privacy policy

This data protection declaration informs you as a visitor to our website about the type, scope and purpose of the personal data we collect, use and process. Furthermore, you will be informed about the rights to which you are entitled.

According to the different business areas, CURSOR Software AG has published different pages on the Internet. The Internet pages of CURSOR Software AG differ in the type of contents and in the type of services possibly offered.

In the following, we use the abbreviation CURSOR for CURSOR Software AG as the responsible company. The use of the abbreviation CURSOR is not a generalisation of this data protection declaration with regard to other websites of CURSOR Software AG as well as associated subsidiaries.

Name and address of the responsible person

The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

CURSOR Software AG

represented by the Board of Directors: Thomas Rühl (Chairman of the Board), Jürgen Heidak, Andreas Lange

Friedrich-List-Strasse 31
35398 Giessen
Phone: +49 641 40000-0
E-mail: Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein.
Website: www.cursor.de

Name and address of the data protection officer

The data protection officer of the responsible party is:

BerIsDa Ltd.

Rangstrasse 9
36037 Fulda
Germany
Phone: +49 661 29698090
E-mail: Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein.
Website: www.berisda.de

1 General information on data processing

1.1 Scope of the processing of personal data

The data controller collects and uses personal data of its users (hereinafter also referred to as "data subject", "data subject" or "visitor") only to the extent necessary to provide a functional website and to present the contents and services. The collection and processing of personal data of users for other purposes is regularly only carried out with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent for actual reasons, the processing is carried out on the basis of pre-contractual or contractual measures and the processing of the data is permitted by legal regulations.

1.2 Legal basis for the processing of personal data

Insofar as the controller obtains the consent of the data subject for processing operations involving personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. For any transfer to a non-secure third country, the processing is based on Art. 49 (1) p. 1 lit. a DSGVO.

For the processing of personal data which is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) sentence 1 lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as processing of personal data is necessary for compliance with a legal obligation to which the controller is subject, Art. 6 (1) sentence 1 lit. c DSGVO serves as the legal basis.

In the event that vital interests of the data subject or another natural person make the processing of personal data necessary, Art. 6 (1) sentence 1 lit. d DSGVO serves as the legal basis.

If the processing is necessary to protect a legitimate interest of the controller or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) p. 1 lit. f DSGVO serves as the legal basis for the processing.

1.3 Data deletion and duration of storage

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply or consent given is revoked by the data subject. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

1.4 Data transfer to non-secure third countries

The transfer and processing of personal data of data subjects in a non-secure third country, such as the USA, takes place under the conditions of Article 49 (1) (a) of the GDPR - on the basis of consent granted by the data subject. For the USA (and other non-secure third countries), there is currently no adequacy decision by the EU Commission within the meaning of Article 45 (1) and (3) of the GDPR. This means that the EU Commission has not yet positively determined that there is a level of data protection there comparable to the requirements of the GDPR. In addition, the GDPR requires so-called "appropriate safeguards" for a data transfer to a third country or to international organisations, Art. 46 (2), (3) GDPR. These can be, for example, internal company data protection regulations approved by a supervisory authority or standard data protection contracts. In summary, in the aforementioned non-secure third countries, there is no level of data protection comparable to the requirements of the GDPR.

Personal data could possibly be passed on by the provider to other third parties beyond the actual purpose of fulfilling the order, who could use the data for advertising purposes, for example. In addition, it is probably not possible to effectively enforce any rights of access against the subcontractor. There may be a higher probability of incorrect data processing, as the subcontractor's technical and organisational measures for the protection of personal data do not fully comply with the requirements of the GDPR in terms of quantity and quality. It is also possible that state agencies access the personal data provided without the data subject being aware of this. This risk is particularly present when data is transferred to the USA. In principle, this also corresponds to the European legal regulations, e.g. for the purpose of security. However, the permissibility threshold for such data processing in the European Union is higher than in the country of the data recipient.

If data is transferred on the basis of consent to processors whose processing takes place in a non-secure third country, a separate notice is provided by the respective service provider.

2. rights of the data subject

If we process personal data about you, you as the data subject have the following rights against us as the controller:

2.1 Right to information, Art. 15 DSGVO

Within the framework of the applicable legal provisions, you have the right to (free) information about your collected and stored personal data at any time. This includes, among other things, information about their processing purposes, their origin and recipients, the storage period and the existence of various rights.

2.2 Right to rectification, Art. 16 DSGVO

You have a right to rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

2.3 Right to erasure, Art. 17 DSGVO

You may request the deletion of your personal data at any time under the conditions of Art. 17 of the GDPR, unless exceptions (such as statutory retention obligations) still apply that entitle the controller to continue processing your personal data.

2.4 Right to restriction of processing, Art. 18 DSGVO

Within the framework of the requirements of Art. 18 of the GDPR, you have the right to request a restriction of the processing of the data concerning you. A requirement of Art. 18 (1) DSGVO must be met.

2.5 Right to information, Art. 19 DSGVO

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the controller.

2.6 Right to data portability, Art. 20 DSGVO

If processing is carried out on the basis of your consent or on the basis of a contract and with the help of automated processes, you have a right to transfer the data you have provided within the scope of Art. 20 DSGVO, provided that this does not affect the rights and freedoms of other persons. The data shall be provided in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

2.7 Right of objection, Art. 21 DSGVO

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions. The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Art. 21(1) DSGVO).

