Privacy
Information on data protection regarding our data processing in accordance with Articles (Art.) 13, 14 and 21 of the General Data Protection Regulation (DSGVO).
We take data protection seriously and hereby inform you how we process your data and which claims and rights you are entitled to according to the data protection regulations. Valid as of May 25, 2018.
1. entity responsible for data processing and contact details
responsible body in the sense of data protection law:
eleven cyber security GmbH
Heidestraße 10
10557 Berlin
+49 (0) 30 / 520056-0
info@eleven.de
Contact details of our data protection officer:
Data Protection Officer of eleven GmbH
HEC Harald Eul Consulting GmbH
Data protection + data security
On the height 34
50321 Brühl
dpo-cyrengmbh@he-c.de
2. purposes and legal basis on which we process your data
We process personal data in accordance with the provisions of the General Data Protection Regulation (DSGVO), the German Federal Data Protection Act (BDSG) and other applicable data protection regulations (details below). Which data is processed in detail and how it is used depends largely on the services requested or agreed in each case. Further details or additions to the purposes of data processing can be found in the respective contractual documents, forms, a declaration of consent and/or other information provided to you (e.g. in the context of using our website or our terms and conditions). In addition, this privacy information may be updated from time to time, as you can see from our website www.eleven.de.
2.1 Purposes for the fulfillment of a contract or pre-contractual measures (Art. 6 para. 1 b DSGVO)
The processing of personal data is carried out for the execution of our contracts with you and the execution of your orders, as well as for the implementation of measures and activities in the context of pre-contractual relationships, e.g. with interested parties. In particular, the processing thus serves the provision of XX according to your orders and wishes and include the services, measures and activities necessary for this. This essentially includes contract-related communication with you, the corresponding billing and associated payment transactions, credit checks, the verifiability of transactions, orders and other agreements, as well as quality control through appropriate documentation, goodwill procedures, measures for the management and optimization of business processes and for the fulfillment of general due diligence obligations, management and control by affiliated companies (e. g. parent company); statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, billing and tax valuation of operational services, risk management, assertion of legal claims and defense in the event of legal disputes; ensuring IT security (e.g. system and plausibility tests) and general security, including building and facility security, safeguarding and exercising domiciliary rights (e.g., through access controls); ensuring the integrity, authenticity, and availability of data, preventing and investigating criminal acts; monitoring by supervisory bodies or control authorities (e.g., auditing).
2.2 Purposes within the scope of a legitimate interest of us or third parties (Art. 6 para. 1 f DSGVO)
Beyond the actual performance of the contract or preliminary contract, we may process your data if it is necessary to protect legitimate interests of us or third parties, in particular for purposes:
- advertising or market and opinion research, insofar as you have not objected to the use of your data;
- obtaining information and exchanging data with credit agencies, insofar as this exceeds our economic risk;
the testing and optimization of demand analysis procedures; - the further development of services and products as well as existing systems and processes;
- the disclosure of personal data as part of due diligence in company sale negotiations;
- for comparison with European and international anti-terrorist lists, insofar as via
- going beyond the legal obligations;
- the enrichment of our data, including through the use or research of publicly available data;
- statistical evaluations or market analysis;
- of benchmarking;
- the assertion of legal claims and defense in legal disputes that are not directly attributable to the contractual relationship;
- the limited storage of the data, if deletion is not possible or only possible with disproportionate effort due to the special type of storage;
2.3 Purposes within the scope of your consent (Art. 6 para. 1 a DSGVO)
Processing of your personal data for certain purposes (e.g. use of your e-mail address for marketing purposes) may also be based on your consent. As a rule, you can revoke them at any time. This also applies to the revocation of declarations of consent given to us prior to the application of the GDPR, i.e. prior to May 25, 2018. You will be informed separately about the purposes and consequences of revoking or not giving consent in the relevant text of the consent.
As a general rule, the revocation of consent is only effective for the future. Processing that took place before the revocation is not affected by this and remains lawful.
