1. Information about the collection of personal data

(1) In the following, we inform you about the collection of personal data when using our web site www.sepago.de. Personal data are all data that relate to you as a person and may identify you, e.g. name, address, e-mail addresses, user behavior.
(2) Controller according to art. 4 par. 7 EU General Data Protection Regulation (GDPR) is sepago GmbH, Dillenburger Straße 83, 51105 Cologne, Germany. Further information may be found on our web site footer.
Our data protection officer Markus Bell may be contacted under Datenschutz@sepago.de and under the contact information in our web site footer.
(3) If you contact us via e-mail or a contact form, the data you provide (your e-mail address, maybe your name and your telephone number) will be stored by us in order to answer your questions. We will erase any data collected in this context after storage is no longer required, or will restrict their processing if legal storage obligations exist.
(4) Where we resort to contract service providers for individual functions of our offerings or wish to use your data for advertising purposes, we will inform you below about the respective processes. This includes stating the defined criteria for the storage duration.

2. Your rights

(1) In our relationship with you, you have the following rights regarding the personal data relating to you:
– right to access,
– right to rectification or erasure,
– right to restriction of processing,
– right to object to the processing,
– right to data portability.
(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. This is the respective authority of the federal state in which our company is registered, which may be found in the web site footer.

3. Collection of personal data during visits to our web site

(1) During purely informational use of the web site, i.e., when you are not registering yourself or otherwise sending us information, we only collect the personal data that your browser sends to our server. When you wish to look at our web site, we collect the following data, which are important for us for technical reasons in order to display our web site to you and to ensure stability and security (legal basis is GDPR art. 6 par. 1 s. 1 item f):
– IP address
– date and time of the request
– time zone difference to Greenwich Mean Time (GMT)
– content of the request (actual page)
– access status/HTTP status code
– respective amount of data transferred
– web site from which the request originated
– browser
– operating system and its user interface
– language and version of the browser software.
(2) For reasons of security and to protect the transfer of confidential content such as orders or enquiries that you send to us as site operators, this site uses an SSL or TLS encryption. You can recognize an encrypted connection by the change in the address bar of the browser from “http://” to “https://” and from the lock symbol in your browser bar. When the SSL or TLS encryption are activated, the data you send to us cannot be read in transit by third parties.
(3) In addition to the previously specified data, our web site stores cookies on your computer when you use our web site. Cookies are text files which are stored on your harddrive in connection with your browser and through which certain information is transferred to the entity that sets the cookie (in this case us). Cookies cannot execute programs or transfer viruses to your computer. Their purpose is the make our Internet offering overall more user-friendly and effective, e.g., to recognize you on your next visit, or to accelerate the rendering of the web page or its download.
(4) Use of cookies:

4. Further functions and offerings of our web site

(1) Apart from the purely informational use of our web site, we offer you additional options for the use of our web site, e.g., establishing contact with us, commenting of blog posts etc. In order to be able to use these, you will generally have to specify further personal data, which we use to deliver the respective service and for which the aforementioned principles on data processing apply.
(2) In some areas we use the services of external providers for the processing of your data, e.g., for the mailing of newsletters. These providers have been carefully selected and instructed by us, are bound to our instructions, and are regularly inspected.
(3) We may also pass on your personal data to third parties if we offer participation in programs, sweepstakes, contracts or similar services together with partners. Further information about this is available when you submit your personal data or under the description of the offer.
(4) Where our service provider or partners are located in a state outside the European Economic Area (EEA), we will inform you about the consequences of this fact in the description of the offer.

5. Objection against or revocation of permission for the processing of your data

(1) If you have given consent to process your data, you may revoke it at any time. Such a revocation influences the permissibility of the processing of your personal data after you have communicated the revocation to us.
(2) Where we base the processing of your personal data on the balancing of interests, you may object to the processing. This is the case in particular if the processing is not required to fulfill a contract with you, as we will explain in the description of the functions below. If you elect to exercise your right to such an objection, we request to be informed about the reasons for why we should not process your personal data as performed by us. In case of your reasoned objection we will examine the circumstances and will either cease of adapt the data processing or will point out or own compelling reasons requiring protection as to why we continue the processing.
(3) Of course you may object to the processing of your personal data for the purposes of advertising and data analysis at any time. You may inform us about your advertising objection under the following contact information: via e-mail under pr@sepago.de or in writing under sepago GmbH, Dillenburger Straße 83, 51105 Cologne, Germany.