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. (Objection pursuant to Art. 21 (2) DSGVO).

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

2.8 Automated decision in individual cases, Art. 22 GDPR

Pursuant to Art. 22 of the GDPR, you have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision (1) is necessary for the conclusion or performance of a contract between you and the controller, (2) is permitted by Union or Member State law to which the controller is subject and that law contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or (3) is made with your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9(1) of the GDPR, unless Art. 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests. With regard to the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express your point of view and to contest the decision.

2.9 Right to withdraw your consent, Art. 7(3) DSGVO

You have the right to revoke your declaration of consent under data protection law at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation. You can send the revocation to the data controller by e-mail or by post.

2.10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

However, if you are in another federal state or not in Germany, you can also contact the data protection authority there. The supervisory authority responsible for us is the Hessian Commissioner for Data Protection and Freedom of Information.

3 SSL encryption

3.1 Use of SSL encryption

This website uses SSL encryption for reasons of security and to protect the transmission of confidential content, such as enquiries that you as the data subject send to us as the site operator. An encrypted connection can be recognised by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in the browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

4 External hosting

4.1 Description and scope of data processing

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, page views and other data generated via a website.

4.2 Legal basis for data processing

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f DSGVO for the provision of the website.

4.3 Purpose of data processing

The hoster is used for the purpose of a secure, fast and efficient provision of our online offer as well as the reliable presentation and provision of our website by a professional provider. Our legitimate interest lies in these purposes.

4.4 Duration of storage, possibility of objection and removal

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

4.5 Conclusion of a contract on order processing

In connection with the data processing described above, the data is passed on and processed by our external hoster:

Host Europe GmbH
Hansestr. 111
51149 Cologne

We have concluded an order processing contract with our hoster. This is a contract required by data protection law, which ensures that Host Europe GmbH only processes the personal data of our site visitors in accordance with our instructions and in compliance with the provisions of data protection law (DSGVO, BDSG, etc.).

5. provision of the website and creation of log files

5.1 Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the system of the calling end device.

The following data is collected:

(1) Information about the type of browser and the version used.
(2) The user's operating system
(3) The user's Internet service provider
(4) The user's IP address
(5) Date and time of access
(6) Internet pages from which the user's system accesses our website
(7) Internet pages that are accessed by the user's system via our website.

This data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

5.2 Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 p. 1 lit. f DSGVO.

5.3 Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes are also our legitimate interest in data processing according to Art. 6 Para. 1 lit. f DSGVO.

5.4 Duration of storage, possibility of objection and elimination

In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, the user has no right of objection.

6. use of cookies

6.1 Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's system. When a user calls up our website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

(1) Consent status

When calling up our website, users are informed by an information banner about the use of cookies and referred to this data protection declaration. In principle, you can prevent or block the storage of cookies in your end device in the settings of your browser. To do this, you must call up the relevant settings of your browser. In addition, you can delete your stored cookie data in your browser settings.

We also use cookies on our website that allow us to analyse the surfing behaviour of users. When calling up our website, the user is informed about the use of cookies for analysis purposes and his or her consent to the processing of personal data used in this context is obtained. In this context, a reference to this data protection declaration is also made.

6.2 Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 p. 1 lit. f DSGVO; § 25 para. 2 no. 2 TTDSG.

The legal basis for the processing of personal data using cookies for analysis and advertising purposes is the existence of your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO; for a transfer to a non-secure third country additionally on the basis of Art. 49 para. 1 lit. a DSGVO. The storage of the cookie in your terminal device takes place on the basis of § 25 para. 1 p.1 TTDSG.

6.3 Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of the website for you. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a change of website. In addition, cookies are required to manage your consents and refusals.

We require technically necessary cookies for the following applications:

(1) Consent management.

These purposes are also our legitimate interest in processing the personal data according to Art. 6 para. 1 p. 1 lit. f DSGVO. The user data collected through technically necessary cookies are not used to create user profiles. The analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offer.

6.4 Duration of storage, possibility of objection and removal

Cookies are stored on the user's computer and transmitted to our website by the user. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

As a user, you have the right to revoke your declaration of consent under data protection law for technically unnecessary cookies at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can revoke the consent you have given at any time by clicking on the blue button at the bottom left of the page.

7. consent management with Cookiebot

7.1 Description and scope of data processing

This website uses cookie consent technology from Usercentrics A/S (formerly: Cybot A/S) to obtain consent for the storage of certain cookies on the end device of data subjects or for the use of certain technologies and to document this in a data protection compliant manner.

Cookiebot is a brand of Usercentrics A/S, which is the provider of this technology (Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, https://www.cookiebot.com/de/).

When you enter our website, the following personal data is transferred to Cookiebot:

Consent(s) or withdrawal of your consent(s).
IP address
Information about the browser used
Information about the terminal device used
Time of your visit to the website
Furthermore, Cookiebot stores a cookie in your browser in order to be able to allocate the consent(s) you have given or revoked and generates an individual consent ID, which you can call up via the blue button at the bottom left of the page.

7.2 Legal basis for data processing

Cookiebot is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c DSGVO; the storage of the cookie in your terminal device is based on § 25 para. 1 p.1 TTDSG.

7.3 Purpose of data processing

The processing of personal data serves to comply with the legal requirements of the DSGVO and the TTDSG for obtaining and documenting consent.

