Privacy Policy

Privacy Statement:
Information on privacy measures for smart2success GmbH online services available from:
www.smart2success.com

Table of Contents
1. Basic Information
2. Who we are (Controller for Data Privacy)
3. Data collection when accessing our online services
4. Contact
4.1 Contact form
4.2 Registration for our Webcasts & Events
5. Use of your data for advertising purposes (product recommendations to existing customers)
6. Use of cookies and tools
6.1 What are cookies?
6.2 What cookies do we use?
6.3 What is the purpose and the legal basis for using cookies?
6.4 How to disable cookies
6.5 Do we use cookies from third parties?
6.6 Cookie overview
6.7 Web analysis services: Google Analytics
7. Integration of social media and other services
7.1 YouTube
7.2 Twitter
7.3 LinkedIn
7.4 Xing
7.5 Podigee (Podcast Hosting und Embedding)
8. Your rights as a data subject
8.1 The right of access
8.2 The right to rectification
8.3 Right to erasure (right to be forgotten)
8.4 Right to restriction of processing:
8.5 Right to notification
8.6 Right to data portability
8.7 Right to object
8.8 Right to withdraw consent and data protection law
8.9 Right of appeal to the supervisory authority

1. Basic Information
We are delighted to have you visit our website, and we would like to thank you for your interest. In the following, we would like to inform you about how we handle your personal data when you use our web services, like our website and our online shops. The following information also relates to the use of our websites on mobile devices, e.g. smartphones or tablets. Personal data includes all data which could be used to identify you personally, or which make you identifiable via a username or identification code, such as your IP address or credit card number.
This Privacy Statement explains the legal basis and the purpose for this collection or processing of your data. We would like to inform you of your rights regarding the use of your personal data. If you have any questions regarding our use of your personal data, please contact us as the responsible entity — Controller under data protection law (for contact details see Clause 2).
For security reasons and to protect the transfer of personal data and other confidential information (e.g., orders or queries sent to Controllers), these online services use SSL or TLS encryption. You can identify an encrypted connection by checking that the letters “https://” and a lock symbol appear in your browser address line.
2. Who we are (Controller for Data Privacy)
The Controller for the processing of data on our online services pursuant to the General Data Protection Regulation (Datenschutz-Grundverordnung — GDPR) is:

smart2success GmbH
represented by the managing directors Jörg Kretzschmar and Daniel Döring
Fasanenweg 6
31249 Hohenhameln

Telephone: +49 5128 279 57 69
E-Mail: info@smart2success.com

3. Data collection when accessing our online services
Accessing our web pages (without registration) will result in the automatic anonymised collection of the following data on our servers:
-masked IP address,
-access date/ time/ time zone,
-access status,
-type of access,
-type of protocol,
-type and number of pages accessed on our site,
-name and size of accessed files,
-referring website,
-web browser,
-operating system.
The listed non-personal data is collected automatically as part of the normal operations of our internet services. The information gathered about the use of our pages is not combined with any personal information provided through the online registration form. We do not have any personal references in our usage data.
We use the above data for the purposes of troubleshooting, generating statistics and measuring website activity with the aim of improving the value and use of our services. As such, we have a legitimate interest to justify the data processing activity pursuant to Article 6 (1) (f) GDPR.
Within our company, our IT Administrator is the only person with access to this data for the purposes listed above.
The above data is only collected for the period of use; once the use has ended, the data shall be deleted without delay, after seven days at the latest.
We use cookies and web analysis services to obtain information as soon as your web browser accesses our website. These identifiers enable a range of our website’s service functions and are automatically transferred to the hard drive of your computer or other mobile device via your browser. This function can be deactivated in the settings of your browser. Should cookies be disabled, personalised service will be unavailable. In this case, your anonymised IP address may be transferred to the USA. For more information on the cookies and web analysis tools we use, see the “Use of cookies and tools” section below.

4. Contact
4.1 Contact form
On our pages, we have provided an online form which enables you to make contact with us electronically. The form requires your first name and family name, your email address and telephone number as well as a box for entering a message to us. We need this data to process your request. You can also choose to provide us with your postal address. Additionally, you can contact us at any time via email. Contacting us is always voluntary.
This data is solely used for the purpose of answering your request or responding to your request for contact, and the technical administration involved. This processing is lawful pursuant to Art. 6 (1) (b) GDPR, as we require the data listed above for the initiation, conduct or termination of a contractual relationship with you.
You request is logged by our internal customer service.
We do not pass on your requests to third-parties or to organisations outside of the EU.
After your request has been processed, we delete your contact information, at the latest, seven days after your request has been dealt with. This period of storage may be subject to statutory storage periods, for example, when your request is in connection with the processing of a contract or a warranty or guarantee. In this case, we store your request beyond seven days only for the purpose of complying with our legal obligations (Art. 6 (1) (c) GDPR). In this case, we delete your data on termination of the statutory storage period (Section 147 (3) Fiscal Code of Germany (Abgabeordnung – AO)), i.e. after a period of 10 years, beginning at the conclusion of the contract. We will delete your data at the end of this retention period without any request to do so on your part.

