Privacy Policy

We manage our websites in accordance with the principles set out below:

We undertake to comply with the statutory data protection requirements and endeavor to always observe the principles of data avoidance and data minimization.

1. Name and address of the Controller and the Data Protection Officer

a) The Controller

The Controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States of the European Union as well as other data protection regulations is:

Gambit Consulting GmbH

Junkersring 35

53844 Troisdorf, Germany

Tel.: +49 2241 8845455

Fax: +49 2241 8845990

E-mail: info@gambit.de

www.gambit.de

b) The Data Protection Officer

The Controller’s Data Protection Officer can be contacted at:

SiDIT GmbH, www.sidit.de, e-mail: info@sidit.de

2. Definition of terms

We have designed our Privacy Policy in accordance with the principles of clarity and transparency. However, in case of any ambiguity in relation to the use of various terms, their definitions can be found here.

3. Legal basis for data processing

a) Processing of personal data in accordance with the GDPR

We process your personal data, such as your first and last names, your e-mail address, and IP address, etc., only where there is a legal basis for doing so. In particular, we take the following rules into consideration, in accordance with the General Data Protection Regulation (GDPR):

  • Article 6(1)(a) GDPR: The data subject has given consent to the processing of his or her personal data for one or more specific purposes
  • Article 6 (1)(b) GDPR: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Article 6 (1)(c) GDPR: Processing is necessary for compliance with a legal obligation to which the Controller is subject.
  • Article 6 (1)(d) GDPR: Processing is necessary to protect the vital interests of the data subject or of another natural person.
  • Article 6 (1)(e) GDPR: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
  • Article 6 (1)(f) GDPR: processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

However, we will always inform you once again at the appropriate points in this Privacy Policy of the legal basis on which we process your personal data.

b) Consent of the holder of parental responsibility under Article 8 (1) (second sentence) GDPR

In all cases of data processing on this website requiring the consent of a minor below the age of 16 years, consent must be obtained from a holder of parental responsibility.

Information about the individual data processing operations that require the consent of the data subject, the purposes of the processing, and the data categories involved can be found in the Privacy Policy.

You may withdraw your consent at any time by sending a notice to that effect to the Controller using the contact details listed above. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

c) Processing of information in accordance with Section 25(1) TDDDG

We also process information in accordance with Section 25 (1) of the German Telecommunications-Telemedia Data Protection Act [Telekommunikation-Telemedien-Datenschutz-Gesetz, German acronym: TTDSG] by storing information on your terminal equipment or by accessing information already stored on your terminal equipment. This information may consist of both personal and non-personal data, such as cookies, browser fingerprints, advertising IDs, MAC addresses and IMEI numbers. Terminal equipment, within the meaning of Section 2(2)(6) TTDSG, is any equipment connected directly or indirectly to the interface of a public telecommunications network for the purpose of transmitting, processing, or receiving messages.

As a rule, we process this information based on your consent, in accordance with Section 25(1) TTDSG.

Where an exception under Section 25(2), subparagraphs (1) and (2) TTDSG applies, we do not require consent. This type of exception applies in cases where we access or store the information solely for the purpose of transmitting a message over a public telecommunications network, or where it is strictly necessary in order for us to provide a telemedia service that you have expressly requested. You may withdraw your consent at any time.

We inform you that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

4. Transfer of personal data

The transfer of personal data also comes under processing within the meaning of Section 3 above. At this point, however, we would like to inform you separately about the transfer of data to third parties. Protecting your personal data is very important to us. Consequently, we are particularly careful when we transfer your data to third parties.

We transfer data to third parties only in cases where there is a legal basis for the processing. For example, we transfer personal data to persons or companies acting as processors on our behalf, pursuant to Article 28 GDPR. A processor is any party that processes personal data on our behalf, i.e. under our instruction and control.

In accordance with the provisions of the GDPR, we conclude an agreement with each of our processors to oblige them to comply with data protection regulations, thus providing full protection for your data.

5. Storage period and erasure

We erase your personal data once the data are no longer necessary for the purposes for which they were collected or otherwise processed, or where the processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

6. SSL or TLS encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as any requests you send to us as the website operator. You can recognize an encrypted connection by the change in the address line of the browser from “http://” to “https://” and by the padlock symbol in your browser’s address bar.

