Privacy policy
1. General information
The following notices provide a simple overview of what happens to your personal information when you visit this website. Personal data is any data that can be used to identify you personally. Detailed information on the topic of data protection can be found in our data protection statement below this text.
Data collection on this website
Who is responsible for the data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the “Responsible Authority Notice” section of this data protection statement.
Collection and processing of personal data
We collect personal data only when you make it available to us, for example, as part of registration, by filling out forms or by sending e-mails, as part of ordering products or services, sending inquiries or requests related to our products or services, and in similar situations in which you choose to provide us with information. The database and its content remain in our company and with the processors and servers that act on our behalf and are responsible to us. We will retain control and responsibility for the use of any personal information you share with us.
For what purposes do we process your data?
We process personal data only for specific, explicit, and legitimate purposes and will not process them in any way that is inconsistent with these purposes. Such a purpose is, for example, answering a question, improving the experience of visiting our websites or portals, improving services in general, offering services or applications, marketing campaigns, etc.
What are the legal bases for processing your data?
Following the current legislation in the field of personal data protection, we can process your data:
- if you have given us your consent (which you can revoke at any time)
- we must enter into and/or fulfill a contract with you
- if the processing is necessary due to legal interests pursued by Craftcloud GmbH or a third party
- if required by law (for example, in connection with the information on the issued invoice).
Analysis tools and third-party tools
When you visit this website, your browsing behavior can be statistically evaluated. This is mainly done with so-called analysis programs.
Detailed information on these analysis programs can be found below.
2. Hosting
External hosting
This website is hosted by an external service provider (hosting). Personal information collected on this website is stored on the host’s servers. This may be IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access, and other data generated through the website.
Hoster is used to fulfilling contracts with our potential and existing users (Art. 6 (1) GDPR) and in the interest of safe, fast, and efficient provision of our online offer by a professional provider (Art. 6 (1) GDPR). If appropriate consent has been requested, the processing takes place exclusively based on Art. 6 (1) of the GDPR. Consent can be revoked at any time.
Our provider will process your data only to the extent necessary to fulfill its performance obligations and will follow our instructions regarding that data.
We use the following hosting:
Mittwald CM Service GmbH & Co. KG
Koenigsberger Strasse 4-6
32339 Espelkamp
Order processing
We have concluded a contract with the above-mentioned provider for the processing of personal data. This is an agreement required by data protection law, which ensures that the personal data of visitors to our website is processed only on our instructions and following the GDPR.
3. General and mandatory information
Privacy
The operators of this website take the protection of your data very seriously. We treat your data confidentially and follow the legal regulations on data protection and this Data Protection Statement.
If you use this website, various personal data will be collected. Personal data is data that can be used to identify you personally. This data protection statement explains what data we collect and what we use it for. It also explains how and for what purpose this happens.
We would like to point out that the transmission of data on the Internet (e.g., when communicating by e-mail) may have security flaws. Complete protection of data from access by third parties is not possible.
Responsible Authority Notice
The responsible authority for data processing on this page is:
Craftcloud GmbH
Sonnenweg 7,
77871 Renchen-Ulm
Telephone: +49 (0) 7843 / 94 76 – 25
E-mail: info@craftcloud.de
The responsible body is a natural or legal person who alone or together with others decides on the purposes and methods of processing personal data (e.g., names, e-mail addresses, etc.).
How long do we store your data?
We store your data only for as long as the relevant purpose requires it. If data is processed for multiple purposes, the data will be automatically deleted or stored in a form that cannot directly be traced back to you, as soon as the last specified purpose has been fulfilled.
Craftcloud GmbH collects and uses personal data to provide you with an optimal service offer and to inform you about new products. If you are not interested in them, you can always inform us about them via the contact details in the legal notice.
General information on the legal basis for data processing on this website
If you have consented to data processing, we will process your data based on Art. 6 (1) (a) of the GDPR or Art. 9 (2) (a) of the GDPR, if special categories of data are processed according to the Art. 9 (1) GDPR.
In the case of express consent to the transfer of personal data to third countries, data processing is also based on Art. 49 (1) (a) of the GDPR. If you have consented to the storage of cookies or access to information on your end device (e.g., via the fingerprint of the device). Consent can be revoked at any time. If your data is necessary for the fulfillment of a contract or the implementation of pre-contractual measures, we process your data based on Art. 6 (1) (b) of the GDPR.
Furthermore, we process your data if it is necessary to fulfill a legal obligation based on Art. 6 (1) (c) of the GDPR. Data processing may also take place based on our legitimate interest following Art. 6 (1) (f) of the GDPR. The following paragraphs of this data protection statement provide information on the relevant legal bases in each case.
