Data Protection Notice

Thank you for visiting the PSW GROUP website and for your interest in our services. The protection of your personal data is very important to us. With this data protection notice, we would like to inform you about the handling of your personal data when visiting our websites, when booking specific services and about your rights.

Your PSW GROUP-Team

1. Who are we and how can you contact us?

We,

PSW GROUP GmbH & Co. KG
Flemingstr. 20-22
36041 Fulda
Germany

Phone: +49 661 480 276 10
E-mail: info (at) psw.net

are responsible for protecting your personal data. If you have any questions about data processing, your rights or this data protection notice, our Data Protection Officer, David Gabel, and our Data Protection Team are also available to help you at datenschutz (at) psw.net.

1.1 The scope of this notice
This data protection notice applies to the following websites:

  • psw-group.de
  • hpkp-faq.de
  • ssl-zertifikate.de
  • ev-zertifikate.de
  • pdf-signing.de

1.2 Encryption
This website uses transport encryption (TLS/SSL) for security reasons and to protect the transmission of personal data and other confidential content (e.g. inquiries via our contact form). An encrypted connection is visible by the string "https://" and the lock symbol in your browser address bar.

2. What data is processed when visiting our website?

In the following, we inform you about which data is collected when you visit our website, for which purposes it is processed, the legal basis for the data processing, the options you have to control the collection and processing of the data yourself and when the data is deleted.

2.1 Log-Files when visiting the website

Collected data:

  • Our visited website
  • Date and time of the access
  • Amount of data sent in bytes
  • Source/reference from which you came to our site
  • Used browser
  • Used operating system
  • Your IP address

Purposes of the data processing:
The temporary storage of this data is necessary to enable the delivery of the website to your computer and to ensure the functionality of the website. With the help of this data, we also gain statistical insights into how our websites are used. In addition, we collect the data in order to be able to trace and prevent unauthorized access to the webserver and misuse of the websites and to secure our information technology systems. 

Legal base:
We temporarily store this data on the basis of legitimate interests (Art. 6 para. 1 lit. f) GDPR). Our legitimate interest is to achieve the purposes described above.

Storage duration and control options:
The data is deleted when it is no longer necessary to achieve the purposes described above.

 

3. What data is processed when you contact us, order a newsletter or comment on our blog?

In the following, we inform you about which data is collected and processed when you contact us, order a newsletter, comment on our blog posts, for which purposes and by which recipients it is processed, the legal basis for the data processing and when the data is deleted.

3.1 Contact

Collected data:
We collect and process the data you provide, such as your contact details, your name and your request, when you contact us via a contact form or by e-mail. All data that you send us via the contact form is transmitted encrypted between your browser and our server. You can also send us messages by e-mail in encrypted form at any time, assuming you use an S/MIME or PGP certificate. You can find our public keys in the download area.

Purposes of the data processing:
The data is processed solely for the purpose of responding to your request or for contacting you and the associated technical administration.

Legal base:
The legal basis for the processing of the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f) GDPR. If your contact aims at the conclusion of a contract, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.

Storage duration:
Your data will be deleted after final processing of your request, this is the case if it can be inferred from the circumstances that the matter concerned has been conclusively clarified and provided that there are no legal storage obligations to the contrary.

3.2 Newsletter

Collected data:
We collect and process the e-mail address you provide when you order our newsletter. Mandatory information for sending the newsletter is only your e-mail address. The provision of any other data is voluntary and will be used to address you personally.

Within the scope of sending our newsletter, we use the e-mail dispatch service of the certified service company: 

rapidmail GmbH 
Wentzingerstraße 21    
79106 Freiburg i. Breisgau

Purposes of the data processing:
We process the data to send you the newsletter.

For quality assurance, we use the usage analysis "recipient statistics" from rapidmail. This allows us to determine who, at what time, with which email client opened our newsletter or which link to which article was clicked. This allows us to understand which topics you are interested in, so that we can adapt our selection of topics to your needs and interests. No profiling or similar takes place. 