4.2 Registration for our Webcasts & Events
In our “Webcasts & Events” section you can register for one of our events or webinars/webcasts by clicking on the “Participate” button. We also conduct our events and webinars/webcasts with Microsoft Teams. No data transfer to Microsoft Teams takes place on our website.
By clicking on one of the “Participate” buttons you will leave our website and be redirected to a registration form hosted on Microsoft Teams.
From this point on, you are on the pages of the provider Microsoft Teams.
Microsoft Teams is a service offered in Germany by Microsoft Deutschland GmbH, Walter-Gropius-Straße 5, 80807 Munich, Germany, and in the USA by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
When you access a registration form for one of our webinars and events on Microsoft Teams, your data may be transferred to a Microsoft server in the USA and stored there. For the use of Microsoft Teams, we have concluded an order processing agreement with Microsoft in accordance with the standard data protection clauses of the EU.
Microsoft is certified under the EU-US Privacy Shield, but this alone does not provide an adequate level of data protection: https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active
Further information on data protection with the Microsoft service Microsoft Teams can be found in the provider’s data protection declaration at: https://learn.microsoft.com/de-de/microsoftteams/teams-privacy.
For more information on the current situation regarding data processing in the USA, please refer to point 6.5 in this privacy policy: https://learn.microsoft.com/en-gb/microsoftteams/teams-privacy
Data processing by Smart2Success:
The registration form requires your first name and family name, your email address and organisation. We need this data to process your request. You can also choose to provide us with your telephone number.
This data is solely used for the purpose of procssing your request to participate in one of our events and the technical administration involved. This processing is lawful pursuant to Art. 6 (1) (b) GDPR, as we require the data listed above for the initiation, conduct or termination of a contractual relationship with you.
Your request is logged by our internal customer service.
After your request has been processed, we delete your contact information after the webinar or event has been held. This period of storage may be subject to statutory storage periods, for example, when your request is in connection with the processing of a contract or a warranty or guarantee. In this case, we store your request beyond seven days only for the purpose of complying with our legal obligations (Art. 6 (1) (c) GDPR). In this case, we delete your data on termination of the statutory storage period (Section 147 (3) Fiscal Code of Germany (Abgabeordnung – AO)), i.e. after a period of 10 years, beginning at the conclusion of the contract. We will delete your data at the end of this retention period without any request to do so on your part.

5. Use of your data for advertising purposes (product recommendations to existing customers)
If you have ordered products from us and provided your email address, we allow ourselves under the law to send you product recommendations for similar products which could be of interest to you, where you have not objected this use during the purchase process. This form of contact will only occur for the purpose of sending product recommendations via email to you as an existing customer. In this, we are pursuing our legitimate interest in sending personalised direct advertising to existing customers. This is consistent with our legitimate interest in direct advertising to existing customers under Art. 6 (1) (f) GDPR in conjunction with Section 7 (3) German Unfair Competition Act (Gesetz gegen den unlauteren Wettbewerb – UWG). If you have initially objected to this use of your email address, we will not send this information to you via email. You may withdraw your consent to the use of your email address to receive such messages from us at any time and with future effect. After receipt of your withdrawal of consent, we will cease the use of your email address for this purpose without delay.

6. Use of cookies and tools

6.1 What are cookies?
To improve the look of our website and to enable certain functions, we use cookies on various pages. Cookies are small text files that are stored on your device. These text files are used for the temporary storage of information. Your browser stores cookies in the form of a readable text file once you access our site. If you are registered with us, cookies help us to recognise you, your device (computer, tablet or smart phone) the next time you access one of our pages. Some cookies may contain personal data.

6.2 What cookies do we use?
According to function, we classify our cookies as Required, Functional, Analysis & Statistics, and Advertising and Marketing. Some of the cookies we use are required for you to use our web pages (so called session cookies). If you disable this cookie, our pages may not be accessed. The authentication cookie provides you with access to the log-in page. Without this cookie, you cannot register or access the log-in page. These session cookies will be deleted when you close your browser.
Other cookies remain on your device and allow us and our partner companies (third-party cookies) to recognise your browser on your next visit (persistent cookies). Persistent cookies are automatically deleted after a certain period of time, which differs from cookie to cookie. For advertising purposes, we use a retargeting cookie which allows us to show you interesting offers, even outside of our web pages. For more information, see the following overview of cookies used.

