Defendeer

Privacy Policy

We are very pleased with your interest in our company. Data protection is of particular importance to the management of Defendeer. The use of Defendeer’s websites is generally possible without providing any personal data. However, if a person wishes to use specific services of our company through our website, processing of personal data may be necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain consent from the person concerned.

The processing of personal data, such as name, address, email address, or telephone number of a person, always takes place in accordance with the General Data Protection Regulation and in compliance with the country-specific data protection regulations of DSG-Switzerland applicable to Defendeer. Through this privacy policy, our company aims to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, this privacy policy enlightens individuals about their rights.

1. Definitions

In this privacy policy, we use various terms including:

  • Personal Data: All information relating to an identified or identifiable natural person.
  • Data Subject: Any identified or identifiable natural person whose personal data is processed.
  • Processing: Any operation or set of operations performed on personal data.
  • Restriction of Processing: Marking stored personal data to limit its future processing.
  • Profiling: Automated processing of personal data to evaluate certain aspects related to a natural person.
  • Pseudonymization: Processing personal data in a way that the data can’t be attributed to a specific person without additional information.
  • Controller: Individual or entity deciding on purposes and means of personal data processing.
  • Processor: Entity processing personal data on behalf of the controller.
  • Recipient: Person or entity receiving disclosed personal data.
  • Consent: Freely given, specific, informed, and unambiguous indication of agreement to data processing.

2. Name and Address of Controller

The controller according to GDPR and other EU member state data protection laws is:

Defendeer International GmbH
Buergermatt 5 6343 Holzhaeusern,
ZG Switzerland

Tel.: (Plus41) 78 220 62 50
Email: office(at)defendeer.com
Website: www.defendeer.com

3. Data Protection Officer

The data protection officer for the controller is:

Charly Graf
Defendeer International GmbH
Buergermatt 5 6343 Holzhaeusern,
ZG Switzerland

Tel.: (Plus41) 78 220 62 50
Email: charly(at)defendeer.com
Website: www.defendeer.com

For any questions or suggestions regarding data protection, individuals can contact our data protection officer directly.

4. Cookies

Defendeer’s websites use cookies, which are text files stored on a computer system via an internet browser. Many websites and servers use cookies, with many containing a unique cookie ID. This ID allows visited websites and servers to distinguish the individual’s browser from others, enabling personalized services that would not be possible without cookies.

Cookies help Defendeer provide users with more user-friendly services on the website. They optimize information and offers on the site for the user’s benefit. Users can manage cookie settings in their internet browser to prevent cookie placement or delete existing cookies. Disabling cookies may limit certain functions on the website.

5. Collection of General Data and Information

Each time a person or an automated system accesses Defendeer’s website, general data and information are collected and stored in the server’s log files. This includes browser types, operating systems, referrer websites, accessed subpages, IP addresses, and more. This data is essential for delivering website content correctly, optimizing content and advertising, ensuring system functionality, and providing information to law enforcement agencies in case of cyberattacks.

The collection of this data does not identify individuals but is crucial for website operations and security purposes.

6. Registration on our Website

Individuals can register on the controller’s website with personal data. The data collected is used internally by the controller and may be shared with processors for internal purposes.

Registration also involves storing the IP address, date, and time of registration for security purposes. This data helps prevent service abuse and supports potential investigations if necessary.

Registered users can update or delete their personal data at any time by contacting the controller.

7. Newsletter Subscription

Users can subscribe to Defendeer’s newsletter on the website. Personal data collected for newsletter subscriptions is based on the input fields used during registration.

The company regularly informs customers and partners about company offers through newsletters. Subscribers receive a confirmation email for the newsletter subscription using the double opt-in method to verify authorization.

Information such as the IP address and registration date are stored for security purposes and to prevent potential misuse of email addresses. The collected personal data is used solely for newsletter distribution and not shared with third parties.

Subscribers can unsubscribe from the newsletter at any time. Consent for storing personal data for newsletter purposes can also be revoked at any time.

8. Newsletter Tracking

Newsletters from Defendeer contain tracking pixels to enable statistical evaluation of online marketing campaigns. These pixels help analyze the success of email campaigns by tracking email opens and link clicks.

Personal data collected through tracking pixels is stored and evaluated to optimize newsletter distribution and content alignment with subscriber interests. This data is not shared with third parties, and subscribers can revoke their consent at any time.

