Privacy Policy - usage of cookies, personal data and more

Preamble

The protection of your personal data is important to us. This Privacy Policy explains what data we process and for what purpose. If you have any further questions regarding the handling of your personal data, please do not hesitate to contact our data protection officer. Changes to technology, our services or legal requirements, as well as other reasons, may require adjustments to our Privacy Policy. We therefore reserve the right to change this Privacy Policy at any time and recommend that you review it regularly.

• Operating system of the user: To analyze devices to ensure optimized presentation of the website
• Information on browser type and version: To analyze the used browser in order to optimize our website
• Internet Service Provider of the user: To analyze the usage of Internet Service Providers
• IP address: To display the website on the respective device
• Date and time of the page view: To ensure the proper operation of the website
• Manufacturer and type of smartphone, tablet or other terminal device: To analyze device manufacturers and types of mobile devices for statistical purposes
• Log files: To ensure the adequate functioning of the website

The data will be deleted when the respective session is terminated. IP addresses will be deleted after 7 days at the most.

The collection of data to provide our website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

According to Art. 13 para. 1 lit. c) GDPR, the following legal basis applies – if not explicitly mentioned in this data protection declaration:

• In the event of consent, Article 6 para. 1 lit. a) GDPR and Article 7 GDPR apply.
• If a contract is fulfilled or pre-contractual measures are taken and inquiries are answered, Art. 6 Para. 1 lit. b) GDPR applies.
• If a legal obligation is fulfilled, Art. 6 para. 1 lit. c) GDPR applies.
• Art. 6 para. 1 lit. f) GDPR applies for the protection of legitimate interests.

As a matter of principle, tracking options are used within the scope of Art 6 para. 1 lit. a) (consent) and/or f) (legitimate interest) of the GDPR.

Our legitimate interest is in marketing and in the improvement of our content and our web appearance. If we base the processing on legitimate interest, personal data is anonymized on principle

Unless otherwise stated in this data privacy policy, the personal data processed by us will be deleted or the processing restricted in accordance with Articles 17 and 18 GDPR. Personal data are erased if they are no longer necessary for the purposes for which they were collected or processed in any other way and if there are no legal storage obligations. Processing is restricted if the personal data cannot be deleted but are absolutely necessary for other purposes, in particular to fulfil commercial or tax obligations.

In principle, it is also possible to deactivate cookies in general or to object to their use. For example, http://www.youronlinechoices.com/ can be used. You can also deactivate cookies via your browser settings.

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic character string that enables a unique identification of the browser when the website is called up again.

1. Technically Necessary Cookies

   We use cookies to make our website more user friendly. Some elements of our website require that the calling browser can be identified even after a page change.

   Technically necessary cookies are not absolutely necessary to display the website. However, some functions of the website, such as the contact form, cannot be used properly without these cookies. Consequently, there is no possibility for the user to object; these cookies can be deactivated in the settings of the respective browser.

   The processing of your personal data is based on Art. 6 para. 1 f) GDPR. Technically necessary cookies are required to provide you with our service and are therefore limited to the absolutely necessary. Your and our interests are the same if you want to use our service. Cookies are therefore retained for up to one year.

2. Cookies for Reach Measurement

   Reach measurement cookies collect information about the use of our website. These cookies do not store any information that allows the user to be identified. The information collected is exclusively aggregated and thus evaluated anonymously.

   The use of cookies for reach measurement is generally carried out within the scope of Art. 6 para. 1 lit. a) (consent) and/or lit. f) (legitimate interest) of the GDPR.

   Google Analytics

   This website uses Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland .

   Google Analytics uses "cookies," which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, Google will first shorten your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website and Internet use. Our legitimate interest in data processing also lies in these purposes. The legal basis for the use of Google Analytics is § 15 para. 3 of the German Telemedia Act (TMG) and Art. 6 para. 1 lit. f) GDPR. The data sent by us and linked with cookies, user identification (e.g., user ID) or advertising IDs are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month. For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/us.html or https://policies.google.com/?hl=en.