6.3 What is the purpose and the legal basis for using cookies?
Most of the cookies we use do not store any information that can identify you personally or that makes you identifiable. Rather, these cookies provide us with general and anonymised information regarding the use of our websites, the pages that are visited, the browsers and operating systems used and the cities our visitors are located. We only collect masked IP addresses which make it impossible to recognise individual users or be assigned to any one individual.
Some of these cookies make the ordering process easier, by saving specific website settings (e.g. noting the content(s) of a virtual shopping basket for a subsequent visit to the website). Where our cookies do process personal data, this processing is done in accordance with Art. 6 (1) (b) GDPR to fulfil our contract with you.
Any cookies we collect are for the purposes of gathering information for improving the functioning and content of our online services. These functional cookies serve a legitimate interest (Art. 6 (1) (f) GDPR) as they enable the technical adaptation of our service and make it easier for you to use our pages. We also use cookies to measure the success of our online marketing. Using statistical data, we can also identify disruptions and understand cost calculations for advertising media. We only understand this processing when you have granted us consent for the use of these cookies for analysis and statistics or for advertising and marketing (Art. 6 (1) (a) GDPR). You may withdraw your consent at any time with future effect. The processing of your data remains lawful until your consent is withdrawn.
Click here to review or change your Cookie settings for our website.

6.4 How to disable cookies
You can set your browser to inform you about the setting of cookies and whether you wish to accept cookies individually, or to accept specific kinds of cookies, or to disable all cookies. Each browser is different in the way it administers its cookie settings. The Help menu of your browser provides information on how to change your cookie settings. You can find this information for your browser using the links below:
-Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
-Edge: https://support.microsoft.com/en-US/help/4027947/microsoft-edge-delete-cookies
-Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
-Chrome: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en
-Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/12.0/mac/10.14
-Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Alternatively, the Digital Advertising Alliance provide information on cookies and settings at www.aboutads.info.

6.5 Do we use cookies from third parties?
We sometimes work with web partners who help us to make our web pages more interesting for you. For this purpose, when you access some of our pages online, cookies from our partner companies may also be stored in your device (Third-party Cookies). This section provides more information regarding the use of these kinds of cookies, their scope, and the data they collect.
We use some cookies or tools because they are necessary for us to provide you with our online services. In this case, the legal basis for the processing is the user agreement concluded with you (Art. 6 Para. 1 Letter b GDPR) or our legitimate interest, provided that no conflicting interests are discernible, and no contradiction exists (Art. 6 Para. 1 Letter f GDPR). We use all other cookies exclusively on the basis of your consent (Art. 6 para. 1 letter a GDPR).
The third-party cookies used by us partially lead to data processing in the USA. In this case, too, we only use cookies with your consent (Art. 6 para. 1 letter a GDPR). Although these providers (e.g. Google, Facebook) have undertaken to comply with the data protection provisions of the EU-US data protection shield, the legal framework governing the transatlantic transmission of data which the European Commission and the United States have agreed (COMMISSION IMPLEMENTING DECISION (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield (notified under document C(2016) 4176)). These providers are also registered with the “Privacy Shield” Program of the U.S. Department of Commerce. However, the European Court of Justice has declared this agreement invalid and found that the USA does not have a level of data protection comparable to that in the EU (ECJ, judgment of 16 July 2020 – C-311/18, para. 200, Facebook/Schrems II). US legislation gives various security authorities unlimited powers of surveillance, including the use of surveillance programmes that enable the mass collection and analysis of data. US providers are obliged under national law to grant the security authorities access to the data processed by them, even if the data is processed by a foreign company. If consent is granted, there is a risk that the data collected via cookies will become part of the mass surveillance in the USA. There is no legal remedy or efficient legal proceedings available in the USA against such surveillance.

