Data protection

We at netcup GmbH appreciate your interest in our homepage, our offers, services and our company. Despite careful control of the content, we cannot be held accountable for external links to third-party content.

We are very serious about protecting your personal data and strictly adhere to the rules of data protection laws. This data protection declaration informs you about how we process your personal data in relation to our offer.

"Personal data" refers to any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

"Processing" refers to any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

"Controller" or "responsible party" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by European Union law or Member State law, the controller or the specific criteria for its designation may be provided for under Union law or Member State law;

"Recipient" means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under European Union or Member State law shall not be considered as recipients; the processing of such data by the aforementioned authorities shall be carried out in accordance with the applicable data protection legislation in accordance with the purposes of the processing;

When you use this website, various personal data is collected. This privacy policy explains what data we collect and why we use and process it.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not guaranteed.

1. Note on the responsible body

The responsible party for data processing on our websites is:

netcup GmbH
Daimlerstraße 25
76185 Karlsruhe
Telefon: +49 721 7540755-0
Telefax: +49 721 7540755-9
E-Mail: mail@netcup.de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

2. Contact details of the data protection officer

ANEXIA Internetdienstleistungs GmbH
Feldkirchner Straße 140
9020 Klagenfurt
Österreich
E-Mail: data-protection@anexia-it.com

You can also contact our data protection manager using the form below:

3. Information on processing operations

We point out the respective legal basis of individual processing operations. If we intend to transfer data to third countries outside the European Union (EU) or the European Economic Area (EEA), this will also be indicated.

4. Data subject rights

As a data subject, you have the following rights:

• In accordance with Art. 15 GDPR, you can request information about your personal data processed by us; furthermore, you can request information regarding the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or the criteria for determining the storage period, the origin of your data if it has not been collected from you, the existence of automated decision-making including profiling and, if applicable, meaningful information about its details such as logic, scope and effects, the existence of the right to rectification or erasure of the data concerned, the right to restriction of processing or to object to such processing, the existence of the right to object to such processing, the right to object to such processing and the right to object to such processing. meaningful information about its details such as logic, scope and effects, the existence of a right to rectification or erasure of the data concerning you, the right to restrict processing or to object to such processing, the existence of a right to lodge a complaint with the supervisory authority; finally, you have a right to be informed whether personal data have been transferred to a third country or to an international organization and - if this is the case - about the appropriate safeguards in connection with the transfer;
• in accordance with Art. 16 GDPR, you can request the immediate correction of incorrect or the completion of your personal data stored by us;
• in accordance with Art. 17 GDPR, you may request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims;
• in accordance with Art. 18 GDPR, you may request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, you need the data no longer required by us for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR, but it has not yet been determined whether our legitimate grounds for data processing override your interest;
• in accordance with Art. 20 GDPR, you may request that the personal data you have provided to us be transferred to you in a structured, commonly used and machine-readable format or transferred to another controller;
• in accordance with Art. 21 GDPR, you may object to the processing of your personal data if there are grounds for doing so that arise from your particular situation or if the objection is directed against direct advertising and the legal basis for the processing of the personal data is legitimate interests pursuant to Art. 6 (1) p. 1 lit. f GDPR;
• in accordance with Art. 7 (3) GDPR, you may revoke your consent at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future.
• in accordance with Art. 77 GDPR, you may lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

If you would like to exercise the aforementioned data subject rights, you can contact us or our data protection officer at the above contact details at any time in this regard.

5. Deletion and restriction of personal data

Unless otherwise regulated in this data protection declaration for the individual case, personal data will be deleted if it is no longer required for the purposes for which it was collected or otherwise processed and for which there are no longer any statutory retention obligations.

We delete the personal data processed by us under the conditions of Art. 17 GDPR upon request. Personal data that is required for other and legally permissible purposes will not be deleted. This applies, for example, to personal data that is required for the pursuit of any claims to which we are entitled and which must be retained by us for reasons of commercial or tax law. For example, documents pursuant to Section 257 (1) Nos. 2 and 3 of the German Commercial Code (HGB) and Section 147 (1) Nos. 2, 3, 5 of the German Fiscal Code (AO) are retained for 6 years, while documents pursuant to Section 257 (1) Nos. 1 and 4 of the German Commercial Code (HGB) and Section 147 (1) Nos. 1, 4, 4a of the German Fiscal Code (AO) are retained for 10 years.

The processing of this data is restricted in accordance with Art. 18 GDPR and the data is not processed for other purposes.

6. SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

7. Cookies 

We use cookies as part of our offer. Cookies are small text files that your browser automatically creates and stores on your end device (laptop, tablet, smartphone, PC, etc.) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses or other malware. In a cookie, information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we gain direct knowledge of your identity. Cookies are used to enable the use of our offer and to make our offer more user-friendly, effective and secure.

