We have written this privacy policy (version 10.03.2026-312329669) in order to explain to you, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 andapplicable national laws, which personal data (data for short) we as the controller – and the processors commissioned by us (e.g. providers) – process, will process in the future and what legaloptions you have. The terms used are to be considered gender-neutral.
In short: We provide you with comprehensive information about any of your personal data we process.

Privacy policies usually sound very technical and use legal terminology. However, this privacy policyis intended to describe the most important things to you as simply and transparently as possible. So long as it aids transparency, technical terms are explained in a reader-friendly manner, links
to further information are provided and graphics are used. We are thus informing in clear and simple language that we only process personal data in the context of our business activities if thereis a legal basis for it. This is certainly not possible with brief, unclear and legal-technical statements,
 as is often standard on the internet when it comes to data protection. I hope you find the following explanations interesting and informative. Maybe you will also find some information that you havenot been familiar with. If you still have questions, we kindly ask you to contact the responsible body named below or in the imprint, follow the existing links and look at further information on third-party sites. You can of
course also find our contact details in the imprint.

This privacy policy applies to all personal data processed by our company and to all personal data processed by companies commissioned by us (processors). With the term personal data, we refer to information within the meaning of Article 4 No. 1 GDPR, such as the name, email address and
postal address of a person. The processing of personal data ensures that we can offer and invoice our services and products, be it online or offline. The scope of this privacy policy includes:

• all online presences (websites, online shops) that we operate

• Social media presences and email communication

• mobile apps for smartphones and other devices

In short: This privacy policy applies to all areas in which personal data is processed in a structured manner by the company via the channels mentioned. Should we enter into legal relations with you outside of these channels, we will inform you separately if necessary.

In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data. Whenever EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can of course access the General Data Protection Regulation of the EU online at EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679.

We only process your data if at least one of the following conditions applies:

1. Consent (Article 6 Paragraph 1 lit. a GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of data you entered into a contact form.
2. Contract (Article 6 Paragraph 1 lit. b GDPR): We process your data in order to fulfill a contract or pre-contractual obligations with you. For example, if we conclude a sales contract with you, we need personal information in advance.
3. Legal obligation (Article 6 Paragraph 1 lit. c GDPR): If we are subject to a legal obligation, we will process your data. For example, we are legally required to keep invoices for our bookkeeping. These usually contain personal data.
4. Legitimate interests (Article 6 Paragraph 1 lit. f GDPR): In the case of legitimate interests that do not restrict your basic rights, we reserve the right to process personal data. For example, we have to process certain data in order to be able to operate our website securely and economically. Therefore, the processing is a legitimate interest.

Other conditions such as making recordings in the interest of the public, the exercise of official authority as well as the protection of vital interests do not usually occur with us. Should such a legal basis be relevant, it will be disclosed in the appropriate place.

In addition to the EU regulation, national laws also apply:

• In Austria this is the Austrian Data Protection Act (Datenschutzgesetz), in short DSG.

• In Germany this is the Federal Data Protection Act (Bundesdatenschutzgesetz), in short BDSG.

Should other regional or national laws apply, we will inform you about them in the following sections.

If you have any questions about data protection or the processing of personal data, you will find below the contact details of the controller in accordance with Article 4(7) of the EU General Data Protection Regulation (GDPR):
Carolin Kurth

Email: info@camovis.de
Phone: +49 30 23329996

It is a general criterion for us to store personal data only for as long as is absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as any reason for the data processing no longer exists. In some cases, we are legally obliged to keep
certain data stored even after the original purpose no longer exists, such as for accounting purposes.

If you want your data to be deleted or if you want to revoke your consent to data processing, the data will be deleted as soon as possible, provided there is no obligation to continue its storage.

We will inform you below about the specific duration of the respective data processing, provided we have further information.

In accordance with Articles 13, 14 of the GDPR, we inform you about the following rights you have to ensure fair and transparent processing of data:

• According to Article 15 DSGVO, you have the right to information about whether we are processing data about you. If this is the case, you have the right to receive a copy of the data and to know the following information:-

  - for what purpose we are processing;
  - the categories, i.e. the types of data that are processed;
  - who receives this data and if the data is transferred to third countries, how security can be guaranteed;
  - how long the data will be stored;
  - the existence of the right to rectification, erasure or restriction of processing and the right to object to processing;
  - that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
  - the origin of the data if we have not collected it from you;
  - Whether profiling is carried out, i.e. whether data is automatically evaluated to arrive at a personal profile of you.
  
  

• You have a right to rectification of data according to Article 16 GDPR, which means that we must correct data if you find errors.

• You have the right to erasure (“right to be forgotten”) according to Article 17 GDPR, which specifically means that you may request the deletion of your data.

• According to Article 18 of the GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.

• According to Article 20 of the GDPR, you have the right to data portability, which means that we will provide you with your data in a standard format upon request.

• According to Article 21 DSGVO, you have the right to object, which entails a change in processing after enforcement.
  - If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you may object to the processing. We will then check as soon as possible whether we can legally comply with this objection.
  - If data is used to conduct direct advertising, you may object to this type of data processing at any time. We may then no longer use your data for direct marketing.
  - If data is used to conduct profiling, you may object to this type of data processing at any time. We may no longer use your data for profiling thereafter.