2.4 Purposes for the fulfillment of legal requirements (Art. 6 para. 1 c DSGVO) or in the public interest (Art. 6 para. 1 e DSGVO)
Like anyone who participates in business, we are subject to a variety of legal obligations. These are primarily legal requirements (e.g. commercial and tax laws), but also regulatory or other official requirements where applicable. The purposes of the processing may include identity and age verification, fraud and money laundering prevention, the prevention, combating and investigation of terrorist financing and criminal acts endangering assets, comparisons with European and international anti-terrorist lists, the fulfillment of control and reporting obligations under tax law, and the archiving of data for purposes of data protection and data security, as well as auditing by tax and other authorities. In addition, the disclosure of personal data may become necessary in the context of official/court measures for the purpose of gathering evidence, criminal prosecution or enforcement of civil claims.
3. the categories of data we process, insofar as we do not receive data directly from you, and their origin
Insofar as this is necessary for the provision of our services, we process personal data permissibly received from other companies or other third parties (e.g. credit agencies, address publishers). In addition, we process personal data that we have permissibly taken, received or acquired from publicly accessible sources (such as telephone directories, commercial and association registers, civil registers, debtor directories, land registers, the press, the Internet and other media) and may process.
Relevant personal data categories may include, in particular:
- Personal data (name, date of birth, place of birth, nationality, marital status, profession/industry and comparable data)
- Contact details (address, e-mail address, telephone number and similar data)
- Address data (registration data and comparable data)
- Customer history
- Data about your use of the telemedia offered by us (e.g. time of calling up our websites, apps or newsletters, pages/links clicked on by us or entries and comparable data)
- Video data
4. recipients or categories of recipients of your data
Within our company, those internal departments or organizational units receive your data that need them to fulfill our contractual and legal obligations or in the context of processing and implementing our legitimate interests. Your data will only be passed on to external bodies if
- in connection with the execution of the contract;
- for the purpose of fulfilling legal requirements according to which we are obliged to provide information, report or pass on data or the passing on of data is in the public interest (see section 2.4);
- to the extent that external service providers process data on our behalf as order processors or function transferees (e.g., external data centers, support/maintenance of IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data validation or plausibility -(e.g., data validation or plausibility checks, data destruction, purchasing/procurement, customer management, lettershops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, credit institutions, print stores or companies for data disposal, courier services, logistics);
- on the basis of our legitimate interest or the legitimate interest of the third party for the purposes stated in section 2.2 (e.g. to authorities, credit agencies, debt collection, lawyers, courts, appraisers, affiliated companies and committees and supervisory bodies);
- if you have given us consent to transfer the data to third parties.
We will not pass on your data to third parties beyond this. If we commission service providers to process your data, they are subject to the same security standards as we are. In other cases, the recipients may only use the data for the purposes for which it was transmitted to them.
5. duration of the storage of your data
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.
In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The periods specified there for storage or documentation are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
Furthermore, special legal regulations may require a longer retention period, such as the preservation of evidence within the scope of legal statutes of limitation. According to Sections 195 et seq. of the German Civil Code (BGB), the regular limitation period is three years; however, limitation periods of up to 30 years may also be applicable.
If the data are no longer required for the fulfillment of contractual or legal obligations and rights, they are regularly deleted, unless their – temporary – further processing is necessary for the fulfillment of the purposes listed in section 2.2 due to an overriding legitimate interest. Such an overriding legitimate interest also exists, for example, if deletion is not possible or only possible with disproportionate effort due to the special nature of the storage and processing for other purposes is precluded by appropriate technical and organizational measures.
6. processing of your data in a third country or by an international organization
Data is transferred to countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) if it is necessary for the execution of an order/contract from or with you, if it is required by law (e.g. tax reporting obligations), if it is in the legitimate interest of us or a third party, or if you have given us your consent.
In this context, the processing of your data in a third country may also take place in connection with the involvement of service providers within the scope of commissioned processing. If there is no EU Commission decision on an adequate level of data protection for the country in question, there is a risk of access by the authorities without adequate legal remedies. In this context, appropriate contracts (such as EU standard contracts) and additional measures may be used as a basis for the transfer. Information about the appropriate or adequate safeguards and how to obtain a copy from you is available upon request from the Corporate Data Protection Officer.
7. your data protection rights
Under certain conditions, you can assert your data protection rights against us
- Thus, you have the right to receive information from us about your data stored by us according to the rules of Art. 15 DSGVO (if necessary with restrictions according to § 34 BDSG).
- Upon your request, we will correct the data stored about you in accordance with Art. 16 DSGVO if it is inaccurate or incorrect.