7.4 Duration of storage, possibility of objection and elimination

The data collected via Cookiebot is stored until you request us to delete it, delete the cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected by this.

As a user, you have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can revoke the consent you have given at any time by clicking on the blue button at the bottom left of the page.

7.5 Conclusion of a contract for commissioned processing

In connection with the data processing described above, the data is transferred to and processed by our service provider Usercentrics A/S. We have concluded a contract on commissioned processing with Usercentrics A/S. This is a data protection contract. This is a contract required by data protection law, which ensures that Usercentrics A/S only processes the personal data of our site visitors in accordance with our instructions and in compliance with the provisions of data protection law (DSGVO, BDSG, etc.).

8. e-mail contact

8.1 Description and scope of data processing

On our website and our signatures, e-mail addresses are provided through which it is possible to contact us electronically. In this case, the personal data of the data subject transmitted with the e-mail will be stored.

In this context, the data is not passed on to third parties. The data will be used exclusively for contacting and conducting the conversation.

8.2 Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 p. 1 lit. f DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b DSGVO.

8.3 Purpose of the data processing

The processing of personal data is solely for the purpose of processing the contact. This is also the basis for the necessary legitimate interest in the processing of the data.

8.4 Duration of storage, possibility of objection and elimination

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by e-mail, this is the case when the respective conversation with the data subject has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. If a contract is concluded as a result of the e-mail contact, the corresponding (legal) retention obligations and regulations apply.

If a data subject contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.

9 Contact form

9.1 Description and scope of data processing

Our website contains a contact form which you can use to contact us electronically. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored.

The following data is collected as mandatory fields:

(1) Salutation (Mr., Mrs., not specified)
(2) Name
(3) E-mail address
(4) Message
(5) Security query
(6) Data protection (checkbox)

In addition, you can optionally enter the following data:

(1) First name
(2) Company
(3) Street, house number
(4) Postcode, town
(5) Country

The following data is also stored at the time the message is sent:

(1) The IP address of the user
(2) Date and time of registration

For the processing of the data, reference is made to this data protection declaration in the context of the sending process. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

9.2 Legal basis for data processing

The legal basis for the processing of data transmitted via the contact form is Art. 6 para. 1 p.1 lit. f DSGVO. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b DSGVO.

9.3 Purpose of the data processing

The processing of the personal data from the input mask serves us solely to process the contact. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

9.4 Duration of storage, possibility of objection and elimination

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

If a user contacts us via the form, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.

10 Appointment via form

10.1 Description and scope of data processing

There are various forms on our website that you can use to make an appointment with us. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored.

Form: "Energy Session / Request Appointment"

Mandatory fields: Last name, first name, company, e-mail, security question.
Optional information: Time period, phone, message

Form: Appointment (E-World 2022)

Mandatory fields: Salutation, name, company, e-mail, desired date, desired time, security query
Optional information: Telephone, message

Form: Arrange live demo presentation appointment

Mandatory fields: Company, title, first name, last name, e-mail, industry, number of users, data protection checkbox, security query.
Optional information: Telephone, preferred date, newsletter checkbox

The following data is also stored at the time the message is sent:

(1) The user's IP address
(2) Date and time of registration

10.2 Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 p. 1 lit. b DSGVO for the implementation of pre-contractual and contractual measures.

10.3 Purpose of data processing

The processing of the personal data from the input mask serves us solely to process the appointment request. The other personal data processed during the submission process serve to prevent misuse of the form and to ensure the security of our information technology systems.

10.4 Duration of storage, possibility of objection and elimination

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. Any additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

Even after the conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations. If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

11 Training registration

11.1 Description and scope of data processing

Mandatory fields: Training, Appointment, Company, Name, Street, Postcode/City, Telephone, E-mail, Participant (Name, Department, Telephone, E-mail).
Optional information: Fax, hotel service (persons, single and double rooms and period, choice of hotel).

The following data will also be stored at the time the message is sent:

(1) The IP address of the user
(2) Date and time of registration

For the processing of the data, reference is made to this data protection declaration in the context of the sending process.

In this context, the data will be passed on to third parties if you have selected the hotel service within the form. Within the framework of the hotel service, selected hotels are contacted and binding bookings are made. For this purpose, it is usually necessary to pass on your master and contact data and, if applicable, address data.

The data is used exclusively for processing the conversation, for booking a suitable hotel room and for conducting and administering the training.

11.2 Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 p. 1 lit. b DSGVO for the implementation of pre-contractual and contractual measures.

11.3 Purpose of data processing

The processing of the personal data from the input mask serves us solely for the processing and implementation of your training registration. The other personal data processed during the submission process serve to prevent misuse of the form and to ensure the security of our information technology systems.

11.4 Duration of storage, possibility of objection and elimination

12 CURSOR Customer Portal (Login and Registration)

12.1 Description and scope of data processing

On our website, we offer customers the possibility to register in our customer portal by providing personal data. The data is entered into an input mask and transmitted to us and stored.

The following data is collected as part of the registration process:
Mandatory data: Real name, user name, password, e-mail, company, company address, data protection (checkbox), terms of use.
Optional data: Department, telephone, fax, website

The following data is also stored at the time of registration:

(1) IP address of the user
(2) Date and time of registration

Double-Opt-In Procedure

Registration for our customer portal is always carried out using a double opt-in procedure. After registering on our website, you will receive an e-mail asking you to confirm your registration for our customer portal. This confirmation serves as proof that you have registered for our customer portal with your e-mail address.