6. Contact form

If you send us enquiries via contact form, your information from the enquiry form will be stored at our end for the purpose of processing your enquiry and for the case of follow-up questions. This includes any contact information supplied by you. We will not pass these data on without your consent. The processing of the data entered into the contact form thus happens exclusively on the basis of your consent (GDPR art. 6 par. 1 item a). Apart from the consent-based processing, there may also be a further right or obligation to process your data, e.g., legitimate interest, contractual relationship, or legal obligation. You may revoke your consent at any time. An informal notification via e-mail to pr@sepago.de suffices. The legality of processing carried out until the revocation remains unaffected by the revocation. The data entered by you in the contact form will be processed/stored by us until you request erasure from us, revoke your consent to the storage, or until the purpose of the storage is no longer applicable (e.g., after completed processing of your enquiry). Compelling legal regulations – in particular retention periods – are unaffected by a revocation. In this case, we will nevertheless restrict processing of your data.

7. Use of the blog functions

Our blog, where we publish different contributions on topics surrounding our activities, lets you add public comments. Your comment will be published with your specified user name along with the contribution. We recommend the use of a pseudonym instead of your real name. The specification of user name and e-mail address is required, all further information is voluntary. If you submit a comment, we will store not only your comment but also your IP address. The latter will be erased after 60 days. The storage is required for us in order to be able to defend ourselves against litigation in cases where illegal content may be published. We require your e-mail address to be able to contact you if a third party should object to your comment as being illegal. The legal basis for the processing of your data in the context of provisioning our blog are GDPR art. 6 par. 1 s. 1 item b and f, in particular our interest to be able to administer the blog and to fulfill any legal obligations towards third parties. The comments are not vetted before publication. We reserve the right to delete comments if they are reported as illegal by third parties.

8. Newsletter mailout

(1) With your consent you may subscribe to our newsletter, with which we inform you regularly about our company and its offerings. The goods and services advertised are specified in the consent declaration.
(2) For the subscription to our newsletter, we use the so-called double-opt-in procedure. This means that we send you an e-mail to the specified e-mail address after your subscription, in which we request confirmation from you that you wish to receive the newsletter. If you do not confirm your subscription within [72 hours], your information will be locked and automatically erased after one month. Beyond this we store your respective IP addresses used and times of subscription and confirmation. The purpose of this procedure is to be able to prove your subscription and to be able to investigate a possible misuse of your personal data.
(3) The only compulsory specification for the newsletter mailout is your e-mail address. After your confirmation, we store your e-mail address for the purpose of sending the newsletter. The legal basis for the newsletter mailout is your consent according to GDPR art. 6 par. 1 s. 1 item a.
(4) You may revoke your consent to the mailout of the newsletter at any time and unsubscribe from the newsletter. The revocation may be declared via a click on the link provided in each newsletter e-mail, [via this form on the web site,] via e-mail to [Newsletter@example.com] or via a message to the contacts in the web site footer.
(5) This web site uses CleverReach for the mailout of newsletters. The vendor of this tool is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service that permits the organization and analysis of the newsletter mailout. The data submitted by you for the purpose of receiving the newsletter (e.g., e-mail address) are stored on CleverReach’s servers in Germany and/or Ireland.
Our newsletters mailed out via CleverReach allow us to analyze the behavior of the newsletter recipients. Among others, it is possible to analyze how many recipients have opened the newsletter message and how often each link in the newsletter was clicked on. With the help of so-called conversion tracking, it is also possible to analyze where a predefined action (e.g., purchase of a product on our web site) followed the clicking of the link in the newsletter. We analyze these data based on GDPR art. 6 par. 1 item f (legitimate interest) in order to adapt our newsletter offerings to your needs (in particular contents) and to optimize our marketing.
Further information on the data analysis via CleverReach newsletters may be found under: https://www.cleverreach.com/en/features/reporting-tracking/
The data processing in connection with the mailout of the newsletter is carried out based on your consent (GDPR art. 6 par. 1 item a). You may revoke this consent at any time by unsubscribing from the newsletter. The legality of processing already carried out remains unaffected by the revocation.
If you do not want analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message. Furthermore, you may also unsubscribe from the newsletter directly on the web site.
The data submitted by you to us for the purpose of receiving the newsletter will be stored until you unsubscribe from the newsletter and will be erased from both our servers and the servers of CleverReach after you have unsubscribed from the newsletter. Data that were stored by us for other purposes (e.g., e-mail addresses for the member area) remain unaffected by this.
Further information may be found in the data protection policy of CleverReach under:
https://www.cleverreach.com/en/privacy-policy/
We have signed a contract with CleverReach on contract data processing and have fully implemented the specifications of the German data protection authorities in the use of CleverReach.

