Privacy Policy

Our website uses Google Analytics, a web analysis service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the responsible provider for users within the European Union (EU).

How it works and why it is used

Google Analytics uses cookies that enable an analysis of the use of our website. The following data is collected:

IP address (truncated and anonymized in the EU before being forwarded to Google)

Duration of visit and time spent on individual pages

Interactions on the website (e.g. clicks, scrolling behavior)

Origin of visitors (e.g. referrer websites, search engines)

Device type, operating system and browser

Location (based on anonymized IP addresses)

We use Google Analytics to analyze user behavior and optimize our services accordingly. The data obtained helps us to improve the user-friendliness of our website, provide relevant content and identify technical problems at an early stage.

IP anonymization

To protect your privacy, we use the IP anonymization feature of Google Analytics. This means that the IP address of users within the EU or the European Economic Area (EEA) is shortened before it is transmitted to Google. This prevents the collected data from being linked directly to a particular individual.

Legal basis for the processing

Data processing by Google Analytics is based solely on your consent per Art. 6 (1) (a) DSGVO. You can give or withdraw your consent via our cookie banner.

Data transfer to the US

Google generally stores the information collected by Google Analytics on servers in the United States. Google is certified under the EU-U.S. Privacy Shield Framework, so that a transfer is considered secure under certain conditions. Nevertheless, there is a risk that U.S. authorities could gain access to the data.

Storage period of the data

The data collected by Google Analytics is stored for 14 months by default and then automatically deleted.

Deactivation and objection

You can prevent Google Analytics from collecting your data in various ways:

Cookie banner: Refuse or revoke your consent via the cookie settings on our website.

Browser plug-in: Install the opt-out add-on provided by Google for your browser at: https://tools.google.com/dlpage/gaoptout

Do-Not-Track Setting: Activate the “Do-Not-Track” function in your browser to prevent automatic collection by Google Analytics.

For more information about Google Analytics and the processing of personal data by Google, please refer to Google's privacy policy: https://policies.google.com/privacy

We use Matomo, an open-source web analytics software hosted on our own servers, on our website. Matomo enables us to analyze user behavior on our website without sharing data with third parties.

How it works and why we use it

Matomo collects user data using cookies or anonymized fingerprint technology to provide us with statistical information about the use of our website. The following data is collected:

Duration of visit and time spent on individual pages

Click behavior and scrolling movements

Origin of visitors (e.g. referrer websites, search engines)

Device type, operating system and browser

Anonymized IP address (truncated and without direct assignment to a person)

We use Matomo to improve the functionality of our website and to optimize the user experience. Since Matomo is operated locally on our servers, only we have access to the collected data, and it is not passed on to third parties.

Privacy-friendly configuration

To ensure the protection of your privacy, we have configured Matomo so that:

IP addresses are anonymized (last digits are truncated) so that no conclusions can be drawn about individual persons.

The data is not merged with other sources or used for marketing purposes.

No data is passed on to third parties or transmitted to external servers. If individual data is linked to other services such as HubSpot, we ensure that this is done in anonymized form so that no personal conclusions can be drawn about individual users.

Legal basis for the processing

The processing of data by Matomo is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR, since we use a privacy-friendly, self-hosted analysis that does not require disclosure to third parties. If cookies are used to collect Matomo data, the processing will only take place with your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Storage period of the data

The data collected by Matomo is stored for 13 months by default and then deleted.

Deactivation and objection

You can object to the use of Matomo or prevent the collection of your data:

Cookie banner: We use cookies. You can revoke your consent via the cookie settings on our website.

Do-Not-Track function: Matomo respects the “Do-Not-Track” setting of your browser. If you have activated this, your visit will not be analyzed.

Further information about Matomo can be found in the official data protection guideline: https://matomo.org/privacy-policy/

Our website uses Google Tag Manager, a service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the responsible provider for users within the European Union (EU).

Functionality and purpose of use

Google Tag Manager is used to manage website tags (scripts) via a central platform. This allows various analysis and marketing tools to be efficiently integrated and controlled on our website without having to directly adapt the source code.

The Google Tag Manager itself does not collect any personal data of users. However, it loads other services, such as Google Analytics, Matomo or HubSpot, which in turn can collect data. The respective data protection provisions of these services are listed in the corresponding sections of this privacy policy.

Legal basis for processing

Since Google Tag Manager does not process any data of its own, it is used on the basis of our legitimate interest in the efficient administration of tracking technologies in accordance with Art. 6 (1) point f GDPR. However, personal data is only actually collected by services integrated via the Tag Manager with your consent in accordance with Art. 6 (1) point a GDPR, which you can give or withdraw via the cookie banner on our website.

Data transfer to the USA

Since Google Tag Manager belongs to Google, there is the possibility of data transfer to the USA. However, Google is certified under the EU-U.S. Data Privacy Framework, so that data transfer is considered secure under certain conditions.

Storage duration of the data

Google Tag Manager itself does not store any data and does not perform any analysis independently. The duration of storage depends on the integrated services that are controlled by it.