6.6 Cookie overview
Below is an overview of the cookies used by us:
Type of Cookie Cookie Name Description Duration

Required Cookies
-cookie_notice_accepted Storage of consent/rejection to optional cookies. 1 Month
-wordpress_test_cookie This cookie determines whether the use of cookies has been disabled in the browser. Storage time: Until the end of the browser session (deleted when you close your Internet browser). session
-PHPSESSID This cookie stores your current location with respect to PHP applications, ensuring that all features of this website based on the PHP programming language can be fully displayed. Duration of storage: Until the end of the browser session (deleted when you close your Internet browser). session
-wordpress_akm_mobile These cookies are used only for the administration area of WordPress. 1 Year
-wordpress_logged_in_akm_mobile These cookies are used only for the WordPress administration area and do not apply to other site visitors. session
-wp-settings-akm_mobile These cookies are used only for the WordPress administration area and do not apply to other site visitors. session
-wp-settings-time-akm_mobile These cookies are used only for the WordPress administration area and do not apply to other site visitors. session
ab This cookie is used for A/B testing of new features. session
-akm_mobile This cookie stores whether the visitor wants the mobile version of a website to be displayed. 1 Day
-dsgvoaio This LocalStorage Key / value stores which services the user has agreed to or not variable
-_uniqueuid This LocalStorage key / value stores a generated ID so that the user’s opt-in / opt-out actions can be documented. The ID is stored anonymously. variable
-dsgvoaio_create This LocalStorage key / value stores the time at which uniqueuid was generated.. variable
-dsgvoaio_vgwort_disable This LocalStorage Key / value stores whether the “VG Wort Standard” service is allowed or not (setting determined by page owner). variable
-dsgvoaio_ga_disable This LocalStorage Key / value stores whether the Google Analytics Standard service is allowed or not (setting determined by page owner). variable
Statistics
-_ga Google Analytics cookie that distinguishes and quantifies users and enables measurement and statistical analysis. 2 Years
-_ga_8ZS2TFK5BS Google Analytics cookie that distinguishes and quantifies users and enables measurement and statistical analysis. 2 Years
-_gat_gtag_UA_223740322_1 Google Analytics cookie, which is used to limit the request rate. 1 Minute
-_gid Google Analytics: This cookie is used to summarize user behavior for each user. 1 Day
Advertising & Marketing
-NID Cookie for analysis of website statistics by Google. 1 Year
-CONSENT Cookie for analysis of website statistics by Google. 2 Years
-HSID, SID These cookies record the Google account ID and the last time a user logged in in digitally signed and encrypted form. The combination of these cookies enables Google to block many types of attacks, such as attempts to steal information from forms submitted to Google services. 2 Years
-SSID Google uses cookies such as the NID and SID cookies to customize advertising in Google products such as Google Search. For example, Google uses such cookies to track your most recent search queries, your previous interactions with an advertiser’s ads or search results, and your visits to an advertiser’s website. This allows Google to display customized ads on Google. Other Google products such as YouTube or Doubleclick also use these cookies to select more relevant advertising. 2 Years
-SAPISID Source: OneTrust. YouTube is a video delivery and publishing platform owned by Google. YouTube collects user data about videos embedded in websites, which is merged with profile data from other Google services. This allows targeted advertising to be displayed to website visitors across a wide range of its own and third-party websites. 2 Years
-SIDCC Google cookies without further specification. 2 Years
-OTZ Google cookies without further specification. 2 Years
-APISID YouTube is a platform for providing and publishing videos and belongs to Google. YouTube collects user data about videos embedded in websites, which is merged with profile data from other Google services. This enables targeted advertising to be displayed to website visitors across a wide range of its own and third-party websites. 2 Years
Visitor_info1_live Youtube Cookie: This is a cookie that YouTube sets to calculate the user’s bandwidth. 6 Months
-YSC YouTube Cookie: Registers a unique ID to keep statistics of the videos from YouTube that the user has watched. session
-CONSENT Youtube Cookie: Cookie set by Google Consent Mode to store the user’s consent / objection. 2 Years

-PREF This cookie stores the preferences and other information of the user. This includes, in particular, the preferred language, the number of search results to be displayed on the page and the decision whether or not to activate Google’s SafeSearch filter. 5 Years
-GPS YouTube is a platform for providing and publishing videos and belongs to Google. YouTube collects user data about videos embedded in websites, which is merged with profile data from other Google services. This enables targeted advertising to be displayed to website visitors across a wide range of its own and third-party websites. 1 Day
-LOGIN_INFO YouTube is a platform for providing and publishing videos and belongs to Google. YouTube collects user data about videos embedded in websites, which is merged with profile data from other Google services. This enables targeted advertising to be displayed to website visitors across a wide range of its own and third-party websites. 2 Years
-lidc Used by the social networking service LinkedIn for tracking the use of embedded services.. session
-bcookie Used by the social networking service LinkedIn for tracking the use of embedded services. 2 Years
-bscookie Used by the social networking service LinkedIn for tracking the use of embedded services. 2 Years
-BizoID LinkedIn Ad Analytics. 179 Days
-UserMatchHistory LinkedIn Ad Analytics. 179 Days
-trkCode This cookie is used by LinkedIn to support the functionality of adding a panel invitation called ‘Follow Us’. 1 Year
-trkInfo This cookie is used by LinkedIn to support the functionality of adding a panel invitation called ‘Follow Us’. 1 Year
-li_oatml Collects information about how visitors use our website. 30 Days
-liap Cookie used for logging in with Linkedin and/or enabling the Linkedin follow function. 90 Days
-lissc Cookie used for logging in with Linkedin and/or enabling the Linkedin follow function. 1 Year
-spectroscopyId These cookies are set by LinkedIn for advertising purposes, including tracking visitors so that more relevant ads can be presented, allowing users to use the ‘Advertise with LinkedIn’ or ‘Sign in with LinkedIn’ features, collecting information about how visitors use the site, etc. session
-external_referer Collects anonymized data such as number of visits, average time spent on the website, and which pages were viewed. Purpose of personalization and improvement of the Twitter service. 6 Days
-_twitter_sess Session ID for identification if the user is logged in to Twitter session
-guest_id Session ID for identification if the user is not logged in to Twitter. 2 Years
-personalization_id Serves for the purpose of ad personalisation. 2 Years

