Privacy Statement

Name and address of the website operator

The person responsible within the meaning of the Basic Data Protection Regulation and other national data protection laws of the EU member states as well as other data protection regulations is:

Onventis GmbH
represented by its managing director
Frank Schmidt
Gropiusplatz 10
70563 Stuttgart

Tel: +49 (0) 711/68 68 75-0
Fax: +49 (0) 711/68 68 75-10
E-Mail: info@onventis.de

Data protection officer can be reached via the following contact details:
Tom Coats
Telefon: +49 (0) 711/68 68 75-53
E-Mail: t.coats@onventis.de

Subject Matter and Scope

This privacy policy informs the users of the Onventis websites, the Onventis Supplier Portal and the demo and beta accounts of the Onventis Cloud Procurement Software, which are accessed via the domains onventis.de and onventis.com including all subdomains, about the type, scope and purpose of the collection and use of personal data by Onventis GmbH.

We take your data protection very seriously and treat your personal data confidentially and according to the legal regulations. Because new technologies and the constant development of our websites and software applications from the cloud may result in changes to this privacy statement, we encourage you to review it periodically.

Definitions of the terms used (e.g. “personal data” or “processing”) can be found in Art. 4 DSGVO.

Agreement on the Order Data Agreement

For employees of a company that has concluded a contract with Onventis for the use of an Onventis software application from the cloud, the data protection regulations are regulated by Onventis in a separate agreement on order data processing pursuant to Art. 28 DSGVO (V). In order to make it as easy as possible to conclude a contract, Onventis offers the possibility to download the ADV contract online and send it signed to Onventis. The contract document can be downloaded here: https://onventis-2018.onventis.de/adv/

Access Data

We collect data on access to our websites (onventis.de and onventis.com including all subdomains) based on our legitimate interest (Art. 6 para. 1 lit. f. DSGVO) and store these as “server log files” on the server of the website. The justified interest results from the control and optimization of our website. The following data is logged:

• Visited website time at the time of access
• Quantity of data sent in bytes
• Source/reference from which you reached the page
• Browser used
• Operating system used
• IP address used

The server log files are stored for a maximum of 7 days and then deleted. The data is stored for security reasons, e.g. to clarify cases of misuse. If data have to be deleted for reasons of proof, they are excluded from deletion until the incident has been finally clarified.

Range Measurement & Cookies

Our web pages use cookies for pseudonymized range measurement, which are transmitted either by our server or by the server of third parties to the browser of the user. Cookies are small files that are stored on your end device. Your browser accesses these files. The use of cookies increases the user-friendliness and security of our websites. If you do not want cookies to be stored on your terminal to measure your range, you can object to the use of these files here:

• Cookie deactivation page of the US website: http://optout.networkadvertising.org/?c=1#!/
• Cookie deactivation page of the European website: http://optout.aboutads.info/?c=2#!/
• Cookie deactivation page of the European website: http://optout.networkadvertising.org/?c=1#!/

Browsers offer the option not to accept cookies. Note: There is no guarantee that you will be able to access all functions of our website without restrictions if you make the appropriate settings.

Cookies, which are necessary for the execution of the electronic communication process or for the provision of certain functions requested by you, are stored based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the storage of cookies for the technically error-free and optimized provision of our services. As far as other cookies (e.g. cookies for the analysis of your surfing behavior) are stored, these are treated separately in this data protection declaration.

Collection and Processing of Personal Data

When you visit the website, our servers automatically collect data; these are listed above under “Server Log Files”. Furthermore, data is collected and stored in anonymous form for marketing and optimization purposes. These data are used to create user profiles under a pseudonym.

Cookies can be used for this purpose, but they collect and store data exclusively in pseudonymous form.  The data will not be used to personally identify the visitor to this website and will not be merged with data about the bearer of the pseudonym. Any additional personal data will only be collected, processed or used if you voluntarily provide us with it during your visit to this website – for example, your name, e-mail address and telephone number. The legal basis for the processing is the existence of your consent as a user (Art. 6 para. 1 lit. a DSGVO).

Dealing with Contact Data

If you contact us as a website operator through the contact options offered, your details will be stored so that they can be used to process and respond to your enquiry. The legal basis for the processing is the existence of your consent as a user (Art. 6 para. 1 lit. a DSGVO).

Google Analytics

On the basis of our legitimate interests, our web pages use for the optimization and analysis of our online offer in the sense of Art. 6 para. 1 lit. f. DSGVO uses the service “Google Analytics”, which is provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The service (Google Analytics) uses “cookies” – text files that are stored on your terminal device. The information collected by the cookies is usually sent to a Google server in the USA and stored there.

