Privacy Policy

Privacy policy according to Art. 13 GDPR

Name and address of the data controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection laws is:

CUBE brand communications GmbH

Eichstätter Straße 40
85117 Eitensheim

Germany

Phone: 0173 / 8696228
E-Mail: info@cube-bc.com

Name and address of the Data Protection Officer

The Controller’s Data Protection Officer is:

Felix Heim

Ludwig-Erhard-Str. 6
84034 Landshut
Germany

E-Mail: datenschutzbeauftragter@instart-group.com

General information about data processing

Legal basis for the processing of personal data

Pursuant to Art. 13 GDPR, we inform you about the legal basis for our data processing activities. If the legal basis is not specifically mentioned in the privacy notice, the following shall apply:

The legal basis for obtaining consent is Art. 6 para. 1 (a) in conjunction with Art. 7 GDPR. The legal basis for processing to fulfill our services and perform contractual measures as well as for responding to inquiries is Art. 6 para. 1 (b) GDPR. The legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 (c) GDPR. If the processing of your data is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 (f) GDPR serves as the legal basis for the processing. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 (d) GDPR serves as the legal basis.

Data deletion and storage period

We adhere to the principles of data minimization according to Art. 5(1) (c) GDPR and storage limitation according to Art. 5(1) (e) GDPR. We only store your personal data for as long as necessary to achieve the purposes stated here or as provided for by the storage periods prescribed by the legislator. After the respective purpose has ceased to exist or after the expiry of these storage periods, the corresponding data will be deleted as soon as possible.

Note on data transfer to third countries

Tools from companies based in third countries (including the USA) are also integrated on our website. If these tools are active, your personal data may be transmitted to the servers of the respective companies. The level of data protection in third countries usually does not correspond to EU data protection law. Therefore, there is a risk that your data may be disclosed to authorities of these countries. We have no influence on these processing activities.

External links

This website may contain links to third-party websites or to other websites under our responsibility. If you follow a link to one of the websites outside of our responsibility, please note that these websites have their own privacy information. We do not assume any responsibility or liability for these foreign websites and their privacy notices. Therefore, before using these websites, please check whether you agree with their privacy policies.

You can recognize external links either by being visually highlighted in a different color or underlined from the rest of the text. Your cursor will indicate external links when you hover over them. Only when you click on an external link will your personal data be transmitted to the target of the link. The operator of the other website will receive your IP address, the time at which you clicked on the link, the page on which you clicked on the link, and other information, which you can find in the privacy policy of the respective provider.

Please also note that individual links may lead to a transfer of data outside the European Economic Area. This may give foreign authorities access to your data. You may not have any legal remedies against these data accesses. If you do not want your personal data to be transmitted to the link destination or even exposed to access by foreign authorities, please do not click on any links.

Rights of the data subject

As a data subject under the GDPR, you have the possibility to exercise various rights. The data subject rights arising from the GDPR are the right to information (Article 15), the right to rectification (Article 16), the right to erasure (Article 17), the right to restriction of processing (Article 18), the right to object (Article 21), the right to lodge a complaint with a supervisory authority, and the right to data portability (Article 20).

Right to withdraw consent:
Some data processing can only be carried out with your explicit consent. You have the right to withdraw your consent at any time. However, the lawfulness of the data processing carried out before the withdrawal of consent is not affected by this.

The right to object:
If the processing of your personal data is based on Art. 6 para. 1 (e) or (f) GDPR, you have the right as the data subject, for reasons arising from your particular situation, to object to the processing of your personal data at any time. This right also applies to profiling based on these provisions within the meaning of Art. 4 no. 4 GDPR. If we cannot demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims, we will cease the processing of your data after you have objected to it.

If the processing of personal data serves the purpose of direct advertising, you also have the right to object at any time. The same applies to profiling that is associated with direct advertising. In these cases, we will stop processing personal data as soon as you object.

Right to complain to a supervisory authority:
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy. This includes the right to lodge a complaint with a supervisory authority in the member state of your residence, place of work, or the place of the alleged violation.

Right of data portability:
If your data is processed automatically based on consent or the fulfillment of a contract, you have the right to receive this data in a structured, commonly used, and machine-readable format. Additionally, you have the right to demand the transfer and provision of the data to another controller, as far as this is technically feasible.

Right of access, rectification and deletion:
You have the right to obtain information about your processed personal data regarding the purpose of data processing, the categories, the recipients, and the duration of storage. If you have any questions on this topic or other topics related to personal data, you can of course contact us via the contact information provided in the imprint.