6.7 Web analysis services: Google Analytics
We use online services provided by the web analysis service Google Analytics. Google Analytics is a service offered in the EU and EEA by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses cookies that are stored on your computer to analyse the use of our online web presence.
The information collected by the cookie regarding your use of our online web presence (including your masked IP address) is transferred to and stored in a Google server in the USA. Google uses this information to evaluate the use of our website to prepare reports about the activities in our online presence and provide us with additional services associated with that use. The IP address provided by your browser as part of the Google Analytics service is not added to any other Google data.
We use Google Analytics in our online presence for web analysis purposes exclusively with an add-on that provides an “anonymise IP” function. This setting ensures that Google Analytics erases the last part of your IP address. This anonymisation of your IP address removes any direct trace of you personally. When using this feature, Google masks your IP address within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area prior to transferring that information outside of the EU. The full IP address will only be sent to a Google server for masking in the USA in exceptional cases. In this way, we do not receive data that provides us with a way to identify you personally.
We also use the Universal Analytics function with Google Analytics. Universal Analytics allows us to analyse the use of our online services across devices (e.g. access via a laptop and then later from a tablet). As a user, you will be given a pseudonymous User ID on registration, when you access our site from another device. This is how the system recognises your User ID when you access our site from another device. We do not allocate any names to the User ID. We do not provide Google with any personal data. Privacy measures such as IP masking and Browser Add-ons are not restricted by the use of the Universal Analytics function.
You can prevent the installation of cookies using the settings in your browser software. You can also prevent the collection and processing of the data created by the use of cookies and related to your use of our online services (including your IP address) by Google by downloading and installing the browser plugin available at: https://support.google.com/analytics/answer/181881?hl=en
This will prevent all future collection of data by Google Analytics within our web pages. This opt-out cookie only works in this browser and only for this domain.
If you undertake any of the above cookie deactivation measures, you may not be able to use all the functions of our website to their full extent.
For more information regarding how Google Analytics deals with user information, please refer to Google’s Privacy Statement: https://policies.google.com/privacy?hl=en

7. Integration of social media and other services
We refer to our profiles and content in social networks in our online offer. We do not use any social plug-ins as active buttons or active integrations in our online offer. We only refer to our offer in the following social networks via linked icons and linked thumbnails.
We do not use social plug-ins as active buttons on our website. We only use icons to refer to our presence in the following social networks:
-YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
-LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
-Twitter: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
-Xing: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany
We only display the social media icons on our pages, and they are not activated.
If you click on an icon on our pages, this indicates your consent to connect with these third parties via a separate tab in your browser, and allows these third-parties to follow your visit to our pages. If you are a member of a social network, you can share the content of our web pages with other members of that social media network by clicking the button.
Your data may be processed outside of the EU if you are a member of a social network or when you visit or access one of our social media pages. This may carry risks, for example, by making it harder for you to enforce your rights.
When you access a social work, cookies are generally set to collect data on your user behaviour which is then stored in your end device. As long as you have a user account on any network, and are logged in, your user behaviour can be saved to your user account. The social networks may use this user behaviour information for market research and advertising purposes. This may result in your being advertisements both inside and outside of your social networks. We have no influence over this.
We have no influence over the personal data collected and stored by social networks. We receive evaluations of user behaviour from the social media sites listed above and may use this to send relevant advertising to users. If users interact with our social media pages and are logged into a user account, we can also recognise the user profile and see the content of comments or postings on our page. The processing of this data is carried out in joint responsibility with the provider of the social network in question. We have concluded an agreement with the individual providers of our social media pages on joint responsibility for the evaluation of data collected in connection with our social media pages (Art. 26 GDPR). In it, we have committed ourselves to providing you with this privacy information. More information is available from the privacy policies of the individual social networks. You may also exercise the rights to which you are entitled against us. However, as the social netw ork provider stores and evaluates your data, they are able to more comprehensively fulfil your rights.
These social network providers (e.g. Google, Facebook) have undertaken to comply with the data protection provisions of the EU-US data protection shield, the legal framework governing the transatlantic transmission of data which the European Commission and the United States have agreed (COMMISSION IMPLEMENTING DECISION (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield (notified under document C(2016) 4176)). These providers are also registered with the “Privacy Shield” Program of the U.S. Department of Commerce. However, the European Court of Justice has declared this agreement invalid and found that the USA does not have a level of data protection comparable to that in the EU (ECJ, judgment of 16 July 2020 – C-311/18, para. 200, Facebook/Schrems II). US legislation gives various security authorities unlimited powers of surveillance, including the use of s urveillance programmes that enable the mass collection and analysis of data. US providers are obliged under national law to grant the security authorities access to the data processed by them, even if the data is processed by a foreign company. If consent is granted, there is a risk that the data collected through social media and other services will become part of the mass surveillance in the USA. There is no legal remedy or efficient legal proceedings available in the USA against such surveillance.

