Privacy policy

Download privacy policy website as PDF

I. Foreword

CT-VIDEO GmbH (hereinafter also referred to as “CT-VIDEO”, “CTV” or “we” or “us”) is pleased that you are visiting our website / web presence. We respect your privacy. Data protection and data security are therefore very important to us. With this privacy policy, we inform you about the extent to which personal data (hereinafter also referred to as “data”) is collected when you use our website and the purposes for which we use / process this data. We also inform you here about your rights.

II Responsible party

CT-VIDEO GmbH Video Audio Data Communication
Industrial area
Rothenschirmbach 9
06295 Lutherstadt Eisleben
Germany
Phone: +49 (0)34776 6149-0
E-mail: datenschutz@ceotronics.com
Register court: Stendal
Register number: HRB 212648

Our parent company, CEOTRONICS AG, is involved in the processing activities of CT-VIDEO GmbH as part of central internal administrative processes. Personal data may therefore be passed on to CEOTRONICS AG if this is necessary in individual cases – in particular for IT administration, commercial control, data protection management or the execution of contractual processes. Processing is carried out exclusively for a specific purpose and in compliance with data protection regulations. Depending on the case, the transfer may be based on legitimate internal company interests, in particular within the meaning of the internal administrative purposes mentioned in recital 48 GDPR, or on a legal obligation, a contractual requirement or your consent.

III External data protection officer

External data protection officer
wavesun-technologies
Patrick Bäcker (Owner wavesun-technologies)
Am Lerchenberg 13
63322 Rödermark
Germany
Phone: 06074 / 3709395
E-Mail: info@wavesun-technologies.de

IV Status, changes and updates to the privacy policy

In order to enable the implementation of new technologies and measures and to ensure that our privacy policy always complies with legal requirements, we occasionally adapt it. We therefore ask you to inform yourself regularly about the content of our privacy policy. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

Status: December 04, 2025 | Ver.: 01.07 | Classification: 01 – PUBLIC

V. Basic definitions of terms

“Processor”: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

“Third party”: means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

“Recipient”: means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

“Personal data”: Refers to all information (hereinafter also referred to as “data”) relating to an identified or identifiable natural person (hereinafter also referred to as “data subject”) (e.g. surname, first name, e-mail address, IP address, etc.).

“Controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processing”: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

VI Legal bases for the processing

We process the aforementioned personal data in compliance with the applicable statutory data protection requirements, in particular in accordance with the following legal bases of the General Data Protection Regulation (“GDPR”):

a. Based on your consent (Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, insofar as special categories of personal data are processed in accordance with Art. 9 para. 1 GDPR)

If you give us your consent, we will process your personal data for certain previously defined purposes. Your voluntarily granted consent can be withdrawn from us at any time – even partially – with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

b. For the fulfillment of contractual obligations or for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR)

We process your personal data so that we can fulfill our contractual obligations to provide services or to carry out pre-contractual measures that are carried out on request.

c. Due to legal obligations (Art. 6 para. 1 lit. c GDPR)

We are subject to various legal obligations, which means legal requirements (e.g. retention periods under commercial and tax law in accordance with the German Fiscal Code and the German Commercial Code) according to which we must process your personal data.

d. In the context of the legitimate interest/balancing of interests (Art. 6 para. 1 lit. f GDPR)

We process your personal data to protect our legitimate interests or, if necessary, those of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail.

e. National data protection regulations (BDSG and TDDDG)

In addition to the provisions of the GDPR, national regulations apply in Germany, including in particular the Federal Data Protection Act (BDSG) and the Telecommunications Digital Services Data Protection Act (TDDDG). These contain special data protection regulations at national level according to which we process your data.

VII Safety measures (TOMs)

The security of your personal data is our top priority. In accordance with the legal requirements and taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we take appropriate technical and organizational measures (“TOMs”) to ensure a level of protection of your personal data appropriate to the risk.