Note on the transfer of data to the USA and other third countries
Among other things, we use tools from companies based in the US or other third countries that are not secure under data protection law. If these tools are active, your data may be transferred to these third countries and processed there. We would like to point out that a level of data protection comparable to that in the EU cannot be guaranteed in these countries. For example, American companies are obliged to provide personal data to security authorities, without you as the person concerned being able to take legal action against it. Therefore, it cannot be excluded that the US authorities (e.g., secret services) will process, evaluate and permanently store your data on US servers for tracking purposes. We do not influence these processing activities.
Withdrawal of Consent
If you have given consent to the processing of your personal data, then you can withdraw such consent at any time. Please note that the withdrawal applies prospectively only. Processing that occurred before the withdrawal of consent is unaffected.
Right to object (Art. 21 GDPR):
You may object to the processing of your data at any time for reasons that arise from your particular situation if the data processing is based on your consent or on our legitimate interests or those of a third party. In this case, we will no longer process your data. The latter does not apply if we can provide compelling legitimate reasons for the processing that outweigh your interests or if we need your data to enforce, exercise, or defend legal claims.
If personal data is processed for the purposes of direct marketing, the data subject has the right at any time to object to the processing of personal data relating to him for the purposes of such marketing, which includes creating a profile to the extent related to such direct marketing.
The right to appeal to the competent supervisory authority
In the event of a breach of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, workplace, or place of the alleged breach. The right to file a complaint is without prejudice to any other administrative or judicial remedy.
Right to data portability (Art. 20 GDPR):
At your request, we can transfer your data to another person in charge as far as technically possible. However, you are entitled to this right only if the data processing is based on your consent or is necessary to execute a contract. Rather than receive a copy of your data, you may also ask us to transfer the data directly to another person in charge specified by you.
Information, deletion, and correction
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, their origin and recipient, and the purpose of data processing, and, if necessary, the right to correct or delete this data at any time. You can contact us at any time if you have additional questions on the topic of personal data.
Right to restriction of processing (Art. 18 GDPR):
You may require us to restrict the processing of your data if
- You dispute the accuracy of the data for the period of time that we need to verify the accuracy of the data;
- The processing is unlawful but you refuse the deletion of your data and instead demand a restriction of use;
- We no longer need your information but you need it to enforce, exercise, or defend legal claims;
- You have lodged an objection against processing as long as it is not clear whether our justified reasons outweigh yours.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the operator of the site, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the browser address line changing from “http://” to “https://” and by the lock symbol in the browser line.
If SSL or TLS encryption is activated, the data you send us cannot be read by third parties.
4. Data collection on this website
Cookies
Our website uses so-called “cookies”. Cookies are small text files and do not cause any damage to your end device. They are stored on your end device either temporarily for the duration of the session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted after your visit. Persistent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your end device when you enter our site (third-party cookies). They allow us or you to use certain services of a third-party company (eg cookies to process payment services).
Cookies have different functions. A number of cookies are technically necessary because certain functions of the website would not work without them (e.g. shopping cart function or video display). Other cookies are used to evaluate user behavior or to display advertising.
Cookies that are necessary to implement the electronic communication process, to provide certain functions you want (e.g. for the shopping cart function), or to optimize the website (e.g. cookies for measuring the web audience) (necessary cookies) are stored based on Art. 6 (1) (f) GDPR unless another legal basis is stated. The website operator has a legitimate interest in storing the necessary cookies for the technically flawless and optimized provision of its services. If consent has been requested for storing cookies and comparable recognition technologies, the processing takes place solely on the basis of this consent (Art. 6 (1) (a) GDPR); consent can be revoked at any time.
You can set your browser so that you are informed about the cookie settings and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be limited.
If cookies are used by third-party companies or for analysis purposes, we will specifically inform you about this in this data protection statement and, if necessary, ask for your consent.
Borlabs cookie consent
Our website uses Borlabs cookie consent technology to obtain your consent to store certain cookies in your browser or to use certain technologies and document this in accordance with data protection regulations. The supplier of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (hereinafter Borlabs).
When you enter our website, a Borlabs cookie is stored in your browser, which stores the consent you have given or the withdrawal of that consent. This data is not forwarded to the Borlabs cookie provider.
The collected data is stored until you ask us to delete it or you delete the Borlabs cookie yourself or the purpose of data storage is no longer valid. Mandatory legal retention periods remain unchanged. Details on data processing using the Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.
Borlabs cookie consent technology is used to obtain legally required consent for the use of cookies. The legal basis for this is Art. 6 (1) (c) of the GDPR.
Server logs
The site provider automatically collects and stores data in so-called server log files, which your browser automatically sends to us. These are:
- Browser type and version
- the operating system used
- Referral URL
- The name of the host being accessed
- Server request time
- IP address
This data is not merged with other data sources.