9. Integration of YouTube videos

(1) We have integrated YouTube videos into our online offerings. These are stored on http://www.YouTube.com and can be played directly from our web site. [These are all integrated in “extended data protection mode,” i.e., no data about you as
a user are passed to YouTube if you do not play the videos. Only when you play the videos will the data specified in paragraph 2 be transferred. We have no influence over this data transfer.]
(2) Through the visit to the web site, YouTube obtains the information that you have visited the respective sub-page of our web site. In addition, the data specified under § 3 of this declaration are transferred. This happens regardless as to whether YouTube provides a user account via which you are logged in, or whether no user account exists. If you are logged in with Google, your data will be associated directly with your account. If you do not want the association with your profile at YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for purposes of advertising, market research and/or demand-driven design of its web site. Such an evaluation is carried out (even for users that are not logged in) in particular to provide demand-driven advertising and in order to inform other users of the social network about your activities on our web site. You have a right to object to the formation of these user profiles. In order to exercise this right, you must contact YouTube. The processing takes place on the basis of a legitimate interest according to GDPR art. 6 par. 1 item f, in order to be able to show you additional content about our company and to make our web site more informative for you.
(3) Further information on the purpose and the extent of the data collection and the processing by YouTube is available in the data protection declaration. You will also find further information there on your rights and optional settings for the protection of your privacy: https://policies.google.com/privacy?hl=en&gl=en. Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

10. Integration of Google Maps

(1) On this web site, we use the offerings of Google Maps. This lets us show you interactive maps directly on the web site and allows you the convenient use of the Maps function.
(2) Through the visit to the web site, Google obtains the information that you have visited the respective sub-page of our web site. In addition, the data specified under § 3 of this declaration are transferred. This happens regardless as to whether Google provides a user account via which you are logged in, or whether no user account exists. If you are logged in with Google, your data will be associated directly with your account. If you do not want the association with your profile at Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and/or demand-driven design of its web site. Such an evaluation is carried out in particular (even for user that are not logged in) to provide demand-driven advertising and in order to inform other users of the social network about your activities on our web site. You have a right to object to the formation of these user profiles. In order to exercise this right, you must contact Google. The processing takes places on the basis of a legitimate interest according to GDPR art. 6 par. 1 item. f, in order to show you directions to the individual branches of our company and, where applicable, make navigation easier.
(3) Further information on the purpose and extent of the data collection and their processing by the plug-in vendor may be found in the vendor’s data protection declarations. You will also find further information there on your respective rights and optional settings for the protection of your privacy: https://policies.google.com/privacy?hl=en&gl=en. Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

11. Google Web Fonts

This site uses so-called Web Fonts provided by Google for the uniform rendering of fonts. When you navigate to a page, your browser loads the required Web Fonts into your browser cache to be able to display texts and fonts correctly. For this purpose, the browser you use must connect to Google’s servers. In this way, Google obtains the knowledge that your IP address requested our web site. The use of Google Web Fonts happens in the interest of a uniform and appealing presentation of our online offerings. This represents a legitimate interest according to GDPR art. 6 par. 1 item f.
If your browser does not support Web Fonts, a standard font from your computer will be used. Further information on Google Web Fonts may be found under https://developers.google.com/fonts/faq and in Google’s data protection declaration: https://www.google.com/policies/privacy/.