Right to restriction of processing:
You can always request the restriction of the processing of your personal data. To do so, you must meet one of the following requirements:

  • You dispute the accuracy of your personal data. For the duration of the verification of the accuracy, you have the right to request a restriction of the processing.
  • If processing is carried out unlawfully, you can alternatively request a restriction of the use of the data instead of deletion.
  • If we no longer need your personal data for the purposes of processing, but you need the data for the assertion, exercise or defense of legal claims, you can alternatively request a restriction of the processing instead of deletion.
  • If you object to the processing according to Art. 21 para. 1 GDPR, a balancing of interests between your interests and ours will be carried out. Until this balancing of interests has taken place, you have the right to request a restriction of the processing.

A restriction on processing means that, apart from storage, the processing of personal data may only take place with your consent or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.

Provision of the website (web hosting service)

Our website is hosted by:

STRATO AG

Otto-Ostrowski-Straße 7
10249 Berlin
Germany

When you access our website, we automatically collect and store information in server log files. Your browser automatically transmits this information to our server or to the server of our hosting company.

These are:

  • IP address of the device used by the website visitor
  • Type of device used
  • Hostname of the accessing computer
  • Operating system of the visitor
  • Browser type and version
  • Name of the accessed file
  • Time of the server request
  • Amount of data transferred
  • Information whether the retrieval of the data was successful

These data will not be merged with other data sources.

The legal basis for processing this data is Art. 6 (1) (f) GDPR. Our legitimate interest is the technically error-free presentation and optimization of this website.

Instead of operating this website on our own server, we can also have it hosted on the server of an external service provider (hosting company). In this case, the personal data collected on this website will be stored on the servers of the hosting company. In addition to the data mentioned above, this may include, for example, contact inquiries, contact details, names, website access data, meta and communication data, contract data, and other data generated through a website.

The purpose of pre-contractual or contractual fulfillment towards the data subject is also cited as another legal basis (Art. 6 (1) (b) GDPR). In the event that we have commissioned a hosting company, there is a contract for order processing with this service provider.

Use of Local Storage Items, Session Storage Items und Cookies

Our website uses Local Storage Items, Session Storage Items and/or cookies. Local storage is a mechanism that allows data to be stored within the browser on your device. This data usually includes user preferences, such as the "day" or "night" mode of a website and remains stored until you manually delete the data. Session Storage is very similar to Local Storage, but the storage duration only lasts during the current session, until you close the current tab. After that, the Session Storage Items are deleted from your device. Cookies are pieces of information that a web server (server that provides web content) stores on your device to be able to identify it. They are either temporary for the duration of a session (session cookies) and are deleted after you leave a website, or permanent (persistent cookies) and stored on your device until you delete them yourself or an automatic deletion occurs by your web browser.

These objects can also be stored on your device by third-party companies when you visit our site (third-party requests). This allows us as the operator and you as the visitor of this website to use certain services from third parties that are installed on this website. Examples of this are the processing of payment services or the display of videos.

These mechanisms have various applications. They can improve the functionality of a website, control shopping cart functions, increase the security and comfort of website use, and perform analyses of visitor flows and behavior. Depending on the individual functions, they must be classified in terms of data protection. If they are necessary for the operation of the website and intended to provide certain functions (shopping cart function) or to optimize the website (e.g. cookies to measure visitor behavior), their use is based on Art. 6 para. 1 (f) GDPR. As a website operator, we have a legitimate interest in storing local storage items, session storage items, and cookies for the technically flawless and optimized provision of our services. In all other cases, the storage of local storage items, session storage items, and cookies only takes place with your express consent (Art. 6 para. 1 (a) GDPR).

As far as local storage items, session storage or cookies are used by third-party companies or for analytical purposes, we will inform you separately about this within the scope of this data protection notice. Your required consent will be requested and can be revoked at any time.

Use of external services

External services are used on our website. External services are services provided by third-party providers that are used on our website. This can be done for various reasons, such as embedding videos or ensuring the security of the website. When using these services, personal data is also transmitted to the respective providers of these external services. If we do not have a legitimate interest in using these services, we will obtain your revocable consent as a visitor to our website before use (Art. 6 para. 1 (a) GDPR).

Consent Management

To comply with data protection requirements, we use a consent management tool on our website. With this tool, we obtain the necessary consent for setting cookies or using external services. The consents are stored. The processing is necessary for compliance with a legal obligation to which the controller (operator of the website) is subject. Therefore, the legal basis for processing is Article 6(1) (c) GDPR.

Borlabs Cookie

We use the Borlabs Cookie service on our website. The provider of the service is Borlabs - Benjamin A. Bornstein, Rübenkamp 32, 22305 Hamburg, Germany.