This data is collected on the basis of Art. 6 (1) (f) of the GDPR. The website operator has a legitimate interest in the technically correct presentation and optimization of his website – for this purpose, server log files must be recorded.
Contact form
If you send us inquiries via the contact form, we will store your information from the inquiry form, including the contact information you provided there, for the purpose of processing the inquiry and in case of subsequent questions. We do not forward this information without your consent.
This data is processed on the basis of Art. 6 (1) (b) of the GDPR if your request relates to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the efficient processing of inquiries sent to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this is asked; consent can be revoked at any time.
The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to storage or the purpose of data storage is no longer valid (e.g., after processing your request). Mandatory legal provisions – especially retention periods – remain unchanged.
Inquiry by e-mail, phone, or fax
If you contact us by e-mail, telephone, or fax, we will store and process your inquiry, including all resulting personal data (name, inquiry), for the purpose of processing your request. We do not forward this information without your consent.
This data is processed on the basis of Art. 6 (1) (b) of the GDPR if your request relates to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the efficient processing of inquiries sent to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) of the GDPR) if this is asked; consent can be revoked at any time.
The data you have sent to us through a contact request will remain with us until you request deletion, revoke your consent to storage or the purpose of data storage no longer applies (e.g. after processing your request). Mandatory legal provisions – especially legal retention periods – remain unchanged.
Registration on this page
You can register on this website to use additional functions on the site. For this purpose, we use the entered data only for the purpose of using the particular offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will refuse the registration.
For important changes, such as the scope of the offer or technically necessary changes, we use the e-mail address you provided during registration to notify you in this way.
Data entered during registration are processed for the purpose of implementing the user relationship established by registration and, if necessary, for initiating further contracts (Art. 6 (1) (b) GDPR).
We will keep the data collected during registration for as long as you are registered on this website, and then we will delete it. Statutory retention periods remain unchanged.
5. Tools for analysis and advertising
Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as B. Page views, length of stay, operating systems used, and user origin. This data is assigned to the user’s end device. No assignment to the user ID.
Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (eg cookies or device fingerprint). The data collected by Google about the use of this website are usually transferred to a Google server in the USA and stored there.
The use of this service is based on your consent in accordance with Art. 6 (1) (a) of the GDPR. Consent can be revoked at any time.
Browser plugin
You can prevent Google from collecting and processing your data by downloading and installing the browser plug-in available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=en
You can find more information about how Google Analytics handles user data in Google’s data protection statement: https://support.google.com/analytics/answer/6004245?hl=en .
Order processing
We have concluded an order processing agreement with Google and fully apply the strict requirements of the German data protection authorities when using Google Analytics.
6. Accessories and tools
YouTube with enhanced privacy
This website includes videos from YouTube. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in the extended data protection mode. According to YouTube, this mode of operation means that YouTube does not store any information about visitors to this website before they watch a video. However, the extended data protection method does not necessarily exclude the transfer of data to YouTube partners. YouTube thus establishes a connection with the Google DoubleClick network, regardless of whether you are watching the video.
As soon as you start a YouTube video on this website, a connection is established with the YouTube servers. The YouTube server is informed which of our pages you have visited. If you are signed in to your YouTube account, you allow YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by signing out of your YouTube account.
Furthermore, YouTube may save various cookies on your end device after starting the video or use comparable recognition technologies (e.g. device fingerprint). In this way, YouTube can receive information about visitors to this website. This information is used i.a. used to collect video statistics, improve usability and prevent fraud attempts.
If necessary, after the start of the YouTube video, further data processing operations over which we have no influence may be initiated.
YouTube is used in the interest of an attractive presentation of our online offer. This represents a legitimate interest within the meaning of Article 6, Paragraph 1 (f) of the GDPR. If appropriate consent has been requested, processing takes place solely on the basis of Article 6 paragraph 1 (a) of the GDPR to the extent that the consent includes the storage of cookies or access to information on the user’s device. Consent can be revoked at any time.
You can find more information about data protection on YouTube in their data protection statement at: https://policies.google.com/privacy?hl=en.
Vimeo
This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
If you visit one of our sites equipped with Vimeo video, a connection will be established with the Vimeo servers. The Vimeo server has been informed which of our pages you have visited. In addition, Vimeo receives your IP address. This also applies if you are not signed in to Vimeo or do not have a Vimeo account. Information collected by Vimeo is transferred to Vimeo’s server in the US.
If you are signed in to your Vimeo account, you allow Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account.
Vimeo uses cookies or similar recognition technologies (eg device fingerprint) to recognize website visitors.