The measures we take (in accordance with Art. 32 GDPR) include, in particular, safeguarding the confidentiality, integrity and availability of data. We ensure this through regular checks on physical and electronic access to data, access, input, disclosure and securing the availability and separation of and access to data. We have also set up procedures to ensure that data subjects can exercise their rights, that data is deleted and that we respond to data threats. We already take the protection of your personal data into account when selecting hardware, software and the introduction of new processes that affect personal data, through technology design and data protection-friendly default settings (in accordance with Art. 25 GDPR).

Our security measures include in particular the encrypted transmission of data between your browser and our server via SSL / TLS encryption (HTTPS). You can recognize the encrypted connection by the prefix https:// and the lock in the address bar of your browser.

Further information on security measures can also be found in the privacy policy here.

VIII Use of Wordfence to secure the website

a. Nature and purpose of the processing

The “Wordfence” plugin from Defiant, Inc, 800 5th Ave, Suite 4100, Seattle, WA 98104, USA, is used to protect our website from unauthorized access, hacker attacks, malware and other threats. For this purpose, various data is collected, processed and analyzed in order to detect and block potential attacks. The processing includes, among other things

• Recording and analysis of IP addresses to identify potential threats.
• Checking login attempts for brute force attacks.
• Creation of blacklists and firewalls to defend against harmful activities.
• Real-time monitoring of website activity, including suspicious access.

b. Legal basis for data processing

Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in ensuring the security of our website and protection against cyber attacks, data loss and unauthorized access. In individual cases, e.g. in the case of legal requirements, Art. 6 para. 1 lit. c GDPR (legal obligation) may also be relevant.

c. Data categories

When using Wordfence, the following categories of personal data are processed:

• IP addresses: To identify and block potential threats.
• Log data: Details of access attempts, such as date, time, URL and browser used.
• User data: Information about logged-in users, e.g. user name (in the event of suspicious activity or login attempts).
• Device and connection information: Operating system, browser type and version.
• Location data: Derived from IP addresses to identify attacks from specific regions.

d. Recipient

• Wordfence and its provider (Defiant, Inc., 800 5th Ave., Suite 4100, Seattle, WA 98104, USA): Certain security-relevant data (e.g. IP addresses, log data) is transferred to the servers of the provider Defiant, Inc. in the USA in order to analyze threats and improve global security mechanisms (e.g. blacklists).
• Internal recipients and service providers: Marketing and IT department and, if applicable, authorized service providers / processors who receive access to our website for monitoring, analysis and evaluation of security reports and logs.
• Authorities: In the event of an incident (e.g. hacking or legal requirements), relevant data may be passed on to the competent authorities. Lawyers, for example, may also receive data in order to pursue our claims.

e. Storage periods

Personal data will only be stored for as long as is necessary to achieve the above-mentioned purposes:

• IP addresses and log data: These are generally stored for 30 days, provided there are no security-relevant events. Backup copies are excluded.
• Blacklists: Data on blocked IPs or malicious activities can be stored for longer to prevent repeated attacks.
• Data that is required for legal purposes is stored in accordance with the statutory retention obligations.

Should the aforementioned security-relevant events occur, we reserve the right to retain this data for longer for the above-mentioned purposes within the scope of our legitimate interest. If the stated purpose is achieved, the data will be deleted after a reasonable period of time.

f. Requirement to provide your personal data

The provision of personal data, in particular the IP address, is necessary to provide the security functions of Wordfence. Without this data, it would not be possible to protect our website from threats. When you visit our website, the processing takes place automatically.

g. Third country transfers

When using Wordfence, data may be transmitted to servers in the USA, as the provider Defiant, Inc. is based there. This transfer takes place on the basis of standard contractual clauses in accordance with Art. 46 para. 2 lit. c GDPR in order to ensure an adequate level of data protection. Further information on this can also be found in Wordfence’s privacy policy: https://www.wordfence.com/privacy-policy/.

h. Objection

You have the right to object to the processing of your personal data if there are grounds relating to your particular situation. Please note, however, that we may continue to process your data if there are compelling legitimate grounds that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

i. Automated decision-making and profiling

There is no automated decision-making within the meaning of Art. 22 GDPR. Profiling is only carried out to the extent necessary to analyze and defend against security-related threats. This includes the identification of potential threats based on behavioral patterns (e.g. repeated failed login attempts).