Google LLC complies with European privacy laws and is certified under the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

IP anonymization is used on our web pages. The IP address of the users is shortened within the member states of the EU and the European Economic Area and in the other contracting states of the agreement. Only in individual cases, is the IP address initially transmitted unabbreviated to a Google server in the USA and then shortened there. By this shortening, the personal reference of your IP address is removed. The IP address of the user transmitted by the browser is not combined with other data stored by Google.

Under the Order Data Agreement, which we, as a web site operator, have entered into with Google Inc., Google Inc. uses the information collected to compile an analysis of web site usage and activity and to provide services relating to internet usage.

The data collected by Google on our behalf is used to evaluate the use of our online services by individual users, e.g. to create reports on activity on the websites in order to improve our online services.

You have the option of preventing cookies from being stored on your device by making the appropriate settings in your browser. There is no guarantee that you will be able to access all functions of our website without restrictions if your browser does not allow cookies.

You can also use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to Google Inc. and used by Google Inc. The following link leads you to the corresponding plugin: https://tools.google.com/dlpage/gaoptout?hl=de by clicking on this link OPT-OUT-LINK, you prevent Google Analytics from collecting data about you within this website. Click on the link above to download an “Opt-Out-Cookie”. Your browser must therefore always allow the storage of cookies for this purpose. If you delete your cookies regularly, a new click on the link is required each time you visit this website.

Here you will find further information on the use of data by Google Inc.:

https://policies.google.com/privacy/partners?hl=de (data collected by Google partners)
https://adssettings.google.de/authenticated (settings about advertising displayed to you)
https://policies.google.com/technologies/ads?hl=de (use of cookies in ads)

Google Analytics advertising feature

We have enabled the following analytics advertising features in conjunction with Google Analytics: “Integration with the DoubleClick platform.”

This enables a Google cookie to be used for ad preferences to collect additional data about accesses beyond the standard Google Analytics implementation.

With the analysis tool “Integration of the DoubleClick platform”, we evaluate advertising on our websites. Advertisements for other websites are placed on our websites. This is usually done with the help of “AdServer” party (3rd-party)-DoubleClick cookie is set on the user’s terminal device. Further information about the DoubleClick cookie can be found on Google’s websites (accessed: 15.10.2016): http://www.google.com/policies/technologies/ads/. If we combine personal data with non-personal data collected with the help of Google advertising products using the Analytics advertising functions, this will only happen if the user has been made aware of this combination by us beforehand in a clearly visible manner and has given us his consent (opt-in procedure). Otherwise, a merger shall not take place. The user can deactivate Google Analytics advertising functions and exercise his right of objection (opt-out), for example via the advertisement preferences manager of his browser by calling up the Google link: https://www.google.de/settings/ads?hl=en.

Alternatively, the user can deactivate the use of cookies by third parties via “NAI consumer deactivation”. The Network Advertising Initiative (NAI) and the Opt-Out function can be found at http://www.networkadvertising.org.

If these technical possibilities are not available on the user’s terminal device, he may object to the use of Google Analytics in its entirety. In addition, the information on the “Google Analytics” section of this privacy statement also applies to the Analytics advertising functions. In particular, the user can exercise his right of objection through the opt-out displayed there or take self-protection measures by setting his browser software.

Google AdWords

As an AdWords customer, we also use Google Conversion Tracking, an analysis service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). Google AdWords places a cookie on your computer (“conversion cookie”) if you have reached our website via a Google advertisement. These cookies expire after 30 days and are not used for personal identification. If you visit certain pages from us and the cookie has not expired yet, Google and we can recognize that someone clicked on the ad and was forwarded to our page. Each AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. The information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that personally identifies users. If you do not wish to participate in the tracking procedure, you can also refuse to set a cookie as required for this purpose – for example by setting your browser to deactivate the automatic setting of cookies in general. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain “googleadservices.com”.

Application Process via Personio

The data entered as well as supplementary documents are collected, processed and used exclusively for the application procedure. Your data will of course be treated confidentially. We use Personio’s offer as software for our application process. Personio is offered by Personio GmbH, Buttermelcherstr. 16, 80469 Munich, Germany. Already with the announcement of the open positions we include the offer of Personio on our website. When using this information, Personio will be informed that you have visited the site with your IP address.

Your data will be hosted by this external service provider by way of order processing. Both we and the service provider use technical and organizational security measures to protect the data collected from you against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved in line with technological developments.

After entering and transmitting your data, they are transferred directly to the server of the service provider via an SSL-encrypted connection. If you log in after your registration with the user data provided, the SSL encryption procedure is also used for data transmission. Even if you apply to us by post or e-mail, your data will be stored on the server of our external service provider and processed from there.

Your application will be sent directly to our human resources department, where it will be forwarded to the appropriate managers. Unauthorized third parties will not have access to your data or view your application.

