Data Privacy

Privacy policy

We, netcup GmbH, are pleased about your interest in our homepage, our offers, services and our company.

We take the protection of your personal data very seriously and adhere strictly to the rules of data protection laws. This privacy policy explains how we process your personal data in connection with our offer.

I. Definitions

"Personal data" means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

"Controller" or "controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law;

"Recipient" means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under European Union or Member State law shall not be considered as recipients; the processing of such data by the aforementioned authorities shall be carried out in accordance with the applicable data protection legislation in accordance with the purposes of the processing;

II. General information

When you use our websites, various personal data are collected. This privacy policy explains what data we collect and what we use and process it for.

We point out that data transmission over the Internet (eg communication by e-mail) security gaps. A complete protection of the data against access by third parties is not possible.

1. Note on the responsible body

The responsible party for data processing on our websites is:

netcup GmbH
Daimlerstraße 25
76185 Karlsruhe
Telefon: +49 721 7540755-0
Telefax: +49 721 7540755-9
E-Mail: mail@netcup.de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

2. Contact details of the data protection officer

ANEXIA Internetdienstleistungs GmbH
Feldkirchner Straße 140
9020 Klagenfurt
Austria

E-Mail: data-protection@anexia-it.com

You can also contact our data protection officer using the form below:

3. Information on processing operations

We point out the respective legal basis of individual processing operations. If we intend to transfer data to third countries outside the European Union (EU) or the European Economic Area (EEA), this will also be indicated.

4. Data subject rights

As a data subject, you have the following rights:

• In accordance with Art. 15 GDPR, you can request information about your personal data processed by us; furthermore, you can request information regarding the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or the criteria for determining the storage period, the origin of your data if it has not been collected from you, the existence of automated decision-making including profiling and, if applicable, meaningful information about its details such as logic, scope and effects, the existence of the right to rectification or erasure of the data concerned, the right to restriction of processing or to object to such processing, the existence of the right to object to such processing, the right to object to such processing and the right to object to such processing. meaningful information about its details such as logic, scope and effects, the existence of a right to rectification or erasure of the data concerning you, the right to restrict processing or to object to such processing, the existence of a right to lodge a complaint with the supervisory authority; finally, you have a right to be informed whether personal data have been transferred to a third country or to an international organization and - if this is the case - about the appropriate safeguards in connection with the transfer;
• in accordance with Art. 16 GDPR, you can request the immediate correction of incorrect or the completion of your personal data stored by us;
• in accordance with Art. 17 GDPR, you may request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims;
• in accordance with Art. 18 GDPR, you may request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, you need the data no longer required by us for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR, but it has not yet been determined whether our legitimate grounds for data processing override your interest;
• in accordance with Art. 20 GDPR, you may request that the personal data you have provided to us be transferred to you in a structured, commonly used and machine-readable format or transferred to another controller;
• in accordance with Art. 21 GDPR, you may object to the processing of your personal data if there are grounds for doing so that arise from your particular situation or if the objection is directed against direct advertising and the legal basis for the processing of the personal data is legitimate interests pursuant to Art. 6 (1) p. 1 lit. f GDPR;
• in accordance with Art. 7 (3) GDPR, you may revoke your consent at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future.
• in accordance with Art. 77 GDPR, you may lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

If you would like to exercise the aforementioned data subject rights, you can contact us or our data protection officer at the above contact details at any time in this regard.

5. Deletion and restriction of personal data

Unless otherwise regulated in this data protection declaration for the individual case, personal data will be deleted if it is no longer required for the purposes for which it was collected or otherwise processed and for which there are no longer any statutory retention obligations.

We delete the personal data processed by us under the conditions of Art. 17 GDPR upon request. Personal data that is required for other and legally permissible purposes will not be deleted. This applies, for example, to personal data that is required for the pursuit of any claims to which we are entitled and which must be retained by us for reasons of commercial or tax law. For example, documents pursuant to Section 257 (1) Nos. 2 and 3 of the German Commercial Code (HGB) and Section 147 (1) Nos. 2, 3, 5 of the German Fiscal Code (AO) are retained for 6 years, while documents pursuant to Section 257 (1) Nos. 1 and 4 of the German Commercial Code (HGB) and Section 147 (1) Nos. 1, 4, 4a of the German Fiscal Code (AO) are retained for 10 years.

