Data Protection and Privacy Policy

Privacy policy for website users

CEPRES GmbH (responsible for all CEPRES Systems) (hereinafter referred to as CEPRES) attaches great importance to data protection. We treat your personal data confidentially and according to the legal data protection regulations. The following information will give you a simple overview of what happens to your personal data when you visit, register and navigate the CEPRES System.

1.     General Information

Personal data is any data relating to an identified or identifiable natural person. Processing means any operation or set of operations relating to personal data, in particular collection, organization, storage and destruction of data. Details can be found in Art. 4 Para. 1 and 2 General Data Protection Regulation (GDPR).

Your data is collected on our website as you communicate it to us. This may, for example, involve data that you enter in a contact form.

Other data is automatically collected by our IT systems when you visit the website. These are mainly technical data (e.g. Internet browser, operating system or time of the page access). This data is collected automatically as soon as you enter our website.

When you visit our website, your browsing behavior can be statistically analyzed and evaluated. We do this only with your consent. This consent is given with our Cookie Tool and can be revoked at any time by clicking the cookies widget.

For detailed information on the subject of data protection, please refer to the individual explanations in the text below.

With this data protection declaration, we fulfill our obligations towards you according to Art. 12 - Art. 14 of the GDPR. The text of the GDPR is available at the following web address:

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN

2.    Website Encryption and Internet Security

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "https://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can nevertheless be subject to security gaps. A complete protection of the data against access by third parties is not possible.

3.    Controller

Many obligations under data protection law apply to the "Controller ". This refers to the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.). The responsible party for data processing on this website is:

CEPRES GmbH
Balanstraße 49
Building C, 6th Floor
81669 Munich
Germany
Phone: +49 (0) 89 232495610

4.    Data Protection

The primary point of contact for all issues arising from this privacy notice, is our Data Protection Officer. The Data Protection Officer can be contacted in the following ways:

By email: dataprotection@cepres.com

Per post:
CEPRES GmbH Attn: Data Protection Officer
Balanstraße 49
Building C, 6th Floor
81669 Munich
Germany

5.    Webhosting

Our site is hosted by Vercel Inc. with a principal address of 340 S Lemon Ave #4133 Walnut, CA 91789 United States of America. All data collected during visits to our website and stored by us are therefore stored on the servers of Vercel Inc.

We have concluded a Processing Agreement (Art. 28 GDPR) with Vercel Inc. You may access Vercel Inc’s Privacy Policy at any time to learn more.  

6.    Cookies

Description and scope of data processing

Our Internet pages use Cookies. Cookies do not damage your computer and do not contain viruses. Cookies are small text files that are stored on your computer by your browser. They contain a unique string of characters that enables the browser to be uniquely identified when the website is called up again.

We use Cookies that are absolutely necessary in order to be able to provide our telemedia services that our users request (Necessary Cookies). In particular, some elements of our website require that the calling browser can be identified even after a page change. This is made possible by Necessary Cookies. We also use session Cookies in particular to save your selection or your "signed in status".

The following data is stored and transmitted in such necessary Cookies:

  • Session Cookie

  • A Login Cookie that stores user information

  • A Remember me Cookie

We also use Cookies on our website, which are not absolutely necessary, but allow an analysis of the browsing behavior of users. As such, the following data may be transmitted to us by you:

  • Information about the use of this website in the context of Google Analytics

  • Google Adwords Conversion

  • Wistia video consumption

  • Zoho form fills

  • Hubspot form fills

The user data collected by Cookies that are not absolutely necessary are anonymized as a precautionary measure. Therefore, it is not possible for us to assign the data to the user. The data are not stored together with the other personal data of the users.

When accessing our website, the user is informed of the use of Cookies and their consent to the processing of the personal data used in this combination is obtained. In this feature, there is also a reference to this Privacy Statement.

Legal basis for the processing

The legal basis for the processing of personal data through the use of Cookies is your consent in connection with Art. 6 Para. 1 S. 1 lit. a GDPR.

Cookies that are necessary to provide our telemedia services serve our legitimate interests, which is why they are supported by Art. 6 Para. 1 S. 1 lit. f GDPR.