After confirmation by users, the activation is carried out by one of our administrators.

The subsequent login is carried out by means of user name and password. After legitimation, new access data can be requested via the Forgotten access data function.

12.2 Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 p. 1 lit. a DSGVO if the user has given his consent. If the registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. b DSGVO.

12.3 Purpose of the data processing

The customer portal provides targeted information and services for CURSOR customers, interested parties and employees. Registration is necessary for all non-public contents. A control of the offer and the access to contents, takes place via assigned user groups. Individual user groups can be assigned rights to receive updates of the CURSOR software. Customers with support have access to tickets. Registration may be necessary for the fulfilment of a contract with the customer.

12.4 Duration of storage, possibility of objection and elimination

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. This is the case for data collected during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures when the data is no longer required for the implementation of the contract. Even after the conclusion of the contract, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations. If the data is required for the performance of a contract or for the implementation of pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. As a user, you therefore have the option of cancelling your registration at any time. You can have the data stored about you changed at any time. The deletion takes place after approval by an administrator.

13. implementation of marketing initiatives (direct advertising)

13.1 Description and scope of data processing

On our website, there is the possibility to download various information, such as webinar recordings, whitepapers, checklists, eBooks. For the download, the data from the input mask are transmitted to us. This data is mandatory:

Mandatory fields: Company, first name, last name, e-mail, data protection checkbox, security query.
Optional data: Salutation, comments/questions, newsletter checkbox.

In addition, the following data is collected during registration:

(1) Date and time of registration
(2) IP address of the calling computer

In the context of the download process, reference is made to this data protection declaration. The data is used to carry out the delivery of the requested information and for marketing initiatives of CURSOR Software AG. Our sales team identifies potential customers who might need products and services of CURSOR Software AG on the basis of the transmitted items and informs them about the development of our products and services.

13.2 Legal basis for data processing

The legal basis for data processing for the delivery of information as a download as well as the implementation of marketing initiatives is Art. 6 para. 1 p. 1 lit. b DSGVO in the context of contractual and pre-contractual measures as well as Art. 6 para. 1 p. 1 lit. f DSGVO for direct advertising purposes. If a corresponding consent has been obtained, the processing is based on Art. 6 para. 1 p. 1 lit. a DSGVO, for a possible transfer to a third country on the basis of Art. 49 para. 1 lit. a DSGVO.

13.3 Purpose of data processing

The collection of data is necessary for the download of the requested information.

The processing of your data is also carried out for the implementation of one-off and recurring marketing initiatives, e.g. for

Sending you emails and product information that we think you may find interesting.
Contacting you electronically to inform you about CURSOR's products and services and to provide you with updates and helpful information.
Inviting you to events, such as webinars or trade shows, that may be of interest to you.
Evaluating our marketing initiatives to determine how we can make our website and information more targeted and attractive.
The collection of other personal data as part of the registration process is to prevent misuse of the services or the email address used.

13.4 Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user's data will be stored for a period of 90 days and then deleted, provided that no further activity takes place. The other personal data collected during the registration process is usually deleted after a period of seven days.

13.5 Possibility of objection and removal

In addition to sending you the requested information (download), we use your e-mail address to inform you by e-mail about similar products and services. You can object to this processing of your personal data for direct advertising at any time. To do so, please contact us at the address given in the imprint or click on the link at the end of the information e-mails. In doing so, you will not incur any costs other than the transmission costs according to the basic rates.

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can send the revocation to the data controller either by post or by e-mail.

In the event of a permanent objection, we reserve the right to store your e-mail address in an advertising blocking file for this purpose alone. The storage in the advertising blocking file is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

14 Google Web Fonts

14.1 Description and scope of data processing

This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to Google's servers. This informs Google that your IP address has been used to access this website. If your browser does not support web fonts, a standard font will be used by your computer.

This means that personal data is also processed in a non-secure third country. In the USA, there is no level of data protection comparable to the requirements of the GDPR. You can find more information on the transfer to a non-secure third country in this data protection information under "1. General information on data processing - 1.4. data transfer to non-secure third countries".

14.2 Legal basis for data processing

The use of Google WebFonts is based on Art. 6 para. 1 p. 1 lit. f DSGVO. The website operator has a legitimate interest in the uniform presentation of the typeface on its website.

14.3 Purpose of data processing

The data processing is carried out for the purpose of the correct presentation of our texts and fonts on the website.

14.4 Duration of storage, possibility of objection and elimination

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

Further information on Google Web Fonts can be found at https: //developers.google.com/fonts/faq
and in Google's privacy policy: https://policies.google.com/privacy?hl=de.

15 Google Analytics

15.1 Description and scope of data processing

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is a subsidiary of Google LLC based in the USA.

Google Analytics enables the site operator to analyse the behaviour of site visitors. In doing so, the site operator receives various usage data, such as website visits, length of stay, operating systems used and the origin of the user. Among other things, the following personal data can be collected and evaluated: User activities, device and browser information (esp. IP address), data on the advertisements displayed (click rates) and data from advertising partners. This data may be combined by Google into a profile that is assigned to the respective user or their end device.

Google Analytics uses cookies and other browser technologies that enable the recognition of the user for the purpose of analysing user behaviour. This information is used, among other things, to compile reports on website activity. The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there. Google also transmits your data to Google affiliates and other partners.

