Data Privacy

I. Controller

The controller for the collection and processing of personal data on this website, as defined in accordance with the terms used in the GDPR (General Data Protection Regulation) under Article 4, is:

Clark Holding SE
Wilhelm-Leuschner-Straße 17-19
60329 Frankfurt am Main

II. Contact and Data Protection Officer

If you have any questions regarding the collection and use of data or suggestions regarding data protection, you can also contact us directly via email at privacy@clark.io. 

You can reach our data protection officer directly by emailing clark@isico-datenschutz.de.

III. Data Privacy friendly settings

To remove or clean up existing cookies or similar technologies from other sites, you can make privacy-friendly settings in your browser or use certain opt-out options. Here are some steps you can take:

• Delete Cookies:
  Most browsers offer the ability to delete stored cookies. Go to your browser’s settings and look for the section on privacy or security settings. There you will usually find an option to manage and delete cookies.
• Use Incognito/Private Mode:
  Many browsers have an incognito or private mode that restricts the use of cookies and other data while browsing. You can activate this mode to prevent new cookies from being saved.
• Use Browser Extensions:
  There are various browser extensions and add-ons that help block or control the tracking of cookies and similar technologies. Look for extensions compatible with your browser and install them according to the provider’s instructions.

Please note that deleting cookies or adjusting browser settings may affect the functionality of certain websites or services. It is advisable to inform yourself about the effects of these changes beforehand.

Right of access, Art. 15 GDPR

According to Article 15 of the GDPR (General Data Protection Regulation), you have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed and where that is the case, access to the personal data including the following information.

We will inform you about:

• The purpose of the processing
• The categories of personal data concerned
• Recipients or categories of recipients of the personal data
• The planned duration of storage (or the criteria used to determine this duration)
• The existence of your rights regarding the processing
• Whether we process data that we did not collect directly from you, and if so, the source of that data
• The existence of automated decision-making

When you request information about your data, we will provide you with comprehensive details on how your data is processed, its origin, and where it is transmitted to.

Right to rectification, Art. 16 GDPR

If any data stored by us is incorrect or no longer up to date, you have the right, in accordance with Article 16 of the GDPR (General Data Protection Regulation), to request the rectification of such data. We will promptly comply with your request.

When requesting a correction, you can provide us with the accurate data, and we will take care of the rest.

Right to erasure, Art. 17 GDPR

According to Article 17 of the GDPR (General Data Protection Regulation), you can also request the erasure of your data if one of the following situations applies:

• The data is no longer necessary for the purposes for which it was collected.
• You have withdrawn your consent for the processing, and there is no other legal basis for the processing.
• You have objected to the processing under Article 21 (1) or (2) of the GDPR (see below), and there are no overriding legitimate grounds for the processing.
• Your data has been unlawfully processed.
• The erasure of data is required to fulfill a legal obligation under the Union or Member State law.

If erasure is not possible due to other legal obligations, the data will be blocked and made available only for the purpose of fulfilling those legal obligations. 

If we have unlawfully processed data, we will promptly delete it.

Right to restriction of processing, Art. 18 GDPR

You have the right, as stated in Article 18 of the GDPR (General Data Protection Regulation), to request the restriction of the processing of your data if you believe that the data we have stored is inaccurate, the processing is unlawful, the personal data is no longer needed for its original purpose, or if you have objected to the processing.

During the evaluation of your rights mentioned above, you can choose to have the processing of your data restricted.

Right to data portability, Art. 20 GDPR

Furthermore, according to Article 20 of the GDPR (General Data Protection Regulation), you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another data controller if the processing is based on your consent (Article 6(1)(a) of the GDPR) or on a contract between us (Article 6(1)(b) of the GDPR).

If you request the transfer of the data you have provided to us, we will provide it to you in a portable format.

Right to object, Art. 21 GDPR

If we process your data based on legitimate interests according to Article 6 (1) (f) of the GDPR (General Data Protection Regulation), you have the right, under Article 21 of the GDPR, to object to the processing of your data. This right applies if there are reasons arising from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement even without stating specific reasons.

If you exercise your right to object, we will assess whether there are compelling legitimate grounds for the processing on our part. If there are no such grounds, we will cease processing the data.

Right to withdraw consent, Art. 7 GDPR

According to Article 7 (3), Sentence 1 of the GDPR (General Data Protection Regulation), you have the right to withdraw your consent at any time by notifying us at clark@datenschutz-isico.de. This withdrawal of consent will result in us no longer continuing the data processing based on that consent in the future. The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal, as stated in Article 7 (3), Sentence 2 of the GDPR.

If you withdraw your consent, we will cease the processing of data that was based on that consent.

Right to file a complaint, Art. 57 GDPR

Finally, you have the right to lodge a complaint with the supervisory authority that is responsible for us, as outlined in Article 77 (1) (f) of the GDPR (General Data Protection Regulation). You can exercise this right by contacting the supervisory authority in the member state where you have your habitual residence, your place of work, or the place of the alleged infringement.

