Privacy statement casavi.com
casavi GmbH (hereinafter: „casavi“ or „we“) complies with all relevant legal data protection requirements (German data protection laws, European data protection directives and any other applicable data protection law).
casavi reserves the right to amend this privacy statement. The current version of the privacy statement is available on this page. Via your browser, you can save or print the privacy statement or download a PDF here at any time.
Please note that this privacy statement is not intended for the portal mycasavi.com. Information about the processing of of personal data via the portal mycasavi.com is available here.
- Details of the responsible person, data protection officer
According to Art. 4 No. 7 of the European General Data Protection Regulation („GDPR“), responsible for operating the website www.casavi.com is
Telephone: +49 (0)89 2154 5359 – 0
Telefax: +49 (0)89 2154 5359 – 9
It is represented by the managing directors Peter Schindlmeier and Oliver Stamm.
If you have any questions or comments about this privacy statement or about data protection in general, you can also contact our data protection officer at DSB@casavi.de or by post at „DSB casavi“, c/o Rickert Rechtsanwaltsgesellschaft mbH, Colmantstr. 15, D-53115 Bonn.
- General informationen about the processing of your personal data
We process personal data insofar as this is necessary for the provision of a functioning website or for the further provision of services. In addition, we process your personal data for the purpose of responding to contact requests, improving the offer and for any security measures. These and other possible purposes are explicitly stated below for each processing operation. Automated decisions in individual cases, including profiling, do not take place.
- Legal bases and purposes for processing your data
- Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) sentence 1 lit. a GDPR serves as the legal basis. Your consent can be revoked at any time.
- When processing personal data that is necessary for the performance of a contract for consideration or free of charge, Art. 6 (1) sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
- Insofar as processing is necessary for the fulfilment of a legal obligation to which our company is subject, Article 6 (1) sentence 1 lit. c) GDPR serves as the legal basis.
- In the event that processing is necessary for the performance of a task executed in the public interest or in the exercise of official authority vested in the controller, the legal basis is Article 6 (1)(e) GDPR.
- If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6 (1) sentence 1 lit. f GDPR serves as the legal basis for the processing.
- Your rights as a data subject
You may assert the following free rights against any controller of your personal data pursuant to Art. 4 No. 7 GDPR in accordance with the statutory provisions:
- Right to withdraw your consent (Art. 7 (3) GDPR): the revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
- Right to information: you can request information in accordance with Art. 15 GDPR about your personal data that we process. The restrictions of § 34 BDSG apply.
- Right to object: you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is carried out on the basis of Article 6 (1) sentence 1 lit. f GDPR. The controller will then no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defence of legal claims. The collection of data for the provision of the website and the storage of log files are absolutely necessary for the operation of the website.
- Right to rectification: if the information concerning you is not (or no longer) accurate, you can request a rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request it to be completed.
- Right to deletion: you can request the deletion of your personal data in accordance with Art. 17 GDPR. The restrictions of § 35 of the German Federal Data Protection Act apply.
- Right to restriction of processing: you have the right under Art. 18 GDPR to request restriction of the processing of your personal data.
- Right to data portability: in the event that the requirements of Art. 20 (1) GDPR are met, you have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to third parties. The collection of data to provide the website and the storage of log files are absolutely necessary for the operation of the website. They are therefore not based on consent according to Art. 6 par. 1 sentence 1 lit a GDPR or on a contract according to Art. 6 par. 1 sentence 1 lit b GDPR, but are justified according to Art. 6 par. 1 sentence 1 lit f GDPR. The requirements of Art. 20 (1) GDPR are therefore not fulfilled.
To assert your rights against casavi, please use the contact details above. Our data protection officer is also available for confidential enquiries. You can reach him under the contact details listed above.
You also have the right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 et seq. GDPR to complain to a data protection supervisory authority about the processing of your personal data by the data controller. The supervisory authority responsible for us is The Bavarian State Commissioner for Data Protection, P.O. Box 22 12 19, 80502 Munich, Germany, firstname.lastname@example.org. You can find an overview of all supervisory authorities at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
- General information on processing time
The data processed by us will be deleted or restricted in its processing in compliance with the statutory provisions, in particular in accordance with Art. 17 and 18 GDPR. Unless expressly stated within the scope of this data protection declaration, we delete data stored by us as soon as it is no longer required for its intended purpose. Beyond the point in time when the purpose ceases to exist, data is only retained if it is required for other and legally permissible purposes or if the data must continue to be retained due to legal retention obligations. In these cases, processing is restricted, i.e. blocked and not processed for other purposes. There is a legal obligation to retain records, for example, due to documentation obligations under tax and commercial law. In certain cases, longer storage may be necessary, for example for the purpose of preserving evidence within the framework of the statutory limitation provisions according to §§ 194 ff. of the German Civil Code.