Most browsers accept cookies automatically. If you do not wish to do so, however, you can configure your browser so that no cookies are stored on your end device or a message always appears before a new cookie is created. You can also object to the use of cookies for online marketing purposes for a variety of services, for example, at http://www.youronlinechoices.com/ or via the deactivation page of the network advertising initiative http://optout.networkadvertising.org. If you deactivate cookies, you may not be able to use all the functions of our websites.

For each cookie, the name of the cookie, the purpose that the cookie is intended to fulfill, possible access to the cookie by third parties and the duration of the function are specified or after which period a cookie is deleted. Session cookies are deleted after the end of your respective use of our offer or after ending the browser session.

If third parties, for example service providers who process data on our behalf, can access a cookie, please refer to the relevant section of this privacy policy.

a) Necessary cookies

Some of the cookies that we use in our offer are absolutely necessary. This means that you cannot use our offer without these cookies on your terminal device. Such cookies provide certain functionalities that we need to operate our offer, in particular to be able to provide a service expressly requested by you as a user of our offer.

These data processed by cookies are necessary for the aforementioned purposes to protect our resulting legitimate interests as well as those of third parties pursuant to Art. 6 (1) p. 1 lit. f GDPR.

b) Marketing Cookies

WEB ANALYSIS BY GOOGLE ANALYTICS (ANALYSIS COOKIES)

GOOGLE ANALYTICS SECTION

We use Google Analytics from Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on this website to statistically analyse visitor data. Google Analytics uses targeted cookies for this purpose. Further information on terms of use and data protection in this context can be found at http://www.google.com/analytics/terms/de.html or at https://support.google.com/analytics/answer/6004245?hl=de.

Pseudonymisation

Our concern in terms of the GDPR is the improvement of our offer and our website. As the privacy of our users is important to us, the user data is pseudonymised. Data processing is carried out on the basis of the legal provisions of § 96 para. 3 TKG and Art. 6 EU GDPR para. 1 lit a (consent) and/or f (legitimate interest) of the GDPR.

Deactivation of data collection by Google Analytics

Using the browser add-on to deactivate Google Analytics JavaScript (ga.js, analytics.js, dc.js), website visitors can prevent Google Analytics from using their data. You can prevent Google from collecting the data generated by the cookie and relating to your use of the website and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

Google Analytics IP anonymisation

We have implemented IP address anonymisation from Google Analytics on this website. This function was developed by Google so that this website can comply with the applicable data protection regulations and recommendations of the local data protection authorities if they prohibit the storage of the full IP address. The anonymisation or masking of the IP takes place as soon as the IP addresses arrive in the Google Analytics data collection network and before any storage or processing of the data takes place.

You can find more information on IP anonymisation at https://support.google.com/analytics/answer/2763052?hl=de.

Google Analytics reports on demographic characteristics and interests

We have activated the functions for advertising reports in Google Analytics. The reports on demographic characteristics and interests contain information on age, gender and interests. This allows us to get a better picture of our users without being able to assign this data to individual persons. You can find out more about the advertising functions at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.

You can stop the use of the activities and information of your Google account under "Settings for advertising" at https://adssettings.google.com/authenticated by ticking the checkbox.

Google Analytics deactivation link

If you click on the following deactivation link, you can prevent Google from recording further visits to this website. Please note: Deleting cookies, using the incognito/private mode of your browser or using a different browser will result in data being collected again.

Microsoft Clarity

We use the "Microsoft Clarity" program from Microsoft Corporation (One Microsoft Way, Redmond, Washington 98052, USA) on this website. If you have your habitual residence in the European Economic Area or Switzerland, the provider is Microsoft Ireland Operations, Ltd (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland). (hereinafter collectively referred to as "Microsoft")

In particular, we process usage data (e.g. Internet presentations visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (information on the geographical position of a device or person), movement data (mouse movements, scrolling movements). Corresponding cookies are used for this purpose.

"Microsoft Clarity" enables us to analyze the use of our website. This creates a log of mouse movements and clicks with the intention of deriving potential improvements for the website. According to information from Microsoft, this information can also be used for advertising purposes and other services related to the use of our website and the use of the Internet. We use Microsoft Clarity with the so-called anonymization function. This function allows Microsoft to shorten the IP address within the EU or EEA.

The purpose of the processing is tracking (e.g. interest/behavioral profiling, use of cookies), remarketing, conversion measurement (measurement of the effectiveness of marketing measures), interest-based and behavioral marketing, profiling (creation of user profiles), reach measurement (e.g. access statistics, recognition of returning users), cross-device tracking (cross-device processing of user data for marketing purposes).

All users of our website who have consented to the corresponding use via our cookie consent service are affected by this data processing. Data processing is therefore carried out solely on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. This consent is voluntary and there are no adverse consequences for you if you do not give it. You can withdraw your consent at any time with effect for the future. The lawfulness of the processing carried out up to that point remains unchanged.