IX. Technical provision

a. Nature and purpose of the processing

To ensure the secure and efficient provision of our website, we use our own dedicated servers hosted by external service providers. We also use service providers in the areas of IT security, marketing services and programming to design our website on a case-by-case basis, who are bound to confidentiality and/or with whom corresponding contracts, such as order processing contracts (“AV contract”) pursuant to Art. 28 para. 3 GDPR or standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR (for any third country transfers) are concluded. Corresponding service providers are regularly checked by us to verify the protection of the data.

When visiting our website, data is processed from all visitors as part of the provision of the above-mentioned hosting, which is generated during communication with our servers, as well as when contacting us directly and when downloading files and playing videos. This includes, in particular, your IP address, which is technically necessary to establish a connection. Further data is collected by us (or the commissioned (hosting) service providers) as so-called server log files (access log data of our servers – see also “Data categories”). They are processed in particular for the following purposes:

• Ensuring a smooth connection to the website,
• Ensuring the smooth use of our website,
• Evaluation of system security (e.g. to defend against DDoS attacks, “cyber attacks”) and system stability and
• for other administrative purposes.

b. Legal basis for data processing

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in ensuring the security and functionality as well as improving the stability of our website.

c. Data categories

Technically relevant: IP address used (for the functionality of the connection to the website), date and time at the time of access, subpage visited, amount of data sent in bytes, browser used, operating system used and its interface, operating system used and its interface as well as data processed within the framework of our CMS “WordPress” and the plugins used – for further information, see also the data protection declaration here.

d. Recipient

Recipients of the data are in particular internal employees of the marketing department as well as externally commissioned marketing agencies, programmers and IT security service providers. Our website is hosted on dedicated servers at STRATO AG, Pascalstraße 10, 10587 Berlin and at Hetzner Online GmbH, Industriestraße 25, 91710 Gunzenhausen. The external hosting service providers have no direct access to the personal data that is processed via the website, only in individual cases following instructions and authorization.

e. Storage periods

The data will be deleted as soon as it is no longer required for the purpose for which it was collected.

The server log files are deleted regularly (usually after 14 days; other log files are deleted for longer for specific purposes). Should the above-mentioned security-relevant events occur, we reserve the right to retain this data for longer for the above-mentioned purposes within the scope of our legitimate interest. If the stated purpose is achieved, the data will be deleted after a reasonable period of time.

f. Requirement to provide your personal data

The provision of the aforementioned personal data is neither legally nor contractually required. However, without the transmission of your IP address, the service and functionality of our website or access to it cannot be guaranteed. In addition, individual services may not be available or may be restricted.

g. Third country transfers

Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).

h. Automated decision-making and profiling

As a responsible company, we do not use automated decision-making or profiling for this data processing.

X. Use of cookies and similar technologies

a. Nature and purpose of the processing

Like many other websites, we also use so-called “cookies”.

Cookies are simple files that store information about our website and your use of it. These small files are optionally created automatically by your browser when you use our website and stored locally on your device. This does not mean that we have direct knowledge of your identity. The use of cookies serves to make the use of our website more pleasant for you.

We therefore distinguish between technically necessary and non-essential cookies:

Technically necessary cookies (“first party cookies”) are required for the operation of a website and are essential in order to navigate it and use its functions. These cookies are not stored permanently on your computer or device and are deleted when you close the browser. These are so-called “session cookies” or “session cookies”.

Information on the technically necessary cookies used can be found in the cookie consent tool.