- Recipients of data, third country transfer
In some cases, we use external service providers who are bound by our instructions to process your data. These have been carefully selected and commissioned by us and are regularly monitored. The assignments are based on agreements on commissioned processing in accordance with Art. 28 GDPR. Independent processing for our own purposes does not take place through the processors. Information on the processors used can be found under the following points.
In some cases, we use processors from countries outside the European Union, Norway, Iceland and Liechtenstein (EEA). The following countries have an adequate level of protection based on an EU adequacy decision: Andorra, Argentina, Canada (limited), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay. With recipients from other third countries, we agree on EU standard contractual clauses to guarantee an adequate level of protection. Where necessary, supplementary safeguards are agreed to ensure an adequate level of data protection. The standard contractual clauses used also oblige the processors of casavi GmbH to check before each data transfer and taking into account the circumstances of the data transfer whether the level of protection to be guaranteed is complied with.
- Processing of data when visiting our website
- Technical provision of the website – server log files
For the informational use of our website, it is generally not necessary for you to actively provide personal data. Rather, in this case we collect and use the data that your internet browser automatically transmits to us. This includes:
- date and time of access
- host name of the accessing computer
- your browser type;
- the browser settings;
- the operating system used;
- the last page you visited;
- websites accessed via the website;
- the amount of data transferred and the access status (file transferred, file not found, etc.);
- your IP address.
The data is processed on servers rented by us. We do not process this data together with any personal data other than that specified above. The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. Your IP address is kept accessible only to administrators of this website. After 24 hours at the latest, your IP address is anonymised so that it is no longer possible to assign your person by tracing the internet connection. Anonymization takes place by shortening your IP address by three digits.
The temporary processing of the aforementioned data is technically necessary for the offer of our website in order to display our website correctly and to ensure the stability and security of our information technology systems. These purposes also constitute our legitimate interest in data processing, Art. 6 para. 1 p. 1 lit. f GDPR.
We store log files with your anonymized IP address to avert dangers and for our IT security as well as to prove possible attacks. These purposes are also our legitimate interest in data processing. A personal evaluation of the data, in particular for marketing purposes, does not take place. The legal basis for this is Art. 6 para. 1 p. 1 lit. f GDPR.
To operate this website, we use the hosting provider Amazon Webservices (AWS), which processes inventory data, contact data, content data, contract data, usage data, meta data and communication data of visitors or customers of this website on our behalf and on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 (1) sentence 1 lit. f, 28 GDPR.
Our legitimate interest in an efficient and secure provision of the web offers within the meaning of Art. 6 (1) p. 1 lit. f GDPR forms the basis for the use of AWS. AWS has been contractually obligated by means of an order processing agreement pursuant to Art. 28 GDPR to process personal data only on our instructions.
Through standard contractual clauses concluded with us, AWS offers a guarantee of compliance with European data protection law. Our website is hosted on servers within the European Union.
For more information about our processor AWS, please see https://aws.amazon.com/de/compliance/germany-data-protection/.
- Google Fonts
On this website, we have integrated certain fonts provided by the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). When you call up a page, your browser loads these fonts from a Google server. In the process, your IP address including the URL (internet address) of the website you have visited will be transmitted to a Google server. If you are logged into your Google account, you enable Google to assign your surfing behaviour directly to your personal profile.
Google Web Fonts are used for the purpose of a maintenance-free, uniform and appealing presentation of our website. This represents a legitimate interest within the meaning of Art. 6 (1) p. 1 lit. f GDPR. If your browser does not support web fonts or you deactivate this function, no data transfer takes place.
- Web analysis – Google Analytics
On the basis of your consent, which can be revoked at any time with effect for the future, pursuant to Art. 6 (1) sentence 1 lit. a, Art. 7 GDPR, we use the Google Analytics service for the purpose of analysis and optimization on our pages. This is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. At the same time, you consent pursuant to Article 49 (1) sentence 1 lit. a GDPR that your data may be processed at the parent company of the processor Google in the USA.
