Website Privacy Notice

We, plicatec business development GmbH, Jechtinger Str. 11, 79111 Freiburg (hereinafter also referred to as “we”, “us” or “plicatec”), would like to provide you with the following information on the processing of your personal data (hereinafter also referred to as “data”) when using our website and on your rights under data protection law.

We take the protection of your personal data very seriously. Your data is processed exclusively in accordance with the applicable data protection regulations, in particular the provisions of the European General Data Protection Regulation (hereinafter: “GDPR”) and the German Federal Data Protection Act (hereinafter “BDSG”).

For reasons of readability, we use the generic feminine form in this document. This is intended to include male and other gender identities expressly and equally.

Please note that the terms used, such as “personal data” or “processing”, correspond to the definitions in Article 4 of the GDPR. If you wish to look up the GDPR yourself, you can find it on the internet at: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679. You can access the BDSG (German Federal Data Protection Act) at the following link: https://www.gesetze-im-internet.de/bdsg_2018.

This privacy notice applies exclusively to our website, which can be accessed at https://www.plicatec.com/ including all of its subpages. This privacy notice expressly does not apply to third-party websites to which links are provided from our website.

Information on the Controller

The controller within the meaning of the GDPR for the processing of your data in connection with this website is:

plicatec business development GmbH
Jechtinger Str. 11
79111 Freiburg
Germany

Tel.: +49 761 21684-0
E-mail: plicatec@plicatec.com

If you have any questions regarding the processing of your data or if you wish to exercise your rights as a data subject, please contact us using the contact details provided above.

You may also contact our Data Protection Officer directly. You can reach her by e-mail at dsb@plicatec.com or under the following contact details:

V-Formation GmbH
Stephanienstr. 18
76133 Karlsruhe
Germany

www.v-formation.de
Tel.: +49 721 170 290 34

Data Processing When Using Our Website

External Hosting of the Website and Creation of Log Files

This website is hosted by an external service provider (Host Europe GmbH). The personal data collected on this website is stored on the servers of the hosting provider.

The use of the hosting provider is based on our interest in providing our online offering in a secure, fast and efficient manner through a professional provider (Article 6(1)(f) GDPR).

Our hosting provider will only process your data to the extent necessary to fulfil its service obligations and in accordance with our instructions regarding such data.

We use the following hosting provider:

Host Europe GmbH
Hansestraße 111
DE-51149 Cologne
Germany

In order to ensure data processing in compliance with data protection regulations, we have concluded a data processing agreement with our hosting provider in accordance with Article 28(3) GDPR.

When you access and use our website, log files are created. These automatically store the following information:

IP address
Date and time of access
Pages and files accessed
Amount of data transferred
Information on the browser used and operating system
Screen resolution and color depth of the device accessing the website
Browser and language settings
Information on browser plug-ins (JavaScript, Flash Player, Java, Silverlight, Adobe Acrobat Reader, etc.)
Previously visited website (referrer URL)

This data is necessary for the stable and secure operation of our website. We process it to safeguard our legitimate interests in accordance with Article 6(1)(f) GDPR. Our legitimate interests lie in providing our website and ensuring its stability and security.

Data processing takes place automatically when you access and use our website. It is not possible to use our website without this data processing. We do not use the above-mentioned data to draw any conclusions about your identity, unless there is a justified suspicion of an attack or unlawful use of our website.

Server log data is stored for as long as is necessary for the purposes described above and is usually deleted after [30 days]. Longer storage, in particular for the establishment, exercise or defence of legal claims, remains reserved.

Further information can be found in Host Europe’s privacy policy at: https://www.hosteurope.de/AGB/Datenschutzerklaerung/.

Contact Form

You have the option of sending us enquiries via a contact form. When you use our contact forms, we collect and store the personal data you provide via the respective contact form in order to respond to your enquiry.

Data processing is carried out on the basis of Article 6(1)(b) GDPR if it concerns the performance or initiation of a contractual relationship with you, or on the basis of our legitimate interest in the proper handling of your enquiry in accordance with Article 6(1)(f) GDPR.

If we process your data based on our legitimate interests pursuant to Article 6(1)(f) GDPR, you may object to the processing of your data at any time by sending a message to the contact details stated above.