With SSL/TLS encryption activated, the data you transmit to us cannot be intercepted and read by third parties.

7. Cookies

We use cookies on our website. Cookies are small data packets created automatically by your browser and stored on your end device when you visit our website. These cookies are used to store information about the end device being used.

When using cookies, we make a distinction between technically necessary cookies and “other” cookies. Technically necessary cookies are cookies that are strictly necessary in order for us to provide an information society service that you have expressly requested.

a) Technically necessary cookies

To make the use of our website more enjoyable for you, we use technically necessary cookies, such as session cookies (which save your choice of language and font or your shopping cart, for example), consent cookies, cookies used to ensure server stability and security, or similar. The legal basis for the cookies results from Article 6(1)(f) GDPR, from our legitimate interest in the error-free operation of the website and the optimization of our service provision for you.

b) Other cookies

Other cookies include cookies for statistical, analysis, marketing, and retargeting purposes.

We use these cookies for you based on your consent pursuant to Article 6(1)(a) GDPR.

You may withdraw your consent to the use of cookies at any time.

We inform you that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

You can withdraw consent either by editing your cookie settings on our website, disabling the use of cookies in your browser settings (which may also restrict the functionality of the website), or in individual cases by setting an opt-out for the service in question.

In the Privacy Policy, we inform you for each respective service of the legal basis on which these data are processed.

Change cookie settings

8. Cookie banner/consent management

To obtain consent for the cookies we use, we use a cookie banner from service provider Usercentrics GmbH, Sendlinger Strasse 7, 80331 Munich. This banner sets a consent cookie to query and process the consent status. This consent cookie is technically necessary, hence we use it on the basis of our legitimate interest pursuant to Article 6(1)(f) GDPR and Section 25(1) TTDSG.

You may change your consent at any time by selecting the Privacy Settings link in the website footer.

9. Collection and storage of personal data, nature of the data, and the purpose of its use

a) External hosting

Our website is hosted by Corpex Internet GmbH, Tempowerkring 1A, 21079 Hamburg, Germany. Consequently, all personal data collected on our website are stored on our web host’s servers, unless an external third-party service is embedded. This may include the IP address, your e-mail address, communication data, or similar. Please find below an explanation of the specific personal data involved for individual features and services. In cases where we use an external third-party service, we make this clear in the description of the service or tool.

The web host processes your data only on our instructions, and only to the extent necessary to provide the services on the website. The web host does not process the data for its own purposes.

b) When visiting the website

When you access our website, the browser in use on your end device automatically sends information to our web server. This information is stored temporarily in a log file. The following information is collected without any action on your part and stored until it is automatically erased:

  • The IP address of the computer sending the request
  • The date and time of access
  • The name and URL of the file retrieved
  • The web page from which the website was accessed (referrer URL)
  • The browser used and, if applicable, the operating system of your computer and the name of your access provider

We process the data listed above for the following purposes:

  • To ensure a smooth connection to the website
  • Fault analysis

Identifying information, such as your IP address, will be erased after 30 days at the latest. If we store the data beyond this period, it will be pseudonymized so that it cannot be traced back to you personally.

The legal basis for data processing is Article 6(1)(f) GDPR. We have a legitimate interest in data collection for the purposes stated above. We will never use the data collected to identify you.

c) Hubspot CRM

We have integrated the CRM system of Hubspot (Hubspot Inc. 25 Street, Cambridge, MA 02141 USA) on our website.

We use this CRM system to manage users of our website. It enables us to record and analyze customer interactions via e-mail, chat, social media, or telephone across various channels. We use these data to engage with users.

We process your personal data in the context of our Hubspot CRM system in reliance on our legitimate interest pursuant to Article 6(1)(f) GDPR.

For more details about data protection at Hubspot, visit https://legal.hubspot.com/privacy-policy.

d) Newsletter

Content of the newsletter and subscription data

We will only send out our newsletter, perform statistical surveys and analyses, and log the subscription process if you explicitly subscribe to the newsletter and consent to the processing of your data for these purposes in accordance with Article 6(1)(a) GDPR and Section 25(1) TTDSG.

The content of the newsletter is specifically described when you subscribe. To subscribe to the newsletter, you simply provide your e-mail address. Any additional information you choose to provide, such as your name and/or gender, will only be used to personalize the newsletter we send you.