The legal basis for the third country transfer to the Microsoft Corporation in the USA is the adequacy decision of the European Commission in accordance with Art. 45 GDPR in connection with the active participation in the EU-U.S. Data Privacy Framework by the Microsoft Corporation. Further details can be found at https://www.dataprivacyframework.gov/list

You can find Microsoft's data protection information in the Microsoft Privacy Statement at https://privacy.microsoft.com/de-de/privacystatement

Further information and Microsoft Clarity's privacy policy can be found at https://clarity.microsoft.com/terms

You can find the opt-out option at: https://choice.microsoft.com/de-DE/opt-out

Retargeting

Third-party services are integrated on our website. When you visit our websites, data may be collected by means of cookies or similar technologies and transmitted to third parties who provide their services on their own responsibility. netcup uses this data to be able to display individual product and service offers to you outside our websites. In addition, the data may be read and analysed by the third-party providers in order to display personalised content to you. The responsibility for the use of your data beyond our processing lies with the third-party providers. To what extent, for what purposes and on what legal basis further processing for the third-party provider's own purposes takes place, please refer to the third-party provider's data protection information.

Facebook, Instagram

Name of the service: Meta Retargeting
Provider with country information: Facebook Inc. 1601 South California Avenue, Palo Alto, CA 94304, USA
Purpose Description/ Functionality: The Facebook Pixel tracks website visitors and allows these visitors to be targeted again with retargeting ads on Facebook, Instagram or Audience Network again in the future.
Individual forms of standard tracking: how often users have clicked on a certain link, visited a certain landing page or have fulfilled a certain form as well as submitted it.
There are risks according to Art. 44 DSGVO due to data transfer to the USA. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook.
Further information can be found in the privacy policy of Facebook (https://www.facebook.com/privacy/policy/?entry\_point=data\_policy\_redirect&entry=0).
If no data collection on Facebook is wanted, it can be deactivated here: https://www.facebook.com/adpreferences/ad_settings/?entry_product=account_settings_menu.

Twitter

Name of the service: Twitter Retargeting
Provider with country information: Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 USA.
Purpose Description/ Functionality: The Twitter pixel tracks website visitors and makes it possible to target those visitors again with retargeting ads on Twitter again in the future.
Individual forms of standard tracking: how often users have clicked on a specific link, visited a specific landing page or have fulfilled a certain form as well as submitted it.
There are risks according to Art. 44 DSGVO due to data transfer to the USA. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter.
Further information can be found in the privacy policy of Twitter (https://twitter.com/de/privacy).
If no data collection on Twitter is wanted, it can be deactivated here: https://help.twitter.com/de/safety-and-security/privacy-controls-for-tailored-ads.

Youtube

Name of the service: Youtube
Provider with country information: YouTube, LLC 901 Cherry Ave. San Bruno, CA 94066 USA
Purpose Description/ Functionality: The Youtube Remarketing Tag tracks website visitors and allows those visitors to be retargeted again with retargeting ads on Youtube in the future.
Individual forms of standard tracking: how often users have clicked on a certain link, visited a certain landing page or have fulfilled a certain form as well as submitted it.
There are risks according to Art. 44 DSGVO due to data transfer to the USA. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Youtube.
Further information can be found in the privacy policy of Youtube (https://www.youtube.com/intl/ALL_de/howyoutubeworks/user-settings/privacy/).
If no data collection on Youtube is wanted, it can be deactivated here: https://www.youtube.com/intl/ALL_de/howyoutubeworks/user-settings/ad-settings/.

Google

Name of the service: Google Remarketing
Provider with country information: Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043. USA.
Purpose Description/ Functionality: The Google Remarketing Tag records website visitors and enables precisely those visitors to be reached again with retargeting ads on Google in the future.
Individual forms of standard tracking: how often users have clicked on a certain link, visited a certain landing page or have fulfilled a certain form as well as submitted it.
There are risks according to Art. 44 DSGVO due to data transfer to the USA. We would like to point out that we as the provider of the pages have no knowledge of the content of the transmitted data as well as its use by Google.
Further information can be found in Google's privacy policy (https://policies.google.com/privacy?hl=de&gl=de).
If no data collection on Google is wanted, it can be deactivated here: https://myadcenter.google.com/?hl=de.