12. Analytic tools and advertising

Google Analytics

This web site uses functions of the web analysis service Google Analytics. It is offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer which permit an analysis of your use of the web site. The information about your use of this web site that is generated via the cookie is generally transferred to a Google server in the United States and stored there. The storage of Google Analytics cookies takes place on the basis of GDPR art. 6 par. 1 item f. The web site operator has a legitimate interest in the analysis of the user behavior in order to optimize both its web offerings and its advertising.
IP anonymization
We have activated the IP anonymization function on this web site. This causes Google to truncate your IP address inside member states of the European Union or in other treaty states of the treaty on the European Economic Area before it is transmitted to the United States. The full IP address is only sent to a Google server in the U.S. in exceptional cases and truncated there. On behalf of this web site’s operator, Google will use this information to evaluate your use of the web site, to compile reports about the web site activities, and in order to provide further services related to the use of the web site and Internet to the web site operator. The IP address sent to Google by your browser in the context of Google Analytics is not linked with other data of Google.
Browser plug-in
You can prevent the storage of the cookies via a respective setting in your browser software. We would however like to point out to you that you may not be able to use the full extent of all functions of this web site in this case. You can also prevent the collection by Google of the data related to your use of the web site that the cookie generates (including your IP address) as well as the processing of these data at Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en .
Objection against data collection
You can prevent the collection of your data by Google Analytics if you click on the following link. This sets an opt-out cookie, which prevents the capture of your data during future visits to this web site: Google Analytics deaktivieren.
More information on the handling of user data at Google Analytics may be found in the data protection declaration of Google: https://support.google.com/analytics/answer/6004245?hl=en.
Contract data processing
We have signed a contract with Google on contract data processing and have fully implemented the specifications of the German data protection authorities in the use of Google Analytics.
Google Analytics Remarketing
Our web sites use the functions of Google Analytics Remarketing in connection with the multi-device functions of Google AdWords and Google DoubleClick. They are offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This function permits the matching of the advertising target groups created using Google Analytics Remarketing with the multi-device functions of Google AdWords and Google DoubleClick. In this way, interest-related personalized advertising messages adapted to you based on your previous usage and surfing behavior on one terminal device (e.g., smartphone) can also be shown on another of your terminal devices (e.g., tablet or PC). If you have given a corresponding consent, Google links your web and app browser trace with your Google account. This allows the same personalized advertising messages to be shown on every terminal device on which you log in with your Google account. To support this function, Google Analytics captures google-authenticated user IDs, which are temporarily linked with our Google Analytics data in order to define and create target groups for multi-device advertising. You may permanently object to the multi-device remarketing/targeting by deactivating personalized advertising in your Google account. For this purpose, follow the link: https://www.google.com/settings/ads/onweb/ .
The collation of the captured data in your Google account happens exclusively based on your consent, which you may give or revoke at Google (GDPR art. 6 par. 1 item a). In the case of data collection processes that are not linked in your Google account (e.g., because you do not have a Google account or have objected to the linking), the collection of the data is based on GDPR art. 6 par. 1 item f. The legitimate interest results from the fact that the web site operator has an interest in the anonymized analysis of the web site visitors for the purpose of advertising. Further information and the data protection rules may be found in the data protection declaration of Google under: https://www.google.com/policies/technologies/ads/ .
Google AdWords and Google conversion tracking
This web site uses Google AdWords. AdWords is an online advertising program of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
In the context of Google AdWords, we use the so-called conversion tracking. If you click on an advertisement placed by Google, a cookie for the conversion tracking is set. Cookies are small text files, which the Internet browser stores on the user’s computer. These cookies lose their validity after 30 days and are not used for the personal identification of the user. If the user visits certain pages of this web site and the cookie has not yet expired, Google and we can recognize that the user clicked on the advert and was redirected to this page.
Every Google AdWords customer receives a different cookie. The cookies can not be tracked via the web sites of AdWords customers. The information collected with the help of the conversion cookie is used to create conversion statistics for AdWords customers that have opted for conversion tracking. The customers learn the total number of users who clicked on their advert and were redirected to a page that contained a conversion tracking tag. However, they do not contain any information that would permit users to be personally identified. If you do not wish to participate in the tracking, you can object to this use by easily deactivating the cookie of the Google conversion tracking via your Internet browser’s user settings. You will then not be included in the conversion tracking statistics.
The storage of “conversion” cookies takes place on the basis of GDPR art. 6 par. 1 item f. The web site operator has a legitimate interest in the analysis of the user behavior in order to optimize both its web offerings and its advertising.
More information on Google AdWords and Google conversion tracking may be found in Google’s data protection policy: https://www.google.de/policies/privacy/.
You can configure your browser such that you are informed about the setting of cookies, allow cookies in individual cases only, exclude accepting cookies in certain cases or in general, as well as activate the automatic deletion of cookies when the browser is closed. Deactivating cookies may restrict the functionality of this web site.