, it may become necessary to amend this privacy policy. The privacy policy will therefore be updated on a regular basis.
coeo Group GmbH
Kieler Straße 16
41540 Dormagen
Germany
Phone: +49 2133 2463-0