• According to Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (for example, profiling).

• You have the right to lodge a complaint under Article 77 of the GDPR. This means that you can complain to the data protection authority at any time if you believe that the data processing of personal data violates the GDPR.

In short: you have rights – do not hesitate to contact the responsible party listed above with us!

If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the data protection authority, whose website can be found at https://www.dsb.gv.at/.
In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company: 

State Commissioner for Data Protection: Meike Kamp
Address: Friedrichstraße 219, 10969 Berlin
Phone number: 030/138 89-0
E-mail address: mailbox@datenschutz-berlin.de
Website: https://www.datenschutz-berlin.de/

We only transfer or process data to countries outside the scope of the GDPR (third countries) if you consent to this processing or if there is another legal permission. This is particularly true when processing is legally required or necessary for the performance of a contractual relationship, and in
any case, only to the extent permitted by law. Your consent is in most cases the primary reason for us to process data in third countries. Processing of personal data in third countries such as the USA, where many software providers offer services and have their server locations, may mean that
personal data is processed and stored in unexpected ways.

We explicitly point out that, according to the opinion of the European Court of Justice, there is currently only an adequate level of protection for data transfers to the USA if a US company processing personal data of EU citizens in the USA is an active participant in the EU-US Data Privacy Framework. More information can be found at: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Data processing by US services that are not active participants in the EU-US Data Privacy Framework may result in data not being anonymized and processed, if applicable. Additionally, US government authorities may potentially have access to individual data. Furthermore, it may occur that collected data is linked with data from other services of the same provider, if you have a corresponding user account. Where possible, we try to use server locations within the EU, if offered.

We will inform you in the appropriate sections of this privacy policy in more detail about data transfers to third countries, if applicable.

In order to protect personal data, we have implemented both technical and organisational measures. We encrypt or pseudonymise personal data wherever this is possible. Thus, we make it as difficult as we can for third parties to extract personal information from our data.

Article 25 of the GDPR refers to “data protection by technical design and by data protection-friendly default” which means that both software (e.g. forms) and hardware (e.g. access to server rooms) appropriate safeguards and security measures shall always be placed. If applicable, we will outline the specific measures below.

The terms TLS, encryption and https sound very technical, which they are indeed. We use HTTPS (Hypertext Transfer Protocol Secure) to securely transfer data on the Internet.
This means that the entire transmission of all data from your browser to our web server is secured – nobody can “listen in”.

We have thus introduced an additional layer of security and meet privacy requirements through technology design Article 25 Section 1 GDPR). With the use of TLS (Transport Layer Security), which is an encryption protocol for safe data transfer on the internet, we can ensure the protection of confidential information.

You can recognise the use of this safeguarding tool by the little lock-symbol 🔒 , which is situated in your browser’s top left corner in the left of the internet address (e.g. examplepage.uk), as well as by the display of the letters https (instead of http) as a part of our web address.
If you want to know more about encryption, we recommend you to do a Google search for “Hypertext Transfer Protocol Secure wiki” to find good links to further information

Communications Overview
👥 Affected parties: Anyone who communicates with us via phone, email or online form 
📓 Processed data: e. g. telephone number, name, email address or data entered in forms. You can find more details on this under the respective form of contact
🤝🏻 Purpose: handling communication with customers, business partners, etc. 
📅 Storage duration: for the duration of the business case and the legal requirements
Legal basis: Article 6 (1) (a) GDPR (consent), Article 6 (1) (b) GDPR (contract), Article 6 (1) (f) GDPR (legitimate interests

If you contact us and communicate with us via phone, email or online form, your personal data may be processed.

The data will be processed for handling and processing your request and for the related business transaction. The data is stored for this period of time or for as long as is legally required.

Affected persons

The above-mentioned processes affect all those who seek contact with us via the communication channels we provide.

Telephone

When you call us, the call data is stored in a pseudonymised form on the respective terminal device, as well as by the telecommunications provider that is being used. In addition, data such as your name and telephone number may be sent via email and stored for answering your inquiries. The data will be erased as soon as the business case has ended and the legal requirements allow for its erasure.

Email

If you communicate with us via email, your data is stored on the respective terminal device (computer, laptop, smartphone, …) as well as on the email server. The data will be deleted as soon as the business case has ended and the legal requirements allow for its erasure. 

Online forms

If you communicate with us using an online form, your data is stored on our web server and, if necessary, forwarded to our email address. The data will be erased as soon as the business case has ended and the legal requirements allow for its erasure.

Legal bases

Data processing is based on the following legal bases:

• Art. 6 para. 1 lit. a GDPR (consent): You give us your consent to store your data and to continue to use it for the purposes of the business case;

• Art. 6 para. 1 lit. b GDPR (contract): For the performance of a contract with you or a processor such as a telephone provider, or if we have to process the data for pre-contractual activities, such as preparing an offer;

• Art. 6 para. 1 lit. f GDPR (legitimate interests): We want to conduct our customer inquiries and business communication in a professional manner. Thus, certain technical facilities such email programs, Exchange servers and mobile network operators are necessary to efficiently operate our communications.