Use of Social Media Plug-Ins

1) Facebook

Because of our legitimate interest in the analysis, optimization and operation of our online services (within the meaning of Art. 6 Para. 1 lit. f. DSGVO), our websites use the Facebook Social Plugin, which is provided by Facebook Inc. (1 Hacker Way, Menlo Park, California 94025, USA). The embedding can be recognized by the Facebook logo or by the terms “like”, “like”, “share” in the colors Facebooks (blue and white). Information about all Facebook plugins can be found via the following link: https://developers.facebook.com/docs/plugins/

Facebook Inc. complies with European privacy laws and is certified under the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

The plugin establishes a direct connection between your browser and the Facebook servers. The website operator has no influence whatsoever on the nature and extent of the data that the plugin transmits to the Facebook Inc. servers. You can find information about this here: https://www.facebook.com/help/186325668085084

Das Plugin informs Facebook Inc. that you have visited this website as a user. It is possible that your IP address will be saved. If you are logged into your Facebook account while visiting this website, the information will be linked to that account. If you use the functions of the plugin – for example by sharing or “linking” a post – the corresponding information will also be transmitted to Facebook Inc.

If you want to prevent Facebook. Inc. links this data to your Facebook account, please log out of Facebook before visiting this website and delete the stored cookies. Via your Facebook profile you can make further settings for data processing for advertising purposes or object to the use of your data for advertising purposes. You can access the settings here:

• Profile settings for Facebook: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
• Cookie deactivation page of the US website: http://optout.aboutads.info/?c=2#!/
• Cookie deactivation page of the European website: http://optout.networkadvertising.org/?c=1#!/

What data, for what purpose and to what extent Facebook collects, uses and processes data and what rights and setting options you have to protect your privacy, you can read in the privacy policy of Facebook. You can find them here: https://www.facebook.com/about/privacy/

2) Twitter

We use functions of the Twitter service. These functions are offered by
Twitter Inc. 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transmitted to Twitter. We would like to point out that, as the provider of these pages, we do not have any knowledge of the content of the transmitted data or its use by Twitter. You can find more information in Twitter’s privacy policy at https://twitter.com/privacy.

Privacy settings for Twitter can be found in the account settings at https://twitter.com/privacy.

3) LinkedIn

We use functions of the network LinkedIn. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, and each time a page containing LinkedIn features is accessed, a connection is established to LinkedIn servers. LinkedIn will be informed that you have visited our website with your IP address. If you click the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn will be able to associate your visit to our website with you and your user account. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn.

Further information can be found in LinkedIn’s data protection declaration at https://www.linkedin.com/legal/privacy-policy.

4) Xing Share-Button

The “XING Share button” is used on this website. When you access this website, your browser establishes a short-term connection to servers of XING AG (“XING”) with which the “XING Share Button” functions (in particular the calculation/display of the meter value) are provided. XING does not store any personal data about you when you access this website. In particular, XING does not store any IP addresses. There is also no evaluation of your usage behavior regarding the use of cookies in connection with the “XING Share Button”. The latest data protection information on the “XING Share Button” and additional information can be found on this website: https://www.xing.com/app/share?op=data_protection

5) Use of YouTube

Our website displays videos from the YouTube page operated by Google. The site is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, and when you visit one of our YouTube video pages, you will be connected to YouTube’s servers. If you are logged into your YouTube account, you can allow YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO.
Further information on the handling of user data can be found in YouTube’s data protection declaration at https://www.google.de/intl/de/policies/privacy.

Newsletter Subscription

We offer you a newsletter on our website, which informs you about current information about our company and our products. If you would like to subscribe to the newsletter, you must provide a valid e-mail address. By subscribing to the newsletter, you agree to receive the newsletter and to the procedures described above. The newsletter will be sent by CleverReach, a shipping service provider and platform of CleverReach GmbH & Co KG, Mühlenstr. 43, 26180 Rastede, Germany. Information on the data protection regulations of the shipping service provider can be found at https://www.cleverreach.com/de/datenschutz/

Revocation and Cancellation: You can revoke your consent to receive the newsletter at any time and thus cancel your newsletter subscription. After your cancellation, your personal data will be deleted. Your consent to receive the newsletter will expire at the same time. At the end of each newsletter you will find the link to unsubscribe.

The legal basis for processing and sending the newsletter is the existence of your consent as a user (Art. 6 para. 1 lit. a DSGVO). We have concluded an order processing agreement with CleverReach and fully implement the strict requirements of the German data protection authorities when using CleverReach.