   You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that, if you do this, you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser add-on. Opt-out cookies prevent the future collection of your data when you visit this website. If you click here, the opt-out cookie will be set: Disable Google Analytics.

3. Cookies for Marketing Purposes

   We use cookies for marketing purposes, in order to target our users with advertisements according to their interests. In addition, we use cookies to limit the frequency of an advertisement and to measure the effectiveness of our advertising. This information may also be shared with third parties, such as ad networks.

   Cookies are generally used for marketing purposes within the scope of Art. 6 para. 1 lit. a) (consent) and/or f) (legitimate interest) of the GDPR.

   (a) Google DoubleClick

   We use DoubleClick, a service provided by Google Inc. DoubleClick uses cookies to serve user-based ads. The cookies recognize which advertisement has already been placed in your browser and whether you have called up a website via a placed advertisement. Cookies do not collect any personal information and cannot be associated with such information.

   If you don't want to receive user-based advertising, you can disable ads using Google's ad settings.

   (b) Platforms for Marketing Automation

   Our website may use cookies from marketing automation platforms such as Salesforce Pardot or SalesLoft to monitor user activity across multiple digital channels such as email, social media and websites. The cookie itself does not contain any personal information, but it can be linked via a unique identifier to personal data that riskmethods may have already collected from the user (e.g., IP address and contact information). This information can then be used to contact users again with sales or marketing information based on their previous activity.

   These cookies are stored for different periods of time. More information about Pardot cookies: https://help.salesforce.com/articleView?id=pardot_basics_cookies.htm&type=5

   More information about SalesLoft cookies: https://support.salesloft.com/hc/en-us/articles/115005958843-About-Live-Website-Tracking-

For reasons of transparency, we would like to state that we use Google Tag Manager. Google Tag Manager itself does not collect any personal data. Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements used, among other things, to measure traffic and visitor behavior, to measure the impact of online advertising and social channels, to set up remarketing and targeting and to test and optimize websites. We use Tag Manager for Google services. If you have deactivated cookies, this deactivation will be honored by Google Tag Manager. For more information about Google Tag Manager see: https://www.google.com/analytics/tag-manager/use-policy/.

On the riskmethods website we use OneSignal, a message sending service, 2194 Esperanca Avenue, Santa Clara, CA 95054, USA (“OneSignal”). Our legitimate interest to use OneSignal is to send push-notifications about new content to users on the web. You can decide on your own on website if you want to subscribe to push notifications. You can opt-out push notifications by going to your device “Settings” and clicking on “Notifications,” and then changing those settings for some or all of the apps on your device. For more information, please see OneSignal’s privacy policy.

Processing company

Hotjar Limited

Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta

Data Purposes

• Web Analytics
• Customer Journey Analytics

Technologies Used

• Cookies

Data Attributes

• Usage data (mouse clicks, mouse movements, scrolling activity, text you type in this website/keystrokes)
• browser information (browser type, browser version, browser screen size)
• basic information about the user (IP address, language, time zone)

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

• Data and time of visit
• Browser information
• Usage data
• Click path
• IP address

Legal Basis

In the following the legal basis for the processing of personal data required by Art. 6 I 1 GDPR is listed.

• Art. 6 (1) (a) GDPR

Location of Processing

European Union

Retention Period

Data will be deleted as soon as they are no longer needed for the processing purposes.

Data Protection Officer of Processing Company

Below you can find the email address of the data protection officer of the processing company.

dpo@hotjar.com

Further Information and Opt-Out

Click here to opt out from this processor across all domains https://www.hotjar.com/legal/compliance/opt-out

Click here to read the privacy policy of the data processor https://www.hotjar.com/legal/policies/privacy

Cookie Policy URL https://www.hotjar.com/legal/policies/cookie-information

When you subscribe to our newsletter, you will receive a newsletter with news and current information about our products and services.