In this section, we would like to explain what a Data Processing Agreement is and why it is needed. As the term “Data Processing Agreement” is quite lengthy, we will often only use the acronym DPA here in this text. Like most companies, we do not work alone, but also use the services of other
companies or individuals. By involving different companies or service providers, we may pass on personal data for processing. These partners then act as processors with whom we conclude a contract, the so-called Data Processing Agreement (DPA). Most importantly for you to know is that any processing of your personal data takes place exclusively according to our instructions and must be regulated by the DPA.

Who are the processors?

As a company and website owner, we are responsible for any of your data that is processed by us. In addition to the controller, there may also be so-called processors involved. This includes any company or person who processes your personal data. More precisely and according to the GDPR’s
definition, this means: Any natural or legal person, authority, institution or other entity that processes your personal data is considered a processor. Processors can therefore be service providers such as hosting or cloud providers, payment or newsletter providers or large companies such as Google or Microsoft.

To make the terminology easier to comprehend, here is an overview of the GDPR’s three roles:

Data subject (you as a customer or interested party) → Controller (we as a company and contracting entity) → Processors (service providers such as web hosts or cloud providers)

Contents of a Data Processing Agreement

As mentioned above, we have concluded a DPA with our partners who act as processors. First and foremost, it states that the processor processes the data exclusively in accordance with the GDPR. The contract must be concluded in writing, although an electronic contract completion is also
considered a “written contract”. Any processing of personal data only takes place after this contract is concluded. The contract must contain the following:

• indication to us as the controller

• obligations and rights of the controller

• categories of data subjects

• type of personal data

• type and purpose of data processing

• subject and duration of data processing

• location of data processing

Furthermore, the contract contains all obligations of the processor. The most important obligations are:

• ensuring data security measures

• taking possible technical and organisational measures to protect the rights of the data subject

• maintaining a data processing record

• cooperation with the data protection authority upon request

• performing a risk analysis for any received personal data

• subprocessors may only be appointed with the written consent of the controller

You can see an example of what a DPA looks like at https://gdpr.eu/data-processing-agreement/. This link shows a sample contract.

Cookies Overview
👥Affected parties: visitors to the website
🤝🏻Purpose: depending on the respective cookie. You can find out more details below or from the software manufacturer that sets the cookie
📓Processed data: depends on the cookie used. More details can be found below or from the manufacturer of the software that sets the cookie.
📅Storage duration: can vary from hours to years, depending on the respective cookie
Legal basis: Art. 6 para. 1 lit. a GDPR (consent), Art. 6 para. 1 lit. f GDPR (legitimate interests) 

What are cookies?

Our website uses HTTP-cookies to store user-specific data.
In the following we explain what cookies are and why they are used, so that you can better understand the following privacy policy.

Whenever you surf the Internet, you are using a browser. Common browsers are for example, Chrome, Safari, Firefox, Internet Explorer and Microsoft Edge. Most websites store small text-files in your browser. These files are called cookies. It is important to note that cookies are very useful little helpers. Almost every website uses cookies. More precisely, these are HTTP cookies, as there are also other cookies for other uses. HTTP
cookies are small files that our website stores on your computer. These cookie files are automatically placed into the cookie-folder, which is the “brain” of your browser. A cookie consists of a name and a value. Moreover, to define a cookie, one or multiple attributes must be specified.

Cookies store certain user data about you, such as language or personal page settings. When you re-open our website to visit again, your browser submits these “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are familiar to. In some browsers, each cookie has its own file, while in others, such as Firefox, all cookies are stored in one single file.

The following graphic shows a possible interaction between a web browser such as Chrome and the web server. The web browser requests a website and receives a cookie back from the server. The browser then uses this again as soon as another page is requested.



There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner-websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiry time of a
cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, trojans or other malware. Cookies also cannot access your PC’s information.

This is an example of how cookie-files can look: 

Name: _ga
Value: GA1.2.1326744211.152312329669-9
Purpose: Differentiation between website visitors
Expiry date: after 2 years

A browser should support these minimum sizes:

• At least 4096 bytes per cookie

• At least 50 cookies per domain

• At least 3000 cookies in total

Which types of cookies are there?

The exact cookies that we use, depend on the used services, which will be outlined in the following sections of this privacy policy. Firstly, we will briefly focus on the different types of HTTP-cookies.

There are 4 different types of cookies:

Essential cookies
These cookies are necessary to ensure the basic functions of a website. They are needed when a user for example puts a product into their shopping cart, then continues surfing on different websites and comes back later in order to proceed to the checkout. These cookies ensure the shopping cart does not get deleted, even if the user closes their browser window.

Purposive cookies
These cookies collect information about user behaviour and whether the user receives any error messages. Furthermore, these cookies record the website’s loading time as well as its behaviour in different browsers.

Target-orientated cookies
These cookies ensure better user-friendliness. Thus, information such as previously entered locations, fonts sizes or data in forms stay stored.

