Privacy Policy
Status 29.05.2025 – At CIB, we see it as our responsibility to protect your data and privacy. As a German company based in Munich, we have always been subject to one of the strictest data protection laws in the world.
We use the highest security standards for the processing and storage of data. CIB collects and uses your personal data exclusively within the framework of the statutory provisions, in particular the General Data Protection Regulation ("GDPR") and the Federal Data Protection Act ("BDSG"). With this privacy policy, we would like to inform you about the nature, scope and purposes of the collection, use and processing of your personal data by CIB when you visit our website. Personal data is any data that can be used to identify you personally.
1. Notice concerning the party responsible for this website
The party responsible for processing data on this website is:
CIB software GmbH
Elektrastraße 6a
D-81925 Munich
Telephone: +49 89 143 60 – 0
Email: info@cib.de
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
2. You have the following rights regarding personal data concerning you:
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us:
- Right of access (Art. 15 GDPR),
- Right to rectification or erasure (Art. 16 and 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR),
- Right to object to processing (Art. 21 GDPR),
- Right to data portability (Art. 20 GDPR),
- Right to withdraw consent (Art. 7 paragraph 3 GDPR).
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
3. Data protection supervisor
Legally required data protection officer
Christian Hammerbacher
SPH IT+Consulting GmbH & Co. KG
Bartholomäusstr. 26 (Haus D)
90489 Nürnberg
datenschutz@sph-consulting.de
4. Data collection when you visit our website
When you visit our website, we only collect the personal data that your browser transmits to our server. If you want to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is art. 6 p. 1 s 1 lit. f) GDPR):
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This information is absolutely necessary for the technical transmission of the websites and the secure server operation. There is no personalized evaluation of this data.
In addition to the above data, cookies are stored on your computer when you use our website.
What are cookies?
Cookies are small files that we place on the user’s end device or web browser to store certain information. The next time you visit our website, the browser sends the contents of the cookie back to us, whereby, for example, settings or entries previously made by you are automatically recreated.
Categories of cookies used:
Necessary cookies
These cookies are strictly necessary for the smooth functioning of the website. This category only contains cookies that ensure the basic functions and security features of the website. These cookies are stored based on art. 6 p. 1 s 1 lit. f of the GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services.
| Name | Purpose | Duration |
|---|---|---|
|
ContentGoogle Tag Manager (_ga, _gid, __utm*) |
|
Session |
Non-essential cookies
Any cookies, that are not necessary for the operation of the website and are specifically used to collect personal data from the user through analytics, advertising, and other embedded content, are not necessary for the error-free operation of the website. They help us to continuously improve our service and provide you with an optimal user experience. We only use these cookies if you have explicitly consented to their use.
The legal basis for the use of these cookies is Art. 6 (1) (a) GDPR.
| Name | Purpose | Duration |
|---|---|---|
|
Google Analytics (_ga, _gid, __utm*) |
|
2 years |
5. Chatbot interactions
Our website uses an AI-powered chatbot to help visitors with inquiries and provide information about our products and services. The chatbot may collect certain personal information during their interactions, including:
- Your IP address (this is anonymized in chat logs to protect your privacy)
- Chat logs, which can include the content of your conversation with the chatbot
We use this information to provide a personalized chat experience, respond to customer inquiries, and improve the performance of our chatbot.
Your data will be transmitted to OpenAI, which will use it exclusively to provide the agreed service and will not use it to train its models. OpenAI may process data outside the EU, but has implemented appropriate data protection measures to ensure a high level of protection.
Chat logs are retained for administrative purposes and to assist with future requests. Your personal data will be stored securely and processed in accordance with applicable data protection regulations.
The legal basis is the interest in processing customer inquiries art. 6 p. 1 s 1 lit. f of the GDPR.
The data you enter in the chat will remain with us as chat protocol until you ask us to delete it, or the purpose for storing the data no longer applies (e.g. after your request has been processed via the chatbot). This is usually done after 1 year after using the chatbot. Mandatory statutory provisions – in particular retention periods – remain unaffected.
6. Registration on this website
You can register on our website to use additional features on the site. We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will refuse registration.
For important changes, such as in the scope of the offer or in the event of technically necessary changes, we will use the e-mail address provided during registration to inform you in this way.
The processing of the data entered during registration is carried out on the basis of the user contract (Art. 6 para. 1 lit. b GDPR).
The data collected during registration will be stored by us for as long as you are registered on our website and will then be deleted. Statutory retention periods remain unaffected. .
7. Feedback
For some of our offers, you may voluntarily agree to contact you after placing your order for your feedback or review. We will only use the data entered for this purpose for the purpose of contacting you for feedback on the offer you have ordered.
We will, therefore, process any data you enter onto the contact form only with your consent per art. 6 p. 1 s 1 lit. f of the GDPR. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to its storage or the purpose for which it is stored no longer applies (e.g. after your feedback has been collected). Mandatory statutory provisions – in particular retention periods – remain unaffected.
8. Contact via contact forms or e-mail
If you send us enquiries via the contact forms or by e-mail, your details from the enquiry form or e-mail, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.
The processing of the data entered in the contact form is carried out on the basis of our legitimate interest in processing your request (art. 6 p. 1 s 1 lit. f of the GDPR).
The data you enter in the contact form will remain with us until you ask us to delete it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). This usually takes place after 1 year from the last contact. Mandatory statutory provisions – in particular retention periods – remain unaffected.
9. Processing of data (customer and contract data)
We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on art. 6 p. 1 s 1 lit. b of the GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. We collect, process and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.
Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
Data transmitted when entering into a contract with online shops, retailers, and mail order
We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract, for example, to companies entrusted to deliver goods to your location or banks entrusted to process your payments. Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.