When you register for the newsletter, we record your IP address as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data we collect when you register for the newsletter will be used exclusively for the purpose of advertising the newsletter. A transfer of your data by rapidmail is excluded.

Legal base:
For sending the newsletter, we use the so-called Double Opt-In procedure. This means that we will only send you an e-mail newsletter if you have expressly confirmed that you consent to the sending of newsletters. You will then receive a confirmation e-mail asking you to confirm that you wish to receive future newsletters by clicking on an appropriate link.

By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR.

Storage duration:
We store your data for as long as we need it for the specific processing purpose. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the Controller at the beginning. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data.

3.3 Comments on our blog

Collected data: 
To accept and publish your comment on our blog (www.psw-group.de/blog), your comment and the personal data left behind will be processed. The name or alias provided will be published with the comment, the required E-Mail address will not.

Legal base:
The personal data you leave in your comment will be processed according to your consent pursuant to Art. 6 para. 1 lit. a) GDPR.

Storage duration:
Your comment will be stored and published for an unlimited period of time. We reserve the right to delete them without giving reasons and without prior or subsequent information.

Upon your request, we will delete your comments immediately. Please use the "delete function" or contact us for this purpose.

4. EHI, Trusted Shops & Stripe

Collected data:
On our website we use the seal "EHI Geprüfter Online-Shop", a widget of the EHI Retail Institute GmbH, Spichernstraße 55, 50672 Cologne ("EHI") and the "Trusted Shops Gütesiegel" of Trusted Shops GmbH, Colonius Carré, Subbelrather Straße 15c, 50823 Cologne. When you visit our website, dynamic content (current rating of the store, certificate, etc.) is loaded into the widget from servers of EHI and Trusted Shops.

Your IP address, the previously visited website, date and time of access, the amount of data transferred, the browser type and version, the operating system you are using and the requesting provider (referrer data) are transmitted to the servers of EHI and Trusted Shops.

Further information on data protection at EHI can be found at: www.ehi-siegel.de/datenschutz.

You can find more information about data protection at Trusted Shops at: www.trustedshops.de/impressum

Legal base:
The processing is based on our overriding legitimate interest in optimizing our offer in accordance with Art. 6 para. 1 lit. f) GDPR.

4.1 Data processing for shop reviews by EHI Retail Institute GmbH

Collected data:
If you decide to review our service, we process your e-mail address and your order number and date. The recipient is: EHI Retail Institute GmbH, Spichernstraße 55, 50672 Köln.

Purposes of the data processing:
To send you a review confirmation request and a final review request, as well as to assign your rating and prevent abuse.

Legal base:
This processing is carried out on the basis of our legitimate interests in improving our services and preventing abuse in accordance with Art. 6 para. 1 lit. f GDPR.

Storage duration:
Your data will be stored as long as the EHI store rating is displayed on our website and on the page of EHI.

4.2 Stripe

Among other services, we offer payment processing via Stripe on this website. The provider for customers within the EU is Stripe Payments Europe, Ltd.,1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter referred to as “Stripe”). For US is Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA responsible.

When you make a payment using Stripe, your payment data are forwarded to Stripe via an interface on our website so that the payment can be processed.

Any credit card information you provide as part of your Payment Information is collected and processed by our payment processor Stripe through their Stripe Checkout service. Stripe commits to complying with the Payment Card Industry Data Security Standard (PCI-DSS) and using industry-standard security. Stripe may use your Payment Information in accordance with their own Privacy Policy.

For details about this process, please consult Stripe’s Data Protection Policy under the following link: https://stripe.com/de/privacy.

Your data are transferred to Stripe on the basis of Art. 6 Sect. 1 lit. b GDPR (contract management) as well as based on our legitimate interest in the use of dependable and secure payment processes (Art. 6 Sect. 1 lit. f GDPR).

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. As an additional guarantee, Stripe has certified itself according to the Transatlantic Data Privacy Framework. Details can be found here: https://stripe.com/de/privacy and https://stripe.com/de/guides/general-data-protection-regulation.

