A. Data protection goals
We strive for a long-term relationship with our employees and a consistently high level of user satisfaction. In doing so, we focus particularly on the design of the individual relationship with you and align all our further goals accordingly. An important part of these relationships is based on trust. Therefore, we are fully committed to the protection of privacy and the right to data protection. Our goal is to offer employees and users a secure, risk-free service.
In order to ensure that personal data is only processed in accordance with the legal requirements, we align our processes and technical design with the Basic Data Protection Regulation, the Federal Data Protection Act and other relevant laws. In particular, no more personal data is to be collected than is necessary for the respective purpose and, in addition, the simple exercise of the rights of the persons concerned is to be ensured.
The following declaration concerns the data processing within the scope of our web offer. Even though we have taken organisational and technical measures to ensure that our website is protected as consistently as possible, the occurrence of a security gap in electronic communication channels cannot, of course, be ruled out completely. For this reason, visitors of the website are free to inform themselves about or transmit information to us in other ways.
B. Terms and definitions
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing is any operation or set of operations, performed with or without the aid of automated tools, which is performed upon personal data, such as collection, recording, organisation, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or another way of making it available, alignment or combination, restriction, erasure or destruction.
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the need for additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data is not attributed to an identified or identifiable natural person.
Controller or data controller
Controller or data controller is the natural or legal person, public authority, agency or any other body which alone or joint with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or national law, provision may be made for the controller or for the specific criteria for his or her designation in accordance with Union or national law.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The recipient is any natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the context of a specific investigation mandate under Union or national law shall not be considered as recipients.
Third party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.
Consent shall mean any freely given and informed unequivocal expression of the data subject's wishes in the specific case, in the form of a statement or any other unequivocal affirmative act by which the data subject signifies his or her consent to the processing of personal data relating to him or her.
C. General information
is the controller within the meaning of the basic data protection regulation:
Comsol Unternehmenslösungen AG
61476 Kronberg im Taunus
Phone: +49 6173-9375-0
fax: +49 6173-9375-122
Data protection representative
You can reach our data protection officer Mr. Dominic Broy at
phone: +49 6841 9816-0
Our data protection representative will help you quickly and straightforwardly with any questions you may have or with the assertion of your rights as a data subject.
Type and scope of the data processed
As a matter of principle, usage data (e.g. websites visited, access times) and communication data (e.g. browser information, IP addresses) are processed.
Browser and server data
Please note that your browser sends us information when you use the website. The purpose of this transmission is to make it technically possible for you to visit the website. The data is required to process the information request. The type of information transmitted therefore also depends on your settings and technical specifications. When you access our website, it is therefore possible to collect the following data:
- IP address
- Time of access
- page called up or name of the file called up (URL)
- Status information (e.g. error codes)
- data volume transferred
- Browser information (web browser used, operating system, language setting, etc.)
The data is used for statistical and security purposes. It will not be passed on to third parties. This website itself does not use any techniques that aim to evaluate the access behaviour of individual users. Personal user profiles are not created. The data will be stored for a maximum of 7 days for the stated purposes.
- Storage of user preferences
We use the following types of cookies:
- Transient cookies (temporary use)
- persistent cookies (temporary use)
The latter may be used by third party providers. The cookies serve our interest in the simple usability and the improvement of our web offer.
The transient cookies are automatically deleted when you close the browser. Persistent cookies are automatically deleted after a preset period of time, which may vary depending on the cookie. The deletion periods correspond to the specifications of the corresponding third party provider.
You can delete the cookies in the security settings of your browser any time. You can also set your browser to refuse certain or all cookies. However, we would like to point out that in this case the range of functions of the website may be restricted. The information related to cookies is stored separately from any other data that may have been provided to us. This data is explicitly not linked to your other data.
Categories of the affected
Affected by the data processing through our website are the visitors, users (e.g. applicants) of the website.
Purpose of the processing
- Provision of an online presence
- Possibility of user interaction
- Security measures
The criterion for the duration of storage of personal data is the respective legal retention period and the purpose of processing. After expiry of the period, the corresponding data is routinely deleted if it is no longer required to achieve the processing purpose.
The specific storage periods are indicated within this declaration for each individual data processing operation.
There are several possible legal bases for the DSGVO: Firstly, Article 6 (1) (a) DS-GVO serves as the basis for processing operations for which your consent is obtained for the processing operation (e.g. in the context of the use of non-functional cookies). For processing operations that are necessary to carry out pre-contractual measures, for example in cases of enquiries about our services, the processing is based on Art. 6 Paragraph 1 lit. b) DS-GVO. In the case of the fulfilment of tax obligations, the processing is based on Art. 6 Para. 1 lit. c) DS-GVO. In the case of this website, the processing of data is based primarily on Art. 6 Para. 1 lit. f) DS-GVO. That base for authorisation applies if the processing is necessary to safeguard a legitimate interest of the controller or of a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject do not prevail.