Advertising cookies
These cookies are also known as targeting cookies. They serve the purpose of delivering customised advertisements to the user. This can be very practical, but also rather annoying.

Upon your first visit to a website you are usually asked which of these cookie-types you want to accept. Furthermore, this decision will of course also be stored in a cookie.

If you want to learn more about cookies and do not mind technical documentation, we recommend https://tools.ietf.org/html/rfc6265, the Request for Comments of the Internet Engineering TaskForce (IETF) called “HTTP State Management Mechanism”.

Purpose of processing via cookies

The purpose ultimately depends on the respective cookie. You can find out more details below or from the software manufacturer that sets the cookie.

Which data are processed?

Cookies are little helpers for a wide variety of tasks. Unfortunately, it is not possible to tell which data is generally stored in cookies, but in the privacy policy below we will inform you on what datais processed or stored.

Storage period of cookies

The storage period depends on the respective cookie and is further specified below. Some cookies are erased after less than an hour, while others can remain on a computer for several years.

You can also influence the storage duration yourself. You can manually erase all cookies at any time in your browser (also see “Right of objection” below). Furthermore, the latest instance cookies based on consent will be erased is after you withdraw your consent. The legality of storage will
remain unaffected until then.

Right of objection – how can I erase cookies?

You can decide for yourself how and whether you want to use cookies. Regardless of which service or website the cookies originate from, you always have the option of erasing, deactivating or only partially accepting cookies. You can for example block third-party cookies but allow all other
cookies.

If you want to find out which cookies have been stored in your browser, or if you want to change or erase cookie settings, you can find this option in your browser settings:

Chrome: Clear, enable and manage cookies in Chrome
Safari: Manage cookies and website data in Safari
Firefox: Clear cookies and site data in Firefox
Internet Explorer: Delete and manage cookies
Microsoft Edge: Delete cookies in Microsoft Edge

If you generally do not want cookies, you can set up your browser in a way to notify you whenever a cookie is about to be set. This gives you the opportunity to manually decide to either permit or deny the placement of every single cookie. This procedure varies depending on the browser.
Therefore, it might be best for you to search for the instructions in Google. If you are using Chrome, you could for example put the search term “delete cookies Chrome” or “deactivate cookies Chrome”into Google. 

Legal basis

The so-called “cookie directive” has existed since 2009. It states that the storage of cookies requires your consent (Article 6 Paragraph 1 lit. a GDPR). Within countries of the EU, however, the reactions to these guidelines still vary greatly. In Austria, however, this directive was implemented in Section
165 (3) of the Telecommunications Act (2021). In Germany, the cookie guidelines have not been implemented as national law. Instead, this guideline was largely implemented in Section 15 (3) of the Telemedia Act (TMG), which has been replaced by the Digital Services Act (DSA) since May 2024.

For absolutely necessary cookies, even if no consent has been given, there are legitimate interests (Article 6 (1) (f) GDPR), which in most cases are of an economic nature. We want to offer our visitors a pleasant user experience on our website. For this, certain cookies often are absolutely necessary.

This is exclusively done with your consent, unless absolutely necessary cookies are used. The legal basis for this is Article 6 (1) (a) of the GDPR.

In the following sections you will find more detail on the use of cookies, provided the used software does use cookies.

Application Data Summary
👥Affected Parties: Users applying for a job position with us
🤝🏻Purpose: Processing a job application procedure
📓Processed Data: Name, address, contact details, email address, phone number, proof of qualifications (certificates), potentially data of special categories.
📅Retention Period: For successful applications, data will be retained until the end of the employment relationship. Otherwise, the data will be deleted after the application process or stored for a certain period with your consent.
Legal Basis: Art. 6(1)(a) GDPR (consent), legitimate interest (Art. 6(1)(f) GDPR), Art. 6(1)(b) GDPR (contract), Art. 9(2)(a) GDPR (processing special categories of data)

What is application data?

You can apply for a job at our company via email, online form, or a recruiting tool. All data we receive and process as part of an application is considered application data. This includes personal data such as name, date of birth, address, and phone number.

Why do we process application data?

We process your data to carry out a proper selection process for the advertised position. Additionally, we may retain your application documents in our applicant archive. Often, we are impressed by a candidate and their application but cannot proceed with collaboration for various reasons. With your consent, we archive your documents so we can easily contact you for future opportunities in our company.

We assure you that we handle your data with the utmost care and always process it within the legal framework. Within our company, your data is only shared with individuals directly involved in your application process. In short: Your data is safe with us!

What data is processed?

For example, when you apply via email, we naturally receive personal data as mentioned above. Even the email address itself is considered personal data. During the application process, only data relevant to deciding whether we would like to welcome you to our team is processed.

The specific data processed depends primarily on the job listing. However, it usually includes your name, date of birth, contact details, and proof of qualifications. If you submit your application via an online form, the data is transmitted to us in encrypted form. If you send your application via email, this encryption does not occur, and we cannot take responsibility for the transmission method. Once the data is on our servers, we are responsible for its lawful handling.

During the application process, information about your health or ethnic origin may also be requested. This helps us comply with legal obligations related to labor law, social security, and social protection. These are considered special category data.