Logging

Your subscription to the newsletter will be logged. As part of the logging process, we store the subscription and confirmation times, the data you provide, and your IP address. If you make changes to your data, those changes will also be logged.

Withdrawal of consent

If you no longer wish to receive our newsletter, you may withdraw your consent at any time with future effect. You can withdraw consent by selecting the unsubscribe link at the end of each newsletter or by sending us an e-mail to the following e-mail address: info@gambit.de

The withdrawal of consent does not affect the lawfulness of processing carried out based on consent before its withdrawal.

Use of HubSpot

To manage subscriptions, we use the CRM service HubSpot, provided by HubSpot Inc. (25 First Street, Cambridge, MA 02141 USA).

The e-mail addresses and other relevant data of prospective customers, as described herein, will be stored on HubSpot’s servers in the USA. HubSpot uses this information to send and evaluate the participation links on our behalf. Furthermore, according to its own information, HubSpot can use these data to optimize or improve its own services, e.g. to technically optimize the sending and presentation of the invitation or for commercial purposes to determine which countries the recipients come from. However, HubSpot does not use the data of our prospective customers to write to them itself and does not transfer the data to third parties. HubSpot has no right to transfer your data.

The HubSpot Privacy Policy is available here.

e) Contact form

Our website has a number of forms that you can use to contact us at any time, register for events, or book appointments with us. To use the forms, you will be required to provide the name by which you wish to be addressed and a valid e-mail contact address, so that we know who has submitted the request and are able to process it.

If you use the contact form to submit a request, the information you provide on the form, including your contact details and your IP address, will be stored in accordance with Article 6(1)(f) GDPR. We process your personal data in accordance with Article 6(1)(b) and (f) GDPR to take steps at your request prior to entering into a contract or to pursue our legitimate interests in the course of our business activity.

f) Use of Google reCAPTCHA

We use Google reCAPTCHA on this website. The provider is Google Ireland Limited (Google), Gordon House, Barrow Street, Dublin 4, Ireland. The purpose of reCAPTCHA is to determine whether data entered on this website (e.g., information entered into a contact form) is being provided by a human user or by an automated program. We have a legitimate interest in protecting our website from misuse by automated software and spam.

When using the reCAPTCHA service, your IP address and any other data required by Google for the reCAPTCHA service will be forwarded to Google for processing.

You must accept Google’s terms of service for the use of reCAPTCHA. There is a separate field for this. Due to IP anonymization, your IP address will be truncated by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to and truncated on a Google server in the USA.

Google will use this information on our behalf to analyze your use of this service. The IP address transmitted by your browser in connection with reCaptcha will not be merged with any other Google data. The deviating privacy terms of Google apply to these data.

You can find the Google privacy policy at https://policies.google.com/privacy.

As a result of the integration of reCAPTCHA, Google fonts will also be loaded dynamically by Google outside of the active control of the website operator or visitor. The integration of these web fonts is done by a server call, usually a Google server in the USA. This may result in the following information being transmitted to the server and stored by Google:

  • Name and version of the browser used
  • Web page that triggered the request (referrer URL)
  • Operating system of your computer
  • Screen resolution of your computer
  • The IP address of the computer sending the request
  • Language settings of the browser or operating system used by the user

You will find more information in the Google Privacy Policy at the following link:

www.google.com/fonts#AboutPlace:about

https://policies.google.com/privacy

The use of Google reCAPTCHA is based on your consent pursuant to Article 6(1)(a) GDPR. You may withdraw your consent at any time.

g) Application form

An application form is available on our website, which you can use to apply to work with us. The personal data you provide in the application will be processed in accordance with our privacy notice for applicants.

The use of this form is based on our legitimate interest in the secure and straightforward transmission of your application documents, Article 6(1)(f) GDPR.

For this purpose, we use the provider Personio SE & Co KG, Rundfunkplatz 4, 80335 Munich, Germany. We have a data processing agreement with this company.

You can find the data protection information for the processing of personal data by us as part of the application process and by Personio itself through the provision of the application tool at https://www.personio.com/security/.

h) Chat

To process your requests more quickly and efficiently, our website uses the chatbot service of HubSpot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA). The chat records are processed by us and assigned to your customer data in our CRM.

Hubspot’s chat widget uses cookies and your IP address to provide the service and collect information about you as a user of our website.