Purpose of data processing

Necessary cookies: The purpose of Necessary Cookies is to simplify the use of our website. Without cookies we would not be able to offer some functions of our website. For these functions, your browser must be recognized even after a page change. This is our legitimate interest in setting technically necessary cookies in accordance with Art. 6 Para. 1 S. 1 lit. f) GDPR.

We need technically necessary cookies for the following applications:

  • Session cookie

  • A login cookie that stores user information

  • A remember me cookie

We will not create any user profiles with the user data collected by the technically necessary cookies.

Cookies that are not technically necessary: The use of non-essential cookies is for analysis purposes and to improve the quality and content of the website. These "Analysis Cookies" tell us how users use our website. With this knowledge we can optimize the website offer.

As 3rd party cookies we use:

  • Google Analytics

  • Google AdWords

  • DoubleClick

  • Google Tag Manager

  • HubSpot

  • Zoho

  • Wistia

  • hotjar

  • Leadfeeder

  • LinkedIn

  • Clarity

  • Bing Ads

  • Facebook Pixel

  • Matomo

  • Sentry

  • Microsoft App Insights

Duration of storage, objection and removal options

Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user have full control over the use of cookies. The transmission of cookies can be deactivated or restricted in your browser. If cookies are deactivated, the functionality of this website may be restricted. You can manually delete stored cookies at any time and also activate the automatic deletion of cookies when you close your browser.

7.    Data Acquisition in the System and Creation of Log Files

Scope of data captured in the system and in the log files

When you access our website, the system automatically collects information that your browser transmits to us about your computer system and temporarily stores it.

  • Full IP address

  • Time and method of the visit

  • URL that was accessed 

  • Version of the HTTP protocol used

  • Notice whether data was successfully accessed

  • Volume of data transferred in kilobytes

  • Internet address of last Internet page visited (referrer).

  • Information on the browser and operating system used

  • Contacts of users in flow sharing

  • Contact comments added by users

  • User-created dashboards and layouts

  • Pages custom layouts

  • User-created data rooms

  • Dataroom Comments

  • IP addresses of successful logins

  • Request track records

  • User profile picture

  • Company logo

  • User saved settings

  • Saved selection criteria

  • Common data room tracking

  • Releases require follow-up in case of invalid authorizations (e.g. LP release to GP)

  • Terms of Use User information (IP address, browser details and date)

  • User clicks

  • User-created businesses

  • Users part of the companies and their responsibilities

  • Company information

  • User stored information

  • Watching us invitations and connections

  • Watch invitations and connections

  • User set cards

  • Disclaimers for companies

  • Investment data files uploaded by users

  • Notifications

  • Track views per video

  • Tracking of views per market report

This data will not be merged with other data sources.

This data is also stored in the server log files of our system. Only pseudonymized IP addresses of visitors to the website are stored. At web server level, this is done by storing an IP address 123.123.123.XXX in the log file instead of the actual IP address of the visitor, e.g. 123.123.123.123.123, whereby XXX is a random value between 1 and 254. The creation of a personal reference is not possible for us. A storage of this data together with other personal data of the user does not occur here either.

Legal basis for the data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 S. 1 lit. f GDPR.

Purpose of data processing

We pursue the following goals in the processing of user data:

The temporary storage of the information captured by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. The data is also used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also include our legitimate interest in data processing pursuant to Art. 6 Para. 1 S. 1 lit. f GDPR.

Storage period of data in the system and log files

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data to provide the website, this is the case when the session in question has ended.

If the data is stored in log files, the following applies:

We store the data on our servers for a period of 7 days. They are then deleted. Backups of this data are stored for a total of 14 days in encrypted form.

The data may also be temporarily stored for as long as is necessary to protect CEPRES's legal rights or to ward off unjustified legal claims.

Possibility of objection and removal

The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object this process.

8.    Registration for Private Equity Services

Scope of data collection during registration

Our website offers a platform for the exchange of information, networking, training and the use of other private equity software services, in particular for monitoring the success of your own investment strategy. Institutional investors, fund managers and advisors have the opportunity to register for our service platform by providing their personal data. The registration data is entered into an input mask and transmitted to us and stored. The registration data will not be passed on to third parties unless it pertains to one of the below cases.