The processing of this data is restricted in accordance with Art. 18 GDPR and the data is not processed for other purposes.

6. SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

7. Cookies

We use cookies as part of our offer. Cookies are small text files that your browser automatically creates and stores on your end device (laptop, tablet, smartphone, PC, etc.) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses or other malware. In a cookie, information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we gain direct knowledge of your identity. Cookies are used to enable the use of our offer and to make our offer more user-friendly, effective and secure.

Most browsers accept cookies automatically. If you do not wish to do so, however, you can configure your browser so that no cookies are stored on your end device or a message always appears before a new cookie is created. You can also object to the use of cookies for online marketing purposes for a variety of services, for example, at http://www.youronlinechoices.com/ or via the deactivation page of the network advertising initiative http://optout.networkadvertising.org. If you deactivate cookies, you may not be able to use all the functions of our websites.

For each cookie, the name of the cookie, the purpose that the cookie is intended to fulfill, possible access to the cookie by third parties and the duration of the function are specified or after which period a cookie is deleted. Session cookies are deleted after the end of your respective use of our offer or after ending the browser session.

If third parties, for example service providers who process data on our behalf, can access a cookie, please refer to the relevant section of this privacy policy.

a) Necessary cookies

Some of the cookies that we use in our offer are absolutely necessary. This means that you cannot use our offer without these cookies on your terminal device. Such cookies provide certain functionalities that we need to operate our offer, in particular to be able to provide a service expressly requested by you as a user of our offer.

These data processed by cookies are necessary for the aforementioned purposes to protect our resulting legitimate interests as well as those of third parties pursuant to Art. 6 (1) p. 1 lit. f GDPR.

b) marketing cookies

WEB ANALYSIS BY GOOGLE ANALYTICS (ANALYSIS COOKIES)

SCOPE OF THE PROCESSING OF PERSONAL DATA

Our website uses Google Analytics, a web analytics service by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and that enable the analysis of your use of the website. The information generated by the cookie regarding your use of our websites (including your IP address) is transmitted to a Google server in the USA and stored there. Google will use this information to assess your use of the website, to compile reports on the website activities for the website operators and to provide further services connected to the use of the website and the use of the internet. Google may potentially also transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Under no circumstances will Google link your IP address to other data.

You can prevent the storage of the cookies by selecting the appropriate settings in your browser software; furthermore, you can prevent the recording of the data generated by the cookie as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en. However, we must point out that in this case, you may not be able to use all the functions of our websites to their full extent.

IP anonymisation: We use the function "activation of the IP anonymisation" on our websites. This means that your IP address is first shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA and thus anonymised. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

By consenting to the use of analysis cookies, at the same time you agree pursuant to Art. 49 Para. 1 Item a GDPR that your data may be processed in the USA. The ECJ does not confirm an appropriate data protection level for the USA that matches the EU standards (ECJ, C-311/18, Schrems II), especially since your data may be processed by the US authorities for monitoring purposes without any effective legal protection being available against such measures.

More information on how Google Analytics handles user data is available in Google’s data privacy statement: https://support.google.com/analytics/answer/6004245?hl=en

LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

The legal basis for the processing of users' personal data is the consent of the person concerned in accordance with Art. 6 Para. 1 Item f GDPR.

PURPOSE OF THE DATA PROCESSING

The processing of the personal data of the users enables us to analyse our users' browsing habits. By evaluating the data obtained, we are able to compile information on the use of the individual components of our websites. This helps us to constantly improve our websites and its user-friendliness.

DURATION OF THE STORAGE

The data is deleted as soon as it is no longer required for our record-keeping purposes. The evaluations are performed using aggregated, and thus no longer personal, data.

OPTION TO OBJECT OR REQUEST ELIMINATION

Cookies are stored on the user's computer and transmitted to us from there. Hence you as the user have complete control over the use of cookies. By changing the settings in your internet browser, you can deactivate or limit the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be carried out automatically. If cookies are deactivated for our websites, it is possible that you may no longer be able to use all the functions of the website to their full extent.