5. General information about Cookies and Targeting Technologies

Collected data:
So-called cookies are set when you visit our websites. These are small data sets or bits of information that are stored on your device. Cookies usually contain a characteristic sequence of characters, the so-called cookie ID, with which your browser can be identified when you visit our websites again.

In addition, we use so-called tags, which are small code elements that help us measure the behavior of our users and the success of advertising activities.

Depending on the type of cookies or tags, different data is collected and processed anonymously or pseudonymously.

We use our own cookies as well as cookies from other providers (third-party cookies).

Purposes of the data processing:
Technically necessary cookies enable the technical functioning of the website. Some functions of our websites cannot be offered without the use of the cookies.

Functionality cookies are used to make our websites more user-friendly and to ensure certain functionalities.

Analytics cookies and tags allow us to generate aggregate statistics, such as the number of views, which areas of the websites are viewed most frequently, and information about locations and about the length of the average stay on the websites. This allows us to improve the quality of our websites and content.

Legal base:
We use technically necessary cookies and functionality cookies based on legitimate interests (Art. 6 para. 1 lit. f) GDPR). Our legitimate interest is to ensure the functioning of our websites and their optimal usability.

We use analytics cookies as well as tags and retargeting technologies based on legitimate interests (Art. 6 para. 1 lit. f) GDPR, recital 47). Our legitimate interest is to tailor our websites optimally to the interests of our customers.

Third-party cookies are only used with your explicit consent, according to Art. 6 para. 1 a) GDPR. See point 5.1 of this statement.

Storage duration and control options:
Some of the cookies we use are automatically deleted after you close your browser (so-called session cookies), others remain on your device for a defined period of time and allow us to recognize your browser again (so-called persistent cookies).

You have full control over the use of cookies and can delete cookies in your browser, disable the storage of cookies altogether or selectively accept certain cookies. Please use the help functions of your browser to learn how to change these settings. This may limit the functionality of our websites.

5.1 Third-party cookie and tracking technologies used

Necessary cookies (Essential)
consentmanager

Collected data:
Our website uses consent technology from consentmanager to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document this consent in accordance with data protection law.
The provider of this technology is

consentmanager AB
Håltegelvågen 1b
72348 Västerås, Schweden
Website: https://www.consentmanager.de (in the following „consentmanager“).

Purposes of the data processing:
We use Consentmanager to comply with the legal obligations of consent retention.

Legal base:
We use Consentmanager to fulfill our legal obligation, Art. 6 para. 1 lit. c) GDPR.

Storage duration and control options:
The consent data (consent and revocation of consent) is stored for three years. The data will be deleted after this period. For more information, please see consentmanager's data protection notice at this link: https://www.consentmanager.de/datenschutz/

WordPress

Collected data:
For our Blog page we use the open source content management system "Wordpress" as well as plugins. Plugins are function-related extensions of the "Wordpress" software.  In the context of the use of these plugins, personal data, such as the anonymized IP address of your connection, may be processed.

In some cases, cookie and tracking technologies from third-party providers are used. Here, the principles described above in section 2. apply without restriction.

Purposes of the data processing:
We use plugins in particular for the following purposes:

  • To protect against abusive comments ("spam")
  • To find broken links
  • To improve the loading speed of our mobile websites

Insofar as plugins for third-party cookie and tracking technologies are used, the description of the purposes given under section 5. applies.

Legal base:
We use WordPress and the respective plugins on the basis of legitimate interest. Our legitimate interest is to achieve the purposes described above.

We use third-party cookie and tracking technologies in the context of a plugin if you have consented to this.

Storage duration and control options:
We store your data for as long as we need it for the specific processing purpose.

Google Analytics

Collected data:
On our website, we use Google Analytics, a web analytics service provided by Google Ireland Limited, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics sets cookies on your device that allow us to evaluate your use of our websites. For this purpose, Google collects, for example, data to identify your browser, information about when and how often you accessed our websites, how long you stayed on our websites and how you interacted with our websites (more information on this can be found in Googles data protection notice for der services: https://policies.google.com/technologies?hl=de&gl=de.