Google uses the aforementioned information on our behalf to evaluate your use of our websites, to compile reports on website activity for us and to provide us with other services associated with the use of websites and the internet.
The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. In order to exclude a direct personal reference, we use Google Analytics with the extension “anonymizelp”. Your IP address is only recorded by Google in shortened form, which ensures anonymization and does not allow any conclusions to be drawn about your identity. With IP anonymization on our websites, your IP address is shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. The information collected by the cookies about the use of our websites (including your anonymized IP address) may under certain circumstances be transferred to a Google server in the USA under Google’s responsibility and stored there. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.
We have extended Google Analytics with the so-called Google Tag Manager. This is a solution with which we can manage so-called website tags via an interface and thus integrate other services such as Google Analytics into our online offer. Therefore, no profiles are created via the Tag Manager itself. No cookies are stored either. Google only learns the IP address of the user, which is necessary to run the Google Tag Manager.
- Google Remarketing
We use the Google Remarketing function, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043). The remarketing function is used to present interest-based advertisements to visitors to the website as part of the Google advertising network. Your browser stores cookies (text files) on your computer for this purpose. This makes it possible to recognize you as a visitor as soon as you visit websites that also belong to the Google advertising network. This also includes internet offers from Google itself.
You may then be shown interest-based advertising on the pages of the advertising network, the content of which relates to the previously accessed web pages (i.e. also to the content of this website).
This personal data is processed for the purpose of optimizing our offers and individualized advertising on the basis of your consent, which can be revoked at any time with effect for the future, Art. 6 (1) sentence 1 lit. a, Art. 7 GDPR. At the same time, you consent pursuant to Art. 49 (1) sentence 1 lit. a GDPR that your data may be processed at the parent company of the order processor Google in the USA.
If you still do not wish to use Google’s remarketing function, you can deactivate it using the following link:
- Individual functions of your website
- Newsletter registration, use of MailChimp
We offer you the opportunity to sign up for our email newsletter on our website. This will send you information by email about offers, promotions and events from casavi. A newsletter will only be sent if you have consented to receive it by providing your email address.
In the event of registration for the newsletter, the following personal data will be processed by us: email address, IP address of the calling computer, date and time of registration. You can provide further categories of data voluntarily.
We use the so-called double-opt-in procedure to register for our newsletter. This means that after your registration, we will send you an email to the email address you provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
To unsubscribe from the newsletter, you can send your cancellation by clicking on the link provided in every newsletter email, by email to email@example.com or by sending a message to the contact details given in the imprint. Complete deletion will take place no later than 30 days after the last date of dispatch.
With the help of MailChimp, we can analyze our newsletter campaigns. This includes measuring the so-called opening rate, i.e. how many recipients have opened individual newsletter emails. Unfortunately, a separate revocation of the performance measurement is not possible, in which case the entire newsletter subscription must be cancelled.
The newsletter is sent using the dispatch service provider “MailChimp”, a service of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. Email addresses are processed exclusively for casavi and are not passed on to third parties. You can find the data protection regulations at https://mailchimp.com/legal/privacy/.
The email addresses of our newsletter recipients are stored on MailChimp servers in the USA. An order processing agreement in accordance with Art. 28 GDPR and so-called standard contractual clauses have been concluded with the dispatch service provider to ensure that processing by MailChimp only takes place on the instructions of casavi and in compliance with European data protection standards.
The legal basis for this data processing is your consent, which can be revoked at any time, Art. 6 para. 1 p. 1 lit. a, Art. 7 GDPR. At the same time, you consent pursuant to Art. 49 (1) sentence 1 lit. a GDPR that your data is processed by the MailChimp processor in the USA.
- Contact us by email / contact form
We are happy for you to contact us, whether by contact form, phone, email or social media.
In the case of contact via email and social networks, we process the contents of the correspondence (texts, photos, other attachments) as well as automatically accruing metadata (e.g. email headers, IP addresses). In the case of contact via email, we also process your email address.