Non-essential cookies, on the other hand, are mostly functional cookies, analysis and performance cookies as well as marketing cookies, which make it possible, for example, to record and count the number of visitors and traffic sources in order to measure and improve the performance of the website. They are also used to find out whether problems or errors occur on certain pages, which pages are the most popular and how visitors navigate the website.

• Functional cookies
  Functional cookies are used to store information provided, such as the user name, and thus offer the website visitor improved and personalized functions based on this information.
• Analysis and performance cookies
  Analysis and performance cookies are used to track visits and individual activities on websites. They are used to statistically record and evaluate the use of websites.
• Marketing cookies
  Marketing cookies originate from external advertising companies, among others, and are used to collect information about the websites visited by the user, e.g. to create target group-oriented advertising for the user, but also to display external content such as videos, street maps or company profiles on social media platforms.

Information on cookies that are not technically necessary can be found in the cookie consent tool.

b. Legal basis for data processing

The use of technically necessary cookies (“first party cookies”) is possible without the consent of the website visitor and is subject to a legitimate interest in the economic operation and optimization of our website and services within the meaning of Art. 6 para. 1 lit. f GDPR and § 25 para. 2 no. 2 TDDDG for the associated processing.

The use of non-essential cookies, such as functional cookies, analysis and performance cookies and marketing cookies, is subject to the consent of the website visitor in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG for the associated processing.

The cookie consent tool is used in accordance with Art. 6 para. 1 lit. c GDPR (legal obligation).

c. Data categories

• IP address
• Browser used
• Operating system used
• Session ID or value / content of the cookie
• For more information, see information in the cookie consent tool

d. Recipient

Mainly the marketing department and external service providers (further information is described in the cookie consent tool).

The cookie consent tool “Borlabs Cookie” is operated on our own servers.

e. Storage periods

The storage periods for the individual cookies and other technologies used can be found in the cookie consent tool.

The user can also set their web browser so that the storage of cookies on their end device is generally prevented or they are asked each time whether they agree to the setting of cookies. Once cookies have been set, the user can delete them at any time. How this works is described in the help function of the respective web browser.

A general deactivation of cookies may lead to functional limitations of this website.

f. Requirement to provide your personal data

The provision of your personal data in cookies is voluntary in the case of non-essential cookies, solely on the basis of your consent (so-called opt-in cookies). You can also prevent the use of pre-set, technically necessary cookies (so-called opt-out cookies) via your browser settings. Without your consent, however, the service and functionality of our website cannot be guaranteed. In addition, individual services may not be available or may be restricted.

g. Third country transfers

The transfer and processing of your personal data may also take place in third countries for certain cookie categories (see information in the cookie consent tool and in this privacy policy). By consenting to these certain cookie categories, you consent to the processing of the data stored on your device or terminal equipment, such as personal identifiers or IP addresses, for these processing purposes in accordance with Section 25 (1) TDDDG and Art. 6 (1) (a) GDPR. In addition, in accordance with Art. 49 para. 1 lit. a GDPR, you consent to providers in the (mainly in the USA) also processing your data. Transfers to third countries may also take place within the scope of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR and Section 25 para. 2 no. 2 TDDDG. In these cases, it is possible that the transferred data will be processed by local authorities.

h. Revocation of consent

You can change/revoke your consent at any time with effect for the future by clicking on the cookie consent tool button at the bottom left of the website or on “Cookie settings” under “Legal information”. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

i. Automated decision-making and profiling

As a responsible company, we do not use cookies for automated decision-making or profiling.