IP address anonymisation (Google Analytics Universal)

We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

15.2 Legal basis for data processing

The use of this analysis tool is based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a DSGVO and for any transfer to a third country on the basis of Art. 49 para. 1 lit. a DSGVO. The storage of information in your terminal equipment takes place on the basis of § 25 para. 1 p. 1 TTDSG.

15.3 Purpose of the data processing

The use of Google Analytics on our site serves to analyse the user behaviour of our site visitors in order to optimise and play out both our web offer and our advertising.

15.4 Duration of storage, possibility of objection and elimination

The data collected will be stored until you delete the cookies set by Google Analytics yourself or the purpose for storing the data no longer applies. As a user, you have the right to revoke your declaration of consent under data protection law for technically unnecessary cookies at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can revoke the consent you have given at any time by clicking on the blue button at the bottom left of the page.

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymised or deleted after 14 months. Details can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=de

For site visitors who do not want their data to be used in Google Analytics, Google has developed a browser add-on to deactivate Google Analytics. You can download and install the available browser plug-in at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

More information on the handling of user data at Google Analytics can be found in the Google privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

You can also find further information on data protection in the data protection declaration for Google Analytics: https://policies.google.com/privacy.

15.5 Conclusion of an order processing contract

We have concluded an order processing contract with Google. This is a contract required by data protection law, which ensures that Google only processes the personal data of our site visitors in accordance with our instructions and in compliance with the provisions of data protection law (DSGVO, BDSG, etc.).

16 Google Tag Manager

16.1 Description and scope of data processing

This website uses the Google Tag Manager. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is a subsidiary of Google LLC based in the USA.

The Google Tag Manager is a tool with the help of which we can integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager records your IP address, which may also be transmitted to servers in the USA.

Personal data is therefore also processed in a non-secure third country. In the USA, there is no level of data protection comparable to the requirements of the GDPR. You can find more information on the transfer to a non-secure third country in this data protection information under "1. general information on data processing - 1.4. data transfer to non-secure third countries".

16.2 Legal basis for data processing

The use of Google Tag Manager is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a. DSGVO and Art. 49 para. 1 p. 1 lit. a DSGVO - as well as § 25 para. 1 p. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG.

16.3 Purpose of data processing

The Google Tag Manager is used to manage website tags via an interface. This enables us to control the precise integration of services on our website. This allows us to flexibly integrate additional services in order to evaluate our users' access to our website.

16.4.Duration of storage, possibility of objection and elimination

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

17 Google Marketing Platform (DoubleClick)

17.1 Description and scope of data processing

This website uses functions of Google DoubleClick. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter "DoubleClick").

DoubleClick is used to display interest-based advertisements to you throughout the Google advertising network. The ads can be targeted to the interests of the respective viewer with the help of DoubleClick. For example, our ads may be displayed in Google search results or in banner ads associated with DoubleClick.

In order to be able to display interest-based advertising to users, DoubleClick must be able to recognise the respective viewer and associate the web pages visited, clicks and other information on user behaviour with them. For this purpose, DoubleClick uses cookies or comparable recognition technologies (e.g. device fingerprinting). The information collected is combined into a pseudonymous user profile in order to display interest-based advertising to the relevant user. It cannot be ruled out that your data will also be processed on servers in the USA.

This means that personal data is also processed in a non-secure third country. In the USA, there is no level of data protection comparable to the requirements of the GDPR. Further information on the transfer to a non-secure third country can be found in this data protection information under "1. general information on data processing - 1.4. data transfer to non-secure third countries".

17.2 Legal basis for data processing

The use of Doubleclick is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a. DSGVO and Art. 49 para. 1 p. 1 lit. a DSGVO - as well as § 25 para. 1 p. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG.

17.3 Purpose of data processing

DoubleClick is used for the presentation and implementation of targeted and interest-based advertising measures.

17.4 Duration of storage, possibility of objection and elimination

For further information on how to object to the advertisements displayed by Google, please refer to the following links: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated.

18 Google Cloud CDN

18.1 Description and scope of data processing

We use the content delivery network Google Cloud CDN. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google offers a globally distributed content delivery network. Technically, the information transfer between your browser and our website is routed via Google's network. This enables us to increase the worldwide accessibility and performance of our website. Your data is also transferred to Google servers in the USA.

Processing of personal data thus also takes place in a non-secure third country. In the USA, there is no level of data protection comparable to the requirements of the GDPR. You can find more information on the transfer to a non-secure third country in this data protection information under "1. general information on data processing - 1.4. data transfer to non-secure third countries".

18.2 Legal basis for data processing

The use of Google Cloud CDN is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a. DSGVO and Art. 49 para. 1 p. 1 lit. a DSGVO - as well as Section 25 para. 1 p. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG.

18.3 Purpose of data processing

The purpose of data processing is the secure and fast provision of our website. As well as the delivery and acceleration of online applications.

18.4 Duration of storage, possibility of objection and elimination

Your personal information will be stored for as long as necessary to fulfil the purposes described above or as required by law.

18.5 Conclusion of a contract for commissioned processing

In connection with the data processing described above, data is transferred to and processed by Google. We have concluded an order processing contract with Google. This is a contract required by data protection law, which ensures that Google only processes the personal data of our site visitors in accordance with our instructions and in compliance with the provisions of data protection law (DSGVO, BDSG, etc.).