The user's contact data (e-mail, first/last name, company name) will be passed on to third parties explicitly specified to the user and only with their explicit confirmation.

The following data will be collected during the registration process:

  • First name

  • Surname

  • Business address

  • Company's name

  • Business e-mail address

  • Service telephone number

  • Password

  • Type of company (GP/LP or other private market investment participant)

The user can upload his own profile picture. This is displayed to the specified third party after explicit contact has been made.

Of course, the above information is voluntary. However, CEPRES requires all data in order to set up a user account and draw up the user contract. The provision of our services is not possible if information is missing.

The following data will also be stored at the time of registration:

  • IP address

  • Browser Information

  • Time Specification

As part of the registration process, we obtain the user's consent to contact the user by e-mail to confirm the registration. The user will then receive a confirmation e-mail confirming his or her authorization for the e-mail account and confirming your registration. You can then log on to our website to use our services after completing your registration. Your user name and password will be requested for identification purposes.

The personal data will be stored by CEPRES on Servers in Germany.

The following personal data that you provide to us is forwarded to our Customer Relationship Management Tool (CRM) system provider, Zoho CRM:

  • First name

  • Surname

  • Official address

  • Company name

  • Business e-mail address

  • Service telephone number (non-mandatory field)

  • Type of company (GP/LP)

CEPRES has concluded a Processing Agreement with Zoho Corp.

Legal Basis for Data Processing

The processing of the user data is covered in the contract of use concluded between the user and Cepres GmbH. The legal basis for the processing of the data is therefore Art. 6 Para. 1 S. 1 lit. b GDPR. If the natural person who enters his or her personal data is not directly contractual partner, for instance because he or she acts on behalf of an employer, the legal basis for the processing the data is Art. 6 Para. 1 S. 1 lit. f GDPR. The legitimate interest for using the personal data and for using Zoho as a CRM system is our interest to provide our private equity services to customers.

The legal basis for the use of the e-mail address to send a confirmation e-mail is your consent in connection with Art. 6 Para. 1 S. 1 a GDPR.

Purpose of data processing

The registration of a user to our website is necessary in order to use our services. We use your personal information to create an account, to conclude the user contract with the user and to provide service support. Data such as the IP address, date and time are also recorded in order to prevent misuse of the services or the e-mail address used.

Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

CEPRES therefore retains the data as long as the user is a registered user of CEPRES. The data is deleted within 2 weeks after the user contract ends. CEPRES may keep your e-mail address for as long as you have subscribed to the newsletter.

We permanently document your consent to be contacted by e-mail for the purposes of proof. This data will be deleted if it does not have to be kept for documentation purposes under competition or data protection laws any longer.

Possibility of objection and removal

You can change the data stored about you at any time. You can terminate your registration on our site by sending us an email or sending us a letter explaining your request. We will confirm receipt of your request within 48 hours and explain the next steps.

You can revoke your consent to us contacting you us by e-mail at any time, e.g. via the contact form or by e-mail. We will then delete your e-mail address unless there is another legal basis for the processing, for example your consent to still receive the newsletter.

9.    Newsletter

With your consent you can also subscribe to our newsletter. With this newsletter we inform you about new developments in the field of Private Equity.

Scope of data collection

For the newsletter dispatch we record your e-mail address. This information is of course voluntary, but you cannot register for the newsletter without it.

For the processing of the data in the context of the registration procedure to the newsletter your consent is separately obtained and this Privacy Statement is referred to. You will then receive a confirmation e-mail with a confirmation link (so-called "Double Opt In"). Your registration only becomes effective when you have clicked on the confirmation link. Your consent is voluntary and revocable at any time.

No data will be passed on to third parties in connection with data processing for the dispatch of newsletters, except for technical dispatch to ActiveCampaign. The data will be used exclusively for the dispatch of the newsletter.

