Status 27.09.2022 – At CIB, we consider it our responsibility to protect your data and privacy. As a German company based in Munich, we have always been subject to one of the strictest data protection laws in the world.
We use the highest security standards for processing and storing data. CIB collects and uses your personal data exclusively within the framework of legal provisions such as the General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (“BDSG”). With this data protection declaration, we would like to inform you about the type, the scope, and purposes of the collection, use and processing of your personal data by CIB.
1. An overview of data protection
Data collection on our website
Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator. The operator’s contact details can be found in the website’s required legal notice.
How do we collect your data?
Some data are collected when you provide them to us. This could, for example, be data you enter on a contact form.
Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.
What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.
Analytics and third-party tools
You can object to this analysis. We will inform you below about how to exercise your options in this regard.
2. General information and mandatory information Data protection
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
Notice concerning the party responsible for this website
The party responsible for processing data on this website is:
CIB software GmbH
+49 89 143 60 – 0
Telephone: +49 89 143 60 – 0
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
Revocation of your consent to the processing of your data
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered.
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Telefon: +49 (0) 981 53 1300
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as purchase orders or inquiries you send to us, the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Encrypted payments on this website
If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.
Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon in your browser line is visible.
In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.
Right of access: You have the right to obtain comprehensive access to your personal data and some other criteria such as the purposes of processing or the duration of storage. The exceptions to this right regulated in § 34 BDSG apply.
Right to rectification: This right grants you the possibility to have your personal data corrected if it proves to be inaccurate or incomplete, considering the purposes of the processing.
Right to erasure (“right to be forgotten”): This right includes the possibility to request the deletion of your personal data stored by CIB. However, this is only possible if the personal data concerning you is no longer necessary, is being processed unlawfully or if consent has been revoked in this respect. The exceptions to this right regulated in § 35 BDSG apply.
Right to restriction of processing: You have the right to restrict the processing of your personal data. This means that further processing of your personal data is prevented for the time being. The restriction mainly occurs during the review phase of other rights acting.
Right to data portability: You have the right to have data which we process based on your consent or in fulfilment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done as far as technically feasible.
Right to object: The right of objection gives you the opportunity to object to the further processing of your personal data in a specific situation, insofar as this is justified by the performance of public tasks or public and private interests. The exceptions to this right regulated in § 36 BDSG apply.
If you have further questions about personal data, you can contact us at any time via the address given in the legal advice.
3. Data protection officer Statutory data protection officer
We have appointed a data protection officer for our company.
SPH IT+Consulting GmbH & Co. KG
Bartholomäusstr. 26 (Haus D)
4. Data collection on our website Cookies
What are cookies?
Cookies are small files that we place on the user’s end device or web browser to store certain information. The next time you visit our website, the browser sends the contents of the cookie back to us, whereby, for example, settings or entries previously made by you are automatically recreated.
Categories of cookies used:
These cookies are strictly necessary for the smooth functioning of the website. This category only contains cookies that ensure the basic functions and security features of the website. These cookies are stored based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services.
|Google Tag Manager(_ga,_gid,_utm*)|| – Website tag management|
– No data collected Session
Any cookies, that are not necessary for the operation of the website and are specifically used to collect personal data from the user through analytics, advertising, and other embedded content, are not necessary for the error-free operation of the website. They help us to continuously improve our service and provide you with an optimal user experience. We only use these cookies if you have explicitly consented to their use.
|Google Analytics (_ga, _gid, __utm*)|| – IP-Address (anonymised)|
– Browser information (Type of browser, Referrer-/Exit-Pages, the files displayed on our website, operating system, date/time stamp and/or clickstream data)
– Usage data (Views, Clicks)
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (f) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
Registration on this website
You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.
To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.
We will process the data provided during registration only based on your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.
Leaving comments on this website
If you use the comment function on this site, the time at which you created the comment and your email address will be stored along with your comment, as well as your username, unless you are posting anonymously.