LinkedIn

Service Name: LinkedIn Retargeting
Provider with country information: LinkedIn Corporation - Building 1000(LSNS) 1000 W Maude Ave, Sunnyvale, CA 94085
Purpose Description/ Functionality: The LinkedIn Insight tag tracks website visitors and allows those visitors to be retargeted again with retargeting ads on LinkedIn in the future.
Individual forms of standard tracking: how often users have clicked on a certain link, visited a certain landing page or have fulfilled a certain form as well as submitted it.
There are risks according to Art. 44 DSGVO due to data transfer to the USA. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn.
Further information can be found in the privacy policy of LinkedIn (https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com%7Cli-other).
If no data collection on LinkedIn is wanted, it can be deactivated here: https://www.linkedin.com/mypreferences/d/categories/ads

Mautic

Name of the service: Mautic
Supplier with country: ANEXIA Deutschland GmbH, Daimlerstraße 25, 76185 Karlsruhe, Germany
Purpose description/ mode of operation: The Mautic tag records website visitors and makes it possible to reach precisely these visitors again with retargeting ads at a later date with newsletters.
Individual forms of standard tracking: how often users have clicked on a certain link, called up a certain landing page or filled out and sent a certain form.
Further information on this can be found in the privacy policy of Mautic https://www.mautic.org/privacy-policy

Microsoft Bing

Name of the service: Microsoft Corporation
Provider with country: Microsoft Corporation -One Microsoft Way, Redmond, WA 98052-6399, USA
Purpose description/ mode of operation: The Microsoft Bing tag records website visitors and makes it possible to reach precisely these visitors again with retargeting ads at a later point in time.
Individual forms of standard tracking: how often users have clicked on a certain link, called up a certain landing page or filled out and sent a certain form.
There are risks in accordance with Art. 44 GDPR due to the transfer of data to the USA. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Microsoft Bing.
Further information on this can be found in the privacy policy of Microsoft Bing https://privacy.microsoft.com/de-de/privacystatement
If data collection is not desired, it can be deactivated here: https://optout.networkadvertising.org/?c=1#!%2F

8. Use of session storage as part of search functions

For the purpose of providing the search function, "session storage "is used on our websites. This means search terms you enter are stored locally in your browser. The search terms are re-read from our search function.

This is technically essential with regard to the usability of the search function. When clicking "Back to search" we display the results list of your prior search result.

The search terms are automatically and immediately removed from your browser after closing it ("session"), unless you have manually deleted them beforehand.

netcup GmbH explicitly does not request any personal data from you in the course of entering search terms in the search field. For data protection reasons we want to point out that you should avoid entering personal data in the search field.

When you access our websites or the individual pages, information is automatically sent to the server of our websites by the browser on your terminal device. The following information is stored in log files:

• IP address of the requesting computer,
• Date and time of access,
• Name and URL of the file accessed,
• Website from which the access is made (referrer URL),
• browser used and, if applicable, the operating system of your computer,
• status codes and amount of data transferred,
• This data is processed for the following purposes:
• Provision of the Internet offer, including all functions and content,
• Ensuring a smooth connection of the website,
• Ensuring a comfortable use of our websites,
• Ensuring system security and stability,
• Anonymized statistical evaluation of accesses,
• Optimization of the website,
• Disclosure to law enforcement authorities if an illegal intervention/attack on our systems has occurred,
• other administrative purposes.

This data will be deleted after fourteen days if it is no longer required for other purposes (for example, defense or assertion of claims). The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection outlined above.

Contractual data In connection with and for the purpose of fulfilling pre-contractual measures and contractual obligations for our offer, which take place at your request, we process the data required for the fulfillment of the contract. This includes:

• Name, address, e-mail address and telephone number, billing e-mail address if different, company if applicable;
• customer number;
• Contract data, such as subject matter of contract (booked services), term, customer category;
• Payment data, such as bank details, credit card data, payment history.
• Optionally, the following data may also be processed:
• further contact data, for example a fax number;
• for more secure access, a second factor for logging into our user interface.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. b GDPR.

Your data will be used for the purposes of our offer and to contact you for information relevant to the offer and registration. For this purpose, we create a customer account for you. Due to the nature of our services, you need the customer account so that you can view, monitor and configure the services you have ordered from us. You can view and change your data via your personal user account. Your data will be stored until you terminate your contracts with us and delete the customer account, or until you instruct us to delete your data. If we have to store your personal data due to, in particular, legal obligations under tax and commercial law, the processing of your personal data will be restricted accordingly until the expiry of the retention periods. After that, this data will be deleted.

If you conclude a contract with us by placing an order or otherwise use the user account, for example to configure your contractual services, we store the IP address and the time of the respective usage action. The storage is based on our and your legitimate interests according to Art. 6 para. 1 p. 1 lit. b GDPR to provide our offer and according to Art. 6 para. 1 p. 1 lit. f GDPR to protect against misuse and other unauthorized use. The user account and the data stored in this context also serve in particular to make it easier for you to place further orders with us and to access your order history. In principle, this data is not passed on to third parties, unless it is necessary for the fulfillment of contractual obligations according to Art. 6 para. 1 lit. b GDPR or the protection of our legitimate interests according to Art. 6 para. 1 sentence 1 lit. f GDPR, for example for the pursuit of any claims due to us or defense against us, or if there is a legal obligation to do so according to Art. 6 para. 1 lit. c GDPR.