When you subscribe to our e-mail newsletter, the time and IP address assigned to your terminal device at the time of subscribing to the newsletter will be stored until the newsletter subscription ends. In addition to this data, the following data will also be stored each time a newsletter is opened: location (country), browser information and, if applicable, click behavior and number of openings.

Legal basis for data processing

The legal basis for the processing of user data user after registration for the newsletter is Art. 6 Para. 1 S. 1 lit. a GDPR if the user has given their consent. The legal basis for the other personal data processed when first subscribing (time and IP address) and later opening newsletters (location (country), browser information, click behavior, number of openings) is Art. 6 Para 1 S. 1 lit. f) GDPR.

Purpose of data processing

The collection of the user's e-mail address serves to deliver the newsletter. We also use your e-mail address to send you a confirmation e-mail with which you can confirm your contact (double opt-in).

Duration of storage

Your data, which we have collected and stored when registering for the newsletter, will be stored as long as the subscription to the newsletter is active, after which it will be deleted immediately.

Objection and removal possibility

You may modify your newsletter preferences or outright terminate your subscription to the newsletter at any time. To do so there is a corresponding link in every newsletter. You can also revoke the subscription by other means, such as e-mail. This also revokes your consent to the storage of personal data collected during the registration process, such as the IP address at that time.

10.    Contact Form

There is a contact form on our website which you can use to contact us electronically.

Scope of data collection

The following data is collected and stored when using the electronic contact form:

  • Name

  • Email

  • Job title

  • Company information

  • Investor profile

  • Subject

  • Message

All information is voluntary. However, we can only answer you if you give us at least your name and e-mail address. In terms of content, a message is also necessary in order to be able to provide a meaningful response.

If you send us enquiries via the contact form, your details from the enquiry form including the contact data you entered there will be stored in ActiveCampaign and Zoho CRM for the purpose of processing the enquiry and, potentially, follow-up questions. The data you enter will then also be stored locally with the e-mail, there is a processing agreement with Zoho in this connection.

Your consent will be obtained for the processing of this data as part of the sending process and reference will be made to this data protection declaration.

In the case of technical data, IP address, date and time are also recorded when you contact us.

Legal basis of the processing

The processing of the e-mail address entered in the contact form to respond to your contact request is covered by your consent (Art. 6 Para. 1 S. 1 lit. a GDPR).

The legal basis for the processing of your message and the other data provided by you or collected as technical data when contacting us is Art. 6 Para. 1 S. 1 lit. f GDPR. If the purpose of establishing contact is to conclude a contract, the additional legal basis for processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

Purpose of processing

The personal data collected by us for the use of the contact form will be used to process your enquiry. In addition, we evaluate your contact and our response to it in order to improve the quality of follow-up messages to potential customers. In both aspects we have a legitimate interest in data processing.

The other technical personal data processed during contact are used to prevent misuse of the contact form and to ensure the security of our information technology systems. This is at the same time the legitimate interest required by Art. 6 Para. 1 S. 1 lit. f GDPR.

We also store your consent to the contact for reasons of documentation in order to limit risks arising from data protection and competition laws. This, also, is a legitimate interest in the sense of Art. 6 Para. 1 S. 1 lit. f GDPR.

Storage period

The data entered by you in the contact form will be deleted as soon as they are no longer required for the above-mentioned purposes, i.e. the conversation has ended and the evaluation of the follow-up activities has been completed. The data may, however, remain stored temporarily as long as this is necessary for the assertion, exercise and defense of legal claims or if legal storage obligations exist. If there is no reaction to the follow-up, the data will be deleted within a period of 2 months.

The additional personal data collected during the sending process will be deleted after a period of 14 days at the latest.

We document the consent to contact by e-mail for evidence purposes permanently. These data will be deleted if they do not have to be kept for documentation purposes either under competition or data protection laws.

Possibility of objection and removal

You have the possibility at any time to revoke your consent to CEPRES contacting you via e-mail. However, this does not make communications that have already been made illegal. To revoke your consent, please send us an e-mail or use the contact form.