9. Contact via Website

Defendeer’s website includes contact information for quick electronic communication with the company. When a person contacts the controller via email or contact form, the transmitted personal data is automatically stored for processing and communication purposes.

10. Regular Data Deletion and Blocking

Personal data is processed and stored by the controller for the necessary period to achieve the storage purpose or as required by regulations. Once the purpose is fulfilled or legal storage periods expire, personal data is routinely blocked or deleted.

11. Rights of the Data Subject

  • Right to confirmation Every data subject has the right granted by the European directive and regulatory authorities to obtain confirmation from the data controller as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right of confirmation, they can contact an employee of the data controller at any time.
  • Right to information Every data subject affected by the processing of personal data has the right granted by the European directive and regulatory authorities to obtain information free of charge at any time from the data controller about the personal data stored about them and to receive a copy of this information. Furthermore, the European directive and regulatory authorities have granted the data subject the right to information on the following:
    • The purposes of the processing
    • The categories of personal data being processed
    • The recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly recipients in third countries or international organizations
    • If possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
    • The existence of the right to rectification or erasure of personal data concerning them or to restriction of processing by the controller or a right to object to such processing
    • The right to lodge a complaint with a supervisory authority
    • If the personal data is not collected from the data subject: all available information about the source of the data
    • The existence of automated decision-making, including profiling in accordance with Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject
  • Right to rectification Every data subject affected by the processing of personal data has the right granted by the European directive and regulatory authorities to request without undue delay the rectification of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing, including by means of a supplementary statement.
  • Right to erasure (Right to be forgotten) Every data subject affected by the processing of personal data has the right granted by the European directive and regulatory authorities to demand from the controller the immediate erasure of personal data concerning them if one of the following reasons applies and if processing is not necessary:
    • The personal data was collected or otherwise processed for purposes no longer necessary.
    • The data subject withdraws consent on which processing is based according to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for processing.
    • The data subject objects to processing pursuant to Art. 21(1) GDPR, and there are no overriding legitimate grounds for processing, or the data subject objects pursuant to Art. 21(2) GDPR.
    • The personal data has been unlawfully processed.
    • Erasure of personal data is required to fulfill a legal obligation under Union law or Member State law to which the controller is subject.
    • The personal data was collected in relation to services offered by the information society pursuant to Art. 8(1) GDPR.
  • Right to restriction of processing Every data subject affected by the processing of personal data has the right granted by the European directive and regulatory authorities to demand from the controller restriction of processing where one of the following conditions applies:
    • The accuracy of personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of personal data.
    • The processing is unlawful, and the data subject opposes erasure of personal data and requests restriction of their use instead.
    • The controller no longer needs personal data for processing purposes, but the data subject requires them for asserting, exercising, or defending legal claims.
    • The data subject has objected to processing pursuant to Art. 21(1) GDPR pending verification whether legitimate grounds of the controller override those of the data subject.
  • Right to data portability Every data subject affected by the processing of personal data has the right granted by the European directive and regulatory authorities to receive their personal data provided to a controller in a structured, commonly used, and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller it was provided to, where processing is based on consent under Art. 6(1)(a) or Art. 9(2)(a) GDPR or on a contract under Art. 6(1)(b) GDPR, and if processing is carried out by automated means, provided that processing is not necessary for a task carried out in public interest or in exercising official authority vested in the controller.
  • Right to object Every data subject affected by the processing of personal data has the right granted by the European directive and regulatory authorities to object at any time, for reasons arising from their particular situation, to processing of their personal data based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions.
  • Automated individual decision-making, including profiling Every data subject affected by the processing of personal data has the right granted by the European directive and regulatory authorities not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning them or similarly significantly affects them unless (1) it is necessary for entering into or performance of a contract between them and a controller; (2) it is authorized by Union or Member State law to which the controller is subject, and which also lays down suitable measures to safeguard their rights, freedoms, and legitimate interests; or (3) it is based on their explicit consent.
  • Right to revoke consent for data protection Every data subject affected by the processing of personal data has the right granted by the European directive and regulatory authorities to withdraw consent for processing personal data at any time.

12. Data Protection provisions for use of Pipedrive

We use Pipedrive as our CRM tool for processing and storing contact details. When contacting us (via contact form or email), user details are processed for handling contact inquiries and their processing according to Art. 6(1)(b) GDPR.

