This is the website of the companies of the COSMO CONSULT GROUP, hereinafter referred to as "COSMO CONSULT" or "we". Responsible for the data protection is the
COSMO CONSULT AG
Schöneberger Str. 15
10963 Berlin
Tel.: +49 030-3438 15-0
E-Mail: contact@cosmoconsult.com
The companies of the COSMO CONSULT GROUP are jointly responsible for some data processing. We have described this in more detail under "3. Jointly responsible parties of the COSMO CONSULT GROUP".
We take the privacy of personal information very seriously. We will treat your personal information confidentially and in accordance with data protection legislation and this privacy policy.
Below you will find information on how COSMO CONSULT collects and uses personal data, in particular which data is collected during your visit and how it is used. Under 4.0 Rights of affected persons we inform you about your rights according to the EU General Data Protection Regulation and how you can exercise them.
As a matter of principle, we do not pass on your personal data to third parties without your consent or a legal obligation to do so, and only use it for the purposes of technical administration of the websites. If you are one of our customers, we will use your information for customer administration and marketing purposes only to the extent necessary and permitted by law. As our customer, you have the right to object to the use of your data for marketing purposes at any time.
The collection or transfer of personal data to government institutions and authorities will only take place within the framework of mandatory national legislation..
We now offer you the opportunity to enter into a contractual agreement with us that is compliant with the EU Data Protection Regulation: Privacy Portal For more information, see 3.2 Order Data Processing Agreement
1. General Information
The subject of this privacy policy is the processing of personal data by the websites, services and portals under *.cosmoconsult.com and by the COSMO CONSULT Group as service provider.
1. 1 Processing of personal data
It is generally possible to use our website without providing any personal data. Personal data such as name, address, telephone number or e-mail address are only collected if the user provides this information voluntarily. If you use one of our portals, it is necessary to process your registration data accordingly in order to enable registration.
We process your personal data for the following purposes:
1. 1. 1 Contract fulfillment
We will process your data in order to be able to fulfill our contracts. This also applies to information that you provide to us in the context of pre-contractual correspondence. The specific purpose of the data processing depends on the product and the application submitted; it may also be used to analyze your needs and to determine which products and services are suitable for you. For the fulfillment of the contract we need your name, your address, and your telephone number or e-mail address, so that we can contact you. We also need your personal data in order to determine whether we can offer you products and services and if so which ones. You can find details concerning the respective purposes of the data processing in the contract documents and our general terms and conditions.
This data processing is done on the basis of Article 6 (1) b GDPR.
1. 1. 2 To strengthen and optimize the customer relationship
As part of our effort to continuously improve our relationship with you, we occasionally ask you to participate in our customer surveys. The results of the surveys allow us to better tailor our products and services to your needs. This data processing is done on the basis of Article 6 (1) f GDPR.
1. 1. 3 Data processing and data analysis for marketing purposes
Your needs are important to us, and we try to provide you with information about products and services that suit you perfectly. In the course of doing so, we make use of what we have learned during our joint business relationship and we use market research. Our main goal is to adapt our product suggestions to your needs. In this context, we guarantee that we will always process the data in accordance with applicable data protection laws. Please note: You are always entitled to revoke permission for the use of your data for this purpose at any time.
What specifically do we analyze and process?
- The results of our marketing measures in order to determine the efficiency and relevance of our campaigns;
- Information gathered during your visits to our website and the customer portal;
- We analyze data to determine possible demand for our products and service.
This data processing is done on the basis of Article 6 (1) f GDPR.
1. 1. 4 E-mail marketing and newsletters
After you have registered via our customer portal, you will be able to receive newsletters and e-mails adapted to your needs that provide information about interesting trade fairs, news about our company, invitations to customer events, etc. To send you this information we only need your e-mail address; all other information is voluntary.
The processing of your data for this purpose is based on your consent in accordance with Art. 6 par. 1 letter a DS-GVO. The legislator places certain requirements on the effectiveness of electronic consent, such as that used for newsletter registration. This includes the logging of your consent. We therefore log the date and time of the consent, the text of the consent, whether the checkbox was ticked, your email address and any other voluntary information. We also record the date and time you click the confirmation link and the link in the confirmation email. We collect this information only to comply with legal obligations.
You have the right to revoke your consent at any time. However, the revocation of consent does not affect the legality of the processing up to the revocation.
COSMO CONSULT informs its existing and prospective clients about its products and events on the basis of COSMO CONSULT’s legitimate interest. For this purpose, data stored by COSMO CONSULT are used insofar as they are required. You have the right to object to such use of your data at any time.