Storage of the IP address: Our comment function stores the IP addresses of those users who post comments. Since we do not check comments on our site before they go live, we need this information to be able to pursue action for illegal or slanderous content.
How long comments are stored: The comments and the associated data (e.g. IP address) are stored and remain on our website until the content commented upon has been completely deleted or the comments are required to be removed for legal reasons (slander, etc.).
Legal basis: The comments are stored based on your consent per Art. 6 (1) (a) GDPR. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
Processing of data (customer and contract data)
We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. We collect, process and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.
Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
Data transmitted when entering into a contract with online shops, retailers, and mail order
We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract, for example, to companies entrusted to deliver goods to your location or banks entrusted to process your payments. Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.
The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
Data transferred when signing up for services and digital content
We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract with us, for example, to banks entrusted to process your payments.
Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.
The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
Document editing and text recognition (OCR)
Use of the free applications CIB doXiview and OCR.team:
Our services may only be used for documents without personal content. Please note that you should not upload any documents that contain personal data.
To be able to offer you continually developed products, your uploaded documents are used for training purposes, such as the improvement of text recognition. Therefore it is necessary to save your documents and text corrections on our servers. The stored documents will only be used internally for the stated purposes and will not be passed on to third parties.
Use of the CIB kanzlei app and CIB kanzlei app PREMIUM:
We have also integrated our text recognition and document editing tools into the CIB kanzlei app and CIB kanzlei app PREMIUM. To protect your data, your documents are deleted from our servers immediately after you have finished editing them. Neither the documents nor the data processed in these are saved.
Use of the services via doxisafe.me
To protect your data, neither the documents nor the data edited in the processed document, are stored for training purposes such as improving text recognition.
It is important to us to ensure the highest possible level of protection for your personal data. All personal data collected and processed by us in context of an application are protected against unauthorised access and manipulation by technical and organisational measures. Your data will be collected for the purpose of filling vacancies throughout the corporate group (CIB software GmbH, CIB consulting GmbH, CIB labs GmbH, CIB holding GmbH, CIB labs S.L.). By entering your data, you consent to the use of your data in all affiliated companies.
The processing of your data is based on Art 88 GDPR in conjunction with. § 26 para. 1, 8 p. 2 BDSG. Your data will be deleted six months after completion of the application process. Information on the responsible department, your rights in relation to data processing and details of the data protection officer can be found in our data protection declaration above.
5. Social media
Your privacy preferences with Twitter can be modified in your account settings at twitter.com/account/settings.
Our website uses features provided by the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
Each time one of our pages containing XING features is accessed, your browser establishes a direct connection to the XING servers. To the best of our knowledge, no personal data is stored in the process. In particular, no IP addresses are stored nor is usage behavior evaluated.
Our website uses features provided by the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
Each time one of our pages containing LinkedIn features is accessed, your browser establishes a direct connection to the LinkedIn servers. To the best of our knowledge, no personal data is stored in the process. In particular, no IP addresses are stored nor is usage behavior evaluated.
6. Analytics and advertising
This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Objecting to the collection of data
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.
Outsourced data processing
We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
This website uses Mouseflow Analytics, a web analytics service. It is operated by Mouseflow, ApS Flaesketorvet 68, 1711 Copenhagen, Denmark. Mouseflow Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Mouseflow server and stored there. Mouseflow cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analysing user behaviour to optimize both its website and its advertising.
Mouseflow anonymizes or excludes your IP address automatically according to legal requirements. Mouseflow never sends data outside the region in which it was originally stored (Europe/EEA). On behalf of the operator of this website Mouseflow will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator.
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website.
Objecting to the collection of data
You can prevent the collection of your data by Mouseflow Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Mouseflow Analytics
For more information about how Mouseflow Analytics handles user data, see Mouseflow’s https://mouseflow.de/privacy
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) GDPR. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the “unsubscribe” link in the newsletter. The data processed before we receive your request may still be legally processed.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription, at which point said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.
8. Plugins and tools
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.
If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.
Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.
This site uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.
Further information about handling user data, can be found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/.