The data will be disclosed to third parties for the fulfillment of contractual obligations pursuant to Art. 6 para. 1 lit. b GDPR only to the extent necessary for the fulfillment of pre-contractual measures and contractual obligations, e.g. to banks, payment service providers, credit card companies for the processing of payments, to shipping service providers for the shipment of goods and, when registering domains through us, to registrars of top-level domains.

When you create a user account for the netcup customer forum, you must agree to the terms of use for the netcup customer forum. In doing so, you conclude a licence agreement with us. You can view the terms of use for the netcup customer forum at https://forum.netcup.de/system/disclaimer/

In connection with and for the purpose of fulfilling pre-contractual measures and contractual obligations for your membership of the netcup customer forum, which are carried out at your request, we process the data required for the fulfilment of the user contract concluded with you. This includes your name, your e-mail address and a user name selected by you to create your user account.
Once you have created your user account, you can voluntarily save additional data in your user account (e.g. an avatar, photos or your address) and exchange messages with other users. Depending on your activities for the netcup customer forum, further details can be added to your user account (for example, likes received from other users and awards for special achievements).
If you use your user account for activities in the netcup customer forum, for example to create posts, we store this data in order to make the netcup customer forum available to users and the public. You can find more information on this in the terms of use for the netcup customer forum at https://forum.netcup.de/system/disclaimer/

The legal basis for the processing of this data is Article 6 (1)(b) GDPR. The personal data collected is processed by us in order to provide the netcup customer forum and to contact you for information relevant to offers and registration. You can view yourpersonal data and make changes to this data via a personal user account.

Your data will not be passed on to third parties beyond the use and publication in the netcup customer forum, unless it is necessary for the fulfilment of contractual obligations pursuant to Art. 6 para. 1 lit. b GDPR or for the pursuit of any claims to which we are entitled or defence against claims asserted against us or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c GDPR. Your data will be stored until you delete your user account or instruct us to delete your data. If we are obliged to store your personal data due to statutory retention periods, in particular under tax and commercial law, the processing of your personal data will be restricted accordingly until the retention periods expire and then this data will be deleted.

If you contribute content to the netcup customer forum, you grant us the right to use this content. We will therefore continue to store and process the relevant content in order to make the netcup customer forum available to users and the public after youruser account has been deleted. However, we will anonymise your user name if you have deleted your user account for the netcup customer forum. You can find more information on this in the terms of use for the netcup customer forum at https://forum.netcup.de/system/disclaimer/

If you create a user account for the netcup customer forum on our website or use the user account for the netcup customer forum, we store the IP address and the time of the respective usage action. The storage takes place on the basis of our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR for the provision of our offer. Storage is also in your interest in order to protect you from misuse and other unauthorised use. The IP addresses are anonymised or deleted after 7 days at the latest.

The data will only be passed on to third parties to the extent that this is necessary to fulfil pre-contractual measures and contractual obligations, to provide the netcup customer forum, if we are legally obliged to pass on the data (e.g. by official order) and to assert, exercise or defend against claims.

Captcha questions are used to ensure that the customer forum is not overrun with spam bots. Captcha questions are an internal service of our forum software and are currently requested during registration and for the "Forgot password" and "Send e-mail to user" functions. The search function is currently used without a Captcha query, as this can only be accessed when a user is already logged in.

This website uses Friendlycaptcha. Friendlycaptcha is used to ensure that the forms provided are used by a natural person and not abusively by machine or automated processes.

Friendlycaptcha collects your IP address and sends a cryptogaphic task to the end device with which you use our offer. This cryptogaphic task is solved by your terminal without any input from you. If the task is solved in the correct way, Friendlycaptcha confirms to the server running our websites that a human and not a machine is visiting our websites.

When a form is accessed on our websites that uses Friendlycaptcha, the following data is processed and stored by Friendlycapthca:

• IP address of the requesting computer in anonymized form;
• browser used and, if applicable, the operating system of your terminal device;
• the website from which Friendlycaptcha is accessed;
• the cryptographic task that contains information about our use of it;
• the software version of Friendlycapthca we use;
• Date and time of access;
• Website from which the access is made (referer URL);

Friendlycaptcha stores an anonymized counter for each IP address in order to control the complexity of the cryptographic tasks and to prevent legitimate users from being blocked. This data is collected separately from the rest of the data and cannot be attributed to any specific internet service. For this purpose, the IP addresses are anonymized with a hash value so that users can no longer be identified.

Friendlycaptcha is offered by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, which operates on our behalf. Personal data is processed by this service provider on our behalf. We use this service in our legitimate interest in the security of our websites and the detection of bot activities according to Art. 6 para. 1 p. 1 lit. f GDPR.

1. Contact form ("Make a request") / Other contacting

If you use the contact form, you must provide your name and email address and the category of your request so that we can contact you personally. If you use other means of communication to make a request to us, we also need your name and contact information where we can reach you (for example, email address, address, phone number or fax number). If you do not provide this information, we will not be able to process your request or contact you. In addition, you can voluntarily provide your telephone number and other data.