Potential Check

You have the option to carry out a potential check for new customer acquisition on our website. For this purpose, we use an interactive form provided via the JotForm service. JotForm is a service of JotForm Inc., 111 Pine St. Suite 1815, San Francisco, CA 94111, https://jotform.com.

We use JotForm to enhance our services for existing and potential clients. If you use this form, the data you enter will be transmitted to JotForm and processed on its servers. The processing is carried out solely for the purpose of evaluating your input and assessing your business potential for new customer acquisition. If you wish, we will also use your data to contact you following your enquiry.

The purpose of processing the data you provide is to determine your potential for new customer acquisition and to discuss it with you in a subsequently agreed appointment. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. Our legitimate interest is to offer you the opportunity to discuss your potential with us. When using the tool, personal data (e.g. your e-mail address) is requested. You also have the option of describing your request and providing us with further information. If you use the tool, the information you provide in the enquiry form, including the personal data you enter there, will be stored and transmitted to JotForm. The use of the form is voluntary.

JotForm processes data on servers in the United States and possibly in other third countries. JotForm is certified under the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of data protection in line with the requirements of the GDPR. We have also concluded a data processing agreement with JotForm so that the data you provide is processed on our behalf and in accordance with our instructions. Further information on JotForm’s certification and data protection measures can be found at https://www.jotform.com/privacy.

Appointment Scheduling via Calendly

After completing the potential check, you have the option of booking a consultation appointment. To schedule appointments, we use the service Calendly, provided by Calendly LLC, 115 E Main St, Ste A1B, Buford, GA 30518, USA (hereinafter “Calendly”). If you use this function, certain personal data such as your name, e-mail address, possibly your telephone number, and the appointment you select will be processed and transmitted to Calendly.

This data is processed exclusively for the purpose of organising and carrying out the agreed appointment. The use of Calendly is voluntary. Alternatively, you can, of course, arrange an appointment with us by e-mail or telephone.

Calendly is certified under the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of data protection in line with the requirements of the GDPR. We have also concluded a data processing agreement with Calendly so that the data you provide is processed on our behalf and in accordance with our instructions. Further information on how Calendly processes your data can be found in the provider’s privacy policy at: https://calendly.com/privacy.

Data transmission to Calendly is encrypted. Calendly processes your data exclusively on our behalf and does not use it for its own purposes. Neither we nor Calendly will disclose your data to third parties unless there is a legal obligation to do so or you have expressly consented to such disclosure.

The legal basis for data processing is your voluntary consent pursuant to Article 6(1)(a) GDPR or – if the appointment is in connection with an existing contractual relationship or serves to initiate such a contract – Article 6(1)(b) GDPR. The data you provide is stored only for as long as is necessary for appointment management, unless statutory retention obligations require a longer storage period.

Enquiries by E-mail, Telephone or Fax

You have the option of contacting us by e-mail, telephone or fax. In responding to your enquiry, we collect and store the personal data you provide in order to respond to your request.

Cookies

We use cookies and similar technologies (hereinafter collectively referred to as “cookies”) on this website in order to make our website more convenient, efficient and secure and to ensure its economical operation.

Cookies are usually small identifiers that our server sends to your web browser and that your device stores if this is permitted by your default settings. They may be used, among other things, to recognise you when you revisit our website and to analyse and evaluate your use of our website. Cookies can be set by us or by third parties, such as our partners, e.g. for statistical and marketing purposes.

Data processing is carried out either to safeguard our legitimate interests pursuant to Article 6(1)(f) GDPR or on the basis of Article 6(1)(a) GDPR, if you have expressly consented to the storage and use of cookies via our cookie banner. The use of other legal bases remains expressly reserved.

Any storage of information on your device or access to information already stored on your device in connection with the use of cookies takes place on the basis of your consent pursuant to Section 25(1) sentence 1 of the German Telecommunications Digital Services Data Protection Act (TDDDG). If the storage of information on your device or the access to information already stored on your device is absolutely necessary for us to provide the telemedia service expressly requested by you (here: our website), your consent is not required. In such cases, the storage or access takes place on the basis of Section 25(2) no. 2 TDDDG.