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://cloud.google.com/terms/eu-model-contract-clause.

Further information on Google Cloud CDN can be found here: https://cloud.google.com/cdn/docs/overview?hl=de.

19 Google reCAPTCHA

19.1 Description and scope of data processing

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to check whether the data input on this website (e.g. in a contact form) is made by a human being or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.

Personal data is therefore also processed in a non-secure third country. In the USA, there is no level of data protection comparable to the requirements of the GDPR. Further information on the transfer to a non-secure third country can be found in this data protection information under "1. general information on data processing - 1.4. data transfer to non-secure third countries".

19.2 Legal basis for data processing

The use of Google reCAPTCHA is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a. DSGVO and Art. 49 para. 1 p. 1 lit. a DSGVO - as well as § 25 para. 1 p. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG.

19.3 Purpose of data processing

Google reCAPTCHA is used to distinguish humans from bots. This is to help prevent SPAM and abusive automated spying.

19.4 Duration of storage, possibility of objection and elimination

For more information on Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

20 Google Ads

20.1 Description and scope of data processing

We use Google Ads. Google Ads is an online advertising programme provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads enables us to play advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played on the basis of the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analysing, for example, which search terms have led to the display of our advertisements and how many advertisements have led to corresponding clicks. Your data is also processed on servers located in the USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

Further information can be found here: https://ads.google.com/intl/de_de/home/faq/gdpr/.

Processing of personal data thus also takes place in a non-secure third country. In the USA, there is no level of data protection comparable to the requirements of the GDPR. Further information on the transfer to a non-secure third country can be found in this data protection information under "1. General information on data processing - 1.4. data transfer to non-secure third countries".

20.2 Legal basis for data processing

The use of Google Ads is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a. DSGVO and Art. 49 para. 1 p. 1 lit. a DSGVO - as well as § 25 para. 1 p. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG.

20.3 Purpose of data processing

The use of Google Ads also serves to draw attention to our offer on other websites and to reach users who are interested in our offer on the basis of targeted advertising campaigns.

20.4 Duration of storage, possibility of objection and elimination

21 OpenStreetMap

21.1 Description and scope of data processing

We use the map service of OpenStreetMap (OSM). We embed the map material from OpenStreetMap on the server of the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom.

The United Kingdom is considered a secure third country under data protection law. This means that the United Kingdom has a level of data protection that is equivalent to the level of data protection in the European Union.

When using the OpenStreetMap maps, a connection is established to the servers of the OpenStreetMap Foundation. In the process, your IP address and other information about your behaviour on this website may be forwarded to the OSMF, among other things. OpenStreetMap may store cookies in your browser or use similar recognition technologies. Among others, the analysis tool "Piwik" is used to record user actions, for which Piwik sets cookies in the user's browser. Furthermore, your location may be recorded if you have allowed this in your device settings, e.g. on your mobile phone. The provider of this website has no influence on this data transmission.

Personal data could possibly be passed on by the provider to other third parties beyond the actual purpose of fulfilling the order, who use the data for advertising purposes, for example.

Details can be found in the privacy policy of OpenStreetMap under the following link: https://wiki.osmfoundation.org/wiki/Privacy_Policy.

21.2 Legal basis for data processing

OpenStreetMap is used in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 (1) sentence 1 lit. f DSGVO. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 p. 1 lit. a DSGVO and Section 25 para. 1 p. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG.

21.3 Purpose of data processing

The use of OpenStreetMap is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website.

21.4 Duration of storage, possibility of objection and elimination

When you interact with Open Street Map on our site, a cookie may be stored in your browser, which has an expiry date of 10 years. Your user information stored via the web analytics tool Piwik is deleted after 180 days, according to OpenStreetMap.

22. jsdeliver.net / jsdeliver.com/ cdn.jsdelivr.net

22.1 Description and scope of data processing

Java script code of the company Prospectone Sp. z o.o., ul. Krolweska 65A, 30-081, Krakow, Poland (hereinafter: jsdeliver.net / jsdeliver.com / cdn.jsdelivr.net) is used on this website.

This is a content delivery network (CDN). This is a network that ensures that our website is displayed quickly and optimally on different devices and when accessed from different countries. The data may also be stored on servers outside the European Union.

If Java script is activated in your browser and you have not installed a Java script blocker, your browser may transmit personal data to jsdeliver.net / jsdeliver.com.

22.2 Legal basis for data processing

The use is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 p. 1 lit. f DSGVO).

The legal basis for the processing of the data is the existence of the user's consent in accordance with Art. 6 para. 1 p. 1 lit. a and Art. 49 para. 1 p. 1 lit. a DSGVO.

22.3 Purpose of data processing

The data processing serves the secure and fast provision of our website. As well as the delivery and acceleration of online applications.

22.4 Duration of storage, possibility of objection and elimination

Your personal information will be stored for as long as necessary to fulfil the purposes described above or as required by law.

To prevent the execution of Java Script code from jsdeliver.net / jsdeliver.com / cdn.jsdelivr.net / you should install a Java Script blocker.

For more information, please see the privacy policy of jsdeliver.net / jsdeliver.com: https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net

23 Use of Vimeo

23.1 Description and scope of data processing

This website uses plugins of the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. When you visit one of our pages equipped with a Vimeo video, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited. In addition, Vimeo obtains your IP address. This also applies if you are not logged in to Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA.