When you contact us via the contact form, we process the data you enter and automatically generated metadata. This includes, in particular, the contact data entered (name, company name, telephone number, email address, address). In addition, the address of the last website you visited may be stored if you accessed our contact form via an advertising banner. For contacting us via our form, we only need your email address to be able to reply to you. In addition, you can voluntarily enter your name so that we can address you personally.
The purpose of the processing is the handling and administration of contact requests as well as the initiation and maintenance of customer and prospect communication. Your data will not be passed on to third parties without your express consent.
Depending on the content of the enquiry, the processing of your data in the context of a contact is carried out on the basis of your (presumed) consent in the case of purely informational enquiries in accordance with Art. 6 (1) sentence 1 lit. a, Art. 7 GDPR, or in accordance with Art. 6 (1) sentence 1 lit. b GDPR, insofar as the contacts are in connection with (pre-)contractual performance obligations.
Please note that if you contact us via the contact form, your contact data may be stored in a file system for the administration of enquiries (customer relationship management or comparable systems for organising enquiries). The legal basis for this is Art. 6 para. 1 p. 1 lit. f GDPR. casavi has a legitimate economic interest in maintaining contacts that have arisen in the course of business transactions, even beyond the initial contact, and in using them to establish or maintain a business relationship. You can object to the processing within the CRM system at any time free of charge.
The provider of the customer relationship management system is Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia. We have concluded an order processing agreement with Pipedrive OÜ in accordance with Art. 28 of the German Data Protection Regulation (GDPR), with which Pipedrive undertakes to process personal data exclusively on the instructions of casavi. For more information on our processor, please see https://www.pipedrive.com/en/privacy.
For the purpose of general organisation, sending and receiving emails, we use the non-advertising email programme (email client) Google Mail, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Information on data protection at https://privacy.google.com/. In addition, we use the ticket management system Intercom for the purpose of structured processing and organization of enquiries. You can find more information about our order processor Intercom at https://www.intercom.com/de/terms-and-policies. The purposes described above are also our legitimate interests according to Art. 6 para. 1 p. 1 lit. f GDPR.
We will delete your contact requests immediately after processing, unless legal retention periods require further storage.
- Chat function
When contact is made via the chat function offered, we process the data entered by you and automatically accruing metadata. This includes, in particular, contact data entered (name, company name, telephone number, email address, address) and selected responses within the chat.
Please note that in the event of contact via chat, your contact data (name, email address, company name, telephone number, address) and the selection of predefined answers may be stored in a file system for the administration of enquiries (customer relationship management or comparable systems for enquiry organization). The legal basis for this is Art. 6 para. 1 p. 1 lit. f GDPR. casavi has a legitimate economic interest in maintaining contacts that have arisen in the course of business transactions even beyond the initial contact and in using them to establish or maintain a business relationship. You can object to the processing within the CRM system at any time free of charge.
The provider of the chat module and the customer relationship management system is Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, Estonia. We have concluded a commissioned processing agreement with Pipedrive OÜ in accordance with Art. 28 GDPR, with which Pipedrive undertakes to process personal data exclusively on the instructions of casavi. For more information on our processor, please see https://www.pipedrive.com/en/privacy.
You can find more information about our processor Google at https://privacy.google.com/.
We will delete your contact requests immediately after processing, unless legal retention periods require further storage.
- casavi Test for free
The legal basis for this is usually Art. 6 para. 1 p. 1 lit. b GDPR for the fulfilment of (also pre-)contractual obligations. This also includes the creation of a user profile.
If you do not decide in favour of the product after the test, we will delete your data within one month at the latest.
- Use of the career portal at casavi.de
You have the option to apply online via our website for vacancies posted there. To do so, you can send us your application documents after selecting the respective position. The data you enter in the form (surname, first name, email address, telephone number, date of availability, application documents (CV, references, cover letter) and optionally salary requirements, XING and LinkedIn details) will be processed by us after you click on the “Send application” button.
The processing is carried out exclusively for the implementation of the application procedure and on the basis of Art. 88 para. 1 GDPR in conjunction with. § 26 para. 1 p. 1 of the German Federal Data Protection Act. There is no transmission to third countries.
After completion of the application procedure, your data will be kept for a further 6 months in the event of an unsuccessful application for the purpose of legal defence and then deleted.
- Video portal: Vimeo
We use the services of the platform “Vimeo” of the provider Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA for the videos. You can find the data protection declaration of Vimeo at https://vimeo.com/privacy.