The basis for data processing is art. 6 p. 1 lit. b of the GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
Data transmission when concluding a contract for services and digital content
We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract with us, for example, to banks entrusted to process your payments.
Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.
The basis for data processing is art. 6 p. 1 lit. b of the GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
10. Use of our webshop CIB cash
If you want to order cash in CIB, it is necessary for you to provide your personal data, which we need for the purpose of processing your order. Mandatory information required for the execution of the contracts is marked separately, further information is voluntary. For payment, you can provide your payment data to our payment service provider or we will pass on your payment data to our house bank, whereby these third parties are each responsible for the payment processing. The legal basis for this is art. 6 p. 1 S 1 lit. b of the GDPR.
If you wish, you can create a customer account through which we can save your data for future purchases and the management of your subscriptions. If you create an account under "[Register]", the data you provide will be revocably stored. You can always delete all other data, including your user account, in the customer area.
We may also process the data you provide to inform you about other interesting products from our portfolio or to send you emails with technical information.
Wir sind aufgrund handels- und steuerrechtlicher Vorgaben verpflichtet, Ihre Adress-, Zahlungs- und Bestelldaten für die Dauer von zehn Jahren zu speichern. Allerdings nehmen wir nach drei Jahren eine Einschränkung der Verarbeitung vor, d.h. Ihre Daten werden ab diesem Zeitpunkt nur zur Einhaltung der gesetzlichen Verpflichtungen eingesetzt.
To prevent unauthorized access to your personal data by third parties, the ordering process is encrypted using TLS technology.
11. Document Editing and Text Recognition (OCR)
Use of CIB doXiview and CIB doXisafe
For the use of CIB doXiview it is technically necessary that the documents and contents are loaded onto CIB servers for processing. The legal basis is art. 6 p. 1 S 1 lit. b of the GDPR. After processing is completed, all documents, images and edits are completely removed from the CIB servers by an automatic deletion run. The CIB servers are located exclusively in Europe.
Use of the services via doxisafe.me
You can agree to the use of your documents for training purposes in the app settings. If you agree to this use, your documents and text corrections will be stored on our servers for this purpose. The stored data will only be used internally for the purposes mentioned and will not be passed on to third parties.
If you do not agree to the use, neither the documents nor the data processed in them will be stored for training purposes after your processing has been completed.
Use of the CIB kanzlei app and CIB kanzlei app PREMIUM:
We have also integrated our text recognition and document editing tools into the CIB kanzlei app and CIB kanzlei app PREMIUM. To protect your data, your documents are deleted from our servers immediately after you have finished editing them. Neither the documents nor the data processed in these are saved.
Use of the Services via doxisafe.com
In order to protect your data, neither the documents nor the data processed in them will be stored after your processing has been completed for training purposes, such as improving text recognition.
12. Job portal
It is important to us to ensure the highest possible protection of your personal data. All personal data that is collected and processed in the context of an application to us is protected against unauthorised access and manipulation by technical and organisational measures. The processing of your data is carried out on the basis of Article 88 GDPR in conjunction with § 26 (1), 8 sentence 2 BDSG. Your data will be deleted six months after completion of the application process.
If you have consented, your data will also be collected for the purpose of filling positions in the entire group of companies (CIB software GmbH, CIB consulting GmbH, CIB AI labs GmbH, CIB holding GmbH, CIB solutions GmbH, CIB labs S.L., CIB ARTwork, S.L.U., CIB compass Unipessoal Lda, ). In this case, we will store your data for a maximum of another 1.5 years on the basis of your consent in accordance with art. 6 p. 1 s 1 lit. a of the GDPR. After these 1.5 years, your data will be deleted. This does not apply if legal provisions preclude deletion, further storage is necessary for the purpose of providing evidence or you have expressly consented to longer storage.
13. Share Buttons
On our website, we use interaction elements, so-called share buttons, to the following platforms, with the help of which you can share the page in question on the respective platform
If you visit a page on which such a button is integrated, no data is initially transmitted to the respective platform operators. Such a transfer of data only takes place when you click on the respective button. In this case, the providers listed below will receive the information that your browser has accessed our website, even if you do not have a profile there or are not currently logged in there. This information (including your IP address) is transmitted by your browser directly to the server of the platforms mentioned below and stored there.
If you are already logged in to the social network in question, it can directly assign your visit to our website to your profile. When you interact with the plug-ins, this information is also transmitted directly to the respective server and stored there. If you share our page via the respective platform, information will be published on your profile and shared with your friends, contacts or friends or your followers.
The legal basis for the forwarding of your data to the relevant platform operators is your consent in accordance with Art. 6 (1) (a) GDPR, which you give by clicking on the respective share button.
For further information, please refer to the privacy policies of the respective platform operators:
Xing: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany;
Privacy Policy at: www.xing.com/app/share?op=data_protection
LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland;
Privacy Policy at: www.linkedin.com/legal/privacy-policy
14. Analytics and advertising
Google Analytics
This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. ("Google").
Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored on the basis of your consent in accordance with Art. 6, p.1, lit.a of the GDPR.
Google is certified according to the Data Protection Framework (DPF), more information can be found here..
IP anonymization
We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
Browser plugin
You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. They can also facilitate the recording of the data provided by the website.
Prevent the data generated by the cookie generated and related to your use of the website (including your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Objecting to the collection of data
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.
More information on the handling of user data by Google Analytics can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Outsourced data processing
We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
15. Newsletter
Newsletter data
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
The processing of the data entered in the newsletter registration form is carried out exclusively on the basis of your consent (art. 6 p. 1 lit. a del RGPD). You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The lawfulness of the data processing operations that have already taken place remains unaffected by the revocation.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription, at which point said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.