Before using the chat, your consent is required in accordance with Art. 6(1)(a) GDPR. You may withdraw this consent at any time. The processing of your data remains lawful until we receive your withdrawal.

All the personal data you provide during the chat is processed by us, in particular the chat record.

The standard contractual clauses are provided by HubSpot. HubSpot has no right to transfer your data.

The HubSpot Privacy Policy is available here.

10. Analysis and tracking tools

We use the following analysis and tracking tools on our website. These are used to ensure that our website is continually optimized and designed to meet our users’ needs.

We use these tools based on the consent you provided pursuant to Article 6(1)(a) GDPR. You may withdraw your consent at any time by changing the cookie settings. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

The purposes of the data processing and the data categories are indicated in the respective tools. We must point out that we have no control over the type or scope of any further data processing performed by the service providers.

a) Google Remarketing

We use the remarketing feature of Google Ads to target advertising campaigns, including Google AdWords campaigns, to visitors to our website.

This means that, when you visit other websites in the Google Display Network, you will be shown relevant advertisements based on your previous visits to our website.

The DoubleClick cookie enables Google, us, and other third-party providers to serve targeted ads based on the interests identified during your previous visits to our website and/or other websites. This advertising may be displayed on websites of Google and/or other operators of the Google Display Network. We also use the Google Analytics advertising functions to analyze the effectiveness of our own advertising campaigns.

If you have given consent in your Google Account to Google linking your web and app browsing history to your Google Account and to the use of information from your Google Account for ad personalization, Google will use your data and Google Analytics data to create audience lists for cross-device remarketing. To support this feature, Google Analytics first collects Google-authenticated IDs for you as a visitor to our website, which are linked to your Google Account. Google Analytics then temporarily links these IDs with Google Analytics data to optimize our audiences.

Find an overview of data protection at Google here. [https://support.google.com/analytics/answer/6004245]

b) Google conversion tracking

Our website uses Google Ads, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and conversion tracking. If you arrive at our website by clicking an ad placed by Google, Google Ads will place a cookie on your end device for conversion tracking.

This cookie cannot be traced back to an individual. If you visit our website as a user and the cookie is still working, we and Google will recognize that you have clicked the ad and have been redirected to our site. Each Google Ads customer is assigned a different cookie, meaning that cookies cannot be tracked across Ads customers’ websites.

The data obtained using conversion cookies are used to generate conversion statistics for Ads customers. As Google Ads customers, we can see from these statistics the total number of users who responded to our ad and were then redirected to a website with a conversion tracking tag. This enables us to judge the success of individual advertising measures. None of the information we receive during this process could possibly be used to identify you personally as a user.

With Google Ads, your browser automatically establishes a direct connection with the Google server. If you have a Google Account and are logged in to it, your browser can assign the visit to your account. If you do not have a Google account, Google will assign you a unique identifier. We have no control over any other data collected and stored by Google.

Google’s enhanced conversions for Web feature is integrated on our website. This records the personal data we collect, such as e-mail address, name, address or telephone number, in conversion tracking tags. These are then hashed and sent to Google, which then uses the data to match our customers to Google accounts, which were signed into when they engaged with the ad. For more information about this feature, see https://ads.google.com/intl/en_us/home/privacy/solutions/enhanced-conversions-for-web/

You can find the Google Privacy Policy at https://policies.google.com/privacy.

c) Hubspot

For our online marketing activities and customer data administration, we use Hubspot CRM software from HubSpot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA). Among other things, this software analyzes landing pages and creates reports using web beacons and cookies. The following personal data may be processed in connection with this:

  • IP address
  • Geographical location
  • Browser
  • Duration of visit
  • Pages viewed
  • Visitor sources using UTM parameters.

As a rule, the IP address is processed on Hubspot’s European servers and stored in truncated form only. Only in exceptional cases will the IP address be transmitted to and truncated on a HubSpot server in the USA.

We use the information collected to ensure that our website is constantly optimized and improved, and designed to meet our users’ needs. We also use this information to analyze which of our company’s services are of interest to customers, users, and newsletter subscribers in order to contact them for advertising purposes.

HubSpot has no right to transfer your data.