Here is a list of possible data we receive and process:

• Name

• Contact address

• Email address

• Phone number

• Date of birth

• Information from cover letters and resumes

• Proof of qualifications (e.g., certificates)

• Special category data (e.g., ethnic origin, health data, religious beliefs)

• Usage data (visited websites, access data, etc.)

• Metadata (IP address, device information)

How long is the data stored?

If you join our team, your data will be further processed for employment purposes and retained at least until the employment relationship ends. All application documents will then become part of your employee file.

If we do not offer you the position, you decline our offer, or withdraw your application, we may retain your data for up to 6 months after the application process ends under legitimate interest (Art. 6(1)(f) GDPR). After that, both electronic data and physical documents will be fully deleted or
destroyed. We retain your data, for example, to answer follow-up questions or to provide evidence of the application in case of legal disputes. If a legal dispute arises and we need the data beyond the 6-month period, we will delete it only when there is no longer any reason to retain it. If there are statutory retention obligations, we must store the data longer than 6 months.

Furthermore, we may retain your data longer if you provide explicit consent. This might be the case if we see potential for future collaboration. In such cases, your data will be included in our applicant pool. Of course, you can withdraw your consent for extended retention at any time. If no withdrawal is made and no new consent is given, your data will be deleted after a maximum of 2 years. 

Legal Basis

The legal bases for processing your data are Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract or pre-contractual measures), Art. 6(1)(f) GDPR (legitimate interests), and Art. 9(2)(a) GDPR (processing special categories of data).

If we include you in our applicant tool, it is based on your consent (Art. 6(1)(a) GDPR). We emphasize that your consent to join our applicant pool is voluntary, does not affect the application process, and can be withdrawn at any time. The legality of processing until the point of withdrawal remains
unaffected.

In cases where vital interests are at stake, data processing occurs under Art. 9(2)(c) GDPR. For purposes related to healthcare, occupational medicine, medical diagnosis, provision of health or social care, or the management of systems and services in health or social care, data is processed under Art. 9(2)(h) GDPR. If you voluntarily provide special category data, processing is based on Art. 9(2)(a) GDPR.

Customer Data Overview
👥Affected parties: Customers or business and contractual partners 
🤝🏻Purpose: Performance of a contract for the provision of agreed services or prior to entering into such a contract, including associated communications.
📓Data processed: name, address, contact details, email address, telephone number, payment information (such as invoices and bank details), contract data (such as duration andsubject matter of the contract), IP address, order data
📅Storage period: the data will be erased as soon as they are no longer required for our business purposes and there is no legal obligation to process them.
Legal bases: Legitimate interests (Art. 6 Para. 1 lit. f GDPR), Contract (Art. 6 Para. 1 lit. b GDPR)

What is customer data?

In order to be able to offer our services and contractual services, we also process data from our customers and business partners. This data always includes personal data. Customer data is all information that is processed on the basis of contractual or pre-contractual agreements so that the offered services can be provided. Customer data is therefore all the information we collect and process about our customers.

Why do we process customer data?

There are many reasons why we collect and process customer data. The main reason is that we simply need specific data to provide our services. Sometimes for example your email address may be enough. But if you purchase a product or service, we may e. g. also need data such as your name, address, bank details or other contract data. This data will subsequently be used for marketing and sales optimisation so that we can improve our overall service for our customers and clients. Another important reason for data processing is our customer service, which is very important to us. We  want you to have the opportunity to contact us at any time with questions about our offers. Thus, we may need certain data such as your email address at the very least.

What data is processed?

Exactly which data is stored can only be shown by putting them in categories. All in all, it always depends on which of our services you receive. In some cases, you may only give us your email address so that we can e. g. contact you or answer your questions. In other instances, you may purchase one of our products or services. Then we may need significantly more information, such as your contact details, payment details and contract details.

Here is a list of potential data we may receive and process:

•  

  Name

• Contact address

• Email address

• Phone number

• Your birthday

• Payment data (invoices, bank details, payment history, etc.)

• Contract data (duration, contents)

• Usage data (websites visited, access data, etc.)

• Metadata (IP address, device information)

How long is the data stored?

We erase corresponding customer data as soon as we no longer need it to fulfill our contractualobligations and purposes, and as soon as the data is also no longer necessary for possible warrantyand liability obligations. This can for example be the case when a business contract ends.Thereafter, the limitation period is usually 3 years, although longer periods may be possible inindividual cases. Of course, we also comply with the statutory retention requirements. Yourcustomer data will certainly not be passed on to third parties unless you have given your explicitconsent.

Legal Basis 

The legal basis for the processing of your data is Article 6 Paragraph 1 Letter a GDPR (consent), Article 6 Paragraph 1 Letter b GDPR (contract or pre-contractual measures), Article 6 Paragraph 1 Letter f GDPR (legitimate interests) and in special cases (e. g. medical services) Art. 9 (2) lit. GDPR (processing of special categories).