We have extended Google Analytics with the code "get._anonymizeIP();". This causes Google to shorten your IP address and enables a pseudonymized evaluation. The shortening of IP addresses takes place within the EU or the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the US and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. The data determined with the help of cookies is usually transferred to a Google server in the US and stored there. Google undertakes to comply with European data protection standards and your rights by using EU standard contractual clauses. Google transmits data to third parties if consent has been given, if this is required for legal reasons or if third parties process this data on behalf of Google.

Purposes of the data processing:
The purpose of data processing is the analysis of user behavior in order to optimize our website. This only takes place if you give us your consent.

Legal base:
We use the described Google product if you have consented to the processing of your data. We obtain your consent according to Art. 6 para. 1 lit. a) GDPR when you call up our websites via the cookie banner.

Storage duration:
The data collected via the Google functions are stored and regularly deleted. You can prevent the storage of cookies by making the appropriate setting in your browser. You can also prevent the collection of data and the processing of data by Google by downloading and installing the browser add-on available.
You can find more information in the Google privacy policy .

GoogleAds Conversion Tracking (previously Google Adwords)

Collected data:
We use Google Ads Conversion Tracking of Google Ireland Limited, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). With this technology, cookies are set when you interact with, e.g. click on, one of our advertisements on another website. The cookies are used to analyze what happens after you have interacted with an advertisement, e.g. whether you have purchased our product, from which device you have accessed the advertisement or signed up for our newsletter.

Purposes of the data processing:
We use this technology to measure the success of our ads and thus improve our offerings.

Legal base:
We use the described Google product if you have consented to the processing of your data. We obtain your consent when you arrive on our websites via the cookie banner, Art. 6 para. 1 lit. a) GDPR.

The data collected via the Google functions are stored and regularly deleted. You can prevent the storage of cookies by making the appropriate setting in your browser. You can also prevent the collection of data and the processing of data by Google by downloading and installing the browser add-on available at the following link. You can object to the storage of cookies and the associated data processing by deactivating personalized advertising via your advertising settings . You can deactivate the use of cookies by third-party providers via the deactivation website of the Network Advertising Initiative . This may restrict the functionality of our websites. You can find more information in the Google privacy policy .

Google TagManager

Google Tag Manager is a tracking solution of Google Ireland Limited, with its registered office in Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), with which we can manage so-called website tags via an interface (and thus, for example, integrate Google Analytics and other Google marketing services into our online offer). The Tag Manager itself (which implements the tags) does not process any personal data. With regard to the processing of personal data, please refer to the information on the respective Google services. You can access the usage guidelines of the Google Tag Manager here: https://www.google.com/intl/de/tagmanager/use-policy.html

Google Fonts

On our website we use Google Fonts of the company Google Inc. For the European area the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible. We have embedded the Google fonts locally, i.e. on our webserver - not on Google's servers. This means that there is no connection to Google servers and thus no data transfer or storage.

LinkedIn Insights Tag and Conversion Tracking

Collected data:
We use the LinkedIn Insight Tag for this website. The LinkedIn Insight Tag creates a LinkedIn "browser cookie" which collects the following data:

  • ‍IP address,
  • timestamp,
  • page activity,
  • demographic data from LinkedIn, if the user is an active LinkedIn member. ‍

‍With the help of this technology, we can generate reports on the performance of our advertisements as well as information on website interaction. For this purpose, the LinkedIn Insight tag is embedded on this website, which establishes a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time.

Purposes of the data processing:
We process their data to evaluate campaigns and collect information about website visitors who may have reached us through our campaigns on LinkedIn.

Legal base:
We process your data because you have consented to this, Art. 6 para. 1 lit. a) GDPR. Our legitimate interest is to determine the reach of our advertisements and to analyze user behavior on our websites.