When you contact us, we process your personal data to handle your request on the basis of Art. 6 (1) p. 1 lit. b GDPR, provided that your request is related to the performance of a contract or is necessary to carry out pre-contractual measures with you personally. In all other cases, the processing is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR and/or in our legitimate interest in effectively processing the requests addressed to us pursuant to Art. 6 para. 1 p. 1 lit. f GDPR.

All personal data collected in connection with contacting us will be deleted when your request is completed, unless it is necessary to continue storing the data for other reasons (e.g. subsequent conclusion of a contract or defense of claims asserted against us).

a) Categories of personal data processed, sources of personal data, purposes and legal bases of processing
aa) Contacting by e-mail
(1) Categories of personal data processed and sources of the personal data

(2) Purposes and legal basis of processing

Insofar as contacting us by e-mail serves to process your request, see section VII. 1. of this privacy policy.

In addition, we also contact you by e-mail to ask you for your feedback regarding our customer service and, in the event that we are unable to find a suitable solution to your request, to give you the opportunity to comment on your feedback so that we can identify potential for improvement in terms of the quality of our customer service on the basis of this information and statistical analyses.

The legal basis in this respect is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the collection of data to determine and improve service quality.

bb) Feedback

(1) Categories of personal data processed and sources of personal data

(2) Purpose and legal basis of processing

The data categories mentioned under (1) are processed or stored together and can be assigned to you personally via the ticket ID.

The purpose is to determine the potential for improvement with regard to the quality of our customer service on the basis of this data and the statistical analyses created on this basis.

The legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Your consent is always voluntary and you can revoke it at any time, e.g. by sending an informal message to the data protection officer (for contact details, see section II. 2. above).

b) Recipients or categories of recipients of the personal data

• ANEXIA Internetdienstleistungs GmbH, Feldkirchner Straße 140, 9020 Klagenfurt, Austria
• ANX Holding GmbH, Feldkirchner Straße 140, 9020 Klagenfurt, Austria
• ANEXIA Deutschland GmbH, Daimlerstraße 25, 76185 Karlsruhe, Germany

c) Third country transfer

There is no transfer to third countries and no such transfer is planned.

d) Automated decision-making

netcup GmbH does not use automated decision-making within the meaning of Art. 22 GDPR in connection with rate.netcup.de.

3. Postal advertising

If you are a customer of ours and we have received your data in connection with the sale of a product or the use of a service, we may use your data (first and last name, address and, if you work for a company, your company affiliation) for direct mail advertising for goods or services offered by us or by third parties. In addition to this data, we may also store other data that we have lawfully collected about you for the aforementioned advertising purposes. This may include, for example, your order history or the type of goods you have purchased from us.

The purpose of this data processing is to target you as precisely as possible with advertising that matches your interests and to avoid advertising that does not appeal to you. The legal basis for the processing is our legitimate interest in direct marketing in accordance with Art. 6 para. 1 lit. f GDPR. Your data will be processed and stored for this purpose until you object to further use for postal advertising.

Postal advertising requires a certain lead time before dispatch in order to print the items and make them ready for dispatch. If you object to postal advertising, you may exceptionally still receive advertising from us by post. This may happen if the production process for the relevant mailing had already started when you objected. This does not mean that we will not take your objection into account.

4. Newsletter

If you would like to receive our newsletter, we need your e-mail address. You can provide your name voluntarily. Data processing for the purpose of sending the newsletter is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of the consent you have voluntarily given by means of the so-called double opt-in procedure. The email address will be used for this purpose and stored until you withdraw your consent or unsubscribe from the newsletter. You cannot subscribe to our newsletter without this consent. You can unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you can also send your cancellation/unsubscribe request at any time to the email address stated under Section II.

We send our newsletters with a so-called tracking pixel. A tracking pixel is a miniature graphic that is embedded in the HTML format of the newsletter sent to enable an analysis of reader behaviour. In this context, we store whether and at what time a newsletter was opened by you and which of the links contained in the newsletter were called up by you. We use this data to create statistical evaluations of the success or failure of a marketing campaign in order to optimise the newsletter mailing and better tailor the content of future newsletters to your interests. The data collected will not be passed on to third parties and will be deleted after the statistical analysis.

5. Direct e-mail advertising to customers

If you are a customer of ours, we may use your e-mail address for direct advertising for our own similar goods or services. This only applies if you have not objected and we clearly inform you of the possibility of objection when collecting the e-mail address and each time it is used. You can object to the use of your e-mail address without incurring any costs other than the transmission costs according to the basic rates. For direct advertising by e-mail, we process your e-mail address, your name, if you have used our offers as an employee of a company, your company affiliation, the data we have collected about your use of our offers and the type of goods or services you have purchased from us in order to be able to customise our offers to you. The legal basis for processing is Section 7 (3) UWG and our legitimate interest in direct marketing in accordance with Art. 6 (1) (f) GDPR.