You can withdraw any consent you have given to the use and storage of non-essential cookies at any time with effect for the future [in the cookie settings of our website]. Furthermore, you can also object to the storage of essential cookies at any time by selecting “do not accept cookies” in your browser settings. Please refer to your browser’s “Help” function for details on the technical management and deletion of cookies via your browser settings. You can also technically prevent the storage and use of cookies by using free browser add-ons. However, if you prevent the storage of all cookies, this may result in functional restrictions on our website.

Web Analytics with Fathom Analytics

Our website uses the web analytics service Fathom Analytics, provided by Conva Ventures Inc., 300-2233 Columbia Street, Vancouver, BC, V5Y 0M6, Canada. This service enables us to collect anonymous usage statistics in order to better understand behaviour on our website and to optimise our content accordingly.

The following information may be collected, for example:

pages and paths visited,
device type and browser used,
country of origin (based on the IP address, but anonymised),
time spent and bounce rate.

Fathom Analytics does not use tracking cookies or other technologies to recognise individual visitors. The IP address is not stored permanently, but is shortened or hashed immediately after collection in a data protection-friendly manner.

The legal basis for data processing is our legitimate interest pursuant to Article 6(1)(f) GDPR in the anonymised analysis of user behaviour and the optimisation of our web offering. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Conva Ventures Inc. is based in Canada. For Canada, the European Commission has issued an adequacy decision in accordance with Article 45 GDPR. Canada is therefore considered a safe third country with a level of data protection comparable to that of the European Union. According to Conva Ventures Inc., data is processed on servers in the European Union (EU). We have also concluded a data processing agreement with Conva Ventures Inc. so that the data you provide is processed on our behalf and in accordance with our instructions. Further information on data processing can be found in Fathom’s privacy policy at: https://usefathom.com/privacy.

Google Tag Manager

We use Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google Ireland”).

Google Tag Manager enables us to integrate and update third-party services such as tracking and analytics tools more easily into our website without having to make changes to the website itself. Google Tag Manager does not create user profiles and does not perform its own analyses. It simply manages and executes the tools embedded via it.

The legal basis for the data processing is our legitimate interest pursuant to Article 6(1)(f) GDPR in the fast and straightforward integration and management of various tools on our website. If consent is requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.

When you access our website, a connection is established to Google Ireland’s servers and your IP address is transmitted to Google Ireland. Your IP address may also be transmitted to servers of Google LLC, the parent company of Google Ireland, in the United States and stored there. Google LLC, based in the United States, is certified under the EU-U.S. Data Privacy Framework. The corresponding certificate can be found at: https://www.dataprivacyframework.gov/list. Any data transfers to Google LLC in the United States are thus covered by the European Commission’s adequacy decision pursuant to Article 45(3) GDPR. The adequacy decision has been published by the European Commission here: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Links to Our Social Media Presences

Our website contains links (hyperlinks) to our presences on the social networks and platforms Instagram, Facebook, LinkedIn, Xing and YouTube. These services are provided by the companies listed below (hereinafter also referred to as “social media platforms”):

Instagram is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta Ireland”).

Facebook is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta Ireland”).

LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn Ireland”).

Xing is operated by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.

YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google Ireland” or “YouTube”).

The purpose and scope of data collection and the further processing and use of data by these social media platforms, as well as your rights in this regard and settings options for the protection of your privacy, can be found in the privacy policies of the social media platforms:

Instagram privacy policy: https://help.instagram.com/519522125107875 and https://privacycenter.instagram.com/policies/cookies/
Facebook privacy policy: https://www.facebook.com/privacy/explanation, https://de-de.facebook.com/legal/terms/ and https://www.facebook.com/policies/cookies/
LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy
Xing privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
Google privacy policy (including YouTube): https://www.google.de/intl/de/policies/privacy/

If you do not want a third-party provider to be able to associate the clicking of a link to its offering with your user account there, you must log out of the respective service before clicking such a link. Even if you are not logged in to the third-party providers, data may be sent to the third-party provider after you click a link due to the use of cookies.