XI. Use of Matomo for reach measurement

a. Nature and purpose of the processing

We use the “Matomo” tool/service on our website, an open source web analysis tool for the statistical evaluation of visitor access. So-called “device fingerprinting” (digital fingerprinting) is used for this purpose. This is a technology (usually unrecognizable by the user) that reads and combines information specific to end devices (such as device type, device performance, screen resolution, operating system, etc.). This creates a unique “device fingerprint”, which potentially changes on a regular basis. The “device fingerprint” is not stored on the end device and no cookies are set, which means that the creation of directly personally identifiable user profiles (in addition to the anonymization of IP addresses) is not possible. Matomo is hosted on our own servers, so no data is transferred/disclosed to third parties. Cross-site device recognition is not possible due to local hosting and cookie-free use. Only we and authorized service providers have access to the evaluations. The protection of your data is important to us, which is why we have also configured Matomo so that your IP address is only recorded in abbreviated form. We therefore process your usage data anonymously. It is not possible for us to draw any conclusions about your person. Further information on the terms of use and data protection regulations of Matomo can be found at: https://matomo.org/privacy/.

We use the data for statistical analysis (reach measurement) of user behavior on our website for the purpose of optimizing the functionality and stability of the website and to improve the presentation of our products and services.

b. Legal basis for data processing

The legal basis for data processing is your consent, which can be revoked at any time with effect for the future, in accordance with Art. 6 para. 1 lit. a GDPR for the above-mentioned purposes and in accordance with Section 25 para. 1 TDDDG. The data will never be used to personally identify the user of the website and will not be merged with other data.

c. Data categories

Device type, device performance, screen resolution, operating system, anonymized IP address, approximate location, etc.

d. Recipient

Recipients of the data are in particular employees of the marketing department as well as external service providers/processors, e.g. marketing agencies, hosters and programmers.

e. Storage periods

The data is deleted as soon as it is no longer required for our recording purposes. In our case, this is done automatically within matomo after the following period: 12 month(s). Since all data collected is processed exclusively in anonymized form, cumulative key figures may be stored for internal statistics for a longer period of time.

f. Requirement to provide your personal data

The provision of your personal data takes place as described above on the basis of your consent for the stated purposes, which can be revoked at any time with effect for the future.

g. Third country transfers

Although Matomo is based in New Zealand, Matomo and all associated data is hosted locally on our own servers located within the EU/EEA. This means that there is no connection / data transfer to Matomo (except for support cases). The processing therefore does not take place outside the European Union (EU) or the European Economic Area (EEA).

h. Possibility of revocation

You can revoke your consent at any time with effect for the future via our cookie consent tool.

i. Automated decision-making and profiling

With the help of the Matomo analysis tool, we collect and process all data anonymously as described above. Therefore, no personal user profiles are or can be created.

XII Making contact

a. Nature and purpose of the processing

If you contact us with questions or concerns of any kind via contact form, e-mail, telephone, etc., your personal data will be collected and processed. If you use contact forms that are integrated on our website for various purposes (e.g. within the protected area), we require the data from you that are declared as mandatory fields. All other information is voluntary.

This data is stored and used exclusively to respond to your request or to contact you and for the associated technical administration. This data will not be passed on to third parties unless it is necessary to pursue our claims or there is a contractual or legal obligation to do so or you have given us your consent.

If you contact us with the aim of concluding a contract, the data will be processed to initiate and conclude the contract. We also need this data for the legally required compliance check. We offer our products and services primarily to companies (B2B). If a contractual relationship already exists, the data will be processed for the performance of the contract.

b. Legal basis for data processing

The legal basis for the processing of the data is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to respond to your request and carry out the compliance check. If your contact is aimed at the conclusion of a contract or if a contract already exists, the legal basis for the processing is Art. 6 para. 1 lit. b GDPR ((pre-)contractual measure). If we are subject to retention obligations (e.g. under tax and commercial law) in connection with responding to your request or for the performance of the contract, the legal basis is Art. 6 para. 1 lit. c GDPR (legal obligation).

c. Data categories

Depending on the type of request, e.g. first and last name, e-mail address, telephone number, address, company, function, text entries, attachments, etc..

d. Recipient

Recipients of the data are in particular authorized employees who are responsible for processing the request and, if necessary, service providers/processors to support the response.

e. Storage periods

For inquiries from non CT-VIDEO customers / interested parties:

Your data that we have received in the course of contacting you will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, i.e. your request has been fully processed, no further communication with you is required or requested by you, there is no legal or contractual basis, no consent has been given and there are no retention obligations.