In the case of protecting vital interests, data processing is carried out in accordance with Article 9 Paragraph 2 Letter c. GDPR. For the purposes of health care, occupational medicine, medical diagnostics, care or treatment in the health or social sectors or for the administration of systems and services in health or social sectors, the processing of personal data takes place in accordance with Art. 9 Para. 2 lit. h. GDPR. If you voluntarily provide data of these special categories, the processing takes place on the basis of Article 9 Paragraph 2 lit. a GDPR

Web hosting Overview
👥Affected parties: visitors to the website
🤝🏻Purpose: professional hosting of the website and security of operations
📓Processed data: IP address, time of website visit, browser used and other data. You can find more details on this below or at the respective web hosting provider.
📅Storage period: dependent on the respective provider, but usually 2 weeks
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interests) 

What is web hosting?

Every time you visit a website nowadays, certain information – including personal data – is automatically created and stored, including on this website. This data should be processed assparingly as possible, and only with good reason. By website, we mean the entirety of all websites  on your domain, i.e. everything from the homepage to the very last subpage (like this one here). By domain we mean example.uk or examplepage.com.
 
When you want to view a website on a screen, you use a program called a web browser. You probably know the names of some web browsers: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari.
 
The web browser has to connect to another computer which stores the website’s code: the web server. Operating a web server is complicated and time-consuming, which is why this is usually done by professional providers. They offer web hosting and thus ensure the reliable and flawless storage of website data.

Whenever the browser on your computer establishes a connection (desktop, laptop, smartphone) and whenever data is being transferred to and from the web server, personal data may be processed. After all, your computer stores data, and the web server also has to retain the data for a period of time in order to ensure it can operate properly.

Illustration:

Why do we process personal data?

The purposes of data processing are:

1. Professional hosting of the website and operational security
2. To maintain the operational as well as IT security
3. Anonymous evaluation of access patterns to improve our offer, and if necessary, for prosecution or the pursuit of claims.li> 

Which data are processed?

Even while you are visiting our website, our web server, that is the computer on which this website is saved, usually automatically saves data such as

•  

  the full address (URL) of the accessed website (e. g. https://www.examplepage.uk/examplesubpage.html?tid=312329669)

• browser and browser version (e.g. Chrome 87)

• the operating system used (e.g. Windows 10)

• the address (URL) of the previously visited page (referrer URL) (e. g. https://www.examplepage.uk/icamefromhere.html/)

• the host name and the IP address of the device from the website is being accessed from (e.g. COMPUTERNAME and 194.23.43.121)

• date and time

• in so-called web server log files

How long is the data stored?

Generally, the data mentioned above are stored for two weeks and are then automatically deleted. We do not pass these data on to others, but we cannot rule out the possibility that this data may be viewed by the authorities in the event of illegal conduct.

In short: Your visit is logged by our provider (company that runs our website on special computers (servers)), but we do not pass on your data without your consent!

Legal basis

The lawfulness of processing personal data in the context of web hosting is justified in Art. 6 para. 1 lit. f GDPR (safeguarding of legitimate interests), as the use of professional hosting with a provider is necessary to present the company in a safe and user-friendly manner on the internet, as well as to have the ability to track any attacks and claims, if necessary.

Webhosting Other

Contact data for our Webhosting:

Musterfirma GbR
Musterstraße 47, 12312 Musterstadt, Deutschland

You can learn more about the data processing at this provider in their Privacy Policy.

Website Builders Privacy Policy Overview
👥Affected parties: website visitors 
🤝🏻Purpose: service optimisation
📓Data processed: The data that is being processed includes but is not limited to technical usage information, browser activity, clickstream activity, session heat maps, contact details, IPaddresses or geographic locations. You can find more details in the Privacy Policy below as well as in the providers’ Privacy Policies.
📅Storage duration: depends on the provider
Legal bases: Art. 6 (1) lit. f GDPR (legitimate interests), Art. 6 (1) lit. a GDPR (consent)

What are website builders?

We use a modular website builder for our website. This is a special form of Content Management System (CMS). Website builders enable website operators to create websites very easily and without any programming knowledge. In many cases, web hosts also offer website builders. Your personal data may be collected, stored and processed if a website builder is being used. In this Privacy Policy, you will find general information about data that is processed by such modular website builder systems. You can find more information in the respective provider’s Privacy Policy.

Why do we use website builders for our website?

The greatest advantage of modular website builders is their ease of use. We want to offer you a clear, simple and nicely designed website that we can easily operate and maintain by ourselves – without needing any external support. Nowadays website builders offer many helpful functions
that we can use even without having any programming knowledge. This enables us to design our website according to our wishes and therefore, to give you an informative and pleasant experience on our website.

Which data are stored by website builders?

First of all, the exact data that is stored depends on the website builder that is being used. Each provider processes and collects different data from website visitors. However, technical usage information such as users’ operating system, browser, screen resolution, language and keyboard settings, hosting provider as well as the date of the website visit are usually collected. Moreover, tracking data (e. g. browser activity, clickstream activities, session heat maps, etc.) may also be processed. The same goes for personal data, since data such as contact information e. g. email address, telephone number (if you have provided it), IP address and geographic location data may also be processed and stored. In the respective provider’s Privacy Policy you can find out exactly which of your data is getting stored.