To handle your inquiries efficiently and promptly, we have integrated our contact form with our Customer Relationship Management (CRM) tool Pipedrive. Data transmitted when filling out the form is sent to Pipedrive and stored on Pipedrive servers.

We use Pipedrive’s CRM system from Pipedrive provider based on our legitimate interests (efficient and fast handling of user inquiries, managing existing customers, new business). Pipedrive’s privacy policy can be accessed here: Pipedrive Privacy Policy or Pipedrive DSGVO

13. Privacy Policy regarding the Use of Mailchimp

The newsletters are sent using the provider “MailChimp,” a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the data protection provisions of the service provider here: Mailchimp Privacy Policy.

The service provider is used based on our legitimate interests according to Art. 6(1)(f) GDPR and a data processing agreement according to Art. 28(3) GDPR.

The service provider may use recipient data in pseudonymous form, i.e., without attribution to a user, for optimizing or improving their own services, such as for technical optimization of newsletter delivery and display or for statistical purposes. The service provider, however, does not use the data of our newsletter recipients to contact them directly or to disclose the data to third parties.

14. Privacy Policy regarding the Use of Facebook

The data controller has integrated components of the company Facebook on this website. Facebook is a social network.

A social network is an online meeting place operated on the internet, an online community that usually allows users to communicate with each other and interact in the virtual space. A social network can serve as a platform for exchanging opinions and experiences or allow the online community to provide personal or company-related information. Among other things, Facebook allows users of the social network to create private profiles, upload photos, and connect through friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. For data processing outside the USA or Canada, the responsible entity is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time a single page of this website, operated by the data controller and containing a Facebook component (Facebook plug-in), is accessed, the internet browser on the data subject’s IT system is automatically prompted by the respective Facebook component to download a display of the corresponding Facebook component from Facebook. An overview of all Facebook plugins can be accessed at Facebook Plugins Overview. During this technical process, Facebook receives information about which specific subpage of our website the data subject is visiting.

If the data subject is logged into Facebook at the same time, Facebook recognizes with each visit to our website by the data subject and during the entire duration of their stay on our website which specific subpage of our website was visited by the data subject. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject clicks on one of the integrated Facebook buttons on our website, such as the “Like” button, or if the data subject makes a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.

Facebook receives information via the Facebook component that the data subject has visited our website whenever the data subject is logged into Facebook at the same time as they visit our website; this occurs regardless of whether the data subject clicks on the Facebook component or not. If such transmission of this information to Facebook by the data subject is not desired, it can be prevented by logging out of their Facebook account before accessing our website.

The data policy published by Facebook, which can be accessed at Facebook Data Policy, provides information on how Facebook collects, processes, and uses personal data. It also explains the privacy settings that Facebook offers to protect the privacy of the data subject. Additionally, various applications are available that allow preventing data transfer to Facebook. Such applications can be used by the data subject to prevent data transfer to Facebook.

15. Privacy Policy regarding the Use of Google Analytics (with anonymization function)

The data controller has integrated Google Analytics (with anonymization function) on this website. Google Analytics is a web analytics service that collects and analyzes data about visitor behavior on websites. This service is primarily used to optimize a website and analyze cost-effectiveness of online advertising. The operator of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The data controller uses the addition “_gat._anonymizeIp” for web analytics via Google Analytics. With this addition, Google shortens and anonymizes the IP address of the data subject’s internet connection when accessing our websites from a member state of the European Union or another state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze visitor flows on our website. Google uses the data obtained to evaluate our website usage, compile online reports showing activities on our websites, and provide other services related to our website usage.

Google Analytics sets a cookie on the data subject’s IT system. With this cookie set, Google can analyze the use of our website. Each time one of our website’s individual pages is accessed that is operated by the data controller and contains a Google Analytics component, an internet browser on the data subject’s IT system is automatically prompted by that Google Analytics component to transmit data for online analysis to Google. Through this technical process, Google receives information about personal data such as the IP address of the data subject that Google uses to track visitor origin and clicks for commission calculations.

Through cookies, personal information such as access time, location of access origin and frequency of visits by the data subject are stored. Each visit to our websites transmits this personal data, including the IP address of the data subject’s used internet connection, to Google in the United States. This personal data collected through technical processes is then stored by Google in the United States. Under

certain circumstances, Google may share this collected personal information with third parties.