1. Usage Data

• Interactions on the website (clicks, etc.)
• Visited web pages (Which pages were accessed)
• Duration of visits on web pages (How long a page was viewed)
• Referring page (Ref URL)
• Time and date, for example, when accessing our website or emails

2. Device Data

• Operating system of your device (e.g., Windows, Android, or iOS)
• Model of your device (e.g. iPhone, Samsung Galaxy)
• Settings of your device, such as screen resolution
• Browser settings, such as language preference, time zone, installed plugins, and fonts
• IP addresses (anonymized)

1. WPEngine (Website-Host) and WordPress (CMS)

Our website is hosted by WPEngine (Beyond Aldgate, 2 Leman Street #5032, London, E1 8FA, United Kingdom). WPEngine provides us with the technical infrastructure and platform to operate our website. All data collected during the use of our website is stored in an anonymized form on WPEngine’s servers.

WPEngine is a hosting service provider committed to complying with applicable data protection laws. Your data is stored on secure servers located in European data centers. WPEngine employs modern security technologies and conducts regular security audits to protect your data against unauthorized access, loss, or misuse.

The legal basis for using WPEngine as our website hosting provider is our legitimate interest, as outlined in Article 6(1)(f) of the GDPR. As a company, we have a legitimate interest in providing a modern and secure website and ensuring a reliable infrastructure for its operation. Utilizing WPEngine as a hosting provider enables us to efficiently achieve these objectives.

Our website is powered by WordPress as a Content Management System (CMS). WordPress allows us to efficiently manage and deliver content. In our implementation of WordPress, no personal data is collected, processed, or utilized.

Please note that while we strive to provide accurate translations, the original German text remains the legally binding version.

2. Official, legal, and judicial inquiries

Furthermore, in individual cases, disclosure may occur in connection with official inquiries, court orders, and legal proceedings if we are legally obligated to do so in good faith.

We may also disclose data if we have a good faith belief that it is necessary to detect, prevent, or prosecute unauthorized use of our website or other harmful or illegal activities.

In cases where there is a legitimate request based on a legal basis, we may disclose data to authorities or courts on an individual basis.

1. Strictly Necessary Cookies

These cookies are necessary for the functioning of our website and cannot be disabled in our systems. These cookies are set only in response to actions taken by you that constitute a request for services, such as setting your privacy preferences, logging in, or filling out forms. You can set your browser to block these cookies or notify you about them. However, some areas of the website may not function properly as a result.

• Onetrust
  OneTrust, a leading provider of privacy, security, and data governance solutions, uses cookies to help us manage user consent and comply with data protection regulations.
  • Provider
    OneTrust Technology Limited
    82 St. John Street, London
    England, EC 1M 4JN
    
    OneTrust can process data in the USA and is registered under the Data Privacy Framework.
    OneTrust Privacy Policy
  • Functionality of the Tracking Device
    Onetrust cookies serve these two primary functions:
    Firstly, it stores information about the categories of cookies the website uses and whether visitors have given or withdrawn consent for the use of each category. This enables website owners to prevent cookies in each category from being set in the user’s browser when consent is not given. The cookie has a typical lifespan of one year, ensuring that returning visitors to the website have their preferences remembered. It does not contain any information that can directly identify the website visitor.
    Secondly, for websites using certain versions of the OneTrust cookie compliance solution, this cookie is also set after visitors have seen a cookie information notice, and in some cases, only when they actively close the notification. This allows the website to ensure the message is not shown more than once to a user. This functionality also has a lifespan of one year and contains no personal information.
  • Processed Data
    • Cookie Categories
    • User Consent
  • Legal Basis
    The legal basis for this cookie is our legitimate interest to comply with data protection regulations, Art. 6 (1) (f) GDPR.
  • Names (Duration)
    • OptanonConsent (1 year)
    • OptanonAlertBoxClosed (1 year)
  • Opt-out Option
    You can opt out of the usage of strictly necessary cookies by changing the cookie settings of your browser.
    
    

2. Analytics Cookies

Analytics cookies collect information pseudonymously. This information helps us understand how our visitors use our website.

• Google Tag Manager
  We use Google Tag Manager to manage the cookies we use. The Tag Manager serves as a central tool for forwarding data. The tool triggers other tags that may collect data, but the Tag Manager does not access this data.
  You can find Google’s privacy notice for this tool here: Google Tag Manager
• Google Analytics
  • Provider
    Google Inc.
    1600 Amphitheatre Parkway
    Mountain View, CA 94043
    USA
    
    Google may process data in the USA and is registered under the Data Privacy Framework.
    Google Privacy Policy
  • Functionality of the Tracking Device
    The information generated by these cookies, such as the time, place, website behavior and frequency of your website visits, including your IP address, is transmitted to Google in the USA and stored there.
    
    We use Google Analytics on our website with the addition AnonymizeIP. This means that your IP address is shortened and anonymized by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
    
    Google uses this information on our behalf to evaluate your use of our site, to compile reports on website activity for us, and to provide other related services. Google may transfer this data to third parties if required by law or if third parties process this data on behalf of Google.
  • Processed Data
    • Online identifiers (including cookie identifiers)
    • IP address (shortened by “AnonymizeIP”)
    • Usage data
    • Device identifiers
  • Legal Basis
    The legal basis for this cookie is your consent, which you may have given us via our cookie consent banner, Art. 6 (1) (a) GDPR.
  • Names (Duration)
    • _ga (2 years)
    • _gid (1 day)
    • _gat (1 day)
  • Opt-out Option
    You can withdraw your consent at any time by changing the cookie settings.
    Google offers an add-on for the most common browsers to disable tracking, which gives you more control over the data Google collects about the websites you visit. However, this add-on does not prevent information from being transmitted to us or other web analysis services we use.