Further information on the use of Google Tag Manager can be found at:

https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

Our website uses Google Ads and the associated conversion tracking, an online advertising service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is responsible for users in the EU.

How it works and the purpose of its use

Google Ads enables us to place ads in Google Search and the Google Display Network. Conversion tracking allows us to measure whether users perform certain actions on our website (e.g. submit a contact form or purchase a product) after clicking on a Google ad.

Google sets a cookie on your device when you access our website via a Google ad. This cookie contains a unique ID and stores the following data:

Visited sub-pages and length of stay

Clicks on certain elements (e.g. buttons, forms)

Origin of the visit (e.g. Google search, Google Display Network)

However, Google itself does not receive any personal data, only anonymized conversion data.

Data transfer to the USA

Google processes the data on servers worldwide, including in the United States. Google is certified under the EU-U.S. Data Privacy Framework.

Storage period of the data

Google Ads conversion cookies have a lifespan of 30 days.

Deactivation and objection

You can disable personalized advertising by Google in the Google advertising settings.

Further information on data processing by Google can be found here:

https://policies.google.com/privacy

Our website uses the LinkedIn Insight Tag, an analysis tool from LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2, Ireland).

Functionality and purpose of use

The LinkedIn Insight Tag enables us to analyze how LinkedIn users interact with our website. This allows us to optimize our advertising campaigns on LinkedIn and display relevant content to users.

The following information, among other things, is collected:

IP address (truncated and anonymized)

Information about the browser and the device used

Pages visited and time spent

Origin of the visit (e.g. LinkedIn ad)

The data collected is anonymized by LinkedIn and provided in aggregated form. If you are logged in to LinkedIn, LinkedIn can link the data to your LinkedIn profile.

Data transfer to the USA

LinkedIn may transfer data to the United States. However, LinkedIn is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection.

Storage period for data

The data collected by the LinkedIn Insight Tag is stored for 90 days and then anonymized.

Deactivation and objection

You can disable LinkedIn tracking in your LinkedIn privacy settings.

Further information on data processing by LinkedIn can be found here:

https://www.linkedin.com/legal/privacy-policy

Our website uses the meta pixel, a tracking tool from Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland).

How it works and the purpose of its use

The meta pixel allows us to target visitors to our website with ads on Facebook and Instagram. This enables us to measure the success of our advertising campaigns and to display ads specifically to users who have already interacted with our website.

When you visit our website, a connection is established to the meta servers. If you are logged into Facebook or Instagram, meta can assign the visit to your profile. The following information, among other things, is collected:

Pages visited and time spent

Interactions with content (e.g. clicks, completed forms)

Device and browser information

Facebook or Instagram ID (if logged in)

Data transfer to the USA

Meta stores the data on servers worldwide, including in the USA. Meta is certified under the EU-U.S. Data Privacy Framework.

Storage period for data

The data collected by the meta pixel is stored for 90 days and then anonymized.

Deactivation and objection

You can disable personalized advertising by Meta in the Facebook advertising settings.

Further information on data processing by Meta can be found here:

https://www.facebook.com/privacy/policy/

Our website uses features of the professional network XING, provided by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.

What data is processed?

When you visit a page that contains XING features (e.g. the XING Share button), a connection to the XING servers is established. For technical reasons, the IP address of your device may be transmitted. However, to the best of our knowledge, XING does not store any personal data. In particular, XING does not permanently store any IP addresses or analyze user behavior.

Purpose and legal basis of the processing

The XING plug-in is used to share our content on the XING professional network and to increase our visibility. The processing is based on:

Art. 6 (1) (f) GDPR (legitimate interest), as we have an economic interest in the visibility of our company on social networks.

If consent is required to use external content, the processing is carried out on the basis of Art. 6 (1) (a) GDPR. This consent can be withdrawn at any time.

Duration of data storage

Our website does not store any data in connection with the XING plugin. We have no influence on the storage and use of data by XING itself. For information on processing by XING, please refer to the provider's privacy policy.

Further information on data processing by XING can be found at:

https://www.xing.com/app/share?op=data_protection

We use Google Search Console, a service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the responsible provider for users within the European Union.

How it works and the purpose of use

Google Search Console enables us to analyze website performance in Google search. This allows us, among other things, to:

see under which search terms our website is found

identify technical errors and crawling problems

optimize the indexing of our pages by Google

No personal data of visitors to our website is collected or processed. The Search Console only shows us aggregated data on website performance that Google has already collected itself.

Legal basis for the processing

Since no personal user data is processed or stored via the Google Search Console, its use is based on our legitimate interest in accordance with Art. 6 (1) point f GDPR, as it helps us to improve the visibility of our website.

For more information about the Google Search Console, please see Google's privacy policy:

https://policies.google.com/privacy

Google Maps is a map service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the responsible provider for users within the European Union.

When you access a page with an embedded Google Maps map, a connection to the Google servers is established. In doing so, Google may collect the following data, among other things:

Your IP address

Your location (if location services are enabled)

Information about your browser and device

The subpage of our website you visited

Google Maps sets cookies and may link usage data to your Google Account if you are logged in.