For people in Europe who are subscribing to our newsletter, we use the double opt-in procedure. This means that we will send a confirmation e-mail to the specified e-mail address in which we ask you to confirm that you would like the newsletter to be sent. If you do not confirm this within 24 hours, your registration will be automatically deleted. If you confirm your wish to receive the newsletter, we will store your e-mail address until you unsubscribe from the newsletter. This data is stored solely for the purpose of sending you the newsletter. Furthermore, we store your IP addresses and the times of registration and confirmation to prevent misuse of your personal data.

You can revoke your consent to receive the newsletter at any time. You can revoke by clicking on the link provided in each newsletter e-mail or by sending a message to the data protection officer. Your data will not be passed on to third parties.

Processing in the context of our newsletter is based on your consent (Art. 6 para. 1 lit. a) GDPR). We base the double opt-in procedure on a legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR, as we must prove your consent (Art. 7 para. 1 GDPR).

We evaluate your clicks in newsletters with the help of tracking pixels, i.e., invisible image files, as well as personalized links. They are assigned to your e-mail address and are linked with an individual ID in order to uniquely assign clicks in the newsletter to you. The user profile serves to match the newsletter content to your interests.

We provide you with media content such as white papers, brochures or checklists, and you can participate in webinars and events.

Mandatory information is limited to name, title, company, e-mail address, telephone number and country. The provision of further, separately-marked information is voluntary.

The processing is based on Art. 6 para. 1 sentence 1 lit. b) and/or Art. 6 para. 1 sentence 1 lit. a) GDPR.

Third-party content, such as videos from YouTube or Vimeo or graphics from other websites, is integrated into our online content on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. This always presupposes that the providers of this content (hereinafter referred to as "third-party providers") are aware of the IP address of the users; without the IP address, they could not send the content to the browser of the respective user. The IP address is therefore required for the display of this content. We make every effort to use only that content whose respective providers use the IP address only for the delivery of the content. However, we have no influence on this if the third-party providers store the IP address, e.g., for statistical purposes. We inform users about this, as far as we are aware of those third party activities.

However, the content of third parties is not directly integrated on our website. In particular, this is intended to prevent user profiling by the third-party provider. In order to be able to view third-party content, users must first click on the preview image (two-click solution). Content can only be viewed after clicking away the resulting notification or by logging in. Data is not transmitted until this moment.

You can contact us via our e-mail address or the contact form. The personal data transmitted to us in this way will only be used for the purpose for which you made them available to us when contacting us.

If we use our contact form to request information that is not required to establish contact, we have always marked it as optional. These details allow us to categorize your inquiry and to improve the processing of your request. Communication of this information takes place expressly on a voluntary basis and with your consent. If this involves information about communication channels (e.g., e-mail address, telephone number), you also agree that we may contact you via this communication channel in order to respond to your request.

You can of course revoke this consent at any time in the future. Please contact our data protection officer for this purpose.

The processing of your personal data takes place for the processing of contact inquiries and can also be based on Art. 6 para. 1 sentence 1 lit. b) GDPR. The data will be deleted after contact has been made if it is no longer necessary or if there are no legal storage obligations.

Data collection and use

The event organizer and/or riskmethods GmbH requires the participant’s personal data for the planning and execution of events. The participant agrees that his data may be processed and used for the initiation, implementation and follow-up of the event.

This consent applies in particular with regard to the following purposes:

Invitation management by e-mail:

• Sending of registration confirmations by e-mail
• Sending of reminders by e-mail before the event
• Sending of additional information or short-term changes to the registered event participants
• Event planning optimization
• Publication of participant lists (incl. names)
• General contract initiation

The following data will be recorded:

• E-mail address
• Surname, first name
• Sex
• Job title
• City
• Telephone number (optional)

Image rights
The participants of the event hereby declare their consent (free of charge) for the creation of images and video recordings of their persons during the events and to the use and publication of such images for the purpose of public reporting (in particular, print media or the internet) on the events. This also includes publication on riskmethods homepages, Facebook, Google and other social media sites.

riskmethods is not liable for third parties using the images for other purposes without their knowledge, in particular by downloading and/or copying.