The specific interests are always displayed at the point of the processing operation.
Technical security measures
We maintain up-to-date technical and organisational measures to ensure data security to particularly protect your personal data from risks during data transmission and from third parties gaining knowledge of them. These measures are constantly adapted to the current state of technology.
D. Third party service provider
If we allow third parties to participate in the processing, this is done exclusively on the base of a legal permission norm and in compliance with the legal regulations. That permission norm may contain your consent, a legal obligation or our legitimate interests.
The hosting services we may use, serve to provide the following services: Infrastructure and platform services, software tools, computing capacity, storage space and maintenance services which we require for the purpose of operating this online offer.
The hosting provider processes the usage data based on our legitimate interest in an effective and secure provision of this online offer in accordance with Art. 6 Para. 1 lit. f) DSGVO.
Usage data includes the data described under "Type and scope of data processed". This data is deleted seven days since.
Here the hosting provider and the respective address should explicitly be named.
Links to other websites
Our website contains links to third party websites. This data protection declaration applies only to the contents of our internet pages and does not include the websites of third parties linked to this page. We have no influence on the legality of other sites’ contents or their handling of personal data. If you have any questions about the content or data protection of such third party providers, please contact the respective provider.
Based on our legitimate interests (Art. 6 para. 1 lit. f) DSGVO) in the continuous improvement and optimisation as well as the economically sensible operation of our website, we use Google Analytics, an analysis service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. The use of Google Analytics is solely for the purpose that coincides with our interests. Google Analytics uses so-called "cookies", text files which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie can also be transferred to and stored at a Google server in the USA. However, if IP anonymisation is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA to there be shortened. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet.
The IP address transmitted by your browser within the framework of Google Analytics is not combined with other data from Google.
This website uses Google Analytics with the extension "_anonymizeIp()". This allows IP addresses to be processed in a shortened form, thus excluding the possibility of personal references. If the data collected about you contains a personal reference, this is immediately excluded, and the personal data is therefore deleted immediately.
We use Google Analytics to analyse and improve the use of our website regularly. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. Google LLC is certified under the EU-US Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI).
This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out using a user ID. You can deactivate the cross-device analysis of your usage in your customer account.
Many websites use Google Analytics in the manner described. You can permanently prevent the collection of data by installing a plug-in in your browser: http://tools.google.com/dlpage/gaoptout?hl=de. Furthermore, you can also prevent the storage of cookies in your basic browser settings. You can also deactivate Google Analytics running during your visit to our site by simply opting out.
We use the Google Remarketing application from Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. The purpose of this application is that after visiting our website, our advertisements based on the interests of the user are displayed to the user during further internet use within the Google advertising network. The application serves the sole purpose of matching our interests. For this purpose, the interaction of the user on our website is analysed, e.g. which offers the user was interested in. Remarketing is carried out by cookies stored in the browser recording and evaluating the user’s behaviour when visiting various websites and anonymised data by Google. This enables Google to determine the previous visit to our website. The legal base for this, particularly for the setting of cookies, is Art. 6 para. 1 lit. a), f) DSGVO. The user's data may be transferred to the USA. According to Google, a combination of the data collected while remarketing with your personal data, which may be stored by Google, does not take place. According to Google, pseudonymisation is used in remarketing.
The user can prevent participation in this tracking procedure by adjusting the browser software or cookie settings accordingly. However, the suppression of third-party cookies means that no more third-party ads are received. Furthermore, the tracking procedure can be prevented by installing the plug-in provided by Google under the link https://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of our offer to the full extent.
Information provided by the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. A control option for the processing of your data by the provider is offered at: https://adssettings.google.com/authenticated. Further information on data protection at Google: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Information on setting cookies can be found at https://www.google.com/privacy/ads/. Google LLC is certified under the Privacy Shield Agreement and thus offers a guarantee that European data protection law is complied with (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI).
We use HubSpot for our online marketing activities and online applications. It is an integrated software solution which we cover various aspects of our online marketing with.
These include among others:
- Content management (website and blog)
- E-mail marketing (newsletters and automated mailings, e.g. to provide downloads)
- Social media publishing & reporting
- Reporting (e.g. traffic sources, accesses, etc. ...)
- Contact management (e.g. user segmentation & CRM)
- Landing pages
- Support form
- Application form
Our registration service allows visitors of our website to learn more about our company, download content and provide their contact and other demographic information.