Legal basis:

You must give your consent for the use of Google Maps in accordance with Art. 6 (1) point a GDPR, which is obtained through our cookie banner. You can withdraw this consent at any time through the cookie settings.

For more information about data processing by Google Maps, please follow this link:

https://policies.google.com/privacy

In addition, we use Mapbox, a map service provided by Mapbox Inc. (740 15th Street NW, 5th Floor, Washington, DC 20005, USA).

Mapbox enables us to provide individually designed maps. When a map is loaded, data is transferred to Mapbox, including:

Your IP address

Information about your browser and device

Location data (if you activate location sharing)

Mapbox processes this data on servers in the United States. However, the provider is certified under the EU-U.S. Data Privacy Framework, so that a transfer is considered secure under certain conditions.

Legal basis:

We use Mapbox exclusively with your consent in accordance with Article 6(1)(a) GDPR, which you can grant via our cookie banner.

Further information on data processing by Mapbox can be found at:

https://www.mapbox.com/legal/privacy

We use Perspective.co, an online form and funnel tool from Perspective Software GmbH (Müggelstraße 22, 10247 Berlin, Germany), to provide interactive forms that guide potential customers through a structured request.

How it works and why we use it

Perspective.co enables us to create mobile-optimized lead funnels that are designed to guide users through a request or registration in a structured way. Depending on the funnel configuration, the following data can be collected:

Name

Email address

Phone number

Company name

Input in free text fields

The data you enter is transmitted to us and used to process your request or to contact you. 

Perspective.co stores this data on servers within the EU and does not share it with unauthorized third parties.

Legal basis for the processing

The processing of your data is based exclusively on your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Storage period of the data

Your data will only be stored by Perspective.co for as long as is necessary for the respective processing purpose. If you wish to have your data deleted, you can contact us at any time.

Further information on data processing by Perspective.co can be found in the provider's privacy policy:

https://perspective.co/de/datenschutzerklaerung

We use HubSpot, a service provided by HubSpot Inc. (25 First Street, Cambridge, MA 02141, USA), on our website. For users within the EU, HubSpot Ireland Limited (One Dockland Central, Dublin 1, Ireland) is the responsible provider.

How it works and the purpose of use

HubSpot is a marketing and sales platform that helps us analyze website visits, provide personalized content, and manage leads. Various functions can be used for this:

Live chat & contact forms → Direct communication with website visitors

Email marketing → Sending newsletters and automated emails

Lead tracking → Analysis of user behavior on our website

CRM integration → Management of contact data and customer interactions

The data collected may include:

Name, email address, phone number

Company information (if provided)

Visitor behavior on the website (clicks, pages viewed, time spent)

IP address (will be anonymized if technically possible)

If HubSpot is linked to other tools such as Matomo or Google Analytics, we ensure that the transmitted data is anonymized.

Data transfer to the USA

Since HubSpot is a US company, personal data may be transferred to the USA. However, HubSpot is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection under certain conditions.

Legal basis for the processing

Your data will only be processed via HubSpot with your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Storage period for data

Your data will be stored in our HubSpot system for as long as it is needed for the respective processing purpose. You can request the deletion of your data at any time.

Further information on data processing by HubSpot can be found here:

https://legal.hubspot.com/de/privacy-policy

We offer white papers, e-books and other protected documents for download on our website. To access this content, it may be necessary to register in advance or provide certain information.

What data is collected?

Name and email address (mandatory information for providing the document)

Company and position (if provided, for more targeted delivery of relevant content)

Area of interest or specific selection of documents

Usage data (e.g. whether the document was downloaded)

Purpose of processing

Provision of the requested content

Personalized follow-up on relevant topics

Analyzing interests to optimize our content

If the download indicates a potential business relationship, the information may be forwarded to our sales team.

Data processing in HubSpot & transfer to CRM

The registration data is stored in HubSpot CRM.

If the information is relevant for the sales processes, it may be forwarded to Microsoft Dynamics CRM.

Legal basis

The data is processed on the basis of your consent (Art. 6 para. 1 lit. a GDPR), which you give by submitting the registration form. The analysis of user behavior is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in improving our information offering.

Storage period & revocation

The data remains stored until you revoke your consent.

You can object to the further processing of your data at any time and request deletion by contacting us at info@group-cts.com.

Further information on data processing by HubSpot:

https://legal.hubspot.com/de/privacy-policy

We use Microsoft 365, a cloud-based software solution from Microsoft Ireland Operations Ltd. (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland), which includes various applications for business communication and document management.

How it works and why we use it

Microsoft 365 is used for various business purposes, including:

Email communication (Outlook)

Document processing and storage (OneDrive, SharePoint)

Collaboration and teamwork (Teams, Planner)

Creating and editing presentations and spreadsheets (Word, Excel, PowerPoint)

Personal data is processed when you communicate with us by email, chat or shared documents.

Data transfer to the USA

Microsoft primarily stores the data on servers in the EU, particularly in German data centers. However, in exceptional cases, data may be transferred to the USA or other third countries. Microsoft is certified under the EU-U.S. Data Privacy Framework.