How long and where are the data stored?

Provided that we have any further information on this, we will inform you below about the duration of the data processing associated with the website builder we use. You can find detailed information on this in the provider’s Privacy Policy. Generally, we only process personal data for as long as is absolutely necessary to provide our services and products. The provider may store your data according to their own specifications, over which we have no influence.

Right to object

You always retain the right to information, rectification and erasure of your personal data. If you have any questions, you can also contact the responsible parties at the respective website builder system at any time. You can find the corresponding contact details either in our Privacy Policy or on
the website of the respective provider.

What is more, in your browser you can clear, disable or manage cookies that providers use for their functions. Depending on the browser you use, this can be done in different ways. Please note, that this may lead to not all functions working as usual anymore.

Legal Bases

We have a legitimate interest in using a website builder system to optimise our online service and present it in an efficient and user-friendly way. The corresponding legal basis for this is Article 6 (1) (f) GDPR (legitimate interests). However, we only use the website builder system if you have consented to it.

If the processing of data is not absolutely necessary for the operation of the website, your data will only be processed on the basis of your consent. This particularly applies to tracking activities. The legal basis for this is Article 6 (1) (a) GDPR.

With this Privacy Policy, we have made you more familiar with the most important general information on data processing. If you want to find out more about this, you will find further information – if available – in the following section or in the Privacy Policy of the provider. 

Our website uses HubSpot, software provided by HubSpot Inc., USA. This software is used in the area of inbound marketing and helps us, among other things, to better coordinate and optimize our marketing strategy through statistical analyses and evaluation of logged user behavior. Data collected by HubSpot may be stored on servers in the United States. Cookies (see below) are used. You can prevent the storage of cookies at any time by adjusting your browser settings or delete cookies that have already been stored. Please note that if you disable cookies, you may not be able to fully use all services provided on our website. For more information, please refer to the terms of service and privacy policy of HubSpot Inc. at:  http://www.hubspot.com/terms-of-service, http://www.hubspot.com/privacy-policy, https://legal.hubspot.com/de/dpa, https://www.hubspot.de/data-privacy/privacy-shield and https://legal.hubspot.com/de/privacy-policy.

If you do not wish for information about your visit to be used for the purposes described, you may also inform us at any time via email or post. All information we collect is subject to this privacy policy. HubSpot is compliant with TRUSTe’s Privacy Seal and the U.S.–EU Safe Harbor Framework and the U.S.–Swiss Safe Harbor Framework. Contact: HubSpot, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.

Data Collected

This software is used in the area of inbound marketing and helps us, among other things, to better coordinate and optimize our marketing strategy through statistical analyses and evaluation of logged user behavior (e.g., reporting on traffic sources, visits, etc.). HubSpot also covers various aspects of our inbound marketing:

• Email marketing (newsletters and automated emails, e.g., for providing downloads)
• Contact management (e.g., user segmentation & CRM)
• Landing pages and contact forms

In addition, personal data that you voluntarily provide to us is collected. This includes contact information such as your name, email address, company name, address, and telephone number, as well as other information about you or your business. Further information about HubSpot’s data protection policies can be found here: https://legal.hubspot.com/de/privacy-policy

Data Retention / Deletion

We store personal data that you provide to us for as long as we have a legitimate business interest (for example, to comply with legal obligations, resolve disputes, and enforce our contractual rights).

If we no longer have a legitimate business interest in processing your personal data, we will securely delete or anonymize it. If this is not possible, we will securely store your personal data and exclude it from any further processing until deletion becomes possible.

Legal Basis for Processing

The legal basis for the use of HubSpot services is Art. 6(1)(f) GDPR – legitimate interest. Our legitimate interest in using this service is to optimize our marketing activities and improve the quality of our services on the website.

HubSpot processes personal data to the extent necessary to provide the subscription services in accordance with the agreement, the order form, and the customer’s instructions within the scope of using the subscription services.

If you do not wish to be tracked by HubSpot, you can prevent the storage of cookies at any time via your browser settings or use the following opt-out link: https://app.hubspot.com/settings/6764478/data-privacy/cookies-v2/0/policies/camovis.de

HubSpot and Data Protection

HubSpot is committed to protecting EU data transfers.

What the Privacy Shield ruling of the European Court of Justice of July 16, 2020 means for HubSpot customers and partners (4 kB):https://www.hubspot.de/data-privacy/privacy-shield

Cloud Services Privacy Policy Overview
👥Affected parties: We as the website operator and you as the website visitor 
🤝🏻Purpose: security and data storage
📓Processed data: Data such as your IP address, name or technical data such as your browser version
More details can be found below and in the individual privacy policies or in the privacy policies of the providers
📅Duration of storage: In most cases, data is stored until it is no longer required in order to provide the service
Legal bases: Article 6 paragraph 1 lit. a GDPR (consent), Article 6 paragraph 1 lit. f GDPR (legitimate interests)

What are cloud services?