7.1 YouTube
We have integrated / embedded YouTube videos / playlists into our website that can be played on YouTube directly from our web pages. This uses the “expanded privacy mode” which only allows YouTube access to your data when you play the video. The transmission of your data to YouTube will therefore only take place with your consent (Art. 6 para. 1 letter a GDPR).
YouTube is a service operated in the EU, the EEA and Switzerland by Google Ireland Limited Gordon House, Barrow Street Dublin 4., Ireland and in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
We have used the privacy-enhanced mode to integrate YouTube videos into our site. Opening one of our pages which include YouTube videos, and clicking on a video, does not result in your data being provided to Google. Your consent will be sought before such data provision takes place, using the consent declaration that we have provided.
Once you have given your consent, or if you have browsed to a video on YouTube itself (e.g., in our YouTube channel), your data may be sent to a Google server in the USA and stored there. Google uses this data to evaluate your use of our videos on YouTube, to create anonymised reports about the videos watched and to offer video-use related services to us. We have an agreement with Google between our respective Controllers (Art. 26 GDPR) for the use of our YouTube channel. In it, we have committed ourselves to informing you about the processing of data when using our YouTube channel.
More information on data protection for the Google service “YouTube” is available in the provider’s Privacy Statement at: https://policies.google.com/privacy?hl=en&gl=en

7.2 Twitter
We operate a social media presence on https://twitter.com/smart2success, which we use to present photographs and posts related to our company, provide information on our services, and to communicate with customers. When using or accessing our Twitter page, user data are also processed by the USA based company Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (hereinafter referred to as “Twitter”). Twitter also offers a system for distributing advertising on Twitter at https://ads.twitter.com/.
We analyse all access and interactions on our Twitter page. Twitter creates user profiles for this purpose, but only provides us with anonymised data under https://analytics.twitter.com/. This involves aggregate data which provides us with insights of how users interact with our Twitter page. The resulting statistics are only provided to us in anonymised form. We have no access to the underlying data. We process your data in conjunction with Twitter to provide this insight service. For this reason, we have concluded an agreement between our respective Controllers.
Our Twitter page can be accessed whether or not you have a Twitter user account. We only process personal data when you interact with our Twitter page, e.g. if you leave a comment, click a Like button or send us a message. We do not provide these data to third parties. More information on privacy and data protection at Twitter: https://twitter.com/privacy.
Within the EU, this data processing is lawful as per your consent (Art. 6 (1) (a) GDPR). Twitter users may withdraw consent for publishing their comment or Like at any time with future effect by deleting the comment or content in question. The legality of any processing that has occurred prior to the revocation of that consent remains unaffected.
Twitter offers you the opportunity to object to certain data processing; the relevant information and possibilities to opt-out can be found at https://twitter.com/personalization.
Twitter users can influence the extent to which their user behaviour may be recorded on our Twitter page at https://twitter.com/personalization. You can also personalise the relevant settings.
You can also use the settings in your browser to prevent the processing of your data using Twitter cookies.
Twitter Inc. participates in the EU-US Privacy Shield but this alone does not provide an appropriate level of data protection:
https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