Duration of data storage

The duration of storage is based on the respective company guidelines and legal retention requirements. Business communication is generally stored in accordance with legal requirements for commercial and tax documents.

Further information on data processing by Microsoft can be found at:

https://privacy.microsoft.com/de-de/privacystatement

For video conferences, online meetings and webinars, we use Microsoft Teams, a service provided by Microsoft Ireland Operations Ltd.

How it works and why we use it

Microsoft Teams is used for internal and external communication and to conduct training and webinars. We use Teams for the following purposes:

Video conferencing and online meetings

Chat and voice communication with customers and partners

File sharing and joint editing of documents

Conducting and recording webinars for internal training purposes and, if applicable, for publication on our website or YouTube

If webinars or meetings are recorded, this is done only with the prior consent of the participants. The recordings can be used for internal training or – if expressly agreed – for external publication.

Processed data

When using Microsoft Teams, the following personal data may be collected:

Name and e-mail address (when invited to the meeting)

Communication content (chat messages, file uploads)

Connection data (IP address, device type)

Video and audio recordings (only with activated recording and consent)

Data transfer to the USA

Microsoft stores the data primarily in European data centers. If a transfer to the US is necessary, it is done in accordance with the EU-US Data Privacy Framework.

Storage period of the data

Chat messages and file attachments are stored in accordance with company guidelines.

Meeting and webinar recordings are deleted after a defined period or, if they are intended for external purposes, published on the corresponding platforms.

Further information on data processing by Microsoft Teams can be found here:

https://learn.microsoft.com/de-de/microsoftteams/teams-privacy

For technical support and remote maintenance, we use TeamViewer, a software from TeamViewer Germany GmbH (Bahnhofsplatz 2, 73033 Göppingen, Germany).

Functionality and purpose of use

TeamViewer enables us to:

provide remote maintenance and support for customers and internal systems

securely access devices in the event of technical problems

share screens and exchange files during a support session

When using TeamViewer, the following data may be processed:

IP address of the connected device

connection and session logs

Screen view during the session (if shared)

Input by the support employee

Legal basis for the processing

The processing is carried out in the context of the performance of a contract in accordance with Art. 6 (1) point b GDPR or on the basis of our legitimate interest in efficient IT support in accordance with Art. 6 (1) point f GDPR.

Storage period of the data

TeamViewer sessions are not recorded unless this is expressly agreed. Session logs are stored for internal documentation purposes if this is necessary.

Further information on data processing by TeamViewer can be found here:

https://www.teamviewer.com/de/privacy-policy/

Our website uses the HubSpot chat function to provide visitors with quick and easy support. The chatbot makes it possible to provide basic information or forward requests to an employee if personal attention is required.

What data is collected?

When using the chatbot, the following data may be processed depending on the course of the conversation:

Name (if provided)

Email address (if an email reply is requested)

Contents of the messages sent

Time and duration of the chat session

IP address and device information (truncated and anonymized if technically possible)

How is the data used?

The data collected is used to:

Provide general information automatically.

Forward enquiries to the responsible employee.

improve the quality and efficiency of our support services.

If the chat is for a customer enquiry or to initiate business, the conversation can be stored in our HubSpot CRM and – if relevant for sales – forwarded to Microsoft Dynamics.

Legal basis

Performance of a contract (Art. 6 (1) (b) GDPR) if the request is related to an existing or planned business relationship.

Legitimate interest (Art. 6 (1) (f) GDPR) to enable efficient customer communication.

Storage duration

Chat histories remain stored in HubSpot until the user requests an opt-out or deletion.

If the chat does not lead to a further business relationship, it will be automatically deleted after 12 months at the latest.

Revocation & Deletion

You can object to the storage of your chat data or request deletion at any time by contacting us at info@group-cts.com.

Further information on data processing by HubSpot:

https://legal.hubspot.com/de/privacy-policy

We use HubSpot for our email marketing to regularly inform interested users about news, offers and industry-specific information. Our newsletters and marketing emails are sent exclusively to people who have actively registered.

Registration & double opt-in procedure

Registration for our newsletter is done via a double opt-in procedure:

After entering your e-mail address, you will receive a confirmation e-mail.

Only after clicking on the confirmation link will your e-mail be activated for sending.

This ensures that no one can enter your e-mail address without permission.

What data is processed?

E-mail address (mandatory for delivery)

Name (if provided, for personalization)

Company & position (if provided, for targeted content)

Interaction data (e.g. opening rates, clicks on links, unsubscriptions)

The analysis of user behavior in our e-mails serves to improve our content and provide relevant information. This is done through tracking pixels that capture whether an e-mail has been opened and which links have been clicked.

Data processing in HubSpot & transfer to CRM

The registration data is stored in HubSpot CRM and used to personalize and analyze newsletter performance.

If the interaction with the newsletter indicates a potential business relationship, the information may be forwarded to our Microsoft Dynamics CRM.

Legal basis

The processing is carried out on the basis of your consent (Art. 6 para. 1 lit. a GDPR), which can be revoked at any time.

The analysis of reading behavior is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in optimizing our email marketing.