You can object to the storage of any other personal data you have entered in the contact form at any time. If you wish to object, please contact us by e-mail or using the contact form. All personal data stored in the course of contacting us will be deleted in this case. However, the data may remain stored temporarily as long as this is necessary for the assertion, exercise and defense of legal claims or if legal storage obligations exist.

11.    Contact by E-mail

As an alternative to the contact form, it is also possible to contact us via the e-mail address provided.

Scope of data collection

In this case, the personal data of the user transmitted with the e-mail will be stored. This data is received on the server of our web host in Germany and is then forwarded to CEPRES, where it is stored locally. In this context, CEPRES will not pass on the data to third parties. The data will be used exclusively for the processing of the conversation.

Legal basis of data processing

The legal basis for processing the data transmitted in the course of sending an e-mail is Art. 6 Para. 1 S. 1 lit. f GDPR. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

Purpose of data processing

The processing of the personal data contained in the e-mail by CEPRES serves solely to process the establishment of contact. This is also the necessary legitimate interest in the processing of the data that you have sent by e-mail, Art. 6 Para. 1 S. 1 lit. f GDPR. In addition, we evaluate your contact and our response to it in order to improve the quality of follow-up messages to potential customers. In both aspects, we have a legitimate interest in data processing. The evaluation is done internally by Cepres and stored in Zoho CRM.

Storage period

The data you send us by e-mail will be deleted as soon as they are no longer required for the above-mentioned purposes, i.e. the conversation has ended and the evaluation of the follow-up activities has been completed. However, the data may remain stored temporarily as long as this is necessary for the assertion, exercise and defence of legal claims or if there are legal storage obligations.

If there is no reaction to the email, the data will be deleted within a period of 6 months.

Objection and removal possibility

You may contact us by e-mail to object to the storage of your personal data at any time. In such a case, the conversation cannot be continued. Please contact us by e-mail or using the contact form for such an objection. All personal data stored in the course of contacting us will be deleted in this case. However, the data may remain stored temporarily as long as this is necessary for the assertion, exercise and defence of legal claims or if legal storage obligations exist.

12.    Facebook, LinkedIn and Twitter

On our page you can find links to our respective Facebook, LinkedIn and Twitter accounts. Only when you follow this link will data be transferred to Facebook, LinkedIn or Twitter. This data is then stored on servers in the USA without CEPRES having any influence on it. Please note that in the US, European Privacy Law and in particular GDPR do not apply. The US legal system does not provide for the same standard of protection for your personal data. In particular, third parties may have access to the data based on US national security legislation.

Responsible in this case is the respective social network, namely

  • Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;

  • LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA;

  • Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA;

Facebook's privacy policy can be found at https://www.facebook.com/about/privacy/. You can find LinkedIn's privacy statement at https://www.linkedin.com/legal/privacy-policy and Twitter's privacy statement at https://twitter.com/privacy.

13.    Wistia

Data processing by Wistia

This website uses the Wistia service to display online videos.

Wistia collects user data as soon as the user plays a video that is embedded on our page. Wistia uses a Cookie for this feature which is saved in your browser.

With the Cookie, Wista can collect information on the user’s IP address, geographic location, browser info, device info, operating system and details on how the video was watched are then transmitted. If the video is viewed while the user is logged in as a registered user of Wistia, the content is specifically assigned to the user. The user can prevent this by logging out of his or her Wistia account before starting the video.

This service is provided by Wistia Inc, 17 Tudor Street, Cambridge, USA. Further information on the processing and storage of data by Wistia, Inc. can be found at https://wistia.com/privacy.

Processing Agreement

CEPRES and Wistia have entered into a Processing Agreement with Google as our Processor (Art. 28 GDPR)

Transfer of personal Data to the US and Standard Contractual Clauses

Personal data such as the IP-adress will be stored by Wistia in the US. We have concluded Standard Contractual Clauses with Wisitia to protect the data. CEPRES has assessed the risk that exists in connection with this data transfer. Wistia has taken precautionary measures, such as full compliance and certification with the EU-US and Swiss-US Privacy Shield. However, a risk remains that US secret services can access the data that is processed by Wistia.

Legal basis for processing

The legal basis for the processing of your data is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

Purpose of processing

We process the data and use the Wistia services as described above to analyze how our video content is watched and to improve the content we offer.