Your data will be processed and stored for this purpose until you object to further use for direct e-mail advertising or unsubscribe from receiving direct e-mail advertising. You can unsubscribe at any time, for example via a link at the end of each e-mail. Alternatively, you can also send your objection or unsubscribe request at any time to mail@netcup.de.

6. Community events

If you would like to participate in one of our community events, we need your first and last name and your e-mail address. It is also possible to optionally provide any additional information (such as allergies or intolerances) to help us plan activities (such as buffets). You can also voluntarily enter your forum name.

Optionally, when registering for community events, you can express your interest in future community events or register for corresponding e-mail notifications regarding any details in advance.

Data processing for the purpose of planning, coordinating and implementing community events is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent by means of the so-called double opt-in procedure.

Your personal data may be passed on to the following recipients in order to achieve the above-mentioned purpose:

• ANX Holding GmbH, Feldkirchner Straße 140, 9020 Klagenfurt, Austria
• ANEXIA Deutschland GmbH, Daimlerstraße 25, 76185 Karlsruhe, Germany

No third country transfers take place and none are planned.

No automated decision-making within the meaning of Art. 22 GDPR is used in connection with community events.

Your personal data will be processed or stored for the above-mentioned purpose until you withdraw your consent or until it is no longer necessary for the original purpose.

Without this consent, you will not be able to participate in our community events. Your consent is always voluntary. You can withdraw your consent or unsubscribe at any time.

The easiest way to withdraw your consent or unsubscribe is to send your request to the e-mail address specified in Section II. The lawfulness of the processing carried out up to that point is not affected by the withdrawal.

If you apply to us via our application form or other means of communication, you must provide your name and contact details and send us your application documents so that we can review your application and contact you. The application process is managed and administered on our behalf by Anexia Internetdienstleistungen GmbH, Feldkirchner Straße 140, 9020 Klagenfurt, Austria. In the application process, your data will be processed in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntary consent. The purpose of the processing is to participate in an application procedure advertised by us or, in the case of an unsolicited application, to check whether we can offer you a position. Without this consent, you will not be able to participate in the application process.

We use a personnel administration system that is hosted and managed for us by Anexia Internetdienstleistungen GmbH and with which our application processes are handled. Personal data is processed by Anexia Internetdienstleistungen GmbH on our behalf. The legal basis for data processing is our legitimate interest in the efficient management and control of our application processes in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

Typically, the following data is processed in our application process:

• Your cover letter for the application;
• Your personal data:
  • Name, address, e-mail address, telephone number, mobile number, date of birth;
• The position you are applying for or whether it is an unsolicited application;
• Your CV:
  • Current job, previous jobs, employer, professional training, professional experience in years, previous further training, special skills, hobbies
• Documents such as certificates from educational institutions and/or previous jobs, certificates of completed further training courses

All personal data collected in connection with the application process will also remain stored on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR so that we can defend ourselves against claims asserted against us. If you withdraw your application of your own accord, we will delete your application documents. Your name and contact details as well as the dates on which you applied and/or withdrew from the application process and the corresponding correspondence will remain stored.

If this data is no longer required for other purposes (e.g. subsequent recruitment or legal disputes), the data will be automatically deleted six months after the end of the application process.

If you do not agree to the processing of your data and do not wish to use either of the following payment options, you can also pay for our services in advance by bank transfer. In this case, we will only provide you with our bank details, the invoice amount and the purpose of the transfer.

1. PayPal

This website uses PayPal as a payment service provider. The provider is PayPal (Europe) S.Ã r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). PayPal acts as an online payment service provider and trustee and offers buyerand seller protection services. When paying via PayPal, credit card via PayPal, direct debit via PayPal or -if offered -purchase on account via PayPal, your name, e-mail address, purchased products, invoice amount, invoice and delivery address will be passed on to PayPal as part of the payment process. When using the payment methods credit card via PayPal, direct debit via PayPal or -if offered -purchase on account via PayPal, PayPal may carry out a credit check to check your creditworthiness and minimise payment defaults in order to decide whether to approve the payment transaction. Probability values are used in the credit check (so-called score values), the calculation of which includes address data. The calculation of these scoring values is based on a scientifically recognised mathematical-statistical procedure. In the event of insufficient creditworthiness, PayPal may reject the selected payment method. After a successful payment transaction, PayPal informs us that your payment has been made.

Beyond payment processing, we have no influence on how PayPal processes your data already stored with PayPal and the data transmitted by us. Your data is processed by PayPal on the basis of PayPal's privacy policy, which you agreed to when you opened your PayPal account.

If you do not agree to the transfer of data, or if you believe that your creditworthiness is not suitable for the selected payment method, please use another payment method. Further information on how PayPal handles your personal data can be found in the relevant privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE.