7.3 LinkedIn
We operate a social media presence at https://www.linkedin.com/company/krejoconsult-gmbh, where we present photos and posts about our company, provide information on our services, publish job advertisements and communicate with customers. When using and accessing our LinkedIn site, your personal data is processed by both LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, based in Ireland, and LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, based in the USA (hereinafter “LinkedIn”).
In addition to the processing described above, LinkedIn processes your personal data for analysis and advertising purposes, including personalised advertising.
We analyse all access and interactions on our LinkedIn page. LinkedIn creates user profiles for this purpose, but only provides us with anonymised data in this regard. This involves aggregated data which provides us with insights of how users interact with our LinkedIn page. The resulting statistics are only provided to us in anonymised form. We have no access to the underlying data. We process your data in conjunction with LinkedIn to provide this insight service. For this reason, we have concluded an agreement with Facebook between our respective Controllers (Art. 26 GDPR).
Our LinkedIn page can be accessed whether or not you have an LinkedIn user account. We only process personal data when you interact with our LinkedIn page, e.g. if you leave a comment, click a Like button or send us a message. We do not provide this data to other third parties. The LinkedIn Terms of Use are available at: https://ch.linkedin.com/legal/user-agreement?trk=hb_ft_userag
This use is lawful pursuant to either your consent (Art. 6 (1) (a) GDPR) or due to our legitimate interest in providing tailored marketing to our customers (Art. 6 (1) (f) GDPR). LinkedIn users may withdraw consent on publishing their comment or Like at any time with future effect by deleting the comment or content in question. The legality of any processing that has occurred prior to the revocation of that consent remains unaffected.
LinkedIn offers you the opportunity to object to certain data processing; the relevant information and possibilities to opt-out can be found at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out?trk=microsites-frontend_legal_cookie-policy.
LinkedIn users can influence the extent to which their user behaviour may be recorded on our LinkedIn page at https://www.linkedin.com/psettings/advertisin.
You can also use the settings in your browser to prevent the processing your data using LinkedIn cookies.
To the best of our knowledge, LinkedIn only transfers user data to countries which have been granted an Adequacy Decision by the European Commission pursuant to Art. 45 GDPR or based on guarantees offered pursuant to Art. 46 GDPR. The LinkedIn Corporation and all its affiliated companies are certified under the EU-US Privacy Shield but this alone does not provide an appropriate level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active).

7.4 Xing
We operate a social media presence at https://www.xing.com/pages/smart2success-gmbh, where we present photos and posts about our company, provide information about our services, publish job advertisements and communicate with customers. When using and accessing our Xing site, your personal data is also processed by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany (hereafter “Xing”). Xing enables a system in which Xing distributes advertising via its network.
We analyse all access and interactions on our Xing page. Xing creates user profiles for this purpose, but only provides us with anonymised data in this regard. This involves aggregated data which provides us with insights of how users interact with our Xing page. The resulting statistics are only provided to us in anonymised form. We have no access to the underlying data. We process your data in conjunction with Xing to provide this insight service. For this reason, we have concluded an agreement with Facebook between our respective Controllers (Art. 26 GDPR).
Our Xing page can be accessed whether or not you have an Xing user account. We only process personal data when you interact with our Xing page, e.g. if you leave a comment, click a Like button or send us a message. We do not provide this data to other third parties. The Xing Terms of Use are available at: https://www.xing.com/terms are also applicable.
This use is lawful pursuant to either your consent (Art. 6 (1) (a) GDPR) or due to our legitimate interest in providing tailored marketing to our customers (Art. 6 (1) (f) GDPR). Xing users may withdraw consent on publishing their comment or Like at any time with future effect by deleting the comment or content in question. The legality of any processing that has occurred prior to the revocation of that consent remains unaffected.
Xing offers the opportunity to object to certain data processing; the relevant information and possibilities to opt-out can be found at https://privacy.xing.com/de/datenschutzerklaerung/druckversion.
Xing users can influence the extent to which their user behaviour may be recorded on our Xing page at https://privacy.xing.com/en/privacy-policy/information-we-automatically-receive-through-your-use-of-xing/determination-of-statistics/tracking-in-embedded-external-content and https://privacy.xing.com/en/privacy-policy/information-we-automatically-receive-through-your-use-of-xing/measurement-and-optimisation-of-advertising.
You can also use the settings in your browser to prevent the processing your data using Xing cookies.
To the best of our knowledge, Xing uses service providers located in the USA to provide its services. The European Court of Justice has determined that the USA does not have a level of data protection comparable to that in the EU (ECJ, judgment of 16 July 2020 – C-311/18, para. 200, Facebook/Schrems II).
There is a risk that regulatory authorities will access and evaluate that data on a mass scale. There are no legal remedies or efficient legal proceedings available in the USA against such surveillance.

7.5 Podigee (Podcast Hosting und Embedding)
We use the Podigee podcast hosting service from the provider Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany. The podcasts are downloaded or streamed from Podigee, when you listen to our podcast on Podigee or on our website by activating the embedded podcast widget.
Podigee processes the IP addresses and device information to enable podcast downloads / playbacks and statistical data such as to determine the number of downloads. This data is anonymised by Podigee before they are stored in the database, unless they are required for the provision of the podcasts.
If you listen to our podcast directly on our website via the integration there, we first obtain your consent before data is transferred to Podigee. The transfer of your data to Podigee therefore only takes place with your consent ((Art. 6 para. 1 letter a GDPR).
Further information and options to object can be found in Podigee’s data protection declaration: https://www.podigee.com/en/about/privacy.