Retargeting

Third-party services are integrated on our website. When you visit our websites, data may be collected by means of cookies or similar technologies and transmitted to third parties who provide their services on their own responsibility. netcup uses this data to be able to display individual product and service offers to you outside our websites. In addition, the data may be read and analysed by the third-party providers in order to display personalised content to you. The responsibility for the use of your data beyond our processing lies with the third-party providers. To what extent, for what purposes and on what legal basis further processing for the third-party provider's own purposes takes place, please refer to the third-party provider's data protection information.

Facebook, Instagram

Name of the service: Meta Retargeting
Provider with country information: Facebook Inc. 1601 South California Avenue, Palo Alto, CA 94304, USA
Purpose Description/ Functionality: The Facebook Pixel tracks website visitors and allows these visitors to be targeted again with retargeting ads on Facebook, Instagram or Audience Network again in the future.
Individual forms of standard tracking: how often users have clicked on a certain link, visited a certain landing page or have fulfilled a certain form as well as submitted it.
There are risks according to Art. 44 DSGVO due to data transfer to the USA. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook.
Further information can be found in the privacy policy of Facebook (https://www.facebook.com/privacy/policy/?entry\_point=data\_policy\_redirect&entry=0).
If no data collection on Facebook is wanted, it can be deactivated here: https://www.facebook.com/adpreferences/ad_settings/?entry_product=account_settings_menu.

Twitter

Name of the service: Twitter Retargeting
Provider with country information: Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 USA.
Purpose Description/ Functionality: The Twitter pixel tracks website visitors and makes it possible to target those visitors again with retargeting ads on Twitter again in the future.
Individual forms of standard tracking: how often users have clicked on a specific link, visited a specific landing page or have fulfilled a certain form as well as submitted it.
There are risks according to Art. 44 DSGVO due to data transfer to the USA. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter.
Further information can be found in the privacy policy of Twitter (https://twitter.com/de/privacy).
If no data collection on Twitter is wanted, it can be deactivated here: https://help.twitter.com/de/safety-and-security/privacy-controls-for-tailored-ads.

Youtube

Name of the service: Youtube
Provider with country information: YouTube, LLC 901 Cherry Ave. San Bruno, CA 94066 USA
Purpose Description/ Functionality: The Youtube Remarketing Tag tracks website visitors and allows those visitors to be retargeted again with retargeting ads on Youtube in the future.
Individual forms of standard tracking: how often users have clicked on a certain link, visited a certain landing page or have fulfilled a certain form as well as submitted it.
There are risks according to Art. 44 DSGVO due to data transfer to the USA. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Youtube.
Further information can be found in the privacy policy of Youtube (https://www.youtube.com/intl/ALL_de/howyoutubeworks/user-settings/privacy/).
If no data collection on Youtube is wanted, it can be deactivated here: https://www.youtube.com/intl/ALL_de/howyoutubeworks/user-settings/ad-settings/.

Google

Name of the service: Google Remarketing
Provider with country information: Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043. USA.
Purpose Description/ Functionality: The Google Remarketing Tag records website visitors and enables precisely those visitors to be reached again with retargeting ads on Google in the future.
Individual forms of standard tracking: how often users have clicked on a certain link, visited a certain landing page or have fulfilled a certain form as well as submitted it.
There are risks according to Art. 44 DSGVO due to data transfer to the USA. We would like to point out that we as the provider of the pages have no knowledge of the content of the transmitted data as well as its use by Google.
Further information can be found in Google's privacy policy (https://policies.google.com/privacy?hl=de&gl=de).
If no data collection on Google is wanted, it can be deactivated here: https://myadcenter.google.com/?hl=de.

