1. Basic Information on Data Processing and applicable Laws

The person responsible within the meaning of the General EU Regulation on Data Protection and other national data protection laws of the member states as well as other data protection regulations is

Person in Charge:

Born2Grow GmbH & Co. KG, Edisonstr. 19, 74076 Heilbronn, Germany, registered in the local court Stuttgart und HRA 728191, Managing Director Günter Steffen

Phone: +49 (7131) 87 31 83-50 | Email: info@born2grow.de

This data protection declaration explains to you the type, scope and purpose of the processing of personal data within our website and the websites, functions and contents related therewith. This privacy policy applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) on which the website is run.

With regard to the terms used, such as “personal data” or their “processing”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

2. Collection and Storage of Personal Data as well as Type and Purpose of their Use
   1. We only process personal data of our users if this is necessary to provide a website as well as our contents and services. The processing of personal data of our users takes place regularly only after consent of the user. An exception applies in such cases in which prior consent actually cannot be obtained for and/or the processing of the data is permitted by statutory provisions (Art. 6 para. 1 lit. a) to d). GDPR).
   2. On the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR data on each access to the server on which this website is located (so-called server log files). The collection of data serves us to optimize the website and to ensure the security of our information technology systems. The access data includes the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider. In addition, we use cookies, social plugins and analysis services when you visit our website. For further explanations, please refer to Sections 10 to 13 of this data protection declaration.
   3. The server log files are deleted as soon as they are no longer necessary to maintain the purpose of their collection. In the case of the collection of data with regard to providing the website, this is the case when the respective session has ended, at the latest, however, after 14 days. 
   4. Our legitimate interest is based on the purposes listed above for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about the user personally. An evaluation of the data for marketing purposes does not take place in this context. This data is not stored together with other personal data of the user. 
3. Provision of Contractual Services and Establishment of Contact
   1. We process inventory data (e.g. names and addresses as well as contact data) and contract data (e.g. services used, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit b. GDPR.
   2. When contacting us (via contact form or e-mail), the user’s details will be processed for processing the contact request and its handling in accordance with Art. 6 para. 1 lit. a) and f) GDPR. At the time the message is sent via the contact form, the following data is stored: The IP address of the user and the date and time of registration. The personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the request.
4. Passing on of Data to Third Parties and Third Party Providers
   1. If we disclose data to other persons and companies (contract processors or third parties) within the scope of our processing, transfer it to them or otherwise grant them access to the data, this shall only take place as far as permitted by mandatory laws (e.g. if a transfer of the data to third parties pursuant to Art. 6 para. 1 lit. b GDPR is required for contract fulfilment), if you have agreed, if we are obliged to do so or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). 
   2. If we assign third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.
   3. Data are only transferred to third countries if data processing and transfer to the respective country are permitted.
5. Rights of Users
   1. Users have the right to request information on the personal data that we have stored about them without any charge (Art. 15 GDPR). Users have the right to correct inaccurate data, to limit the processing and deletion of their personal data, if applicable, to assert their rights to data portability (Art. 15-20 GDPR) and, in the event of the assumption of unlawful data processing, to file a complaint with the competent supervisory authority (Art. 77 GDPR).
   2. Users may also revoke their consent, in principle with effect for the future (Art. 7 para. 3 GDPR).
6. Right to Delete Data
   1. The data stored by us will be deleted as soon as it is no longer required for its intended purpose and there are no legal storage obligations preventing deletion. If the user’s data are not deleted because they are necessary for other and mandatory purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for book-keeping or tax reasons. In accordance with legal requirements, the data is stored for 6 years in accordance with Sec. 257 para. 1 German Commercial Code and for 10 years in accordance with Sec. 147 para. 1 German Taxation Act.
   2. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective contact with the user is finished. The contact is terminated when it is obvious that the facts in question have been finally clarified. The additional personal data collected during the sending process will be deleted after a period of 14 days at the latest.
   3. You may request the person responsible to delete personal data without delay and the person responsible is obliged to delete such data without delay if they were not required for their intended use or if there was no other legal basis for the processing of personal data.
   4. If the person responsible has made the personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform the person responsible who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or replications of this personal data.
7. The Right to Information
   1. If you have exercised your right of rectification, deletion or limitation of processing against the person responsible, the person responsible is obliged to notify all recipients to whom the personal data concerning you have been disclosed of such rectification or deletion of the data or restriction of processing, unless this proves impossible or involves unreasonable effort. The person responsible shall have the right to be informed of such recipients.
8. Right of Objection
   1. Users can object to the future processing of their personal data in accordance with the legal requirements at any time (Art. 21 GDPR). The objection may be lodged in particular against processing for direct marketing purposes. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation. If you wish to exercise your right of revocation or objection, simply send an e-mail to info@born2grow.de
9. Security Requirements
   1. We take organizational, contractual and technical security measures in accordance with the state of the art in order to ensure that the provisions of data protection laws are observed and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
   2. The security measures include in particular the encrypted transmission of data between your browser and our server using SSL (Secure Socket Layer) procedures. Usually this is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form is indicated by the closed display of the key or lock symbol in the lower status bar of your browser.
10. Cookies 
    1. Cookies are information that is transferred from our web server or third party web servers to the user’s web browser and stored there for later retrieval. The data processed by cookies is required for the aforementioned purposes in order to protect our legitimate interests and those of third parties pursuant to Art. 6 para. 1 lit. f) GDPR. The user data collected in this way is anonymized by technical precautions. Therefore, it is no longer possible to assign the data to the user. The data will not be stored together with other personal data of the users.
    2. We use “session cookies” which are only stored on our website for the duration of your current visit (e.g. to store your login status). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online session on our website and log out or close your browser, for example.
    3. In addition, we also use temporary cookies that are stored on your end device for a specified period of time in order to optimize user-friendliness. If you visit our site again to use our services, it will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to enter them again.  These cookies are automatically deleted after a defined period of time.
    4. When you visit our website, an information banner informs you about the use of cookies for analytical purposes and refers you to this data protection statement. If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser.  The transmission of Flash cookies cannot be prevented via the browser settings, but by changing the Flash Player settings. Disabling Cookies may cause limitations and/or restriction in terms of use of our website.
11. Google Analytics
    1. On the basis of Art. 6 para. 1 lit. f) GDPR Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google uses cookies. The information generated by the cookie about the use of our website by users is generally transferred to a Google server in the USA and stored there. Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law. We use Google Analytics to display the ads placed only to users who have also shown an interest in our offer or have certain features that we send to Google. 
    2. Google will use this information on our behalf to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services connected with the use of this website and the use of the Internet. Anonymous user profiles can be created from the processed data.
    3. We use Google Analytics only with IP anonymization enabled. This means that Google will reduce the IP address of users within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
    4. The IP address transmitted by the user’s browser is not merged with other Google data. You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: disable Google Analytics