Personal data could possibly be passed on by the provider to other third parties beyond the actual purpose of fulfilling the order, who use the data for other purposes. For example, Vimeo uses services of Akamai Technologies, Inc. (akamaized) for the smoother playback of videos.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on "legitimate business interests". Details can be found here: https://vimeo.com/privacy.

If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Vimeo account.

Vimeo uses cookies or comparable recognition technologies (e.g. device fingerprinting) to recognise website visitors.

23.2 Legal basis for data processing

The use of Vimeo is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a. DSGVO and Art. 49 para. 1 p. 1 lit. a DSGVO - as well as § 25 para. 1 p. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG.

23.3 Purpose of data processing

Vimeo is used in the interest of an appealing presentation of our online offers and for the output of videos.

23.4 Duration of storage, possibility of objection and elimination

The data will remain stored by Vimeo until Vimeo itself no longer has an economic reason for storing it. You can find further information on the handling of user data in Vimeo's privacy policy at: https://vimeo.com/privacy.

24 Kununu Widget

24.1 Description and scope of data processing

A plugin of the kununu rating platform is integrated on our website. The operator of the service and, according to its own information, the responsible party for data protection is New Work SE, Am Strandkai 1, 20457 Hamburg. Kununu is a platform for employer ratings and information on salary and corporate culture.

When you visit this website, a direct connection is established between your browser and the kununu server via the plugin. If you use the kununu plugin, i.e. click on the button, information that you have accessed certain pages is forwarded to the kununu servers. For users who are logged in at the same time, this may mean that the usage data can be assigned to the respective personal account. Even if you are not a member of kununu, there is still the possibility that kununu will determine and store your IP address.

Personal data could possibly be passed on by the provider to other third parties beyond the actual purpose of fulfilling the order, who use the data for other purposes. For more information, please see kununu's privacy policy at https://privacy.xing.com/de/datenschutzerklaerung.

24.2 Legal basis for data processing

The use of the kununu widget is based on Art. 6 para. 1 p. 1 lit. f DSGVO. In order to address potential applicants, the website operator has a legitimate interest in presenting itself as an attractive employer on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 p. 1 lit. a DSGVO and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG.

24.3 Purpose of data processing

The kununu widget is integrated in order to present ourselves outside of the employer profile on kununu and to display the employer score. This is done in the interest of our presentation as an attractive employer to potential applicants and site visitors.

24.4 Duration of storage, right of objection and right of removal

With regard to the storage period and deletion of your data on the kununu rating platform, we refer you to its data protection declaration. You can find this here: https://privacy.xing.com/de/datenschutzerklaerung/allgemeine-hinweise

25 Use of Yumpu (kiosk.cursor.de)

25.1 Description and scope of data processing

We use https://www.yumpu.com/ of i-magazine AG ("i-mag" - Gewerbestrasse 3, 9444 Diepoldsau, Switzerland) on our website. Yumpu provides a digital platform for publishing magazines, brochures or catalogues. Using Yumpu, the content of PDF files is presented as a so-called flip page catalogue and displayed directly in the browser without loading the PDF files. For this purpose, Yumpu sets technically necessary cookies in your browser to ensure basic functions of the service. Yumpu also collects the following personal data in your log files: Browser type and version, operating system used, referrer URL, requested URL, time of server request and your IP address.

Switzerland is considered a secure third country under data protection law. This means that Switzerland has a level of data protection equivalent to that in the European Union.

Personal data collected by Yumpu could possibly be passed on by the provider to other third parties beyond the actual purpose of fulfilling the order, who use the data for advertising purposes, for example. Yumpu uses Google Analytics, a web analytics service provided by Google, Inc (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Google Analytics uses cookies to help the website analyse how users use the Yumpu service. The information generated by the cookie about your use of the website, such as browser type/version, operating system used, referrer URL (the page previously visited), host name of the accessing computer (IP address), time of server request, is usually transmitted to a Google server in the USA and stored there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Yumpu has also extended Google Analytics with the code "anonymizeIP".

25.2 Legal basis for data processing

Yumpu is used in the interest of an appealing presentation of our online offers and for the presentation of our brochures as a flip page catalogue. This constitutes a legitimate interest within the meaning of Art. 6 (1) sentence 1 lit. f DSGVO.

If a corresponding consent has been requested, the processing will be carried out exclusively on the basis of Art. 6 para. 1 p. 1 lit. a DSGVO, Art. 49 para. 1 lit. a DSG and Section 25 para. 1 p. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG.

25.3 Purpose of the data processing

Yumpu is a digital platform for publishing magazines, brochures or catalogues. Yumpu is therefore used for the user-friendly provision of our information as a flip page catalogue.

25.4 Duration of storage, possibility of objection and elimination

Your personal information will be stored for as long as is necessary to fulfil the purposes described above. You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can revoke the consent you have given via Consent Management.

The data stored by Yumpu in the log files will be deleted after one month.

For more information, please see the Yumpu Privacy Policy: https://www.yumpu.com/de/info/privacy_policy or the Yumpu Cookie Policy: https://www.yumpu.com/de/info/cookie_policy.

