Privacy Policy
Updated: 07.05.2018

This privacy policy is intended to inform the users of the website cipgroup.com about the nature, scope and purpose of the collection and use of personal data by the website operator.

With regard to the terminology used, e.g. “Personal data” or their “processing”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Responsible
CIP Holding AG
Oberanger 32
D-80331 München
+49 89 72 40 19-0
+49 89 72 40 19-90
info[at]cipgroup.com

Responsible Data Protection Officer
Mr. Oliver Kunert
CIP Holding AG
Oberanger 32
D-80331 München
Telefon: +49 89 72 40 19-0
Email: datenschutz[at]cipgroup.com

Types of processed data
contact form information (e.g., name, e-mail)
usage data (e.g. website visits, access times)
meta/communication data (e.g., device information, IP addresses)
Processing of special categories of data (Article 9 (1) GDPR)
In principle, no special categories of data are processed unless these are processed by the users, e.g. entered in online forms.

Changes and updates to the privacy policy
We ask you to inform yourself regularly about the content of our privacy policy. We will adjust the privacy policy as soon as the changes to the data processing we make require it.

Safety measures
6.1 In accordance with Art. 32 GDPR, we take appropriate account of the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of individuals technical and organizational measures to ensure a level of protection commensurate with the risk. Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and separation. We have also set up procedures to ensure the enjoyment of data subject rights, data deletion and data vulnerability. Furthermore, we consider the protection of personal data already in the development, or selection of hardware, software and procedures, according to the principle of data protection by technology design and by privacy-friendly default settings taken into account (Article 25 GDPR).

6.2 One of the security measures is the encrypted transfer of data between your browser and our server

Rights of the persons concerned
7.1 You have the right to ask for confirmation as to whether the data in question is being processed and for information about this data as well as for further information and a copy of the data in accordance with Art. 15 GDPR.

7.2 You have accordingly Art. 16 GDPR the right to demand the completion of the data concerning you or the correction of the incorrect data concerning you.

7.3 In accordance with Art. 17 GDPR, they have the right to demand that the relevant data be deleted immediately or alternatively, to require a restriction of the processing of data in accordance with Art. 18 GDPR.

7.4 You have the right to demand that the data relating to you which you have provided to us, be obtained in accordance with Art. 20 GDPR and request their transmission to other persons responsible.

7.5 You have gem. Art. 77 GDPR the right to file a complaint with the competent supervisory authority.

Cookies
8.1 Cookies are information transmitted from our web server or third-party web servers to users’ web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.

8.2 Cookies are used for security or to save the user’s decision when confirming the cookie banner. In addition, we or our technology partners use cookies for measuring reach and marketing purposes, which users are informed about in the course of the privacy policy.

Furthermore, the storage of cookies can be achieved by switching them off in the settings of the browser.

8.3 We use “session cookies”, which are only stored for the duration of the current visit on our online presence. In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and the retention period. These cookies can not save any other data. Session cookies are deleted when you have finished using our online offer and, for example, close the browser.

8.4 The use of cookies in the context of pseudonymous range measurement informs users in the context of this privacy policy.

Deletion of data
9.1 The data processed by us are deleted or limited in their processing in accordance with Articles 17 and 18 GDPR. Unless explicitly stated in this privacy policy, the data stored by us are deleted as soon as they are no longer required for their purpose and the deletion does not conflict with any statutory storage requirements. Unless the data is deleted because it is required for other and legitimate purposes, its processing will be restricted. The data is blocked and not processed for other purposes. This applies, for example for data that must be kept for commercial or tax reasons.

9.2 According to legal requirements, the storage takes place in particular for 6 years in accordance with § 257 paragraph 1 HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for 10 years in accordance with § 147 Abs. 1 AO (books, records, management reports , Accounting documents, commercial and business letters, documents relevant to taxation, etc.).

Collection of access data and logfiles
10.1 Based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR Data on every access to the server on which this service is located (so-called server log files). The access data includes name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider ,

10.2 Logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a period of 190 days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the cancellation until final clarification of the incident.

Google Analytics
11.1 Based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offer within the meaning of Art. 6 (1) lit. GDPR), Google Analytics uses a web analytics service provided by Google LLC (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offer by the users are usually transmitted to a Google server in the USA and stored there.

11.2 Google is certified under the privacy shield agreement, which provides a guarantee to comply with European data protection law.

11.3 Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services related to the use of this online offer and the internet usage. In this case, pseudonymous usage profiles of the users can be created from the processed data.

11.4 We only use Google Analytics with activated IP anonymization. This means that the IP address of the users will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.

11.5 The IP address submitted by the user’s browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly; Users may also prevent the collection by Google of the data generated by the cookie and related to their use of the online offer as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: browser plugin

International transfer of information
Because CIP is a global organization, information collected on this website or through other means may be transferred to third parties located throughout the world, including offices located outside the European Economic Area, and this website may be viewed and hosted anywhere in the world, including countries that may not have laws regulating the use and transfer of personally-identifiable data.

Links to other websites
CIP is not responsible for the privacy practices or the content of any non-CIP web sites to which we link from this Site.