Your data is transmitted to PayPal on the basis of Art. 6 para. 1 lit. a GDPR (consent) and on the basis of Art. 6 para. 1 lit. b GDPR (processing for the fulfilment of a contract), insofar as you use PayPal for a payment in your own name and on your account.

2. SEPA direct debit

We offer the SEPA direct debit procedure as a payment option. When paying by direct debit, your name, the invoice amount, the purpose of the payment and your account details are transmitted to our payment service provider or our house bank in order to process the payment. The legal basis for processing is Art. 6 para. 1 lit. b GDPR.

We offer the SEPA Direct Debit Scheme as a payment option. When paying by direct debit, the account holder issues a SEPA direct debit mandate for us to approve the payment transaction (authorisation). The following data is stored and processed:

• Name and address of the account holder
• Invoice amount and intended use
• Creditor identification number (CI)
• Mandate reference
• Name of the payer
• Bank of the payer
• IBAN
• One-off or recurring payment

Your data will be transmitted to our payment service provider or our house bank as part of payment processing in order to execute the direct debit. Your data will be processed for the direct debit procedure on the basis of Art. 6 para. 1 lit. a GDPR (consent) and on the basis of Art. 6 para. 1 lit. b GDPR (processing to fulfil a contract), insofar as you use the direct debit procedure for a payment in your own name and on your account.

If you do not agree to the transfer of data or if you are of the opinion that your creditworthiness is not suitable for the selected payment method, please use a different payment method.

3. Stripe

This website uses Stripe as a payment service provider. The provider is Stripe Payments Europe, Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter referred to as "Stripe"). Stripe assumes the function of an online payment initiation service provider. When paying via Stripe, your customer number and e-mail address are passed on to Stripe. After a successful payment transaction, Stripe informs us that your payment has been made.

If you do not agree to the transfer of data, or if you believe that your creditworthiness is not suitable for the selected payment method, please use another payment method. Further information on how Stripe handles your personal data can be found in the relevant privacy policy: https://stripe.com/de/privacy

Your data is transmitted to Stripe on the basis of Art. 6 para. 1 lit. a GDPR (consent) and on the basis of Art. 6 para. 1 lit. b GDPR (processing for the fulfilment of a contract), insofar as you use Stripe for a payment in your own name and on your account.

With this supplementary privacy information, we inform you which personal data we collect, process, and use when you use the video identification procedure.

1. What data is processed?

a. Identification data:

• First name and surname
• Address
• City
• Zip code
• Country

b. Contact details:

• E-mail address

c. Identification data:

• Photos/screenshots of the pages of your identification document
• Identification data (e.g. type and number of your identification document, issuing authority of your identification document and its location, date of issue and expiry of your identification document, your nationality)
• an identification number generated by Stripe (Stripe ID)

2. For what purposes will your data be processed and how long will your data be stored?

The identification data collected as part of the video identification procedure is processed exclusively to identify you in accordance with the applicable legal requirements. The processing serves to prevent unlawful activities (such as fraud or identity theft).

Your data will be stored for as long as is necessary for the respective purpose for which your data was collected. This means that data is regularly stored for the duration of the business relationship.

Regardless of the purpose for which your data was collected, your data will be stored to the extent necessary to fulfill the retention and documentation obligations.

The personal data transmitted by Stripe to netcup will be automatically redacted after the identity check has been completed. Subsequently, we only store the note that the identity check has been carried out.

3. On what legal basis is your data processed?

The legal basis for the processing of identification, legitimation and contact data is the initiation and execution of the contract within the meaning of Art. 6 para. 1 lit. b GDPR as well as legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR and your consent within the meaning of Art. 6 para. 1 lit. a GDPR.

4. Who receives your data?

We use Stripe Payments Europe, Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland (hereinafter "Stripe") as a processor to carry out the video identification procedure.

The data protection information of the processor can be found at the following link: https://stripe.com/at/privacy

Stripe receives the above-mentioned data to provide the video identification procedure. Stripe uses sub-processors to provide the service. These are located in third countries, among others, which do not have an adequate level of data protection within the meaning of Art. 44 et seq. GDPR. Information regarding the legal transfer instruments pursuant to Art. 44 et seq. GDPR can be found at https://stripe.com/privacy

A corresponding list of Stripe's sub-processors can be found at https://stripe.com/at/legal/service-providers

In addition, we only pass on your data to external recipients if this is necessary for the processing or handling of your request or for the execution of the contract or if there is another legal permission (e.g. an overriding legitimate interest) or if we have your effective consent for this.

5. Is there an obligation to provide the data?

The provision of the required data is voluntary. If you do not provide the necessary information and documents, please use another method of identification

6. Profiling and automated decision-making

We do not use automated decision-making within the meaning of Art. 22 GDPR in connection with the video identification procedure.