Further information on data use by Google, possible settings and objections can be found on the Google websites. https://policies.google.com/technologies/partner-sites?hl=en 

12. Integration of Third-Party Services and Content
    1. On the basis of our legitimate interests (within the meaning of Art. 6 para. 1 lit. f. GDPR), we use content or service offers of third-party providers within our website in order to integrate their content and services, e.g. videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the third party providers of this content perceive the IP address of the users, since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content. We make every effort to use only those contents whose respective providers use the IP address only for the delivery of the contents.
    2. The following presentation provides an overview of third-party providers and their contents, together with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, possibilities of objection (so-called opt-out):

• Our online services use functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time you visit one of our pages that contains functions of LinkedIn, a connection to LinkedIn’s servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click on the “Recommend button” of LinkedIn and are logged into your LinkedIn account, LinkedIn is able to associate your visit to our website with you and your user account. We point out that we as provider of the pages have no knowledge of the content of the transmitted data and their use by LinkedIn. Privacy Policy, Opt-Out. 
• We use functions of the XING network. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. Every time you visit one of our pages that contains functions of Xing, a connection to Xing servers is established. To our knowledge, personal data will not be stored. In particular, no IP addresses are stored or the usage behavior is evaluated. Privacy Policy. https://privacy.xing.com/en/privacy-policy

13. Changes to the Privacy Policy
    1. We reserve the right to change the data protection declaration in order to adapt it to changed legal situations or in the event of changes to the service or data processing. However, this only applies with regard to declarations on data processing. If user consents are required or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the users’ consent.
    2. Users are asked to inform themselves regularly about the contents of the data protection declaration.
    3. Current status of the data privacy statement: May 2018.