Storage duration and control options:
We store your data as long as we need it for the respective purpose (campaign evaluation) or you have not objected to the storage of your data or revoked your consent. The collected data is encrypted. You can find more information here. Here you can find the LinkedIn privacy policy, as well as the LinkedIn Opt-Out.

Bing Universal Event Tracking

Collected data:
We use Bing Universal Event Tracking ("UET"), a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). When you access our websites through advertisements on Bing Ads, a cookie is set on your computer. In addition, a UET tag is integrated on our websites. This is a code which, in combination with the cookie, stores pseudonymized data about the use of the website. The tag, in combination with the cookie, collects pseudonymized data to track what actions you take on our websites after clicking on an ad on Bing Ads. Among other things, the length of time spent on the website, which areas of the website were accessed and which ad you used to access the website are collected. In addition, Microsoft may track your usage patterns across multiple of your electronic devices through so-called cross-device tracking. The information collected is transferred to a Microsoft server in the United States, where Microsoft is committed to maintaining an adequate level of data protection through the use of EU standard contractual clauses.

Purposes of the data processing:
UET allows us to track your activity on our websites if you arrived at our websites through ads from Bing Ads and enable us to improve our offerings. Cross-device tracking allows Microsoft to display personalized ads.

Legal base:
We use the Bing tracking tools if you have consented to them. We obtain your consent when you call up our websites via the cookie banner, art. 6 para. 1 lit. a) GDPR.

Storage duration and control options:
The data is stored by Microsoft for a maximum period of 180 days. You can prevent the collection and processing of data by deactivating the setting of cookies. This may restrict the functionality of the websites under certain circumstances. You can deactivate cross-device tracking . You can find more information about Bing's analytics services on the Bing Ads website. For more information on data rotection at Microsoft and Bing, please refer to Microsoft's privacy policy.

Links to other sites

Our website may contain links to other websites of interest. However, once you have used those links to leave our website, you should note that we have no control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information you provide when visiting such websites, and such websites are not governed by this Data Protection Notice. You should exercise caution and review the Data Protection Notice applicable to that website.

6. Social Media

We are active in various social media networks and have provided external links to our presences on our websites. You can find us on Facebook, Twitter, LinkedIn, Xing, Pinterest, YouTube and Instagram.

If you do not click the external links to our social media appearances, no data transfer takes place in this direction. Only when you click on the link will the usual Internet usage data be transmitted to the respective platform and you will be redirected to the corresponding page. In this case, the data protection notice and the conditions of the individual provider must be observed.

We point out that you use these services and functions on your own responsibility. This applies in particular to the use of interactive functions such as commenting, sharing, rating.

The privacy statements of the individual platforms can be found in the following list:

6.1 YouTube

We use the so-called "extended data protection mode" of the provider YouTube to embed videos. The operator of the service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. YouTube uses Google APIS and Google Gstatic when providing its service.

In doing so, a cookie is only stored on your computer when the video is played. According to YouTube, no personal cookie information is stored for playbacks of embedded videos with enhanced privacy. For more information on YouTube's official data protection notice, click here: http://www.youtube.com/t/privacy_at_youtube

Purposes of data processing:
We use this data to provide you with the video on our site.

Legal basis:
The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR. YouTube's services are only used when you click on the video.

Storage period:
The data is deleted as soon as the purpose of its collection has been fulfilled.

6.2 Content Delivery Network ("CDN") KeyCDN

On our website we use a so-called Content Delivery Network ("CDN") of the technology service provider proinity LLC, Reichenauweg 1, 8272 Ermatingen, Switzerland ("KeyCDN"). A Content Delivery Network is an online service that is used in particular to deliver large media files (such as graphics, page content or scripts) through a network of regionally distributed servers connected via the Internet. The use of KeyCDN's Content Delivery Network helps us optimize the loading speeds of our website.

Legal base:
The processing is carried out in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interest in a secure and efficient provision, as well as improvement of the stability and functionality of our website from all over the world.