For CT-VIDEO customers:

Your data that we have received as part of the execution of the contract or related services will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, e.g. the contract has been terminated, there is no legal or contractual basis, no consent has been given and there are no retention obligations.

f. Requirement to provide your personal data

For inquiries from non CT-VIDEO customers / interested parties:

If you contact us, we must be provided with at least a communication address and your request in order to respond to it.

For CT-VIDEO customers:

In the case of support inquiries or contractual questions (e.g. via e-mail messages), we require the data stored with us (e.g. customer number, etc.) as well as any additional data / information provided by you in order to be able to answer the corresponding inquiries. Inquiries via the contact form in the protected area are automatically assigned by the login data provided to you.

g. Third country transfers

Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).

h. Objection

You can object to the processing of your personal data and its use for contacting you (if this is in the legitimate interest of CT-VIDEO) at any time with effect for the future by sending an e-mail to datenschutz@ceotronics.com.

i. Automated decision-making and profiling

As a responsible company, we do not use automated decision-making or profiling for this data processing.

XIII Newsletter and direct advertising

a. Nature and purpose of the processing

For persons who have consented to receive the newsletter:

If you have given us your express, voluntary consent, which can be revoked at any time with effect for the future, we will regularly send you our newsletter or comparable information on product news, trade fairs and/or events of CT-VIDEO by e-mail to your specified e-mail address.

To receive the newsletter, you must provide your (company) e-mail address, your title, your first name and surname and the desired target group for the topic-specific sending of information. Further details, such as the company, are optional / voluntary. When registering to receive our newsletter, this data is used exclusively for this purpose. Newsletter subscribers may also be informed about circumstances that are relevant to the service or registration (such as changes to the newsletter offer or technical circumstances).

Your data will only be used to send you the newsletter you have subscribed to by e-mail. Your name is given so that we can address you personally in the newsletter and, if necessary, identify you if you wish to exercise your rights as a data subject. When you register to receive our newsletter, the data you provide will be used exclusively for this purpose.

We require a valid e-mail address for effective registration. We use the “double opt-in” procedure to verify that a registration is actually made by the owner of an e-mail address. For this purpose, we log the subscription to the newsletter, the sending of a confirmation email and the receipt of the requested reply. No further data is collected. The data is used exclusively for sending the newsletter.

For existing customers:

If we receive your e-mail address in connection with the sale of a product or service and you have not objected to this, we reserve the right to regularly send you information about new products, trade fairs and/or events of CT-VIDEO or about similar products/services to those you have already purchased by e-mail. This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in a promotional approach to our customers.

Notes on measuring success:

Our sent newsletters contain a so-called web beacon, i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a mailing service provider, from their server. As part of this retrieval, technical information, such as information on the dispatch or delivery status, your browser and your system, as well as your IP address and the time of retrieval, is initially collected.

We use this technical information to improve our newsletter. This analysis includes determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is not our intention, nor that of the mailing service provider used, to analyze individual user information. The evaluations serve exclusively to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. No user-specific analyses or observations are explicitly carried out. In addition, only authorized employees have access to this information. As a central security measure, the newsletter is sent via software hosted by us, which means that only we and authorized service providers/processors have access to these evaluations.

The evaluation of the newsletter and the measurement of success are carried out, subject to the express consent of the user, on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR for the purposes of using a user-friendly and secure newsletter system that serves both our business interests and meets the expectations of users.

Unfortunately, it is not possible to revoke the performance measurement and the newsletter itself separately; in this case, the consent for the entire newsletter must be revoked or objected to.

b. Legal basis for data processing

For persons who have consented to receive the newsletter:

On the basis of your express consent in accordance with Art. 6 para. 1 lit. a GDPR, we will regularly send you our newsletter or comparable information by e-mail to the e-mail address you have provided.