LinkedIn

Service Name: LinkedIn Retargeting
Provider with country information: LinkedIn Corporation - Building 1000(LSNS) 1000 W Maude Ave, Sunnyvale, CA 94085
Purpose Description/ Functionality: The LinkedIn Insight tag tracks website visitors and allows those visitors to be retargeted again with retargeting ads on LinkedIn in the future.
Individual forms of standard tracking: how often users have clicked on a certain link, visited a certain landing page or have fulfilled a certain form as well as submitted it.
There are risks according to Art. 44 DSGVO due to data transfer to the USA. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn.
Further information can be found in the privacy policy of LinkedIn (https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com%7Cli-other).
If no data collection on LinkedIn is wanted, it can be deactivated here: https://www.linkedin.com/mypreferences/d/categories/ads

8. Use of session storage as part of search functions

For the purpose of providing the search function, "session storage "is used on our websites. This means search terms you enter are stored locally in your browser. The search terms are re-read from our search function.

This is technically essential with regard to the usability of the search function. When clicking "Back to search" we display the results list of your prior search result.

The search terms are automatically and immediately removed from your browser after closing it ("session"), unless you have manually deleted them beforehand.

netcup GmbH explicitly does not request any personal data from you in the course of entering search terms in the search field. For data protection reasons we want to point out that you should avoid entering personal data in the search field.

III. Server log files

When you access our websites or the individual pages, information is automatically sent to the server of our websites by the browser on your terminal device. The following information is stored in log files:

• IP address of the requesting computer,
• Date and time of access,
• Name and URL of the file accessed,
• Website from which the access is made (referrer URL),
• browser used and, if applicable, the operating system of your computer,
• status codes and amount of data transferred,
• This data is processed for the following purposes:
• Provision of the Internet offer, including all functions and content,
• Ensuring a smooth connection of the website,
• Ensuring a comfortable use of our websites,
• Ensuring system security and stability,
• Anonymized statistical evaluation of accesses,
• Optimization of the website,
• Disclosure to law enforcement authorities if an illegal intervention/attack on our systems has occurred,
• other administrative purposes.

This data will be deleted after fourteen days if it is no longer required for other purposes (for example, defense or assertion of claims). The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection outlined above.

IV. Contract data

Contractual data In connection with and for the purpose of fulfilling pre-contractual measures and contractual obligations for our offer, which take place at your request, we process the data required for the fulfillment of the contract. This includes:

• Name, address, e-mail address and telephone number, billing e-mail address if different, company if applicable;
• customer number;
• Contract data, such as subject matter of contract (booked services), term, customer category;
• Payment data, such as bank details, credit card data, payment history.
• Optionally, the following data may also be processed:
• further contact data, for example a fax number;
• for more secure access, a second factor for logging into our user interface.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. b GDPR.

Your data will be used for the purposes of our offer and to contact you for information relevant to the offer and registration. For this purpose, we create a customer account for you. Due to the nature of our services, you need the customer account so that you can view, monitor and configure the services you have ordered from us. You can view and change your data via your personal user account. Your data will be stored until you terminate your contracts with us and delete the customer account, or until you instruct us to delete your data. If we have to store your personal data due to, in particular, legal obligations under tax and commercial law, the processing of your personal data will be restricted accordingly until the expiry of the retention periods. After that, this data will be deleted.

If you conclude a contract with us by placing an order or otherwise use the user account, for example to configure your contractual services, we store the IP address and the time of the respective usage action. The storage is based on our and your legitimate interests according to Art. 6 para. 1 p. 1 lit. b GDPR to provide our offer and according to Art. 6 para. 1 p. 1 lit. f GDPR to protect against misuse and other unauthorized use. The user account and the data stored in this context also serve in particular to make it easier for you to place further orders with us and to access your order history. In principle, this data is not passed on to third parties, unless it is necessary for the fulfillment of contractual obligations according to Art. 6 para. 1 lit. b GDPR or the protection of our legitimate interests according to Art. 6 para. 1 sentence 1 lit. f GDPR, for example for the pursuit of any claims due to us or defense against us, or if there is a legal obligation to do so according to Art. 6 para. 1 lit. c GDPR.

The data will be disclosed to third parties for the fulfillment of contractual obligations pursuant to Art. 6 para. 1 lit. b GDPR only to the extent necessary for the fulfillment of pre-contractual measures and contractual obligations, e.g. to banks, payment service providers, credit card companies for the processing of payments, to shipping service providers for the shipment of goods and, when registering domains through us, to registrars of top-level domains.