Storage period & revocation

Your data will be stored until you revoke your consent.

Each newsletter contains an unsubscribe link that you can use to unsubscribe at any time.

Alternatively, you can contact us at info@group-cts.com to request the deletion of your data.

Further information on data processing by HubSpot can be found here:

https://legal.hubspot.com/de/privacy-policy

We regularly offer webinars and online events to provide our customers and prospective customers with expert knowledge, to present new developments or to conduct interactive training. These webinars take place via online conferencing tools that allow for virtual participation.

Data processing when attending webinars

When you register for and attend a webinar, your personal data will be processed by us and by the providers of the conferencing tools used. The tools used are already listed in this privacy policy and include, in particular, Microsoft Teams and HubSpot.

The following personal data may be collected and processed during registration and execution of the webinar:

Registration data (e.g. name, email address, company, position)

Data on webinar participation (duration of participation, time of logging in and out, interactions such as questions asked or survey responses)

Technical data (IP address, device type, operating system, browser, connection type)

Content shared during the webinar (e.g. chat messages, questions in the Q&A section, uploaded files)

Purpose and legal basis

Data is processed for the following purposes:

Organizing and conducting the webinar

Providing further information after the webinar (e.g. webinar recordings, presentations, links to relevant content)

Analyzing webinar interactions to improve future events

Where appropriate, following up on participants' interests as part of customer care

The processing is based on Art. 6 (1) (b) GDPR (contract performance or steps prior to entering into a contract) for webinars that are related to an existing business relationship.

If webinars are used to provide general information or for marketing purposes, the processing is based on our legitimate interest in efficient communication with interested parties in accordance with Art. 6 (1) (f) GDPR.

Recording webinar content

If consent to record or contact you after the webinar is obtained, the processing is based on Art. 6 (1) point a GDPR. If a webinar is recorded, we will inform the participants in advance. The recording is made only with the express consent of the participants. We may publish selected webinar recordings on our website or via external platforms such as YouTube to make the content accessible to a wider audience. In doing so, we ensure that no personal participant data is included in the published version. If a participant is recognizable in a recording or is mentioned by name, this will only be done with their express consent.

The recording can then be used for internal training or external publication.

Storage period for webinar data

The webinar data collected directly by us will be deleted as soon as you request us to delete it, revoke your consent or the purpose of the processing no longer applies.

Statutory retention requirements remain unaffected.

Data stored by the providers of the conference tools used are subject to their respective data protection policies. We have no influence over this storage period.

For more information on data processing by the tools used, please refer to the data protection guidelines of the respective providers:

Microsoft Teams: https://learn.microsoft.com/de-de/microsoftteams/teams-privacy

HubSpot: https://legal.hubspot.com/de/privacy-policy

If you have any questions about the processing of your webinar data or wish to revoke your consent, please contact us at:

info@group-cts.com

Your data will always be treated with the utmost care and used exclusively for the purposes stated.

What data is processed?

In the context of our experts making contact via our contact forms and email links, we process:

master data (e.g. name, company, position, contact details)

communication data (e.g. emails, phone memos, meetings)

contract and offer data (e.g. orders, invoices, contracts)

Support and service history (e.g. previous inquiries, complaints)

How do we use this data?

To process inquiries and maintain business relationships

For optimized customer communication (e.g. follow-up of inquiries)

To manage offers, contracts and invoices

For internal evaluations and analyses to improve our services

Who has access to the data?

Internal departments such as sales, customer service and accounting, as required

If necessary, processors (e.g. hosting providers or IT service providers) in accordance with Art. 28 GDPR

Where is the data stored?

The data is stored in the Microsoft cloud in European data centers. In individual cases, data may be transferred to the United States, but Microsoft is certified under the EU-U.S. Data Privacy Framework.

How long is the data stored?

Business communication is stored in accordance with legal retention periods.

Contracts and invoices are subject to a legal retention period of 6–10 years.

Customer data is deleted after the business relationship has ended, provided there are no legal obligations to the contrary.

Further information on data processing by Microsoft:

https://privacy.microsoft.com/de-de/privacystatement

Our website uses the WP Job Manager plugin, an applicant tracking tool that makes it possible to manage job openings and accept online applications directly on our website.

What data do we process in the application process?

When you apply through our website, the following personal data is collected:

Personal data: name, address, telephone number, email address

Application documents: CV, certificates, qualifications, cover letter

Salary expectations, earliest start date (if provided)

Internal assessments and notes from job interviews

Metadata: IP address and time of application (for technical security and abuse prevention)

How do we use this data?

The data collected via the WP Job Manager Plugin is used exclusively to process applications:

Recording and managing incoming applications

Communicating with applicants (invitations, rejections, queries)

Reviewing and evaluating qualifications

Planning and conducting job interviews

Documenting the selection process

Automated decision-making or profiling does not take place.

How long do we store applicant data?

Successful applications: The data is transferred to the personnel administration system.

Rejected applications: The data will be deleted six months after the application process has been completed, unless you have expressly agreed to a longer storage period.