The integration of videos via the video plugin from Vimeo serves to personalize our website. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The legal basis for this data processing is your consent, which can be revoked at any time, Art. 6 para. 1 sentence 1 lit. a, Art. 7 GDPR. At the same time, you consent pursuant to Art. 49 (1) sentence 1 lit. a GDPR to the processing of your data by the processor Vimeo in the USA.
- Video portal: YouTube
We integrate the videos of the platform “YouTube” of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.
If you have logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile.
The integration of videos via the YouTube video plugin serves to personalize our website. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. However, personal data for the purposes of analysis and evaluation by Google will only be transmitted as a result of your consent, which can be revoked at any time with effect for the future, Art. 6 para. 1 sentence 1 lit. a, Art. 7 GDPR. At the same time, you consent pursuant to Art. 49 (1) sentence 1 lit. a GDPR that your data may be processed by the parent company of the processor Google in the USA.
You can find the opt-out option at: https://adssettings.google.com/authenticated.
- Google Maps
We use the Google Maps service on our website. This service is provided by the operator Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The offer allows us to display interactive maps directly on our website.
When you visit our website, Google receives the information that you have accessed the corresponding sub-page of our website. This takes place regardless of whether Google provides a user account via which you are logged in or whether no user account exists. Google processes your data as usage profiles and uses them for the purposes of advertising, market research and/or designing the website to meet your needs.
Google Maps is used in the interest of an attractive presentation of our online offers and to make it easy to find the places we have indicated on the website. The legal basis is your consent, which can be revoked at any time with effect for the future, Art. 6 para. 1 p. 1 lit. a, Art. 7 GDPR. At the same time, you consent pursuant to Art. 49 (1) sentence 1 lit. a GDPR that your data may be processed at the parent company of the processor Google in the USA.
Under certain circumstances, casavi collects information about the use of the website through the use of so-called browser cookies. These are small text files that are stored on your data carrier and save certain settings and data for exchange with casavi via the user’s browser. A cookie usually contains the name of the domain from which the cookie data was sent as well as information about the age of the cookie and an alphanumeric identifier. Cookies enable the system to recognize the user’s device and make any preferences immediately available. As soon as a user accesses the platform, a cookie is transferred to the hard disk of the respective user’s computer. Cookies help casavi to improve the website and to offer the user a better and more tailored service. They enable casavi to recognize the user’s computer when the user returns to the casavi website and thereby:
- To store information about your preferred activities on the website in order to tailor our website to your individual interests. This includes, for example, advertising that matches your personal interests;
- To speed up the processing of your requests;
- The cookies we use only store the data explained above about your use of the website. This is not done by assigning it to you personally, but by assigning an identification number to the cookie (“cookie ID”). The cookie ID is not merged with the name, IP address or similar data that would enable the cookie to be assigned to the user.
Casavi uses the following cookies:
- Essential cookies: These enable basic functions and are necessary for the proper functioning of the website. It is not possible to use the website without these cookies.
- Marketing cookies: Marketing cookies are used by third parties or publishers to display personalised advertising. They do this by tracking visitors across websites.
- Cookies of external media, which are required for the integration of third-party plug-ins.
Access to a cookie is generally only possible from the internet address from which the cookie is set. This means that we do not have access to the cookies of the third-party providers used. They also do not have access to our cookies.
If you do not wish to use browser cookies, you can, on the one hand, set the browser so that cookies are not accepted. On the other hand, you will be asked to make cookie settings the first time you visit the casavi.de website. In doing so, you can choose which cookies (essential only, marketing or external media cookies) you accept.
- Other data protection information
- Appearances in social media and forwarding to external websites
We maintain presences in social media in order to be able to communicate with and inform customers and interested parties there. When calling up the respective networks, the terms and conditions of the operators apply. The same applies in the event that you are redirected from our website to the website of other providers.
The links of other providers are either clearly marked by us or are recognizable by a change in the address line of your browser. We are not responsible for compliance with data protection regulations and secure handling of your personal data on these websites operated by third parties.
- Data processing security
casavi uses technical and organisational security measures to protect the data you have provided against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. These security measures are continuously improved in line with technological developments. Furthermore, all employees and vicarious agents are obliged to maintain data secrecy. Our security measures are continuously improved in line with technological developments.
Last updated: 09/2020