Storing period

The Cookies stored in the users’ browser by Wistia expire after (….). CEPRES retains the results that Wistia delivers for a longer period,  but these statistics no longer include information on an identifiable user.

14.     Google AdWords Conversion

Use of Google AdWords

CEPRES uses Google AdWords to draw attention to our offers on external websites with the help of advertising media (so-called Google AdWords). By using Google AdWords Conversion, we can determine how successful the individual advertising measures are in relation to the data from the advertising campaigns. This is done to enable us to display advertising to users that is of interest to them, to make our website more interesting for users and to achieve a fair calculation of advertising costs.

AdWord Cookies

The advertising media are delivered by Google via so-called "Ad Servers". We use Ad Server Cookies for this purpose, which can be used to measure certain parameters such as the display of ads or clicks by users. If a user accesses our website via a Google advertisement, Google AdWords stores a cookie in this user's system. These cookies usually lose their validity after 30 days. They are not intended to personally identify the user. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values.

Evaluation of advertising measures

These cookies enable Google to recognize a user's Internet browser. If a user visits certain pages on our website and the cookie stored on their computer has not yet expired, Google and CEPRES may recognize that the user clicked on the ad and was directed to our page. CEPRES itself does not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. These evaluations enable us to identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information.

Connection of your browser to Google

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. CEPRES has no influence on the extent and further use of the data collected by Google through the use of this tool and therefore informs you according to our state of knowledge: By integrating AdWords Conversion, Google receives the information that you have called up the relevant part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible for the provider to find out and store your IP address.

Options and removal

You can prevent participation in this tracking procedure in various ways:

  1. a) By setting your browser software accordingly, in particular by suppressing third party cookies, you will not receive advertisements from third parties;

  2. b) by disabling conversion tracking cookies by setting your browser to block cookies from the "www.googleadservices.com" domain, https://www.google.de/settings/ads, which is deleted when you delete your cookies;

  3. c) by disabling the interest-based ads of the Providers that are part of the "About Ads" self-regulatory campaign via the link https://www.aboutads.info/choices, which setting will be deleted if you delete your cookies;

  4. d) by permanent deactivation in your Firefox, Internet Explorer or Google Chrome browsers under the link https://www.google.com/settings/ads/plugin. Please note that in this case you may not be able to make full use of all the functions of this offer.

Processing Agreement

CEPRES and Google have entered into a Processing Agreement with Google as our Processor (Art. 28 GDPR)

Transfer of personal Data to the US and Standard Contractual Clauses

Personal data such as the IP-adress will be stored by Google in the US. We have concluded Standard Contractual Clauses with Google to protect the data. CEPRES has assessed the risk that exist in connection with this data transfer. Google has taken precautionary measures, a risk remains that US secret services can access the data that is processed by Google.

Legal basis for processing

The legal basis for the processing of your data is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

Purpose of processing

We process the data and use the Google services as described above to analyze the effectiveness of our advertising measures and to improve them.

Storing period

The Ad Server Cookies stored in the users’ browser expire after 30 days. CEPRES retains the results that Google delivers for a longer period, but these statistics no longer include information on an identifiable user.

Learn more about privacy at Google

You can find further information on data protection at Google here: https://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html.

Alternatively, you can visit the Network Advertising Initiative (NAI) Web site at https://www.networkadvertising.org

 15.    Google Analytics 

This website uses functions of the web analysis service Google Analytics, a web analysis service of Google Inc. ("Google"). The use of Google Analytics takes place in accordance with the requirements on which the German data protection authorities have agreed with Google.

Analytics cookies

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States.

Usually: IP anonymization

We have activated the IP anonymization function on this website. This will cause Google to shorten your IP address within member states of the European Union or other signatory states to the Agreement on the European Economic Area before it is transmitted to the United States. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.

No combination with other Google data

The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.

Configuration of your browser, browser plug-in - Objection to data collection

You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website.

In addition, you can prevent Google from collecting the data generated by the cookie and your use of the website (including your IP address) and Google from processing this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

You can also prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie is set to prevent the collection of your information on future visits to this website: Disable Google Analytics.