Applicant pool: With your consent, we can store your data for up to 12 months in order to contact you regarding suitable future job offers.

Who has access to the data?

HR managers and decision-makers for the respective position

Website administrators who ensure technical maintenance and security

If necessary, technical service providers for hosting and support who are contractually obliged to comply with the GDPR

Where is the data stored?

Applicant data is stored on servers within the European Union. It is not transferred to third countries.

Deletion or modification of data

Applicants can have their data deleted at any time using the contact form on the website or by emailing karriere@group-cts.com.

Further information on the WP Job Manager Plugins privacy policy can be found here:

https://wpjobmanager.com/privacy/

We offer you the opportunity to apply to us by email, post or using our online application form. In this section, we will inform you about the scope, purpose and use of the personal data that we collect as part of the application process.

Your data will be processed in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG-new). Your data will be treated in strict confidence and used only for the application process.

Collection and purpose of data processing

As part of the application process, we process the personal data that you provide to us. This includes in particular:

Contact and communication data (name, address, telephone number, e-mail address)

Application documents (CV, cover letter, certificates, qualifications, references)

Other voluntary information (e.g. salary expectations, earliest start date)

Notes and assessments from job interviews

These data are processed solely for the purpose of examining and evaluating your suitability for the advertised position and for carrying out the application process. If your application is successful, the relevant data will be transferred to our internal system in order to prepare the further employment process.

Your data is processed on the basis of Section 26 of the new German Federal Data Protection Act (BDSG-neu) (initiation of an employment relationship) and Article 6(1)(b) GDPR (general contract initiation). If you give us permission to store your data beyond the application process, the processing is carried out on the basis of Article 6(1)(a) GDPR.

Storage and deletion of application data

If your application is unsuccessful, your data will be stored for up to six months after completion of the application process. This is particularly useful for providing evidence in the event of possible legal disputes. The legal basis for this is our legitimate interest in accordance with Art. 6 (1) point f GDPR.

After six months, all electronic application documents will be irrevocably deleted and physical documents securely destroyed. If it is evident that the data is still required due to an impending or ongoing legal dispute, the deletion will only take place after the end of the proceedings.

Should statutory retention requirements prevent immediate deletion, the data will only be deleted after the respective deadlines have expired.

Inclusion in the applicant pool

If we are unable to offer you a position at the present time but see potential for future vacancies, we may include you in our applicant pool. However, your data will only be stored in the applicant pool with your express consent in accordance with Art. 6 (1) point a GDPR.

All submitted application documents and information from the original application are stored in the applicant pool so that we can contact you about suitable vacancies. Consent is voluntary and has no influence on the current application process.

Your data will be stored in the applicant pool for a maximum of two years. You can revoke your consent at any time by contacting us. In this case, your data will be deleted immediately, provided that there are no legal obligations to retain it.

Your rights as an applicant

You have the right to request information about the data stored about you at any time. You can also request the correction, deletion or restriction of the processing of your data. If you have been included in the applicant pool, you can revoke your consent to storage at any time.

To exercise your rights or if you have any questions regarding the processing of your application data, please contact us at:

E-mail: karriere@group-cts.com

Your data will always be treated with the utmost care and will only be used for the application process. It will not be passed on to third parties unless we are legally obliged to do so or you have given us your express consent to do so.

Our website is operated by an external hosting provider within the European Union. The hosting provider provides the technical infrastructure, server capacity, maintenance and security measures.

What data is processed?

When you visit our website, the hosting service provider automatically creates server log files that contain the following data:

Visitor's IP address (anonymized if possible)

Date and time of access

Pages and files accessed

Referrer URL (the previously visited page)

Browser type and version

Operating system and device information

This data is required for the technical operation of the website and to prevent attacks and is not merged with other data sources.

Legal basis for the processing

The processing of this data is based on our legitimate interest in accordance with Art. 6 (1) point f GDPR, to ensure the security and functionality of our website.

Storage period of server logs

The server logs are stored for a maximum of 30 days and then automatically deleted, unless they are needed to clarify security-related incidents.

A content delivery network (CDN) is a network of globally distributed servers that provide content such as HTML files, images, stylesheets, scripts and videos from geographically closer locations. This improves:

loading times through shorter transmission paths

website stability through distributed server load

security through additional protective mechanisms against DDoS attacks and unauthorized access

In addition, website caching is used to further increase loading speed by temporarily storing frequently accessed content.

What data is processed via the CDN?

When content is accessed via the CDN, the following data may be processed:

Visitor's IP address (anonymized if possible)

Location data (based on the IP address for optimized delivery)

Files accessed and requested resources (e.g. images, scripts, fonts)

Browser and device type for technical optimization

The CDN does not permanently store any personal user data, but ensures fast caching of static and dynamic content.

Legal basis for processing

The use of the CDN is based on our legitimate interest in accordance with Art. 6 (1) point f GDPR in a fast, reliable and secure provision of the website.

Storage duration of the data

CDN caching data is only stored temporarily and deleted regularly, depending on the access frequency and the updating of the website content.

Connection data is only stored for the duration of the visit and is not used for profiling.