The HubSpot Privacy Policy is available here.

f) Microsoft Clarity

Our website uses the Microsoft Clarity service for statistical analysis of the use of our website. The provider of Microsoft Clarity is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 USA.

The usage and user information collected, such as your IP address, location, time or frequency of visits to our website, is transmitted to a Microsoft server in the USA and stored there. We have activated the anonymization function for this service, which means that your IP address is processed in truncated form only.

The data are used to evaluate your visit to our website and your usage behavior to improve and optimize our services.

We have agreed the standard contractual clauses with Microsoft. For more information about data protection at Microsoft, see

https://privacy.microsoft.com/en-us/privacystatement

e) Piwik PRO Analytics Suite

Our website uses the website analytics service Piwik PRO Analytics Suite on our website. The provider of this service Piwik PRO SA, ul. sw. Antoniego 2/4, 50-073 Wroclaw, Poland.

We use the tool to find out more about your behavior on our website and your personal interests to allow us to further optimize our services for you. For this purpose, we collect data such as your IP address, operating system, browser ID, and browsing activity, which helps us to better understand bounce rates, page views, and sessions. Browser fingerprints are also generated. We can also create visitor profiles based on the browsing history to allow us to display personalized content, for example. The legal basis for this is your consent pursuant to Article 6 (1)(a) GDPR.

We have a data processing agreement with the service provider pursuant to Article 28 GDPR.

The information is stored on a Microsoft Azure server in Germany.

For more information, see the Piwik PRO privacy policy at https://piwik.pro/privacy-policy/?pk_vid=af719f45520d589116442410616f93c6#product

f) Facebook Conversion Pixel

We use the Conversion Pixel of Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) to track Facebook ad-driven visitor activity on our website. By accessing this pixel from your browser, Meta Platforms can identify whether a Facebook ad was successful, resulting in an online purchase for example.

We only obtain statistical data from Meta Platforms in connection with this; no personal data is collected. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. Especially if you are logged in to Facebook, we refer you to their privacy policy https://www.facebook.com/about/privacy/.

g) LinkedIn Insight Tag

Our website uses the LinkedIn Insight Tag conversion tool. The provider of this tool is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. This tool places a cookie in your browser, which allows the following data to be collected: IP address, device and browser properties, and page events (e.g. page views). These data are encrypted, anonymized within seven days, and deleted within 90 days.

LinkedIn offers anonymized reports on website audience and ad performance. The Insight Tag can also be used to display interest-based advertising (retargeting). We can use these data to display targeted advertising outside our website without identifying you as a website visitor. For more information about data protection at LinkedIn, see the LinkedIn privacy policy.

LinkedIn members can control the use of their personal data for advertising purposes in their account settings

We have a data processing agreement with LinkedIn

For more information, see the LinkedIn privacy policy:

https://www.linkedin.com/legal/privacy-policy

g) Microsoft Advertising Conversion Tracking

Our website uses the Microsoft Advertising service. The provider and operator of this service is Microsoft Ireland Operations Limited, One Microsoft Place, South Country Business Park, Leopardstown, Dublin, Ireland 18, D18 P521 (Microsoft).

We can use the Microsoft Advertising service to place targeted advertisements on different search engines and networks. The Universal Event Tracking (UET) tool is integrated on our website to enable us to identify which ad or keyword brought you to our website. This conversion tracking tag allows us to learn more about your user behavior on our web pages. We use this information to optimize and tailor our advertisements and offers to your needs.

Microsoft uses the cookie to collect and process information, from which pseudonymous user profiles can be created to analyze visitor behavior and display advertisements. No personal information is processed that identifies users in person.

For this purpose, Microsoft Advertising may collect the following information (not exhaustive):

  • Information about the browser and device you are using
  • Identifiers (indicators) assigned by Microsoft
  • Referrer URL (website via which you accessed our website)
  • IP address
  • Visit duration and time.

We have a data processing agreement with Microsoft, which ensures that your data will be processed in accordance with European data protection standards.

Processing of the personal data by the service provider in the USA cannot be ruled out as the parent company Microsoft Corporation is headquartered in the USA.

For more information about data protection and the cookies used by Microsoft, see the Microsoft website https://privacy.microsoft.com/en-us/privacystatement.

i) Hotjar

Our website uses Hotjar, a user experience analytics service provided by Hotjar Ltd (Hotjar Ltd, Level 2, St Julians Business Centre,3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe). This software enables us to analyze the usage behavior of our website visitors by measuring and evaluating clicks, mouse movements, and similar behavior on our website with the aim of improving the functionality of our website.