- If you wish, we will delete your data in accordance with the principles of Art. 17 DSGVO, provided that other legal regulations (e.g. statutory retention obligations or the restrictions under Section 35 BDSG) or an overriding interest on our part (e.g. for the defense of our rights and claims) do not prevent this.
- Taking into account the requirements of Art. 18 DSGVO, you may request us to restrict the processing of your data.
- Furthermore, you may object to the processing of your data pursuant to Art. 21 DSGVO, on the basis of which we must terminate the processing of your data. However, this right to object only applies in very special circumstances of your personal situation, whereby rights of our company may conflict with your right to object.
- You also have the right to receive your data under the conditions of Art. 20 DSGVO in a structured, common and machine-readable format or to transfer it to a third party.
- In addition, you have the right to revoke your consent to the processing of personal data at any time with effect for the future (see section 2.3).
- Furthermore, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 DSGVO). However, we recommend that you always first address a complaint to our data protection officer.
Your requests to exercise your rights should be addressed in writing, if possible, to the address above or directly to our Data Protection Officer.
8. scope of your obligations to provide us with your data
You only need to provide the data that is required for the establishment and implementation of a business relationship or for a pre-contractual relationship with us, or which we are required to collect by law. Without this data, we will usually not be able to conclude or execute the contract. This may also refer to data required later in the course of the business relationship. If we request additional data from you, you will be informed separately that the information is voluntary.
Information about your right to object Art. 21 DSGVO
- You have the right to object at any time to the processing of your data which is carried out on the basis of Art. 6 para. 1 f DSGVO (data processing on the basis of a balance of interests) or Art. 6 para. 1 e DSGVO (data processing in the public interest), if there are grounds for doing so that arise from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 DSGVO. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
- We may also process your personal data to conduct direct marketing. If you do not wish to receive any advertising, you have the right to object to this at any time; this also applies to profiling, insofar as it is associated with such direct advertising. We will pay attention to this contradiction for the future. We will no longer process your data for direct marketing purposes if you object to processing for these purposes.
The objection can be made form-free and should preferably be addressed to
eleven cyber security GmbH
Heidestraße 10
10557 Berlin
9. cookies
In some cases, so-called cookies are used on the site. These are small text files that are stored on the device with which you access the website. Different categories of cookies are used here – functional cookies, cookies for providing statistics and marketing cookies.
- Functional cookies: cookies that are used to record user behavior on the website so that the functionality of the website can be improved.
- Statistics cookies: cookies to measure and optimize website performance.
- Marketing cookies: Cookies to serve interest-based advertising.
The legal basis for the cookies is Art. 6 para. lit. a DSGVO – your consent. Non-essential cookies are not set without your consent. You can revoke your consent at any time with effect for the future.
You can determine yourself via your browser settings whether you want to allow cookies. Please note that disabling cookies may result in limited or completely disabled functionality of the website.
10. use of third-party tools
In order to provide you with an optimal website, we use third-party providers. We use the following services, through which personal data may also be processed:
10.1 Google
Unless otherwise stated in this privacy policy, the operator of all Google services mentioned here is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
10.1.1 Google Tag Manager
We use the service “”Google Tag Manager”. The Tag Manager is a tool for managing so-called tags, which are used for tracking in online marketing. The Tag Manager itself does not process any personal data, since it is purely for the administration of other services – e.g., the management of the tag. Google Analytics, etc. – serves.
For more information about Tag Manager, please visit: https://www.google.com/intl/de/tagmanager/use-policy.html
10.1.2 Google Analytics
We use the service “Google Analytics”. The operator of this service is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
Google Analytics is a web analytics service. By setting cookies and the information obtained by the service, we can gain insight into user behavior on our website. The information generated by the cookies is sent to a Google server in the USA and stored there. On our website, the Google Analytics service is used exclusively pseudonymously. The collected IP addresses are shortened and thus anonymized.
Google Analytics collects the following data:
- IP address (anonymized)
- Usage data
- Click path
- App updates
- Browser Informatione
- Device information
- JavaScript support
- Visited pages
- Referrer URL
- Downloads
- Flash version
- Location information
- Purchase activity
- Widget interactions
- Date and time of the visit
The legal basis of the processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. If you do not want Google Analytics to collect and process the aforementioned data, you can refuse your consent or revoke it at any time with effect for the future.
The personal data will be kept as long as they are necessary to fulfill the purpose of the processing. The data is deleted as soon as it is no longer required to achieve the purpose.