The data subject can prevent cookies from being set through our website as explained above at any time by adjusting their internet browser settings and thereby objecting to permanent cookie setting. Such settings in their internet browser would also prevent Google from setting a cookie on their IT system. Additionally, any cookies already set by Google Analytics can be deleted at any time through their internet browser or other software programs.

Furthermore, there is an option for the data subject to object to and prevent collection and processing of website usage-related data generated by Google Analytics. The data subject must download and install a browser add-on from Google Analytics Opt-out Add-on. Through JavaScript in this browser add-on, Google Analytics will be informed that no data or information about website visits should be transmitted to Google Analytics. Installing this browser add-on constitutes an objection according to Google. If a later date sees deletion, formatting or reinstallation of their IT system by the data subject or another person under their domain’s control requires reinstallation of this browser add-on for deactivating Google Analytics. If this browser add-on is uninstalled or deactivated by the data subject or another person under their domain’s control, it can be reinstalled or reactivated again.

More information and applicable privacy policies from Google can be accessed at Google Privacy Policies and Google Analytics Terms. Further details about Google Analytics are provided at Google Analytics Information.

16. Privacy Policy regarding the Use of Google AdWords

The data controller has integrated Google AdWords on this website. Google AdWords is an internet advertising service that allows advertisers to display ads in Google search results and the Google advertising network. Advertisers can set specific keywords in advance through Google AdWords, causing an ad to appear in Google search results only when the user retrieves a keyword-relevant search result. In the Google advertising network, ads are distributed on topic-relevant internet pages using an automatic algorithm and predefined keywords.

The operator of Google AdWords services is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The purpose of Google AdWords is to promote our website by displaying relevant ads on third-party websites and in Google search engine results, as well as displaying external ads on our website.

When a user clicks on a Google ad and lands on our website, a conversion cookie is stored on the user’s IT system by Google. A conversion cookie expires after thirty days and does not serve to identify the individual. Through the conversion cookie, it is tracked, if the user accesses certain subpages, such as the shopping cart of an online shop system, on our website. The conversion cookie allows us and Google to track whether a user who arrived at our website through an AdWords ad generated revenue by completing a purchase or abandoned it.

Data and information collected using the conversion cookie are used by Google to create visit statistics for our website. We use these visit statistics to determine the total number of users directed to us through AdWords ads, to evaluate the success or failure of each AdWords ad, and to optimize our AdWords ads for the future. Neither our company nor other Google AdWords advertisers receive information from Google that could identify the individual.

Personal information, such as visited web pages by the user, is stored through the conversion cookie. Therefore, personal data, including the IP address of the user’s internet connection, is transmitted to Google in the United States each time a user visits our web pages. This personal data is stored by Google in the United States. Google may share this personal data collected through technical processes with third parties.

The user can prevent cookies from being set through our website as described above by adjusting their internet browser settings and objecting to cookie setting permanently. This internet browser setting would also prevent Google from setting a conversion cookie on the user’s IT system. Additionally, a conversion cookie already set by Google AdWords can be deleted at any time through the internet browser or other software programs.

Furthermore, the user has the option to object to interest-based advertising by Google. To do so, the user must visit Google Ads Settings from each internet browser they use and adjust their preferences accordingly.

For additional information and applicable privacy policies from Google, please visit Google Privacy Policies.

17. Privacy Policy regarding the Use of Instagram

The data controller has integrated components of the Instagram service on this website. Instagram is a service classified as an audiovisual platform that allows users to share photos and videos and distribute such data in other social networks.

The operator of Instagram services is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

Each time a user accesses one of the individual pages of this website operated by the data controller and containing an Instagram component (Insta button), the internet browser on the user’s IT system is automatically prompted by the respective Instagram component to download a display of the corresponding Instagram component. Through this technical process, Instagram becomes aware of which specific subpage of our website was visited by the user.

If the user is logged into Instagram at the same time, Instagram recognizes with each visit to our website by the user and throughout their stay on our website which specific subpage the user visited. This information is collected by the Instagram component and associated with the respective Instagram account of the user by Instagram. If the user clicks on one of the integrated Instagram buttons on our website, the transmitted data and information are assigned to the personal Instagram user account of the user by Instagram and stored and processed.

