INTRODUCTION AND TERMS

1.         INTRODUCTION

By operating our website with the URL www.cream-communication.com (hereinafter referred to as "website"), we process personal data. We treat this data confidentially and process it in accordance with the applicable laws - in particular the German Data Protection Regulation (DSGVO), the German Federal Data Protection Act (BDSG) and the Telecommunications Telemedia Data Protection Act (TTDSG). With these data protection regulations, we want to inform you about what personal data we collect from you, for what purposes and on what legal basis we use it and, if applicable, to whom we disclose it. In addition, we will explain to you what rights you have to protect and enforce your data protection.

2.         NOTES

Our data protection provisions contain technical terms that are in the DSGVO and the BDSG. For your better understanding, we would like to explain these terms in simple terms in advance:

2.1       Personal Data
"Personal data" is any information relating to an identified or identifiable person (Art. 4 No. 1 DSGVO). Information of an identified person can be, for example, the name or the e-mail address. However, personal data is also data where the identity is not immediately apparent, but can be determined by combining one's own information or that of others and thus finding out who it is. A person can be identified, for example, by providing your address or bank details, your date of birth or user name, your IP addresses and/or location data. Relevant here is all information that in any way allows a conclusion to be drawn about a person.

2.2       Processing
Article 4 No. 2 of the GDPR defines "processing" as any operation related to personal data. This relates in particular to the collection, recording, organisation, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

RESPONSIBLE COMPANY AND
DATA PROTECTION OFFICER

3.         RESPONSIBLE

Responsible for data processing is:

Company:                               Cream Communication ("we")
Legal representative:      Anne Bettina Leutner (Managing Director)
Address:                                 Schauenburger Straße 37, 20095 Hamburg, Germany
Phone:                                    +49 40 401 131 010
E-mail:                                    contact@cream-communication.com

4.         DATA PROTECTION REPRESENTATIVE

We have appointed an external data protection representative for our company. You can reach him under: 

Name:                                     Arne Platzbecker
Address:                                 HABEWI GmbH & Co. KG, Palmaille 96, 22767 Hamburg, Germany
Phone:                                    +49 40 46008966
Fax:                                         +49 40 46008977
E-mail:                                    datenschutz@habewi.de

PROCESSING FRAME

5.         PROCESSING FRAMEWORK: WEBSITE

Within the framework of the website, we process the personal data of you listed in detail below in section IV. We only process data from you that you actively provide on the website (e.g. by filling out forms) or that you automatically provide when using our offer.

Your data will be processed exclusively by us and will not be sold, lent or passed on to third parties. If we use external service providers to process your personal data, this is done within the framework of so-called order processing, in which we as the client are authorised to issue instructions to our contractors. We use external service providers for the hosting of our website. We host our website with the external provider All-Inkl (ALL-INKL.COM - Neue Medien Münnich, owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany) at the computer centre in Dresden, Germany. If further external service providers are used for individual processing operations listed in section IV, they will be named there.

As a matter of principle, we do not transfer data to third countries and do not plan to do so. We will provide information about exceptions to this principle in the processing operations described below. Any data transfer to third countries will then take place on the basis of the so-called EU standard contractual clauses.

THE PROCESSING IN DETAIL

6.        CONTACT BY E-MAIL

6.1       Description of the processing

You can contact us via the e-mail addresses given on the website. To contact us, you can write to us via the e-mail address provided on the website. In this case, the personal data transmitted with the e-mail will be processed by us.

6.2       Purpose
The data transmitted with and in your e-mail will be used exclusively for the purpose of processing and responding to your request.

6.3       Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in section 6.2. If the e-mail contact is aimed at the conclusion or fulfilment of a contract, the data processing is carried out for the fulfilment of the contract (Art. 6 para. 1 lit. b DSGVO).

6.4       Storage period
We delete the data as soon as it is no longer required to achieve the purpose for which it was collected. This is usually the case when the respective communication with you has ended. The communication is deemed to have ended when it is clear from the circumstances that your concern has been conclusively clarified. If legal retention periods prevent deletion, the data will be deleted immediately after the expiry of the legal retention period.

7.         SOCIAL NETWORKS

7.1       Description of the processing

Our website does not use any so-called social media plugins. The LinkedIn logos displayed on our website are merely linked to the corresponding profiles of our company on the social networks. A data transfer to the social networks does not take place with the integration of the logos. If you click on one of the logos, you will only be redirected to the external website of the respective social network.

However, our profiles within the social networks do constitute data processing. If you are logged in to the respective social network when you visit such a profile, this information will be assigned to your user account there. If you interact with our profile, e.g. comment, "share", "like" or "retweet" a post, this information will also be stored in your user account. As a rule, your interactions with our profile can also be viewed by us.