For more information on how Google Analytics uses user data, please refer to Google's privacy policy:

https://support.google.com/analytics/answer/6004245?hl=en

The website uses Google Analytics with the extension "_anonymizeIp()". This shortens the processing of IP addresses, thus excluding the possibility of personal references. If the data collected about you is related to a person, this is excluded immediately and the personal data is deleted immediately.

Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

Terms of use: https://www.google.com/analytics/terms/de.html

Overview of data protection: https://www.google.com/intl/de/analytics/learn/privacy.html

Privacy policy: https://www.google.de/intl/de/policies/privacy

Purpose of processing

We use Google Analytics to analyse the use of our website and to improve it regularly. The statistics obtained allow us to improve our services and make them more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Legal basis for the processing

The legal basis for the use of Google Analytics is your consent in connection with Art. 6 Para. 1 S. 1 lit. a GDPR.

Processing Agreement

CEPRES and Google have entered into a Processing Agreement with Google as our Processor (Art. 28 GDPR)

Transfer of personal Data to the US and Standard Contractual Clauses

Personal data such as the IP-adress will be stored by Google in the US. We have concluded Standard Contractual Clauses with Google to protect the data. CEPRES has assessed the risk that exist in connection with this data transfer. Google has taken precautionary measures, a risk remains that US secret services can access the data that is processed by Google.

16. Sentry

CEPRES uses a self-hosted instance of sentry.io, which offers an application monitoring solution designed to identify, monitor, and alert developers to errors, bugs, and other performance issues that are occurring in their applications. The data is collected and hosted exclusively within CEPRES datacenters.

Sentry's privacy policy can be found here: https://sentry.io/privacy/

 17. Matomo

CEPRES uses a modified self-hosted instance of Matomo to track user behavior across our products to understand how they are being used. We have opted for Matomo to ensure data privacy is taken seriously. The data is collected and hosted exclusively within CEPRES datacenters.

Matomo's privacy policy can be found here: https://matomo.org/privacy/

 18. Microsoft Application Insights

CEPRES uses Microsoft Application Insights, which monitors our applications all the time it's running, both during testing and after they are published or deployed. Application Insights creates charts and tables that show informative metrics. If there are failures or performance issues, CEPRES can search through the telemetry data to diagnose the cause.

More information about Application Insights can be found here: https://learn.microsoft.com/en-us/azure/azure-monitor/app/data-retention-privacy

19.    Revocation of Consent

If you have given your consent to the processing of your data, you may revoke it at any time. Such revocation will affect the permissibility of the processing of your personal data after you have expressed it to us.

20.    Objection to processing

Insofar as we base the processing of your personal data on the balance of interests, you may object to the processing, for example because you consider the processing to be unnecessary for the purpose. When exercising such an objection, please explain the reasons why we should not process your personal data any more. We will then either stop or adjust the data processing or explain to you the legitimate grounds on the basis of which we will continue the processing.

Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. In this case, please contact:

Mr. Benedikt Hoefelmayr, dataprotection@cepres.com, Balanstraße 49 Building C, 6. Floor, 81669, Munich, Germany, Tel: +49 (0) 89 232495610.

21.    What other rights do you have with regard to your data?

You have the following rights with respect to the personal data concerning you:

You have the right to obtain confirmation as to whether or not personal data concerning your person is being processed, and the right to obtain information about such data, as well as further information and a copy of the personal data (Art. 15 of the GDPR).

You have the right to request that data concerning you be completed or, in case your personal data is incorrect, it is corrected (Art. 16 of the GDPR).

Furthermore, you have the right to demand that data concerning you be deleted without delay. As an alternative, you can also demand restriction of the processing of the personal data (Art. 18 of the GDPR).

You have the right to demand that you receive the personal data which you have provided to us. They have to be presented to you in a structured, common and machine-readable format. You may demand that we transfer the data to other data controllers (Art. 20 GDPR).

Pursuant to Art. 77 of the GDPR, the right to lodge a complaint with the competent supervisory authority.