V. netcup customer forum

When you create a user account for the netcup customer forum, you must agree to the terms of use for the netcup customer forum. In doing so, you enter into a usage agreement with us. You can view the terms of use for the netcup customer forum at https://forum.netcup.de/system/disclaimer/.

In connection with, and for the purpose of, the fulfillment of pre-contractual measures and contractual obligations for your membership for the netcup customer forum, which take place at your request, process the data required for the contractual fulfillment of the user agreement concluded with you. This includes your name, e-mail address and a user name selected by you to create your user account.

After you have created your user account, you can voluntarily save further data in your user account (for example, an avatar, photos or your address) and exchange messages with other users. Depending on your activities for the netcup customer forum, even more details can be added to your user account (for example, likes received from other users and awards for special achievements).

If you use your user account for activities in the netcup customer forum, for example to create posts, we store this data in order to make the netcup customer forum available to users and the public. For more information, please refer to the terms of use for the netcup customer forum at https://forum.netcup.de/system/disclaimer/.

The legal basis for the processing of this data is Article Art. 6 (1)(b) GDPR.

The personal data collected will be processed by us to provide the netcup customer forum and to contact you for offer and registration-related information. You can view your personal data and make changes to this data via a personal user access.

Your data will not be disclosed to third parties beyond the use and publication in the netcup customer forum, unless it is necessary for the fulfillment of contractual obligations pursuant to Art. 6 para. 1 lit. b GDPR or for the pursuit of any claims due to us or defense against claims asserted against us, or if there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c GDPR. Your data will be stored until you delete the user account or instruct us to delete your data. If we are obliged to store your personal data due to legal, in particular tax and commercial law retention periods, the processing of your personal data will be restricted accordingly until the retention periods expire and then this data will be deleted.

If you contribute content to the netcup customer forum, you grant us a right to use this content. Therefore, we will continue to store and process the relevant content in order to make the netcup customer forum available to users and the public after your user account has been deleted. However, we will anonymize your user name after you have deleted your user account for the netcup customer forum. For more information, please refer to the terms of use for the netcup customer forum at https://forum.netcup.de/system/disclaimer/.

If you create a user account for the netcup customer forum on our Internet offer or use the user account for the netcup customer forum, we store the IP address and the time of the respective usage action. The storage is based on our legitimate interests according to Art. 6 para. 1 p. 1 lit. f GDPR to provide our offer. The storage is also in your interest to protect you from misuse and other unauthorized use. The IP addresses are anonymized or deleted after 7 days at the latest.

The data will be disclosed to third parties only to the extent necessary to fulfill pre-contractual measures and contractual obligations, to provide the netcup customer forum, if we are legally obliged to disclose the data (for example, by official order), and to assert, exercise or defend against claims.

To ensure that the customer forum is not overrun with spam bots, captcha questions are used. Captcha questions are an internal service of our forum software and are currently asked during registration as well as during the functions "Forgot password" and "Send e-mail to user". The search function is currently in use without Captcha query, because it can only be reached when a user is already logged in.

VI. FriendlyCaptcha

This website uses Friendlycaptcha. Friendlycaptcha is used to ensure that the forms provided are used by a natural person and not abusively by machine or automated processes.

Friendlycaptcha collects your IP address and sends a cryptogaphic task to the end device with which you use our offer. This cryptogaphic task is solved by your terminal without any input from you. If the task is solved in the correct way, Friendlycaptcha confirms to the server running our websites that a human and not a machine is visiting our websites.

When a form is accessed on our websites that uses Friendlycaptcha, the following data is processed and stored by Friendlycapthca:

• IP address of the requesting computer in anonymized form;
• browser used and, if applicable, the operating system of your terminal device;
• the website from which Friendlycaptcha is accessed;
• the cryptographic task that contains information about our use of it;
• the software version of Friendlycapthca we use;
• Date and time of access;
• Website from which the access is made (referer URL);

Friendlycaptcha stores an anonymized counter for each IP address in order to control the complexity of the cryptographic tasks and to prevent legitimate users from being blocked. This data is collected separately from the rest of the data and cannot be attributed to any specific internet service. For this purpose, the IP addresses are anonymized with a hash value so that users can no longer be identified.