Hotjar uses cookies that are stored on your end device to enable an analysis of your use of the website. IP addresses are stored and processed in anonymized form only to prevent individual identification of the user. Information on the operating system, browser, incoming and outgoing links, geographical origin, resolution, and device type is also analyzed for statistical purposes. The above is not personal information and will not be transferred to third parties by us or Hotjar.

Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, this may prevent you from taking full advantage of this website and others.

For more information about data protection at Hotjar, see:
https://www.hotjar.com/legal/policies/privacy/

You can also prevent or re-enable recording by following the instructions at https://www.hotjar.com/opt-out.

j) Plausible

Our website uses Plausible Analytics. The provider is Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia.

We use Plausible Analytics to help us understand visitor trends and the effectiveness of our marketing outreach. The service eschews personally identifiable information in favor of anonymous aggregate data. It does not use cookies and there are no persistent identifiers.

Plausible collects and processes the following information:

  • Page URL
  • Referrer http
  • Browser type and version number
  • Operating system and version number
  • Device type
  • Country, region, city (Plausible looks up the visitor’s location using their IP address. It does not track anything more granular than the city level. The visitor’s IP address is discarded immediately and not stored anywhere.)

These data are transmitted automatically when a website is accessed. Plausible generates a daily changing identifier using the visitor’s IP address and User-Agent. To anonymize these datapoints and make them impossible to relate back to the user, it runs them through a hash function with a rotating salt. This generates a random string of letters and numbers that is used to calculate unique visitor numbers for the day. Old salts are deleted every 24 hours to avoid the possibility of linking visitor information from one day to the next. The use of hash values and salts offers a high standard of security.

The use of Plausible Analytics is based on our legitimate interest in understanding user interactions on our site to improve our content and user experience (Article 6 (1)(f) GDPR). For more information about this service, see https://plausible.io/data-policy.

k) ZoomInfo

Our website uses ZoomInfo analytics to understand how you use our sites and ways that we can improve your experience. The provider of this service is ZoomInfo Technologies LLC
805 Broadway, Suite 800, Vancouver WA 98660 USA. ZoomInfo is a B2B data and software operating system platform.

To deliver the service, ZoomInfo will process your IP address, e-mail address, first and last name, company information, telephone number and addresses, metadata, log file data, and usage data. These data are used to evaluate your visit to our website and create and provide us with reports on website activity.

We have concluded the standard contractual clauses with ZoomInfo.

For more information, see the ZoomInfo Privacy Policy at https://www.zoominfo.com/legal/privacy-policy?.

11. Image, sound, and video integration

a) YouTube

We embed videos of the YouTube service on this website via iFrame and/or a plug-in. YouTube is owned and operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube’s extended data protection mode to embed videos on our website.

However, if you play a YouTube video during your visit, a connection to the YouTube servers is established and the YouTube server is informed which of our pages you have visited. This allows YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your member account before visiting our website. In addition, YouTube sets cookies during video playback to deliver and enhance the quality of its services and prevent misuse.

For more information on the processing of user data and use of cookies, see the YouTube privacy policy at https://policies.google.com/privacy

As a result of the integration of YouTube, Google fonts will also be loaded dynamically by Google outside of the active control of the website operator or visitor. The integration of these web fonts is done by a server call, usually a Google server in the USA. This may result in the following information being transmitted to the server and stored by Google:

  • Name and version of the browser used
  • Web page that triggered the request (referrer URL)
  • Operating system of your computer
  • Screen resolution of your computer
  • The IP address of the computer sending the request
  • Language settings of the browser or operating system used by the user

You will find more information in the Google Privacy Policy at the following link:

www.google.com/fonts#AboutPlace:about

https://policies.google.com/privacy

The legal basis is the consent you provided pursuant to Article 6(1)(a) GDPR. You can withdraw your consent at any time by changing the cookie settings on our website.

b) Vimeo

We embed videos of the Vimeo service on this website via iFrame and/or a plug-in. Vimeo.com is owned and operated by Vimeo, Inc., 330 West 34th Street, 5th Floor, New York 10001 USA.