1. 1. 5 Measures for your security
The situations in which we use your personal data include:
- We analyze your data to protect you or your company from fraudulent activities. This might be the case if, for example, you have been the victim of identity theft or if unauthorized persons have gained access to your user account in some other way;
- To improve the reliability of our web applications, our IT support will work closely with you in case of technical problems. In this context, we also evaluate logs of page views, actions performed, etc.;
- To ensure IT security;
- To be able to document and prove facts for the eventuality of possible legal disputes.
This data processing is done on the basis of Article 6 (1) f GDPR.
1. 1. 6 On the basis of your consent
If you have granted consent for the processing of your personal data for one or more specified purposes, then it is permissible for us to process your data. You may revoke your consent with a view to the future at any time without incurring any cost other than the base rate for transmission (the cost of your Internet connection). However, the revocation of consent does not affect the legality of the processing up to the revoction.
The processing of this data for this purpose is done based on Article 6 (1) a of the GDPR.
1. 1. 7 On the basis of legal requirements or in the public interest
As a company, we are subject to a wide variety of legal requirements (for example, arising from tax legislation). In order to comply with our legal obligations, we process only the personal data that is absolutely necessary for that purpose.
In accordance with applicable data protection regulations, we do not store your personal data longer than is necessary for the purpose of the processing concerned. When the data is no longer required for the fulfillment of contractual or legal obligations, we regularly delete it, unless it is necessary to store it temporarily. The following reasons may be grounds for retaining the data:
- There are obligations to retain data under commercial and tax law that must be complied with: time periods of up to 10 years are prescribed for the retention of data according to the regulations of the commercial code and the tax code.
- To preserve evidence for the event of legal disputes within the framework of the statutory limitation period: civil law limitation periods can be up to 30 years, although statutes of limitation periods regularly expire after three years.
1. 2 Cookies
Our internet presences and services use cookies. Cookies are small pieces of text information that allow specific, device-related information to be stored on the user's access device (PC, smartphone, etc.). They are used to make the Websites more user-friendly for users (e.g. to store login information) and to collect statistical data about the use of the Websites in order to analyse them and improve the service.
You can configure your browser in such a way that you are informed of the placement of cookies and only allow them on a case-by-case basis, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.
You can manage a large number of cookies from online advertisements via the US website www.aboutads.info/choices/ or the EU website www.youronlinechoices.com/uk/your-ad-choices/
1. 3 Recipients pursuant to Art. 13 Para. 1 lit. e GDPR:
- YouTube
- Oktopost
- DSMN8
- Google Ads
- Bing (Ads)
- Google Analytics
- Hotjar
- Microsoft Clarity
- Microsoft Advertising UET
- DoubleClick (Google Marketing Platform)
- GoTo Webinar
- Conversation24
- Microsoft Dynamics 365 Marketing
- Leadfeeder
The above recipients receive information from us to provide certain services, such as managing social media accounts, managing and publishing social media posts, tracking advertisements on external websites, analysing usage data, providing chat advice, managing job postings, processing form data and running webinars. We work closely with these recipients to improve our service to our customers and to make our business processes more efficient.
1. 4 Contact requests
Some pages on our website offer you the option of contacting us. We will only use information transmitted in this way to process your request. Data collected in this way will not be passed on to third parties or reconciled with data that may have been collected by other components of our website.
1. 5 Comments and contributions
If you leave comments on the blog or contribute to our website in any other way, your IP addresses will be saved. This measure serves to protect us if illegal content (offensive comments, forbidden political propaganda etc.) is present in comments and/or other contributions. In this case, we as the website operator can be prosecuted for the illegal comment or contribution and are therefore interested in the author's identity.
1. 6 Newsletter
We inform you about our offers by newsletter. To subscribe to our newsletter, you will need a valid email address, which you will also need to confirm. We will send you a confirmation email to the email address you provide. Only after confirming this email will you receive the requested information from us. The "Name" field, which is mandatory in the newsletter, is used to address you personally.
When you register for our newsletter, we will save your IP address and the date and time of your registration. This helps to protect us if a third party misuses your email address and subscribes to our newsletter without your knowledge. The data collected in this way will be used exclusively for the delivery of our newsletter. We will not collect additional data or pass your data on to third parties. There will also not be any reconciliation of data collected in this way with data that may have been collected by other components of our website.
You may revoke your consent to the saving and using of this data at any time. The revocation can be initiated via a link in the newsletter or by sending a message to the address provided in the imprint.