This information, as well as the content of our website, is stored on servers of our software partner HubSpot. We may use this information to contact visitors of our website and to determine what services of our company they are interested in.
HubSpot is a U.S. software company with a responsible office in Ireland. Contact us: HubSpot Inc, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland, telephone number: +353 1 5187500.
HubSpot is certified under the "EU - U.S. Privacy Shield Framework" and is subject to TRUSTe's Privacy Seal and the "U.S. - Swiss Safe Harbor" framework.
- More information from HubSpot regarding EU data protection regulations
- More information about the cookies used by HubSpot can be found here & here
Used as well are cross-device features of Google DoubleClick. The provider is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
This feature allows you to link the advertising target groups created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. That way, interest-based, personalised advertising messages that have been adapted to the respective user depending on their previous usage and surfing behaviour on one device (e.g. mobile phone) can also be displayed on another (e.g. tablet or PC). If the user has given permission, Google will link the web and app browsing history to the appropriate Google Account for this purpose. In this way, the same personalized advertising messages can be displayed on any device to which the user signs in with their Google Account.
To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target audiences for cross-device advertising.
Website visitors can opt-out of cross-device remarketing/targeting any time by deactivating personalized advertising in their Google account: https://www.google.com/settings/ads/onweb/. If the site visitor wishes to opt-out of Google's general tracking practices, conversion tracking cookies can be deactivated by changing the browser settings to block cookies from the www.googleadservices.com domain: https://www.google.de/settings/ads.
The aggregation of the data collected in the site visitor's Google account is based solely on the visitor's consent, which the visitor gives or may withdraw to Google (Art. 6 para. 1 lit. a DSGVO). In the case of data collection transactions that are not merged with his or her Google account (e.g. because he or she does not have a Google account or has objected to the merging), the collection of data is based on Art. 6 para. 1 lit. f DSGVO. The legitimate interest arises from the fact that the website operator has an interest in the anonymised analysis of website visitors for advertising purposes.
Further information and the data protection regulations can be found in the Google data protection declaration at: https://www.google.com/policies/technologies/ads/.
This site uses so-called web fonts, provided by Fonticons, Inc., for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you use must connect to the servers of Fonticons, Inc. This tells Fonticons, Inc. that your IP address has been used to access our website. We use web fonts to be able to present a uniform and attractive sight of our online offers. This represents a legitimate interest in accordance with Art. 6 Para. 1 lit. f DSGVO. If your browser does not support web fonts, a standard font is chosen by your computer.
We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact form) is done by a human being or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. Said analysis automatically begins as soon as the website visitor enters the website. For analysis purposes, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run in the background completely. Website visitors are not informed that an analysis is taking place.
Data processing is carried out based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting his web offers from abusive automated spying and from SPAM.
Further information on Google reCAPTCHA and Google's data protection declaration can be found in the following links: https://policies.google.com/privacy/. This service serves to improve the visual design of the website. It cannot be excluded that data may also be transferred to other Google servers. Google LLC is certified under the Privacy-Shield-Agreement and thus offers a guarantee that European data protection law is being observed (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI).
For assistance with inquiries to our support we if necessary, use the tool TeamViewer. You can find it on our support pages. You can download and start TeamViewer by clicking on the respective icon on the website.
TeamViewer allows us to temporarily access your system, view your screen and remotely control mouse and keyboard. Please close all windows with content that is critical to your business or that requires data protection before you release it. To use TeamViewer, you do not need to install anything and do not require any (additional) admin rights. You can terminate the remote maintenance at any time by clicking "Close connection".
Social Plugins - Links
Our site contains links to our offers on social media sites. When the corresponding links are displayed, no data is transferred to the platforms yet. Should you wish to visit one of these sites, please note that you are leaving the scope of this data protection declaration regarding platform operations.
With your consent you can subscribe to our newsletter, in which we inform you about our current interesting offers and events. The advertised goods and services correspond to our product portfolio.
For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration we will send you an e-mail to the given e-mail address in which we ask you to confirm that you wish to receive the newsletter regularly. If you do not confirm your registration, your information will be blocked and finally deleted automatically. In addition, we store your IP address and the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data (Art. 6 para. 1 lit. f) DSGVO).
The only compulsory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to address you personally. If you do not wish to give a name, you can also give a pseudonym. After your confirmation we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 Paragraph 1 S. 1 lit. a) DS-GVO.
You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in each newsletter e-mail, via our website or by sending an e-mail or a message to the contact data provided in the imprint.