Privacy Policy in Connection with the Free Offer of Digital Content

We offer free digital content on our website. We collect the following data:

Last name: personal salutation of the user in e-mails
First name: personal, gender-specific salutation of the user in e-mails (see below)
Business e-mail address: Confirmation of e-mail address and sending of digital content and offers
Professional title: For customization of the content and offers sent to the role/profession of the user
Phone number (optional): will be queried for the purpose of making contact if the user sets the optional check mark “I would like to be called and learn more about Onventis”.

Data is collected and used for the following purpose:

(1) Sending the digital content requested by the user by e-mail:
After sending the form, we send the user an e-mail in which he can confirm his e-mail address and the download request made for the corresponding content by clicking on the confirmation link. The confirmation link then refers the user directly to the content requested in the form.

(2) Sending further, similar contents and offers by e-mail: If the user has confirmed his e-mail address as described under (1), we will send the user further e-mails in the course of the following weeks, which refer to other, similar digital contents and offers from Onventis. These are based on the content already requested, the role of the user and the size of the company.

The legal basis for the processing is the existence of your consent as a user (Art. 6 para. 1 lit. a DSGVO). Another basis is Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

Conditions of Participation for Onventis Events

You can register for events on our website. For the planning and execution of events, the organizer requires personal data of the participant. The participant agrees that his data may be processed and used for the initiation, execution and follow-up of the event.

This consent applies in particular for the following purposes:

1) Invitation management by e-mail:

• Sending of registration confirmations by e-mail
• Sending of reminders before the event by e-mail
• Sending of further information or short-term changes to the registered event participants
• Optimization of event planning- General contract preparation

The following data is collected in this process:

• E-mail address
• Name, First name
• Sex
• Job title
• City

Image rights: During the event, participants will be given the opportunity to obtain their consent (free of charge) to take pictures of themselves during the event and to use and publish such images for the purpose of public reporting (in particular for the purpose of public relations). print media or Internet) about the events. This includes publishing on Facebook, Google and other social media platforms. Onventis is not liable for third parties using the images without knowledge for further purposes, in particular by downloading and/or copying them.

Revocation: Furthermore, the participant has the right to revoke the consent given to Onventis for processing and use for the future at any time.

The legal basis for the processing is the existence of your consent as a user (Art. 6 para. 1 lit. a DSGVO).

Webinars

In order to give you access to our webinars, we need to collect the following data. We only use this data to provide the service via our external webinar tool GoToWebinar. GoToMeeting is offered by LogMeIn Ireland Limited, Bloodstone Building Block C, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland. The GoToMeeting Privacy Policy can be found at https://www.logmeininc.com/de/legal/privacy.
LogMeIn complies with the terms of the Privacy Shield Privacy Program between the U.S. and the EU, and the U.S. and Switzerland with respect to customer information. For more information, see LogMeIn’s Privacy Shield notice.

By registering for the webinar, you agree that your data may be used for the aforementioned purposes. You can revoke this consent at any time going forwared.
Data collected: Last name, first name, e-mail address.

The legal basis for the processing is the existence of your consent as a user (Art. 6 para. 1 lit. a DSGVO).

Right of Appeal to the Competent Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the EU Member State where you reside, your place of work or the location of the alleged infringement, if you believe that the processing of your personal data is in breach of the DSGVO. For Baden-Württemberg, where our company is based, the responsible supervisory authority for data protection issues is the data protection officer of the federal state of Baden-Württemberg: https://www.baden-wuerttemberg.datenschutz.de.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 DSGVO.

Your rights to Information, Rectification, Restriction, Erasure, Portability of Data

You have the right at any time and free of charge to receive information about the origin, recipient and purpose of your stored personal data. You also have the right to request the rectification, blocking, transmission or deletion of these data. You can contact us at any time at the above address if you have any further questions on the subject of data protection. Furthermore, you have the right to appeal to the competent supervisory authority.

Right to Erasure

Unless your request conflicts with a legal obligation to store data (e.g. legally mandated data retention), you have a right to erase your data. Data stored by us will be erased if they are no longer needed for their intended purpose and there are no legal retention periods. If erasure cannot be carried out because the data is required for permissible legal purposes, data processing will be restricted. In this case, the data will be blocked and not processed for other purposes.

Right to Object

Users of our websites can exercise their right of objection and object to the processing of their personal data at any time.

If you wish a correction, blocking, deletion or information about the personal data stored about your person or if you have
questions regarding the collection, processing or use of your personal data or if you wish to revoke your consent, please contact the following e-mail address: datenschutz@onventis.de

Validity and Amendment of this Data Protection Declaration

This data protection declaration is currently valid and as of May 2018.

Due to the further development of our website and offers above or due to changed legal or official requirements, it may be necessary to amend this data protection declaration. You can access and print out the current data protection declaration at any time on the website at https://onventis-2018.onventis.de/datenschutz/.