However, if you play a Vimeo video during your visit, a connection to the Vimeo server is established and the Vimeo server is informed which of our pages you have visited. This allows Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your user account before visiting our website. In addition, Vimeo sets cookies during video playback to deliver and enhance the quality of its services and prevent misuse.

For more information about data processing and data protection at Vimeo, see https://vimeo.com/privacy.

The legal basis is the consent you provided pursuant to Article 6(1)(a) GDPR. You can withdraw your consent at any time by changing the cookie settings on our website.

12. Rights of the data subject

You have the following rights:

a) Right of access

Pursuant to Article 15 GDPR, you have the right to request information about the personal data concerning you which we process. This right of access includes information about

  • The purposes of the processing
  • The categories of personal data concerned
  • The recipients or categories of recipient to whom your data have been or will be disclosed
  • The envisaged storage period, or at least the criteria used to determine the storage period
  • The existence of a right to rectification, erasure or restriction of processing, or to object to such processing
  • The existence of a right to lodge a complaint with a supervisory authority
  • The source of your personal data, where they were not collected by us
  • The existence of automated decision-making, including profiling, and where appropriate, meaningful information about the logic involved

b) Right to rectification

In accordance with Article 16 GDPR, you have the right to obtain from us without undue delay the rectification of incorrect or incomplete personal data stored by us.

c) Right to erasure

In accordance with Article 17 GDPR, you have the right to obtain from us without undue delay the erasure of your personal data stored by us, unless further processing is required for one of the following reasons:

  • The personal data are still necessary for the purposes for which they were collected or otherwise processed.
  • For exercising the right to freedom of expression and information.
  • For compliance with a legal obligation which requires processing under European Union or Member State law to which the Controller is subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the Controller.
  • For reasons of public interest in the area of public health pursuant to Article 9 (2)(h) and (i) and Article 9 (3) GDPR.
  • For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR, insofar as the right referenced in subsection a) is likely to render impossible or seriously impair the achievement of the objectives of that processing.
  • For the establishment, exercise, or defense of legal claims.

d) Right to restriction of processing

Pursuant to Article 18 GDPR, you may request the restriction of the processing of your personal data for one of the following reasons:

  • You contest the accuracy of your personal data.
  • The processing is unlawful and you oppose the erasure of the personal data.
  • We no longer require the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims.
  • You object to the processing pursuant to Article 21 (1) GDPR.

e) Notification obligation

If you have requested rectification or erasure of your personal data or a restriction of processing in accordance with Articles 16, 17 or 18 GDPR, we will notify all recipients to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You may request that we inform you about those recipients.

f) Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format.

You also have the right to request that those data be transferred to a third party, where the processing was carried out by automated means and where it is based on consent pursuant to Article 6 (1)(a) or Article 9 (2)(a) or is necessary for the performance of a contract pursuant to Article 6 (1)(b) GDPR.

g) Right to withdraw consent

Pursuant to Article 7 (3) GDPR, you have the right at any time to withdraw consent that you have previously granted to us. The withdrawal of consent does not affect the lawfulness of processing carried out based on consent before its withdrawal. We may not carry out any further processing based on your consent, once you have withdrawn it.

h) Right to lodge a complaint

Pursuant to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is contrary to the GDPR.

i) Right to object

Where your personal data are processed based on legitimate interests pursuant to Article 6 (1)(f) GDPR, you have the right pursuant to Article 21 GDPR to object to the processing of your personal data for direct marketing purposes or on grounds relating to your particular situation. In the latter case, we will implement your request without the need for you to specify the particular situation. You can exercise your right to object or to withdraw consent simply by sending an e-mail to info@gambit.de

j) Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This right shall not apply if the decision

  1. Is necessary for entering into, or performance of, a contract between you and us
  2. Is authorized by European Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests
  3. Is based on your explicit consent.

However, these decisions must not be based on special categories of personal data referred to in Article 9 (1) GDPR, unless Article 9 (2)(a) or (g) GDPR applies and suitable measures to protect your rights and freedoms and your legitimate interests are in place.

With regard to the cases referenced in subparagraphs i) and iii), we shall implement suitable measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on our part, to express your point of view and to contest the decision.

13. Changes to the Privacy Policy

If we change the Privacy Policy, this will be indicated on the website.

Last updated: 29 July 2024