F. Contact form / registration form / support form / application form
Using the forms, you have the possibility to send a message to our specialist departments. It is primarily used to contact, and register interested parties with regard to our products and services, as well as the individual description on the respective page, and to apply for a job. Please note that your message cannot be assigned to a specific recipient at first but will be distributed to the respective contact persons in our company by the designated department. If you wish to address your inquiry, registration or application directly to a specific contact person in our company, without being informed by other contact persons, we kindly ask you to make an inquiry by telephone or mail, naming the specific contact person.
The mandatory data are mentioned in the respective form, if necessary voluntary data are marked as such or an explanation of the necessary data is given. Application documents must be uploaded using the appropriate function. You must check any checkboxes before sending the respective form.
We will delete the contents of the forms as long as they are no longer required, e.g. if the inquiry has been processed or a decision has been made about your application, or as long as you have given us your consent to a longer storage and there is no further legal obligation to store the data. We regularly check the necessity; furthermore, the legal archiving obligations apply, which may result from tax law or commercial law.
G. Use of our log-in area
If you wish to use our log-in area, you must register by entering your username and a password of your choice and, if applicable, your e-mail address. There is no obligation to use a clear name, pseudonymous use is possible. We use the so-called double-opt-in procedure for registration, i.e. your registration is not complete until you have confirmed your registration by clicking on the link contained in a confirmation e-mail sent to you for this purpose explicitly. If you do not confirm, your registration will be deleted from our database automatically. The provision of the data mentioned above is obligatory; you can provide all further information voluntarily by using our log-in area.
If you use our log-in area, we will store the data required to fulfil the contract or agreement, including details of the method of payment, until you finally delete your access. Furthermore, we store the voluntary data provided by you for the duration of your use of the log-in area, unless you delete it first. You can manage and change all information in the protected log-in area at any time. The legal basis is Art. 6 para. 1 p. 1 lit. f) DS-GVO.
To prevent unauthorised access by third parties to your personal data, particularly financial data, the connection is encrypted using TLS technology.
H. Rights of data subjects
You have the right to receive information about your data stored with us any time and free of charge without giving reasons, as well as about the origin, recipients or categories of recipients to whom this data is passed on and the purpose of storage. You may at any time correct, delete or limit the processing of your data collected by us and you may also exercise your right to data transferability. Furthermore, you have the right of objection.
Correction, deletion or limitation of processing: You have the right to request Comsol to correct incorrect personal data concerning you without delay. You have the right to request the completion of incomplete personal data, including by means of a supplementary declaration, considering the purposes of the processing.
Right of objection: In so far as the processing of personal data concerning you is carried out on the basis of Art. 6 Paragraph 1 letter f) DPA, you have the right to object to the processing of such data at any time for reasons arising from your particular situation. We will then no longer process these personal data unless Comsol can prove compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
Right of withdrawal: If the processing is based on consent, you have the right to withdraw consent at any time, without affecting the lawfulness of the processing carried out on the basis of the consent up to the point of withdrawal. For this purpose, you can contact us or our data protection officer at any time using the data mentioned above.
Right of deletion: You have the right to request Comsol to delete any personal data relating to you immediately and Comsol is obliged to delete personal data immediately if one of the following cases occurs:
- The personal data is no longer necessary for the purposes for which it was collected or processed otherwise in the first place.
- You object to the processing and there are no overriding legitimate reasons for processing.
- The deletion of personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which we are subject. This shall not apply where processing is necessary for compliance with a legal obligation which requires processing under Union law or the law of the Member States to which we are subject.
Right to limit processing: You have the right to request Comsol to limit processing if one of the following conditions is met:
the accuracy of your personal data is contested, for a period which allows us to verify the accuracy of the personal data
The processing is unlawful and you object to the deletion of the personal data and instead request the restriction of the use of the personal data.
Comsol no longer needs the personal data for the purposes of the processing, but you need them to assert, exercise or defend legal claims, or you have objected to the processing, and until such time as it is established that our legitimate reasons outweigh yours.
If the processing has been restricted, such personal data, apart from being stored, may be processed only with your consent or for the purpose of pursuing, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of major public interest of the Union or a Member State.
If you have obtained a restriction on processing, we will inform you before the restriction is lifted.
Right of complaint: without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State in which you are resident, in your place of work or in the place where the alleged infringement occurred, if you consider that the processing of personal data relating to you is in breach of the DPA. You can also contact the Comsol data protection officer. You can reach him at:
Phone: +49 6841 9816-0
We will be happy to answer any further questions you may have about our indications, data protection and the processing of your personal data. Further information on data protection in the Federal Republic of Germany can also be found at www.bfd.bund.de.
Status of the data protection declaration and information: 20.11.2019