1. 7 Objection to advertising emails
The use of contact data published in compliance with German legislation on providing company information for sending advertisements and informational material that is not expressly requested is hereby rejected. The operators of the web pages expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, for example via spam emails.
1. 8 Amendment to the privacy policy
We reserve the right to amend this data protection declaration from time to time based on updates of this website. We therefore recommend that you visit this website regularly to make sure that you agree with the amendments.
2. Contact
If you have questions regarding the processing of your personal data or require additional information on the topic of data protection, please do not hesitate to contact our interal privacy coordinator or external data protection officer.
2. 1 Internal privacy coordinator:
COSMO CONSULT SSC GmbH
Von Steuben Straße 10/12
48143 Münster
Deutschland
2. 2 External Data Protection Officer:
2B Advice GmbH
Joseph-Schumpeter-Straße 15
53227 Bonn
Deutschland
3. Jointly responsible members of the COSMO CONSULT Group
The companies listed here have entered into a data protection agreement pursuant to Article 26 REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, as amended) as jointly responsible entity COSMO CONSULT Group. A list of the members can be found here.
3. 1 Overview of all Partners and Contractors
COSMO CONSULT has concluded data processing agreements with strategic partners and other service providers in accordance with Article 28 GDPR with effect for all companies of the group. COSMO CONSULT uses the service providers listed as approved subcontractors. Here you can find the Overview of all Contractors and Partners.
3. 2 Data Processing Agreement
Article 28 ff. EU-GDPR lays out detailed statutory rules on the processing of personal data by service providers. If you pass on personal data of your company, business partners or customers, it is important that you do so in a manner that is legally compliant and in accordance with the new EU Regulation.
If you have your customer data processed directly or remotely by COSMO CONSULT or if you make it available to us for the purpose of processing service requests, we are now offering the opportunity for you to conclude an EU-GDPR-compliant contract agreement with us that guarantees you complete legal certainty. In order to make the necessary processes as convenient and transparent as possible for you, an application form is available under the following link privacy portal.
In the online form you can then enter the specific details about the type and scope of the data to be processed. On the basis of this, we will create a processor contract tailored to your needs. Please note: No additional costs arise for you in connection with the application or preparing or concluding the contract!
3. 3 Data protection and Data Security at COSMO CONSULT
COSMO CONSULT has taken measures in the areas of construction, personnel, organization and technology that ensure the security of objects and data, as well as uninterrupted operations.
The technical and organizational data-protection measures deal with the following:
- Organizational control, physical access control, system access control, data access control, transfer control, order control, availability control and the separation requirement
- Type of data exchange, provision of data, nature and circumstances of processing, data storage as well as the kind of and environment for data transmission
- Measures to permanently secure the confidentiality, integrity, availability and capacity of the systems and services and the ability to rapidly restore the availability of and access to personal data in the event of a physical or technical incident. A procedure for periodically reviewing, assessing and evaluating the effectiveness of these measures.
As a general principle, the technical and organizational measures of COSMO CONSULT are affected by technological progress and continuing development. COSMO CONSULT will take all measures necessary to increase security. You can download the current documentation of the technical and organizational measures "Data Protection and Data security at COSMO CONSULT”.
4. Rights of affected persons
You always have the right to receive information about your stored personal data, its origin, the recipients of that data as well as the the purpose of the data processing free of charge at any time. If the data is not correct, you are entitled to require us to correct it or, if it is incomplete, to remedy that. If we have given your data to third parties with your consent, we will inform them of this action in certain legal circumstances.
If the data processing is done in the public interest or on the basis of a balance of interests, you have the right to object to the data processing for reasons arising from your particular situation.
If your data is no longer needed for the original purpose, you have revoked your consent and there is no other legal basis for processing the data, or if your data is being processed unlawfully, you are entitled to require us to delete your data. This also applies if your objection to the processing is legally effective or your data must be deleted to fulfill a legal obligation.
Please note that before deleting your data, we must confirm that there is no legitimate reason or legal obligation to process your personal data.
You are entitled to demand that the processing of your data be restricted if you dispute the accuracy of the data, we still need the data in order to assert legal claims, the data is being processed unlawfully or you have objected to the processing and the review of your case is still pending.
If you provide us with personal data, you have the right to receive that data on request in a transferable and machine-readable format or to have that data provided to another person named by you.
Of course, you also have the right to lodge a complaint with the competent authority at any time if our conduct in relation to your personal data gives you grounds to do so.
Version: 2.1 | Last updated: 13.03.2023