Recipients of Personal Data

Your personal data is only transmitted to external recipients to the extent necessary to achieve the purposes described above, if we have your consent, or if another legal basis permits this. Where necessary, your data may be transmitted to external service providers we use to achieve the purposes described above, with whom we have concluded data processing agreements in accordance with Article 28(3) GDPR. The external service providers we use process your data solely for the intended purpose and in accordance with our instructions.

External recipients of your personal data may in particular include:

service providers bound by instructions that we use to achieve the purposes described above;
business partners, such as freelance collaborators;
tax authorities;
tax consultants and auditors; and
courts, arbitration tribunals, authorities or legal advisors, if this is necessary to comply with applicable law or for the establishment, exercise or defence of legal claims.
[to be completed if needed]

Details on the recipients of data for the individual processing operations and services can be found in the preceding sections of this privacy notice.

Data Processing in Third Countries

If we transfer your data to third countries outside the European Union (EU) or the European Economic Area (EEA) as described above, we ensure, before such transfer, that an adequate level of data protection exists at the recipient’s end (other than in cases where such transfer is permissible by law) or that you have given your consent to the data transfer. An adequate level of data protection may exist, for example, if there is an adequacy decision by the European Commission, through the conclusion of EU standard contractual clauses (SCCs), or by the existence of binding corporate rules (BCRs). Please contact us using the contact details above if you wish to receive a copy of the specific safeguards for the transfer of your data to third countries.

In the event that the existing adequacy decision for the EU-U.S. Data Privacy Framework is declared invalid in the future, we have already agreed – or will, where necessary, timely agree – additional transfer instruments, such as EU standard contractual clauses, with the relevant service providers.

Details on data transfers to third countries can be found in the information on the individual processing operations and services in the preceding sections of this privacy notice.

Storage Period and Deletion

We store your personal data only for as long as is necessary to fulfil the purposes described above or – in the case of consent – until you withdraw your consent. In the event of an objection, we will no longer process your personal data, unless its further processing is permitted or even required by applicable law (e.g. under commercial and tax retention obligations). We also delete your personal data when we are legally obliged to do so.

For further details on the storage period of your personal data, please refer to the relevant sections above.

Your Rights

As a data subject, you have the following rights under the GDPR:

Right of access (Article 15 GDPR)

You have the right to obtain information about the personal data we process concerning you.

Right to rectification (Article 16 GDPR)

You have the right to request that we rectify inaccurate data without undue delay and to have incomplete data completed, provided the legal requirements are met.

Right to erasure (Article 17 GDPR)

You have the right to request the deletion of your personal data, provided the legal requirements are met, in particular if (1) your data is no longer necessary for the purposes described in this privacy notice, (2) you have withdrawn your consent and there is no other legal basis for processing, (3) your data has been processed unlawfully, or (4) you have objected to the processing of your data and there are no overriding legitimate grounds for the processing.

Right to restriction of processing (Article 18 GDPR)

You have the right to request that we restrict the processing of your personal data, in particular if you contest the accuracy of the data or if the processing of your data is unlawful and you request the restriction of processing instead of deletion.

Right to data portability (Article 20 GDPR)

If your data is processed on the basis of a contract or your consent, you have the right to receive your data in a structured, commonly used and machine-readable format or to have it transmitted to another controller, provided the legal requirements are met.

Right to object (Article 21 GDPR)

You have the right, on grounds relating to your particular situation, to object at any time to the processing of your data where the legal basis for our processing is our legitimate interests pursuant to Article 6(1)(f) GDPR. If you exercise your right to object, we will stop processing your data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is required for the establishment, exercise or defence of legal claims.

Right to withdraw consent (Article 7(3) GDPR)

If we process your data on the basis of your consent, you have the right to withdraw this consent at any time with effect for the future. The lawfulness of processing carried out on the basis of consent before its withdrawal remains unaffected by the withdrawal.

Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR (Article 77 GDPR). You may exercise this right with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement, or with the supervisory authority responsible for us. The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg, Lautenschlagerstraße 20, 70173 Stuttgart, Germany.

If you have any questions regarding the processing of your data or if you wish to exercise your rights as a data subject, please contact us using the contact details provided above.