Friendlycaptcha is offered by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, which operates on our behalf. Personal data is processed by this service provider on our behalf. We use this service in our legitimate interest in the security of our websites and the detection of bot activities according to Art. 6 para. 1 p. 1 lit. f GDPR.

VII. Communication and advertising

1. Contact form ("Make a request") / Other contacting

If you use the contact form, you must provide your name and email address and the category of your request so that we can contact you personally. If you use other means of communication to make a request to us, we also need your name and contact information where we can reach you (for example, email address, address, phone number or fax number). If you do not provide this information, we will not be able to process your request or contact you. In addition, you can voluntarily provide your telephone number and other data.

When you contact us, we process your personal data to handle your request on the basis of Art. 6 (1) p. 1 lit. b GDPR, provided that your request is related to the performance of a contract or is necessary to carry out pre-contractual measures with you personally. In all other cases, the processing is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR and/or in our legitimate interest in effectively processing the requests addressed to us pursuant to Art. 6 para. 1 p. 1 lit. f GDPR.

All personal data collected in connection with contacting us will be deleted when your request is completed, unless it is necessary to continue storing the data for other reasons (e.g. subsequent conclusion of a contract or defense of claims asserted against us).

2. rate.netcup.de

a) Categories of personal data processed, sources of personal data, purposes and legal bases of processing

aa) Contacting by e-mail

(1) Categories of personal data processed and sources of the personal data

(2) Purposes and legal basis of the processing

To the extent that contacting you by e-mail serves to process your request, see Section VII. 1. of this privacy policy.

In addition, contact by e-mail also takes place in order to ask you for your feedback regarding our customer service and, at the same time, in the event that no suitable solution to your request could be found, to give you the opportunity to comment on this by means of a corresponding comment on your feedback, to enable us to identify potential for improvement with regard to the quality of our customer service on the basis of this information and statistical evaluations created on this basis.

The legal basis in this respect is our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO in collecting data to determine and improve the quality of service.

bb) Feedback

(1) Categories of personal data processed and sources of personal data.

(2) Purpose and legal basis of processing

The data categories mentioned under (1) are processed or stored together and can be attributed to your person as a whole via the ticket ID.

The purpose is to identify potential for improvement with regard to the quality of our customer service on the basis of this data as well as statistical evaluations created on this basis.

The legal basis is your consent in accordance with Art. 6 (1) lit. a DSGVO.

Your consent is always voluntary and you can revoke it at any time, e.g. by sending an informal message to the data protection officer (for contact details, see section II. 2. above).

b) Recipients or categories of recipients of the personal data

• ANEXIA Internetdienstleistungs GmbH, Feldkirchner Straße 140, 9020 Klagenfurt, Austria
• ANX Holding GmbH, Feldkirchner Straße 140, 9020 Klagenfurt, Austria
• ANEXIA Deutschland GmbH, Daimlerstraße 25, 76185 Karlsruhe, Germany

c) Third country transfer

No third country transfer takes place and none is planned.

d) Automated decision-making

netcup GmbH does not use automated decision-making in the sense of Art. 22 DSGVO in connection with rate.netcup.de.

3. Postal advertising

If you are a customer of ours and we have received your data in connection with the sale of a product or the use of a service, we may use your data (first and last name, address and, if you work for a company, your company affiliation) for direct mail advertising for goods or services offered by us or by third parties. In addition to this data, we may also store other data that we have lawfully collected about you for the aforementioned advertising purposes. This may be, for example, your order history or the type of goods you have purchased from us.

The purpose of this data processing is to target you as precisely as possible with advertising that corresponds to your interests and to avoid advertising that does not appeal to you. The legal basis of the processing is our legitimate interest in direct marketing according to Art. 6 (1) lit. f GDPR. Your data will be processed and stored for this purpose until you object to further use for postal advertising.