The CDN uses globally distributed servers, including in non-EU countries. If data is transferred to third countries, we ensure that appropriate security mechanisms such as standard contractual clauses in accordance with Art. 46 GDPR are implemented to ensure an adequate level of data protection.

If you contact us via an e-mail link on our website, your e-mail address and the content of your message will be processed and stored by our e-mail server. These data are used solely for the purpose of processing your request.

Legal basis: performance of a contract or legitimate interest (depending on the nature of the request).

Storage period: the data is stored for the duration of the communication and deleted after 6 to 24 months, provided that no legal storage obligations exist.

When you fill out a contact form on our website, the data entered (e.g. name, email address, message) is processed by our web server and stored in our HubSpot CRM. Depending on the type of request and its relevance for our sales team, this data may be forwarded to our Microsoft Dynamics CRM to ensure efficient processing and targeted communication with you.

What data is processed?

Name, email address, phone number (if provided)

Company, position (if provided)

Content of the request and other voluntary information

Purpose of the processing

Processing your request and contacting you

Forwarding relevant requests to our sales team

Analyzing and optimizing our customer service

Who has access to the data?

Authorized employees from customer support, sales and marketing

If necessary, technical service providers for system maintenance

Data transfer to HubSpot and Microsoft Dynamics

The data is first stored in HubSpot CRM. If the request is relevant for sales, it is forwarded to Microsoft Dynamics CRM.

Both systems are hosted in European data centers, but under certain circumstances, data may be transferred to the United States (HubSpot and Microsoft are certified under the EU-U.S. Privacy Framework).

Legal basis

Performance of a contract (Art. 6 (1) (b) GDPR) for inquiries regarding a business relationship.

Legitimate interest (Art. 6 (1) (f) GDPR) for the efficient processing and optimization of our sales processes.

Consent (Art. 6 para. 1 lit. a GDPR), insofar as the data is used for marketing or non-business purposes.

Storage period

The data remains stored in HubSpot CRM until the lead performs an opt-out.

If the data has been forwarded to Microsoft Dynamics, it is stored in accordance with the internal guidelines for customer relationships.

You have the right to object to the further processing of your data and to request the deletion or restriction of the processing at any time.

Further information on data processing by HubSpot and Microsoft Dynamics:

HubSpot: https://legal.hubspot.com/de/privacy-policy

Microsoft Dynamics: https://privacy.microsoft.com/de-de/privacystatement

If you contact us by phone or fax, we collect personal data such as your name, phone number and the content of the communication, as necessary.

Legal basis: Performance of a contract or legitimate interest in efficient communication.

Storage period: Notes taken during phone calls are deleted after six months, provided they are not required for further business purposes.

When you access our website, our hosting provider automatically collects technical data to ensure the secure and stable operation of the website. This includes:

IP address (anonymized if possible)

Date and time of access

Visited pages and retrieved files

Browser type and version

Operating system and device type

Referrer URL (origin of the request)

Legal basis for data processing:

legitimate interest in the security and stability of the website.

Storage duration:

Log files are automatically deleted after 30 days, unless they are required for security or error diagnostics.

Our website uses cookies and similar technologies to store user preferences, ensure the security of the website and perform analyses. We distinguish between essential cookies, which are necessary for the operation of the website, and non-essential cookies, which are only activated after your consent.

We use the consent management tool UserCentrics to manage your consent in a legally compliant manner. When you first visit our website, you have the option of setting your individual preferences or rejecting all non-essential cookies via the cookie banner. Your selection will be saved and can be changed at any time via the cookie settings on our website.

What cookies are used?

Necessary cookies (always active): Required for basic website functions (e.g. login, security functions). Are set without consent on the basis of our legitimate interest (Art. 6 para. 1 lit. f DSGVO).

Functional cookies: Store user preferences (e.g. language settings). May be activated without your consent if they are necessary for the operation of the website.

Analysis and statistics cookies: These cookies help to optimize the website by anonymously evaluating user behavior. They are only activated with your consent (Art. 6 para. 1 lit. a GDPR).

Marketing and tracking cookies: These cookies are used for personalized advertising and retargeting. They require consent (Art. 6 para. 1 lit. a GDPR).

Storage duration of cookies

Session cookies: Are automatically deleted after leaving the website.

Permanent cookies: Depending on the purpose and provider, these may remain stored for between six and 24 months.

Withdrawal of consent

You can change your cookie settings or withdraw consent you have previously given at any time via our consent management tool (UserCentrics) on our website.

You can find more details about the cookies we use in our cookie policy.

Our website uses session IDs and similar technologies to provide certain functions and improve user-friendliness. These technologies make it possible to store temporary information during your visit so that, for example:

form entries are retained while you are using the website.

login sessions for authenticated users are managed.

user preferences are taken into account for the duration of the session.

This data is technically necessary and is not used for analysis or tracking.

Legal basis

Processing is carried out on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in a technically functional website or to fulfill contractual obligations (Art. 6 para. 1 lit. b GDPR) if user registration is required.

Storage duration

Session IDs are automatically deleted after you leave the website or at the end of the session.