The data may be transferred in the course of processing, in addition to Google Ireland Limited, to the following
Recipients are transmitted:
- Google LLC.
- Alphabet Inc.
Within the scope of processing by Google Analytics, data may be transmitted to the USA. The security of the transfer is secured by so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that complies with the GDPR.
10.1.3 Google Audiences
We use the “Google Audiences/Remarketing” service. The operator of this service is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
The service is used for the interest-based display of advertisements for users. The cookies store anonymized or pseudonymized data related to the use of the website. If you visit other websites that also use Google Audiences, you will be presented with personalized ads.
The Google service collects and processes the following data:
- Visited pages
- IP address
- Visit duration
- Other information on the use of websites
- Content the user is interested in
The legal basis for the processing is your consent pursuant to Art. 6 para. 1 lit.a DSGVO. If you do not want Google Audiences/Google Remarketing to collect and process the aforementioned data, you can refuse your consent or revoke it at any time with effect for the future.
The personal data will be kept as long as they are necessary to fulfill the purpose of the processing. The data is deleted as soon as it is no longer required to achieve the purpose.
The data may be transferred to the following recipients as part of the processing, in addition to Google Ireland Limited:
– Google LLC.
– Alphabet Inc.
Within the scope of processing by Google Audiences/Remarketing, data may be transmitted to the USA. The security of the transfer is secured by so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that complies with the GDPR.
10.1.4 Google Ads
We use the service “Google Ads” for use. The operator of this service is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. The service has the purpose of so-called “conversion tracking”, i.e. we can see what happened after you clicked on one of our ads. Cookies are set for this purpose, which have a limited validity.
The following data is collected and processed with the help of Google Ads:
- Cookie ID
- Visited pages
- IP address
- Duration of the website visit
- Website usage data
- Content that the user is interested in.
- Clicked advertising
- Web requests
- Cookie information
- Referrer URL
- Browser language
- Browser type
The legal basis for the processing is your consent pursuant to Art. 6 para. 1 lit.a DSGVO. If you do not want Google Ads to collect and process the aforementioned data, you can refuse your consent or revoke it at any time with effect for the future.
The personal data will be kept as long as they are necessary to fulfill the purpose of the processing. The data is deleted as soon as it is no longer required to achieve the purpose.
The data may be transferred to the following recipients as part of the processing, in addition to Google Ireland Limited:
– Google LLC.
– Alphabet Inc.
Within the scope of processing by Google Ads, data may be transmitted to the USA. The security of the transfer is secured by so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that complies with the GDPR.
10.1.5 YouTube
We use the service “YouTube” to embed videos into the page. The operator of the software required for this is Google Ireland Limited Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
The integration of YouTube content takes place in “extended data protection mode”. This ensures that YouTube does not initially store cookies on your device. As a result, YouTube no longer stores information about visitors as long as you do not watch the video.
When you click on the video, your IP address is transmitted to YouTube, which tells YouTube that you have watched the video. If you are logged in to YouTube, this information is also assigned to your user account. This can be prevented by logging out of YouTube before viewing the video.
Accordingly, the following data may be collected and processed via YouTube:
- IP address
- Referrer URL
- Device Information
- Viewed videos
The legal basis of the processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. If you do not want YouTube to collect and process the aforementioned, you can refuse your consent or revoke it at any time with effect for the future.
The personal data will be kept as long as they are necessary to fulfill the purpose of the processing. The data is deleted as soon as it is no longer required to achieve the purpose.
The data may be transferred to the following recipients as part of the processing, in addition to Google Ireland Limited:
– Google LLC.
– Alphabet Inc.
Within the scope of processing via YouTube, data may be transmitted to the USA. The security of the transfer is secured by so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that complies with the GDPR.
10.2 HubSpot
On this website, we use the service HubSpot for various purposes. HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.
Hubspot is an integrated software solution that we use to cover various aspects of our online marketing. These include:
Email marketing, social media publishing & reporting, reporting, contact management (e.g. user segmentation & CRM), landing pages and contact forms.
Our sign-up service allows visitors to our website to learn more about our company, download content, and provide their contact information and other demographic information. This information as well as the content of our website is stored on servers of our software partner HubSpot. They may be used by us to contact visitors to our website and to determine which of our company’s services are of interest to them. All information we collect is subject to this Privacy Policy. We use all collected information exclusively to optimize our marketing measures.