25.5 Conclusion of a contract for commissioned processing

In connection with the data processing described above, data is transferred to and processed by i-Magazine AG. We have concluded an order processing contract with i-Magazine AG. This is a contract required by data protection law, which ensures that i-Magazine AG only processes the personal data of our site visitors according to our instructions and in compliance with the provisions of data protection law (DSGVO, BDSG, etc.).

26 BootstrapCDN

26.1 Description and scope of data processing

On this website, Bootstrap technology is used for a modern design and display of the content offered on different end devices. To increase the loading speed of the website, we use the BootstrapCDN (Content Delivery Network) from MaxCDN to deliver libraries to your browser. It is possible that you have already downloaded one of these libraries from the BootstrapCDN by visiting another website. In this case, your browser will access the cached copy. This service is provided by StackPath, LLC, 2021 McKinney Avenue, Suite 1100 Dallas, Texas 75201, USA.

BootstrapCDN was integrated on the servers of CURSOR Software AG, so that no transmission to StackPath takes place.

26.2 Legal basis for the data processing

The use is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 p. 1 lit. f DSGVO).

26.3 Purpose of data processing

The data processing serves the secure and fast provision of our website. As well as the delivery and acceleration of online applications.

26.4 Duration of storage, possibility of objection and elimination

Your personal information will be stored for as long as necessary to fulfil the purposes described above.

27 Matterport

27.1 Description and scope of data processing

On our website we use the 3D data platform of Matterport Inc, 352 E. Java Dr., Sunnyvale, CA 94089, USA. Virtual tours of our website can be made via Matterport. When you visit one of our pages that contains such a virtual tour, a connection is established to the Matterport servers.

In doing so, the Matterport server is informed which of our pages you have visited and your IP address is transmitted. This also applies if you are not logged in to Matterport or do not have an account with Matterport.

If you are logged into your Matterport account, you enable Matterport to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Matterport account.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://matterport.com/standard-contractual-clauses

Personal data collected by Matterport could possibly be passed on by the provider to other third parties beyond the actual purpose of fulfilling the order, who use the data for advertising purposes, for example. As an AWS partner, Matterport uses the services of Amazon Webservices to provide all functions.

When you access this content, you connect to servers of Amazon Web Services, Inc. and your IP address and, if applicable, browser data such as your user agent are transmitted. Data collected through AWS may be transferred to servers in the US. AWS has implemented compliance measures for international data transfers. These apply to all global activities where AWS processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf

A processing of personal data thus also takes place in a non-secure third country. In the USA, there is no level of data protection comparable to the requirements of the GDPR. For more information on the transfer to a non-secure third country, please refer to this data protection information under "1. General information on data processing - 4. Data transfer to non-secure third countries".

27.2 Legal basis for data processing

The use of Matterport is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a. DSGVO and Art. 49 para. 1 p. 1 lit. a DSGVO - as well as § 25 para. 1 p. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG.

Insofar as no consent has been obtained, the use of this service is based on Art. 6 para. 1 p. 1 lit. f DSGVO; the site operator has a legitimate interest in an attractive and secure provision of the web offer.

27.3 Purpose of data processing

We use the Matterport service to offer virtual tours on our website. This is done in the interest of an attractive presentation of our company. Matterport uses services from AWS to increase the security and delivery speed of our website.

27.4 Duration of storage, possibility of objection and elimination

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.

The specific storage period of the processed data cannot be influenced by us, but is determined by Matterport and Amazon Web Services, Inc. Further information can be found in the respective data protection declarations at https://matterport.com/privacy-policy?_ga=2.67611861.594464287.1661329406-1092327888.1661329406 and https://aws.amazon.com/de/privacy/.

27.5 Conclusion of a contract for commissioned processing

In connection with the data processing described above, data is transferred to and processed by Matterport. We have concluded a contract on commissioned processing with Matterport. This is a contract required by data protection law, which ensures that Matterport only processes the personal data of our site visitors in accordance with our instructions and in compliance with the provisions of data protection law (DSGVO, BDSG, etc.).

28 REST API Demo

28.1 Description and scope of data processing

We use insomnia REST on our website. This service is provided by Kong Inc. based in San Francisco, USA. Insomnia REST is a software for testing a programming interface.

A processing of personal data therefore also takes place in a non-secure third country. In the USA, there is no level of data protection comparable to the requirements of the GDPR. Further information on the transfer to a non-secure third country can be found in this data protection information under "1. general information on data processing - 1.4. data transfer to non-secure third countries".

28.2 Legal basis for data processing

The use of insomnia REST is for the provision of a demo environment. This represents a legitimate interest in terms of Art. 6 para. 1 p. 1 lit. f DSGVO.

If a corresponding consent was requested, the processing is exclusively based on Art. 6 para. 1 p. 1 lit. a DSGVO, Art. 49 para. 1 lit. a DSG and § 25 para. 1 p. 1 TTDSG, as far as the consent includes the storage of cookies or the access to information in the user's terminal device (e.g. device fingerprinting) in terms of the TTDSG.

28.3 Purpose of data processing

Insomnia REST is used to provide customers and interested parties with a demo environment for the use of the REST API in Cursor systems.

28.4 Duration of storage, possibility of objection and elimination

Your personal information will be retained for as long as is necessary to fulfil the purposes described above. You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can revoke the consent you have given via Consent Management.

The concrete storage period of the processed data cannot be influenced by us, but is determined by Kong Inc. Further information on processing by Kong Inc. can be found here: https://insomnia.rest/privacy.