If you have enabled JavaScript in your browser and do not have a JavaScript blocker installed, your browser may transmit personal data to KeyCDN. For more information, please see KeyCDN's privacy notice: https://www.keycdn.com/privacy

7. What rights do you have and how can you exercise them?

7.1. Revocation of the consent
You can revoke any consent you may have given for the processing of your personal data at any time with effect for the future. Please note that the revocation has no effect on the lawfulness of the previous data processing and that it does not extend to such data processing for which there is a legal reason for permission and which may therefore also be processed without your consent.

7.2 Further data subject rights

In addition, you are entitled to the following data subject rights in accordance with Articles 15 to 21 and 77 of the EU-General Data Protection Regulation (GDPR) if the legal requirements are met:

Information:
You can request at any time that we provide you with information about which of your personal data we process and how, and a copy of the personal data we have stored about you, Art. 15 GDPR.

Rectification:
You may request the correction of inaccurate personal data as well as the completion of incomplete personal data, Art. 16 GDPR.

Erasure:
To delete your personal data: Please note, excluded from the deletion is data that we need for the implementation and execution of contracts and for the assertion, exercise and defense of legal claims, as well as data for which there are legal, regulatory or contractual obligations to retain, Art. 17 GDPR.

Restriction of the processing:
You may request the restriction of processing under certain circumstances, e.g. if you believe that your data is inaccurate, if the processing is unlawful or if you have objected to the data processing. This means that your data may only be processed in a very restricted manner without your consent, e.g. for the assertion, exercise and defense of legal claims or for the protection of the rights of other natural and legal persons, Art. 18 GDPR.

Objection against data processing:
You have the option to object to data processing for direct marketing purposes at any time. In addition, you can object at any time to data processing based on a legitimate interest if there are special reasons, Art. 21 GDPR.

Data portability:
You have the right to receive the data that you have provided to us and that we process on the basis of your consent or for the performance of a contract in a common, machine-readable format and, within the limits of what is technically feasible, to request direct transfer of this data to third parties, Art. 20 GDPR.

7.3 Contact
You can exercise your rights through the following contact channels:

Mr. David Gabel
Data Protection Officer
Am Bürgerl 1
92431 Neunburg vorm Wald
E-mail address: david.gabel(at)your-insider.com
Or write our Data Protection Team via datenschutz (at) psw.net

7.4 Right of complaint to a supervisory authority

For example, if you believe that our data processing is unlawful or that we have not granted the rights described above to the extent necessary, you have the right to file a complaint with the competent data protection supervisory authority.

8. Recruiting & Human Resources (Information for applicants)

We are pleased that you would like to join our team. We ask you to send applications only to the e-mail address below.

We have set up a separate mailbox for applications. Please reach out to bewerbung (at) psw.net

This mailbox is excluded from e-mail archiving. If you send your application to another address, we cannot prevent its storage.

If you would like us to consider you for other vacancies in our company and keep your application beyond the maximum retention period of 6 months, please give us your consent.

We assume that we are allowed to answer unencrypted application emails unencrypted as well. If you do not wish this, please let us know in your application mail.

9. When will your data be deleted?

The duration of the storage of personal data is measured by the respective legal retention period, these are:

  • We keep your orders and the communication about your orders for 6 years after the expiration of the contract in order to be able to fulfill commercial law requirements.
  • The invoices for your orders must be kept for 10 years for tax reasons.
  • Application documents will be kept for a maximum of 6 months after receipt, unless you would like us to consider your application for subsequent job postings.

After expiry of this period, the corresponding data will be routinely deleted, provided that it is no longer required for the performance of the contract or the initiation of the contract and/or there is no further legitimate interest on our part in its continued storage.

10. Changes

We regularly make changes to our Data Protection Notice in order to remain compliant with the legal regulations in the future. Your rights to information, correction, deletion and objection remain unaffected by such changes. Please therefore always note the latest update. [Version 4 / Stand: 12.2023]