Postal advertising requires a certain lead time before dispatch in order to print the items and make them ready for dispatch. If you object to postal advertising, it may exceptionally happen that you still receive advertising by mail from us. This is the case if the production process for the corresponding mailing had already started when you objected. This does not mean that we will not take your objection into account.

4. Newsletter

If you would like to receive our newsletter, we need your e-mail address. You can enter your name voluntarily. The data processing for the purpose of sending the newsletter is carried out according to Art. 6 para. 1 p. 1 lit. a GDPR on the basis of your voluntarily given consent by means of the so-called double opt-in procedure. The e-mail address will be used and stored for this purpose until you revoke your consent or unsubscribe from receiving the newsletter. Without this consent, you cannot subscribe to our newsletter. Unsubscribing is possible at any time, for example via a link at the end of each newsletter. Alternatively, you can also send your revocation/unsubscribe request at any time to the e-mail address mentioned under point II.

We send our newsletters with a so-called tracking pixel. A tracking pixel is a miniature graphic that is embedded in the HTML format of the sent newsletter to enable an analysis of reader behavior. In this context, we store whether and at what time a newsletter was opened by you and which of the links contained in the newsletter were called up by you. We use this data to create statistical evaluations of the success or failure of a marketing campaign in order to optimize newsletter distribution and to better tailor the content of future newsletters to your interests. The collected data is not passed on to third parties and is deleted after the statistical evaluation. We send our newsletters with a so-called tracking pixel. A tracking pixel is a miniature graphic that is embedded in the HTML format of the sent newsletter to enable an analysis of reader behavior. In this context, we store whether and at what time a newsletter was opened by you and which of the links contained in the newsletter were called up by you. We use this data to create statistical evaluations of the success or failure of a marketing campaign in order to optimize newsletter distribution and to better tailor the content of future newsletters to your interests. The collected data is not passed on to third parties and is deleted after the statistical evaluation.

5. Direct mail to customers

If you are a customer of ours, we may use your e-mail address for direct advertising of our own similar goods or services. This only applies if you have not objected and if we clearly inform you of the possibility of objection when collecting the e-mail address and each time it is used. You can object to the use of your e-mail address without incurring any costs other than the transmission costs according to the prime rates. For direct advertising by e-mail, we process your e-mail address, your name, if you have used our offers as an employee of a company your company affiliation, the data we have collected about your use of our offers and the type of goods or services you have purchased from us in order to be able to tailor our offers to you individually. The legal basis for the processing is Section 7 (3) UWG and our legitimate interest in direct marketing according to Art. 6 (1) lit. f GDPR.

Your data will be processed and stored for this purpose until you object to further use for direct e-mail advertising or unsubscribe from receiving direct e-mail advertising. You can unsubscribe at any time, for example via a link at the end of each e-mail. Alternatively, you can also send your objection or unsubscribe request at any time to mail@netcup.de.

VIII. Job Applications

If you apply to us via our application form or via other means of communication, you must provide your name and contact details and send your application documents so that we can review your application and contact you. The application procedure is supervised and managed on our behalf by Anexia Internetdienstleistungen GmbH, Feldkirchner Straße 140, 9020 Klagenfurt, Austria. In the application procedure, your data will be processed in accordance with Art. 6 (1) p. 1 lit. a GDPR on the basis of the consent you have given voluntarily. The purpose of the processing is to participate in an application procedure advertised by us or, in the case of a speculative application, to check whether we can offer you a position. Without this consent, you cannot participate in the application process.

We use a personnel management system that is hosted and maintained for us by Anexia Internetdienstleistungen GmbH and with which our application processes are handled. Personal data is processed by Anexia Internetdienstleistungen GmbH on our behalf. The legal basis for data processing is our legitimate interest in the efficient management and control of our application processes pursuant to Art. 6 (1) sentence 1 lit. f GDPR.