Since this service is hosted locally on the web server, no data is transmitted to third parties.

Optimization of Presentation

We use tools that serve to optimize the presentation of our website. These tools help to display the website in other languages or in a more accessible way for people with disabilities.

Processing only occurs if you explicitly consent to this data processing (via our consent banner on the website). The legal basis for consent is Art. 6 para. 1 (a) GDPR. Without your consent, data processing will not occur in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of processing that occurred prior to the withdrawal of consent remains unaffected.

Polylang

We use the service Polylang on our website. The provider of the service is WP Syntex, 28 rue Jean Sébastien Bach, 38090 Villefontaine, France.

As this service is hosted locally on the web server, no data transfer to third parties takes place.

Social Media

We use social media plugins to connect our website with our social media channels. The integration of the plugins is intended to make it easier for visitors to our website to follow our channels on social networks, share, like, or comment on content. Some social media plugins allow for the analysis of user behavior of website visitors with regard to their behavior on social networks. By using plugins, the level of awareness and the number of followers of our channels should be increased.

The plugins also process personal data and transfer data to these social networks. This transfer occurs as soon as the website is accessed. Processed data may include, for example, name, address, email address, phone number, access time, device information, IP address.

Processing only takes place if you explicitly consent to this data processing (via our consent banner on the website). The legal basis for consent is Art. 6 para. 1 (a) GDPR. Without your consent, data processing does not take place in the manner described above. If you revoke your consent (e.g. via the consent banner or other options provided on this website), we will terminate this data processing. The lawfulness of the processing carried out up to the revocation remains unaffected by this.

Facebook

We use the Facebook service on our website. The provider of this service is Meta Platform Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Dublin, D02x525, Ireland.

By using this service, data may be transferred to a third country (USA).

Further information can be found in the provider's privacy policy at the following URL: https://www.facebook.com/privacy/center/

Facebook Connect

We use the Facebook Connect service on our website. The provider of the service is Meta Platform Ireland Limited (Marketplace), 4 Grand Canal Square Grand Canal Harbour Dublin 2, Ireland.

By using the service, data may be transferred to a third country (USA).

Further information can be found in the provider's privacy policy at the following URL: https://www.facebook.com/privacy/center/

Analysis tools and advertising

Matomo

This website uses the open source web analytics service Matomo.

With the help of Matomo, we are able to collect and analyze data about the usage of our website by its visitors. This enables us, among other things, to determine when certain page views occurred and from which region they originate. Additionally, we gather various log files (such as IP addresses, referrers, browsers, and operating systems used) and can track whether our website visitors perform specific actions (such as clicks, purchases, etc.).

The use of this analysis tool is based on Article 6(1)(f) of the General Data Protection Regulation (GDPR). The website operator has a legitimate interest in analyzing user behavior in order to optimize both the website offering and its advertising.

IP anonymization

During the analysis with Matomo, we employ IP anonymization. This involves truncating your IP address before analysis, making it no longer uniquely identifiable to you.

Cookieless analysis

We have configured Matomo in a way that it does not store any cookies in your browser.

Hosting

We host Matomo with the following third-party provider:

Matomo.org
InnoCraft Ltd
7 Waterloo Quay
PO Box 625
6140 Wellington
New Zealand

Link to Matomo Cloud DPA:
https://matomo.org/matomo-cloud-dpa/

Data processing agreement

We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a legally required contract that ensures that the service provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Google Fonts (local hosting)

This site uses Google Fonts, provided by Google, for the consistent display of fonts. The Google Fonts are installed locally, and there is no connection to Google servers.

or more information about Google Fonts, you can visit the following link: https://developers.google.com/fonts/faq?hl=en and in the privacy policy of Google: https://policies.google.com/privacy?hl=en-US.

iThemes Security

We have integrated iThemes Security on this website. The provider is iThemes Media LLC, 1720 South Kelly Avenue Edmond, OK 73013, USA (hereinafter referred to as "iThemes Security").

iThemes Security is used to protect our website from unwanted access or malicious cyber attacks. For this purpose, iThemes Security collects, among other things, your IP address, the timing and source of login attempts, and log data (such as the browser used). iThemes Security is installed locally on our servers.

iThemes Security transmits IP addresses of recurring attackers to a central database of iThemes in the USA (Network Brute Force Protection) to prevent such attacks in the future.

The use of iThemes Security is based on Article 6(1)(f) of the General Data Protection Regulation (GDPR). The website operator has a legitimate interest in ensuring the most effective protection of their website against cyber attacks.

CUBE Logo

CUBE brand communications GmbH
Eichstätter Straße 40
85117 Eitensheim

CUBE Logo

created by RED RAM MEDIA