Revocation
Furthermore, the participant has the right to revoke the consent given to riskmethods GmbH for processing and use in the future at any time.

When you contact us via the targetP! Workshops contact form, the information you provide (your e-mail address, your name and the company for which the request is made) will be stored by us to provide you with more information about targetP! Workshops. Your data will be transferred to targetP! –agile procurement enabled LLC for this purpose. The legal basis for this is your consent according to Art. 6 para. 1 lit. a GDPR. If your request is aimed at the entering into a contract, the legal basis for the processing of the communicated data is also the necessity for the performance of (pre-)contractual services, according to Art. 6 para. 1 lit. b GDPR.

Your data (your e-mail address, your name and the company for which the request is made), which we have received in the course of contacting you, will be deleted as soon as they are no longer required for the purpose of their collection ( connection  with contact person and exchange of workshop information) , your request is fully processed and no further communication with you is necessary or desired by you.

If you also agree to receive further information about our products and services in supply risk management as well as company news and industry information when requesting information about workshops from targetP!, the information in the Newsletter section will apply.

You can withdraw your consent at any time without giving reasons with effect for the future by e-mail to privacy@riskmethods.net.

You can apply to our company electronically. We will use your details exclusively for processing your application and will not pass them on to third parties (§ 26 German Federal Data Protection Act).

Please note that unencrypted e-mails are not transmitted with access protection. Unfortunately, we currently do not offer the option of sending us your e-mail application in encrypted form. It is therefore always possible for third parties to intercept your application documents without authorization during transmission. Please send us your application by e-mail only if you are aware of the risk.

Furthermore, you can also apply online using our application portal Workable. Your online application will be forwarded to the HR department via an encrypted connection and will be kept confidential.

Your personal data will be deleted immediately after completion of the application process or after a maximum of 6 months, unless you have expressly given us your consent for longer storage of your data.

Your personal data will not be passed on to third parties for purposes other than those listed below.

We will only pass on your personal data to third parties if:

• you have given your express consent,
• the disclosure is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
• a legal obligation exists for the transfer, and
• it is legally permissible and necessary for the execution of contractual relationships with you.

When data is transferred outside the European Union, in principle, the strict European level of data protection does not exist. In the case of a transmission, there might be no current adequacy resolution of the EU Commission within the meaning of Art. 45 para. 1, 3 GDPR. This means that the EU Commission has not yet positively determined that the country-specific data protection level corresponds to the data protection level of the European Union under the GDPR, which is why we have taken the above-mentioned measures..

Possible risks that may not be completely excluded in connection with data transmission are in particular:

• Your personal data could possibly be processed beyond the actual purpose.
• In addition, you may not be able to assert and enforce your rights under data protection law, such as your right to information, correction, erasure and data portability.
• There may also be a higher probability that incorrect data processing may occur and that the protection of personal data does not fully comply quantitatively and qualitatively with the requirements of the GDPR.

Any data subject has the right of access under Article 15 GDPR, the right to correction under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to limitation of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. The restrictions according to §§ 34 and 35 German Federal Data Protection Act (BDSG) apply to the right to information and the right to erasure.

You also have the right to lodge a complaint with the competent data protection supervisory authority about our processing of your personal data.

You can revoke your consent to the processing of personal data at any time. This also applies to declarations of consent that were given to us prior to the validity of the GDPR before May 25, 2018. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected by this.

You have the right to object to the processing of your personal data at any time in accordance with Art. 21 para. 2 GDPR. In the event of your objection to processing for direct marketing purposes, we will no longer process your personal data for these purposes. Please note that the objection is only effective for the future. Processing prior to the objection is not affected.

If we base the processing of your personal data on a weighing of interests, you may object to the processing. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as described by us. In the event of your justified objection, we will examine the situation and either stop or adjust data processing, or explain our compelling reasons for processing.

Our website may contain links to websites of other providers. This data protection declaration applies exclusively to our company's websites. We have no influence on and do not control whether other providers comply with the applicable data protection regulations.