Instagram receives information about a user visiting our website through the Instagram component whenever the user is logged into Instagram at that time; this occurs regardless of whether the user clicks on the Instagram component or not. If such transmission of information to Instagram is not desired by the user, it can be prevented by logging out of their Instagram account before accessing our website.

For further information and applicable privacy policies from Instagram, please visit Instagram Help Center and Instagram Privacy Policy.

18. Data protection provisions regarding the use of LinkedIn

The controller has integrated components of the LinkedIn Corporation on this website. LinkedIn is an internet-based social network that allows users to connect with existing business contacts and establish new business relationships. Over 400 million registered individuals use LinkedIn in more than 200 countries, making it currently the largest platform for business contacts and one of the most visited websites globally.

The operator of LinkedIn is the LinkedIn Corporation, located at 2029 Stierlin Court, Mountain View, CA 94043, USA. For data protection matters outside the USA, LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

With each visit to our website that is equipped with a LinkedIn component (LinkedIn Plug-In), this component prompts the browser used by the individual to download a corresponding display of the LinkedIn component. More information about LinkedIn Plug-Ins can be found at https://developer.linkedin.com/plugins. Through this technical process, LinkedIn gains knowledge of which specific subpage of our website the individual visited.

If the individual is logged into LinkedIn at the same time, LinkedIn recognizes with each visit to our website by the individual and throughout the entire duration of their stay on our website, which specific subpage of our website the individual visited. This information is collected by the LinkedIn component and associated with the respective LinkedIn account of the individual by LinkedIn. If the individual clicks on a LinkedIn button integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the individual and stores this personal data.

LinkedIn receives information through the LinkedIn component whenever the individual has visited our website while logged into LinkedIn at that time; this happens regardless of whether the individual clicks on the LinkedIn component or not. If the individual does not want such transmission of information to LinkedIn, they can prevent it by logging out of their LinkedIn account before visiting our website.

LinkedIn offers the possibility to unsubscribe from email messages, SMS messages, and targeted ads, as well as to manage ad settings at https://www.linkedin.com/psettings/guest-controls. Furthermore, LinkedIn uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame, which may set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy. The applicable data protection provisions of LinkedIn can be accessed at https://www.linkedin.com/legal/privacy-policy. The cookie policy of LinkedIn is available at https://www.linkedin.com/legal/cookie-policy. 19. Legal basis for processing.

Art. 6 I lit. a DS-GVO serves as the legal basis for processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case for example with processing operations required for the delivery of goods or the provision of other services or consideration, then the processing is based on Art. 6 I lit. b DS-GVO. The same applies to processing operations that are necessary for carrying out pre-contractual measures, such as in cases of inquiries about our products or services. If our company is subject to a legal obligation by which processing of personal data is required, such as for compliance with tax obligations, the processing is based on Art. 6 I lit. c DS-GVO. In rare cases, processing of personal data may be necessary to protect vital interests of the data subject or another natural person.

This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would need to be passed on to a doctor, hospital or other third party.

Then the processing would be based on Art. 6 I lit. d DS-GVO. Finally, processing operations could be based on Art. 6 I lit. f DS-GVO. This legal basis applies to processing operations that are not covered by any of the aforementioned legal grounds if processing is necessary for the purposes of legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 DS-GVO).”

19. Legitimate interests in the processing pursued by the controller or a third party

If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the conduct of our business activities for the benefit of the well-being of all our employees and shareholders.

20. Duration for which the personal data will be stored

The criterion for the duration of the storage of personal data is the respective legal retention period. After the expiration of the period, the relevant data will be routinely deleted unless they are no longer necessary for contract fulfillment or initiation.

21. Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision

We inform you that the provision of personal data is partly required by law (e.g., tax regulations) or may also result from contractual provisions (e.g., information about the contracting party). In some cases, it may be necessary for the conclusion of a contract that a data subject provides us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data when our company enters into a contract with them. Failure to provide the personal data would result in the contract not being able to be concluded with the data subject. Before providing personal data by the data subject, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is legally or contractually required or necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what consequences the failure to provide the personal data would have.

22. Existence of automated decision-making

As a responsible company, we refrain from automated decision-making or profiling.

Version 2.0 / August 2021 This privacy policy was created using the privacy policy generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which acts as an external data protection officer in Dortmund, in cooperation with Cologne data protection lawyer Christian Solmecke.”