Learn more about HubSpot’s privacy policy “
More information from HubSpot regarding EU data protection regulations “
More information about the cookies used by HubSpot can be found here & here “
As part of the optimization of our marketing measures, the following data may be collected and processed via Hubspot:
- Geographical position
- Browser type
- Navigation information
- Reference URL
- Performance data
- Information about how often the application is used
- Mobile apps data
- HubSpot subscription service credentials
- Files displayed on site
- Domain names
- Pages viewed
- Aggregated usage
- Operating system version
- Internet service provider
- IP address
- Device identifier
- Duration of the visit
- Where the application was downloaded from
- Operating system
- Events that occur within the application
- Access times
- Clickstream data
- Device model and version
In addition, we also use Hubspot to provide contact forms. Further information in this regard can be found in subsection 7 of this privacy policy.
The legal basis of the processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. If you do not want Hubspot to collect and process the aforementioned data, you can refuse your consent or revoke it at any time with effect for the future.
The personal data will be kept as long as they are necessary to fulfill the purpose of the processing. The data is deleted as soon as it is no longer required to achieve the purpose.
Within the scope of processing via HubSpot, data may be transferred to the USA. The security of the transfer is secured by so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that complies with the GDPR. If the standard contractual clauses are not sufficient to provide an adequate level of security, your consent may be required in accordance with Art. 49 Para. 1 lit. a DSGVO serve as the legal basis for the transfer to third countries. Please refer to the subsection “11. Forms”.
10.3 LinkedIn
We use the retargeting tool as well as the conversion tracking of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). For this purpose, the LinkedIn Insight Tag is integrated on our website, which enables LinkedIn to collect statistical data about your visit and use of our website and to provide us with corresponding aggregated statistics on this basis. In addition, the service is used to be able to show you interest-specific and relevant offers and recommendations after you have informed yourself about certain services, information and offers on the website. The information in this regard is stored in a cookie. For more information on data processing, please see LinkedIn’s privacy policy.
As a rule, the following data is collected and processed:
- IP address
- Device information
- Browser information
- Referrer URL
- Timestamp
The legal basis of the processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. If you do not want the aforementioned data to be collected and processed via LinkedIn, you can refuse your consent or revoke it at any time with effect for the future.
The personal data will be kept as long as they are necessary to fulfill the purpose of the processing. The data is deleted as soon as it is no longer required to achieve the purpose.
In the context of processing via LinkedIn, data may be transferred to the USA and Singapore. The security of the transfer is regularly safeguarded via so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that complies with the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, consent pursuant to Art. 49 (1) is obtained in advance as part of the Usercentrics consent management system. 1 lit. a DSGVO obtained from you.
11. forms
We use the HubSpot service to provide the following online forms. For this purpose, we forward your data to HubSpot, which processes the data exclusively on our behalf. See privacy policy for “HubSpot”.
Please note: If you contact us via contact forms, personal data may be transferred to service providers in third countries. These third countries do not have an adequate level of data protection. If the data is transferred to the U.S., there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without you possibly having any legal remedies. The security of the transfer is regularly safeguarded via so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that complies with the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, your acknowledgement of the privacy statement in the context of the contact forms shall be deemed to constitute consent within the meaning of Art. 49 para. 1 lit.a DSGVO, which justifies a data transfer to unsafe third countries.
12. newsletter
If you subscribe to our newsletter, we store your e-mail address and use it to send the newsletter. Your email address will not be published or given to third parties.
- Data collected: Email address, first name, last name, title, job title
- Purpose: To send the requested newsletter.
- Storage period: The data is generally stored for stored only as long as it is necessary to achieve the purpose. For the newsletter, the data will be stored as long as a sending of a newsletter is intended and you have not objected to the use of your data.
- Legal basis: Art. 6 I a DSGVO – Consent
Cancellation: You can unsubscribe from our newsletter at any time via a link included in each issue. We will then delete your e-mail address from our distribution list. Alternatively, you can unsubscribe from the newsletter at any time by sending an email to marketing@eleven.de.
Note
Our privacy policy as well as the information on data protection regarding our data processing pursuant to Articles (Art.) 13, 14 and 21 DSGVO may change from time to time. We will publish all changes on this page. We provide older versions for you to view in an archive.