If a longer storage period is required for login areas, this will only be done with your consent.

If you interact with our profiles on Facebook, LinkedIn or XING (e.g. commenting on, liking or sharing posts) or send us private messages, your personal data will be processed by us and the respective platform operator.

The following types of data may be processed:

Your public profile (name, profile picture, company affiliation if applicable)

Interactions with our posts (e.g. likes, comments, shares)

content of direct messages that you send to us via the platform

If you share our posts, your profile may be displayed in connection with our content.

This data is processed for the following purposes:

interaction with our community and answering questions

public relations and external presentation of our company

analysis of the reach and impact of our social media activities

The legal basis for the processing of this data is our legitimate interest in corporate communications and customer interaction in accordance with Art. 6 (1) point f GDPR. If direct communication takes place for the purpose of initiating or fulfilling a contractual relationship, the processing is based on Art. 6 (1) point b GDPR.

If you contact us via social networks to apply for a job, please refer to our section “Handling of applicant data” in this data protection declaration. Applications should only be submitted via the official channels provided.

When you visit our social media profiles, the respective platform operators also process your personal data. This happens regardless of whether you are logged in to the respective platform or not.

The operators collect and analyze, among other things:

your user behavior on the platform (e.g. pages visited, interaction behavior)

data on technical use (e.g. IP address, device type, location data)

Data for personalizing content and advertising

We do not have complete access to all the data stored by the platform or to the exact way it is processed.

On the basis of the data collected by the platform operators, we receive aggregated statistics and analyses (e.g. on reach, interactions with our posts, demographic information). This data helps us to improve our content, but cannot be traced back to individual users.

The legal basis for the processing by the platform operators is usually your consent in accordance with Art. 6 (1) point a GDPR, which you give directly when using the respective platform. Further information on data processing by the operators can be found in their data protection declarations:

Facebook: https://www.facebook.com/privacy/policy/

LinkedIn: https://www.linkedin.com/legal/privacy-policy

XING: https://privacy.xing.com/de/datenschutzerklaerung

If you do not want these platforms to collect your personal data, you should log out of the respective services, delete your cookies or adjust the platforms' privacy settings before visiting our social media pages.

Many social media platforms are based in the United States or other third countries outside the European Economic Area (EEA). This means that your personal data may be transferred to a country that does not have an adequate level of data protection comparable to that in the EU.

The transfer is carried out in accordance with Art. 49 (1) (a) GDPR based on your voluntary use of the platform. Please note that US authorities may be able to access your data.

If the respective platform operator participates in the EU-U.S. Data Privacy Framework, at least some protection is provided by standard contractual clauses or other mechanisms. For more information, please refer to the privacy policies of the platforms.

You have the following rights with regard to your personal data:

Right of access (Art. 15 GDPR)

Right to rectification (Art. 16 GDPR)

Right to erasure (Art. 17 GDPR)

Right to restriction of processing (Art. 18 GDPR)

Right to object (Art. 21 GDPR)

To exercise these rights in relation to data processed directly by the platform operators, you must contact the respective operators directly.

If you have any questions about our company's processing of your personal data in connection with social media, you can contact us at any time at info@group-cts.com.

Please note that communication via social networks is never completely secure.

Do not transmit any sensitive or confidential information (e.g. application documents, bank details, medical information) via messenger services or public comments.

Instead, use the official communication channels provided in the imprint (email, telephone, post) to securely transmit sensitive requests.

We will never ask you for sensitive data via social media. If you receive such a request, it is not official communication from our company. Please report any such incident to us immediately.

If you have any further questions about data protection when using our social media profiles, please do not hesitate to contact us.

The social media buttons embedded in our website are static links to our profiles and not plug-ins. This means that

no personal data is transferred to the social media providers when you visit our website.

You will only be redirected to the respective platform if you actively click on a social media button.

The data protection guidelines of the respective provider apply there, over which we have no influence.

If you do not want the platforms to collect data about your usage behavior, we recommend that you log out of the respective platforms and delete cookies before visiting our social media profiles.

On certain pages of our website, we embed current posts from our social media channels, e.g. via Instagram feeds or LinkedIn posts.

These integrations are done via iframes or API interfaces of the respective platforms.

When loading such a page, data may be transferred to the social media platform even if you do not actively click on the embedded content.

In the process, your IP address and technical connection data, among other things, may be transmitted to the servers of the platforms.

The data processing by the respective social media provider is independent of our website and is subject to the data protection regulations of the respective operator.

Your data is processed on the basis of Art. 6 Sect. 1 lit. f GDPR (legitimate interest) as we want to provide an appealing and interactive website. If consent is required for external content, processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time via the cookie settings of our website.

For more information about how the respective social media platforms process data, please refer to the providers' privacy policies:

• Facebook: https://www.facebook.com/privacy/policy/
• LinkedIn: https://www.linkedin.com/legal/privacy-policy
• Instagram: https://privacycenter.instagram.com/policy/
• XING: https://privacy.xing.com/de/datenschutzerklaerung

If you wish to prevent the processing of your data by embedded content, you can adjust the cookie settings of our website.