For comcross GmbH, Hertichstraße 73/1, 71229 Leonberg (“Company” or“we”), the protection of personal data is a high priority. This privacy policy informs the users of our websites about the processing of personal data carried out by us in accordance with the applicable data privacy laws, in particular Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR).
Content
I. Person responsible for the processing of your data
II. Processed data and processing purposes
1. Usage data 
2. Data processed in the context of contacting us
3. Use of Cookies
4. Google Maps
III. Recipients or categories of recipients of the data
IV. Storage duration
V. Your rights
VI. Whistleblower Protection Act

I. Person responsible for the processing of your data
The Company is responsible for the lawful processing of data within the meaning of Art. 4 Par. 7 GDPR. You can reach our data privacy officer at
schatzinger@hopp-flaig.de.

II. Processed data and processing purposes
1. Usage data
When our Internet pages are accessed, our servers automatically store various data about the accessing system. This includes the type of browser used, the browser version, the operating system used, the website from which our website is accessed, the sub-pages of our website accessed, the date and time of access, the Internet protocol address (IP address), the Internet service provider as well as data comparable to this data. 
We use this data to be able to ensure accessibility to our Internet pages, to recognise and rectify any technical problems that may occur and to prevent and, if necessary, prosecute misuse of our services. We also use this data in a non-individualised form for statistical purposes and to improve our website. The legal basis for the processing of your usage data is Art. 6 Par. 1 lit. f GDPR. Our legitimate interest is the smooth operation and security of our IT systems. We store usage data for a period of up to 10 days.

2. Data processed in the context of contacting us
Our Internet pages offer you the opportunity to contact us. The data transmitted to us in this context will be used exclusively for processing the respective enquiries. Depending on the content of the respective contact, the legal basis for the processing of your data is Art. 6 Par. 1 lit. b GDPR (in the case of contract-related contact) or Art. 6 Par. 1 lit. f GDPR (in all other cases).

3. Use of Cookies
Our internet pages use cookies. Cookies enable us to make our website appealing to you and make it easier to use, for example by saving certain entries so that they do not have to be re-entered. We only use cookies that are absolutely necessary. These are cookies that enable you to call up and use our Internet pages and other features or content on our Internet pages that you wish to call up or use. You can disable these cookies, but this will make it more difficult to operate our website. Certain features and services of the website may then not be available to you. The legal basis for processing the data contained in these cookies is Art. 6 (1) lit. f GDPR (legitimate interests). We store mandatory cookies for a maximum of one year.

4. Google Maps
Our website uses the map service Google Maps via an API. The provider is Google Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The use of Google Maps is in the interest of an appealing presentation of our Online offer and an easy location of the places indicated by us on our internet sites. This constitutes a legitimate interest within the meaning of Section 6 Par. 1 lit. f GDPR. More information on the handling of user data can be found in Google's privacy policy: https://www.google.de/intl/de/policies/privacy.

III. Recipients or categories of recipients of the data
For certain technical processes of data analysis, processing or storage, we use the support of external service providers. These service providers are carefully selected and meet high data protection and data security standards. They are bound to strict confidentiality and only process data on our behalf and according to our instructions. The legal basis for the involvement of these service providers is Art.28 GDPR.
 
As a matter of principle, we do not transfer your personal data to countries outside the EU. However, if this should be the case in individual cases, we ensure that the legally required guarantees for the protection of your data are in place before transfer to these countries. You can obtain further information on these guarantees from the contact details above. 

Except in the cases explained in this data protection information, we will only disclose your data to third parties without your express consent if we are obliged or entitled to do so by law or by official or judicial order.

IV. Storage duration
Your data will be retained for as long as it is necessary to know it for the purposes set out above and then deleted after any legal retention periods have expired. In determining the appropriate retention period for data, we consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process your data and whether we can achieve those purposes by other means, and applicable legal requirements.

V. Your rights
You have the right to obtain detailed information about the processing of your data in accordance with the legal provisions (Art. 15 GDPR). If you discover that data stored about you is incorrect or incomplete, you may request that this data be corrected or completed (Art. 16 GDPR). Under the conditions specified in Art. 17 and 18 GDPR, you can request the deletion or restriction of the processing of your data. In addition, in certain cases, you may request to receive the data you have provided to us in a structured, commonly used and machine-readable format or that this data be transferred to a third party (Art. 20 GDPR). You also have the right to lodge a complaint with the supervisory authority responsible for supervision. Should the processing of your data in individual cases be based on consent given by you, you have the right to revoke this consent at any time, without this affecting the lawfulness of the processing carried out on the basis of the consent until revocation.

Finally, you have the right to object to the processing of data relating to you on grounds relating to your particular situation in accordance with Article 21 GDPR.

VI. Whistleblower Protection Act
With the coming into force of the Whistleblower Protection Act (HinSchG), we are fulfilling our obligation and providing a reporting system. The following link and the QR code will take you to the comcross GmbH whistleblower channel.
Status: September 2023