7.2      

On the social network LinkedIn, we have the possibility to obtain statistical data about the use of our LinkedIn profile via the so-called "Insights" feature

The social networks with which you communicate store your data using pseudonyms as usage profiles and use them for advertising purposes and market research. For example, you may be shown advertisements within the social network and on other websites of third parties that correspond to your presumed interests. Cookies are generally used for this purpose, which the social network stores on your end device. You have the right to object to the creation of these user profiles, and to exercise this right you must contact the social networks directly.

7.3       Purpose
We maintain profiles on the aforementioned social networks for the purpose of public relations and corporate communication with customers and interested parties. We use the "Insights" feature to evaluate the reach of our posts on the social network and to make them more appealing to our visitors in the future.

7.4 Legal basis
The legal basis for data processing in the context of our profiles on social networks is the protection of our overriding legitimate interests (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose named in section 7.3. If you are asked for consent by the respective operator of a social network, the legal basis is Art. 6 para. 1 lit. a DSGVO. The data processing with regard to our presence on LinkedIn is also carried out on the basis of joint responsibility in accordance with Art. 26 DSGVO.

7.5       Recipients and transmission to third countries

The respective social networks are operated by the companies listed below. For further information on data protection with regard to our profile on the social networks, please refer to the linked data protection provisions.

• LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Privacy policy: www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy. The privacy agreement with LinkedIn can be found at www.linkedin.com/legal/l/dpa. The shared responsibility agreement can be viewed at legal.linkedin.com/pages-joint-controller-addendum.

The social networks also process your personal data in the USA.

8.         FONT SUBSTITUTION
When displaying our website, the standard fonts of your terminal device are replaced by fonts. This is done to make the text on our website easier to read and more aesthetically pleasing. When replacing fonts, we have opted for a privacy-friendly solution. We do not use external services such as Google Fonts or Adobe Fonts. Instead, we store the fonts to be replaced locally on our server. This has the advantage that when you call up our site, no request is made by your browser to external font replacement services and therefore no data, in particular your IP address in connection with the address of our website, is transmitted to third parties.


SECURITY MEASURES

9.         SECURITY MEASURES
To protect your personal data from unauthorised access, we have provided our website with an SSL and TLS certificate. SSL stands for "Secure Sockets Layer" and TLS for "Transport Layer Security" and encrypts the communication of data between a website and the user's end device. You can recognise active SSL or TLS encryption by a small lock logo that is displayed on the far left of the browser's address bar.

YOUR RIGHTS 

10.       AFFECTED RIGHTS

With regard to the data processing by our company described above, you are entitled to the following data subject rights:

10.1     Information (Art. 15 GDPR)
You have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 DSGVO under the conditions specified in Art. 15 DSGVO.

10.2     Rectification (Art. 16 GDPR)
You have the right to demand that we correct any inaccurate personal data relating to you without delay and, if necessary, to complete any incomplete personal data.

10.3     Deletion (Art. 17 GDPR)
You have the right to demand that we delete personal data relating to you without delay if one of the reasons listed in detail in Article 17 of the GDPR applies, e.g. if your data is no longer required for the purposes we are pursuing.

10.4     Restriction of data processing (Art. 18 GDPR)
You have the right to request that we restrict processing if one of the conditions listed in Art. 18 of the GDPR applies, e.g. if you dispute the accuracy of your personal data, data processing will be restricted for the period of time that allows us to verify the accuracy of your data. 

10.5     Data portability (Art. 20 GDPR)
You have the right, under the conditions set out in Art. 20 of the GDPR, to request the return of the data concerning you in a structured, common and machine-readable format.

10.6     Withdrawal of consent (Art. 7 para. 3 GDPR)  
You have the right to withdraw your consent at any time in the case of processing based on consent. The revocation applies from the time it is asserted. In other words, it is effective for the future. The processing therefore does not become unlawful retroactively as a result of the withdrawal of consent.

10.7     Complaint (Art. 77 GDPR)
If you believe that the processing of personal data concerning you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. You can exercise this right with a supervisory authority in the EU Member State of your residence, workplace or the place of the alleged infringement. 

10.8     Prohibition of automated decisions/profiling (Art. 22 GDPR)
Decisions which have legal effects concerning you or which significantly affect you must not be based solely on automated processing of personal data, including profiling. We inform you that we do not use automated decision-making, including profiling, with regard to your personal data.
10.9     Objection (Art. 21 GDPR)
If we process your personal data on the basis of Art. 6 (1) f of the GDPR (for the protection of overriding legitimate interests), you have the right to object to this under the conditions listed in Art. 21 of the GDPR. However, this only applies insofar as there are reasons arising from your particular situation. After an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms. We also do not have to stop processing if it serves the assertion, exercise or defence of legal claims. In any case - also irrespective of a specific situation - you have the right to object to the processing of your personal data for direct marketing at any time.

 

Status: March 2023