Vimeo is used in the interest of an attractive presentation of our online offer. This represents a legitimate interest within the meaning of Art. 6 (1) (f) of the GDPR. If appropriate consent has been requested, the processing takes place solely on the basis of Art. 6 (1) (a) of the GDPR to the extent that the consent includes the storage of cookies or access to information on the device. Consent can be revoked at any time.
The transfer of data to the US is based on the European Commission’s standard contractual clauses and, according to Vimeo, on “legitimate business interests”. Details can be found here: https://vimeo.com/privacy.
For more information on how to handle user data, see Vimeo’s privacy policy at: https://vimeo.com/privacy.
Google web fonts (local hosting)
This page uses so-called web fonts provided by Google for a unique display of fonts. Google Fonts are installed locally. It has nothing to do with Google’s servers.
Additional information about Google web fonts can be found at https://developers.google.com/fonts/faq and in Google’s data protection statement:
https://policies.google.com/privacy?hl=en.
Google Maps
This page uses the cartographic service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Web Fonts for the purpose of a unique display of fonts. When you call up Google Maps, your browser loads the necessary web fonts into the browser cache to display the text and fonts correctly.
Google maps are used in the interest of an attractive presentation of our online offer and easier finding of the places we have listed on the website. This represents a legitimate interest within the meaning of Art. 6 (1) (f) of the GDPR. If appropriate consent is requested, processing takes place solely on the basis of Art. 6 (1) (a) GDPR to the extent that the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprint). Consent can be revoked at any time.
The transfer of data to the USA is based on the standard contractual clauses of the European Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
You can find more information about the handling of user data in Google’s data protection statement: https://policies.google.com/privacy?hl=en.
Google reCAPTCHA
On this website, we use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”). The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to check whether data entered on this website (e.g., in the contact form) was done by a human or an automated program. To do this, reCAPTCHA analyzes the behavior of website visitors based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For analysis purposes, reCAPTCHA evaluates various information (eg IP address, how long the website visitor spends on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
ReCAPTCHA analyzes work entirely in the background. Website visitors are not informed that the analysis is being carried out.
The storage and analysis of data take place on the basis of Art. 6 (1) (f) of the GDPR. The website operator has a legitimate interest in protecting its website against malicious automated spying and SPAM. If appropriate consent has been requested, the processing takes place solely on the basis of Art. 6 (1) (a) of the GDPR. Consent can be revoked at any time.
Additional information about Google reCAPTCHA can be found in Google’s data protection regulations and Google’s terms of use at the following links:
https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en
User with extended data protection mode
We use Userlike (“Userlike”) to process user inquiries through our support channels or through our live chat system. The provider is Userlike UG (limited liability), Probsteigasse 44 – 46, 50670 Köln.
The messages you send us can be saved in the Userlike ticket system or our staff can respond to them in live chat. If you communicate with us through Userlike, we and Userlike store. Your name and email address, if you have entered them, and your conversation history. This data is summarized in the profile.
Messages sent to us remain with us until you request that we delete them or until the purpose of data storage is no longer valid (e.g., after processing your request). Mandatory legal provisions – especially legal retention periods – remain unchanged.
Userlike is used on the basis of Art. 6 (1) (f) of the GDPR. We have a legitimate interest in processing your inquiries as quickly, reliably, and efficiently as possible. If appropriate consent has been requested, the processing takes place exclusively on the basis of Art. 6 (1) (a) of the GDPR. Consent can be revoked at any time.
Additional information can be found in Userlike’s data protection statement:
https://www.userlike.com/en/data-privacy and https://www.userlike.com/en/blog/live-chat-software-datenschutz-dsgvo
Order processing
We have concluded a contract with the above-mentioned provider for the processing of personal data. This is an agreement required by data protection law, which ensures that the personal data of visitors to our website is processed only on our instructions and by the GDPR.
7. Providers of e-commerce and payment services
Processing of customer and contract data
We collect, process, and use personal data about customers and contracts to establish, structure, and change our contractual relationships. We collect, process, and use personal data about the use of this website (usage data) only to the extent that it is necessary to enable the user to use the service or to bill the user. The legal basis for this is Art. 6 (1) (b) of the GDPR.
Collected customer data will be deleted after the completion of the order or termination of the business relationship and the expiration of all existing legal retention periods. Statutory retention periods remain unchanged.
Transfer of data upon conclusion of a contract on services and digital content
We transfer personal data to third parties only if this is necessary within the framework of contract processing, for example to the bank responsible for payment processing.
Further data transfer does not take place or only if you have expressly consented to the transfer. Your data will not be forwarded to third parties without your express consent, for example for advertising purposes.
The basis for data processing is Art. 6 (1) (b) of the GDPR, which allows data processing for the fulfillment of contracts or pre-contractual measures.