As a website operator, cloud services provide us with storage space and computing power via the internet. Data can be transmitted to an external system, where it may be processed and stored via the internet. The relevant cloud provider manages this data. Depending on specific requirements,
an individual or a company can choose storage space or computing power. Cloud storage is accessed via an API or via storage protocols. API stands for Application Programming Interface, which is a programming interface that connects software with hardware components.

Why do we use cloud services?

We use cloud services for several reasons. A cloud service offers us the opportunity to store our data securely. In addition, we can access the data from different locations and devices, giving us more flexibility and simplifying our work processes. Cloud storage also saves us costs because we don’t have to set up and manage our own infrastructure for data storage and data security. By storing our data centrally in the cloud, we can also expand our  application fields and manage our information much better.

As website operator or company, we use cloud services primarily for our own purposes. We e. g. manage our calendar and store documents or other important information in the cloud. However, your personal data may also be stored. This can take place if you provide us with your contact details (e.g. name and email address) while we store our customer data with a cloud provider. Consequently, any of your data we process may also be stored and processed on external servers. Provided we offer certain forms of content by cloud services on our website, cookies can also be set for web analysis and advertising purposes. Furthermore, such cookies retain your settings (e.g. the language used) so you will be provided with your usual web environment next time you visit our website.

Which data is processed by cloud services?

Much of the data we store in the cloud cannot be used to identify you as a person, but some data is personal data as defined by the GDPR. This is often customer data such as name, address, IP address or telephone number or technical device information. Videos, images and audio files may also be stored in the cloud. Exactly how the data is collected and stored depends on the respective service. We only try to use services that handle your data in a very reliable and professional manner. Generally, services such as Amazon Drive, have access to the stored files in order to be able to offer their own service accordingly. For this, however, the services require consent (such as for the right to copy files for security reasons). The data will be processed and handled as part of the provided services and in compliance with applicable laws. This also includes compliance with the GDPR for US providers (via the standard contractual clauses). In some cases, cloud services also cooperate with third parties who may process data under  instructions and in accordance with privacy policies and other security measures. At this point we would like to emphasise again that all well-known cloud services (such as Amazon Drive, Google Drive or Microsoft OneDrive) obtain the right to access stored content in order to be able to offer and optimise their own services accordingly.

Duration of data processing

We will inform you below about the duration of data processing, provided we have further information on this. In general, cloud services store data until you or we revoke the data storage or erase the retained data. In general, personal data is only stored for as long as it is necessary for the
provision of the respective services. However, it may take up to several months to erase your data from the cloud. This may occur because data is usually not only stored on one server but divided between different servers.

Right to object

You also have the right and the opportunity to revoke your consent to data storage in a cloud at any time. If cookies are used, you also have a right to withdraw your consent. This can be done either via our cookie management tool or via other opt-out functions. For example, you can also
prevent data collection through cookies by managing, deactivating or erasing the cookies in your browser. We also recommend you read our general privacy policy on cookies. To find out exactly which of your data is stored and processed, you should read the privacy policy of the respective cloud provider.

Legal Basis

We use cloud services mainly on the basis of our legitimate interests (Art. 6 Para. 1 lit. f GDPR) in good security and storage systems. Certain types of processing, in particular the use of cookies and storage functions, require your consent. If you have consented to your data being processed and stored by cloud services, this consent is the legal basis for data processing (Article 6 (1) (a) GDPR). Most of the services we use place cookies in your browser to store data. Thus, we recommend you read our privacy policy on cookies carefully and study the privacy policy or cookie policy of the relevant service provider. Information on special tools – if available – can be found in the following sections.

We use OneDrive for our business, which is a file hosting service from Microsoft. Service provider is the American company Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft processes data from you, among other things, in the USA. Microsoft is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. More information can be found at
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

Additionally, Microsoft uses so-called Standard Contractual Clauses (Article 46(2) and (3) GDPR). Standard Contractual Clauses (SCC) are template clauses provided by the EU Commission and are designed to ensure that your data complies with European data protection standards, even when
transferred and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Microsoft commits to maintaining the European data protection level when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision of the EU Commission.

You can find the decision and the corresponding Standard Contractual Clauses here:
https://ec.europa.eu/commission/presscorner/detail/en/ip_21_2847.

For more information on Microsoft’s Standard Contractual Clauses, see
https://docs.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses.

You can find out more about the data processed by using OneDrive in the privacy statement at
https://privacy.microsoft.com/en-us/privacystatement.

Closing Remarks

Congratulations! If you are reading these lines, you have most likely familiarised yourself with our entire Privacy Policy – or at least scrolled down here. As you can see from the scope of our Privacy Policy, we do not take the protection of your personal data lightly. We find it important to inform you about the processing of your personal data to the best of our abilities. In doing so, we not only want to tell you which data is processed but also explain to you why we use various software programs. In general, Privacy Policies have very technical and legal jargon. However, since most of you are not web developers or solicitors, we wanted to take a different approach and explain the facts in simple and clear language. Of course, this is not always
possible due to the subject matter. Therefore, you can also find a more detailed explanation of the most important terms at the end of the Privacy Policy. If you have any questions about data protection on our website, please do not hesitate to contact us or the responsible body. We wish you all the best and hope to soon welcome you to our website again.

All texts are copyrighted.