8. Your rights as a data subject
Please read the following information about your rights as a data subject regarding the processing of your personal data.

8.1 The right of access
You have the right to request a confirmation whether your personal data is being processed. Should this be the case, you have the right to be informed of the personal data that has been collected, stored or processed, as well as to the following information:
-the processing purpose,
-the recipients or categories of recipients to whom this data has been disclosed or will be disclosed,
-the duration of storage or the criteria for determining that duration,
-your additional rights (see below),
-if the personal data has not been collected from you, all available information regarding its source,
-the existence of automated decision-making, including profiling, and where existent, further relevant information.
You have the right to be informed of the appropriate safeguards available pursuant to Art. 46 GDPR against the transfer of your data to a third country or international organisation.

8.2 The right to rectification
You have the right to request the correction without delay of incorrect or incomplete personal data.

8.3 Right to erasure (right to be forgotten)
You have the right to request that we delete all your personal data without delay. We are obliged to delete your personal data without delay where one of the following grounds applies:
-Your personal data are no longer required for the purpose for which they were collected or otherwise processed.
-You are withdrawing your consent and there are no other legal grounds for processing that data.
-You are filing an objection (see below) to the data processing.
-Your personal data were unlawfully processed.
-The deletion of your personal data is necessary to fulfil an obligation under EU law or the law of the Member States.
-A child has provided consent to the collection of personal data.

8.4 Right to restriction of processing:
You have the right to request a restriction of our data processing when one of the following conditions is met:
-you are contesting the accuracy of the personal data,
-the data processing is unlawful, but you do not agree to the deletion of the personal data, instead requesting a restriction of its use,
-we no longer need the personal data for the purposes of processing, but you need the data to establish, exercise or defend legal claims; or
-you have objected to processing (see below) and it is not yet clear whether our legitimate interest will prevail.

8.5 Right to notification
If you have exercised your right to rectification, erasure or restriction of processing against us, we are obliged to inform all recipients to whom your personal data has been disclosed of this rectification, erasure of the data or restriction of the data processing unless this proves impossible or requires a disproportionate effort. You have the right to be informed of those recipients.

8.6 Right to data portability
You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without interference on our part provided that:
-the processing is based on consent granted pursuant to Art. 6 (1) (a) GDPR or Art.9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR; and
-the processing is carried our using automated methods.
In exercising this right, you may request that personal data related to you be transferred directly from us to another controller insofar as this is technically feasible, and does not infringe on the freedoms and rights of any other person. The right to data portability does not apply to the processing of personal data required for fulfilling a task carried out in the public interest or in the exercise of an official authority invested in the controller.

8.7 Right to object
You have the right, based on grounds relating to your particular personal situation to object at any time to the processing of your personal data, unless it is based on one of the following grounds:
-the processing of your personal data by us is required for the fulfilment of a task that lies in the public interest or in the exercise of public authority that has been delegated to us; or
-the processing is necessary to safeguard our legitimate interest or the legitimate interest of a third-party, in so far as your interests or basic rights require that protection of your personal data prevail.
The right to object also applies to profiling based on these processes.
If the personal data that concerns you is being processed for direct marketing purposes, you have the right to object to the processing of your personal data for such marketing purposes. This also applies to profiling insofar as it is associated with such direct marketing.
You also have the right, on grounds arising from your particular personal situation, to object to the processing of your personal data undertaken by us for scientific or historical research purposes or for statistical purposes, unless such processing is necessary for the performance of a task in the public interest.

8.8 Right to withdraw consent and data protection law
You may revoke your consent at any time with future effect. The revocation may be simply sent to us at any time, e.g., an informal email. Processing of your data which occurred prior to the withdrawal of consent is not affected.

8.9 Right of appeal to the supervisory authority
Do you think that the processing of your personal data was illegal? Then you have the right to lodge a complaint with a supervisory authority, particularly in your country of residence or country of work, or at the location the alleged breach took place. If you are in doubt, contact the agency responsible for us at State Commissioner for Data Protection Lower Saxony (Prinzenstraße 5, 30159 Hannover, Telephone: +49 511 120-4500, Telefax: +49 511 120-4599, E-Mail: poststelle@lfd.niedersachsen.de). Other administrative or judicial remedies are not affected by the exercise of these rights.

Last updated: November 2022
© smart2success GmbH