Typically, the following data is processed in our application process:

• Your cover letter for application;
• Your personal data:
  Name, address, e-mail address, phone number, mobile number, date of birth;
• The position for which you are applying or whether it is a speculative application;
• Your resume:
  current job, previous jobs, employer, professional training work experience in years, previous training, special skills, hobbies
• Documents such as certificates from educational institutions and/or previous jobs, certificates of further education completed

All personal data collected in connection with the application process will also remain stored on the basis of our legitimate interests within the meaning of Art. 6 (1) lit. f GDPR so that we can defend ourselves against claims asserted against us. If you withdraw your application of your own accord, we will delete your application documents. Your name and contact details as well as the times at which you applied and/or withdrew from the application process and the corresponding correspondence remain stored.

Insofar as this data is no longer required for other purposes (e.g. subsequent recruitment or legal disputes), the data will be deleted automatically six months after the end of the application process.

IX. Payment processing

If you do not agree with the processing of your data and do not want to use either of the following payment options, you can also pay for our services in advance by bank transfer. In this case, we will only inform you of our bank details, the invoice amount and the purpose for the bank transfer.

1. PayPal

This website uses PayPal as a payment service provider. The provider is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). PayPal assumes the function of an online payment service provider as well as a trustee and offers buyer and seller protection services. When paying via PayPal, credit card via PayPal, direct debit via PayPal or - if offered - purchase on account via PayPal, your name, email address, purchased products, invoice amount, as well as billing and delivery address will be disclosed to PayPal as part of the payment processing. When using the payment methods credit card via PayPal, direct debit via PayPal or - if offered - purchase on account via PayPal, PayPal may carry out a credit check to check creditworthiness and minimize payment defaults in order to decide on the release of the payment transaction. In the credit check, probability values are used (so-called score values), in the calculation of which address data are included. The calculation of these score values is based on a scientifically recognized mathematical-statistical procedure. In case of insufficient creditworthiness, PayPal may refuse the selected payment method. After a successful payment transaction, PayPal informs us that your payment has been made.

Beyond the payment processing, we have no influence on how PayPal processes your data already stored at PayPal and the data transmitted by us. Your data will be processed by PayPal based on PayPal's privacy policy, which you agreed to when you opened your PayPal account.

If you do not agree with the data transfer, or you think that your creditworthiness is not suitable for the selected payment method, please use another payment method. For more information on how PayPal handles your personal data, please see the related privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE.

The transfer of your data to PayPal is based on Art. 6 (1) a GDPR (consent) and on Art. 6 (1) b GDPR (processing for the performance of a contract), insofar as you use PayPal to make a payment in your own name and on your account.

2. SEPA Direct Debit

We offer the SEPA direct debit procedure as a payment option. When paying by direct debit, your name, the invoice amount, the purpose of use and your account details are transmitted to our payment service provider or our house bank in order to carry out the payment. The legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

We offer the SEPA direct debit procedure as a payment option. When paying by direct debit, a SEPA direct debit mandate is issued by the account holder for us to agree to the payment transaction (authorization). The following data will be stored and processed:

• Name and address of the account holder
• Invoice ath mount and reason for payment
• Creditor identification number (CI)
• Mandate reference
• Name of payer
• Bank of the payer
• IBAN
• Single or recurring payment

Your data will be transmitted to our payment service provider or our house bank within the scope of payment processing in order to execute the direct debit. Your data will be processed for the direct debit procedure on the basis of Art. 6 para. 1 lit. a GDPR (consent) and on the basis of Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract), insofar as you use the direct debit procedure for a payment in your own name and on your account.

If you should not agree with the data transfer or if you are of the opinion that your creditworthiness is not suitable for the selected payment method, please use another payment method.

3. Stripe

This website uses Stripe as a payment service provider. The provider is Stripe Payments Europe, Ltd,1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter "Stripe"). Stripe performs the function of an online payment initiation service provider. When paying via Stripe, your customer number and email address will be shared with Stripe. After a successful payment transaction, Stripe notifies us that your payment has been made.

If you do not agree with the data transfer, or if you think that your creditworthiness is not suitable for the selected payment method, please use another payment method. For more information on how Stripe handles your personal data, please see the related privacy policy: https://stripe.com/de/privacy

The transfer of your data to Stripe is based on Art. 6 (1) a DSGVO (consent) and on Art. 6 (1) b DSGVO (processing for the performance of a contract), insofar as you use Stripe to make a payment in your own name and on your account.