For existing customers:

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with. § Section 7 (3) UWG on the basis of our overriding legitimate interest in advertising to our customers.

c. Data categories

Company e-mail address, company, title, first and last name, target group, logging of registration/deregistration (date and time) or existing customer entry as well as dispatch data (meta and communication data such as the IP address).

d. Recipient

The recipients of the data are employees of the marketing and other authorized departments and, if applicable, service providers / processors to support the provision, design and administration of our newsletter and direct advertising offer. Our newsletter software is hosted on our own servers.

e. Storage periods

The data will only be processed in this context as long as the corresponding consent has been given, you (if applicable as an existing customer) object to the sending of marketing emails or the purpose no longer applies. After withdrawal of consent or objection to direct marketing, you will be removed from the relevant mailing lists after a reasonable period of time.

f. Requirement to provide your personal data

The provision of your personal data is voluntary, solely on the basis of your consent or because you are registered with us as an existing customer.

g. Third country transfers

Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).

h. Revocation of consent / objection

You can revoke / object to the storage of your personal data and its use for the newsletter dispatch / direct advertising at any time with effect for the future by sending an e-mail to marketing@ceotronics.com and / or ctv.news@ceotronics.com.

When sending newsletters, there is usually also the option of clicking on an unsubscribe link in the respective newsletter (usually at the bottom of the message).

i. Automated decision-making and profiling

As a responsible company, we do not use automated decision-making or profiling for this data processing.

XIV Business relations

As part of the use of our website and communication (e.g. inquiries via contact forms or by email) with us, a contract may be initiated, for example. For this purpose, in addition to our privacy policy (which mainly concerns our website and related services), we provide you with the information obligations pursuant to Art. 13 and 14 GDPR for interested parties, customers, service providers and suppliers under the following link:

https://ct-video.com/informationspflichten-ds-gvo/

XV Applications

We have included information on current vacancies on our website (mainly at https://ct-video.com/karriere/).

The corresponding information obligations pursuant to Art. 13 and 14 GDPR can be viewed at https://ct-video.com/informationspflichten-ds-gvo/.

Further information on data processing will be provided (if necessary) during the application process.

XVI Social media presences

We have online presences in social networks (“social media presences”) and process user data in these networks in order to provide information about us and to communicate with users. As a rule, we also use social media channels to display advertising and conduct market research.

Further information on CT-VIDEO’s online presence in social networks and the corresponding information obligations pursuant to Art. 13 and 14 GDPR can be found on our website at https://ct-video.com/informationspflichten-ds-gvo/.

Further information on data processing will be provided (if necessary) by further data protection notices or references.

We have not currently integrated any online presences on our website in such a way that personal data is transmitted to the operators of the sites. We may have included links (e.g. images, icons or texts). If you click on these images, icons or texts, the external website of the social media provider opens (on which the data protection regulations of the respective provider apply – CT-VIDEO has no influence on these).

XVII Data retention obligations and deletion of data

Your personal data will only be stored for as long as it is required for the fulfillment of our contractual and legal obligations or as long as you revoke your consent(s). If your data is not deleted because it is required for other legal purposes, its processing will be restricted to these purposes, i.e. generally blocked.

Further information on the deletion of your personal data can also be found in the individual data protection notices of this privacy policy.

If the data is no longer required for the fulfillment of contractual or legal obligations as mentioned above, it is regularly deleted. Unless temporary and limited further processing is required for the following purposes, among others:

• Compliance with retention periods under commercial and tax law: The German Commercial Code (HGB) and the German Fiscal Code (AO) should be mentioned. The retention periods specified there are generally up to 10 years.
• Preservation of evidence within the scope of the statutory limitation period. According to Sections 195 et seq. of the German Civil Code (BGB), the regular limitation period is 3 years, in special circumstances up to 30 years.
• Compliance with storage obligations arising from other legal obligations.

XVIII Right to revoke consents granted in accordance with Art. 7 para. 3 GDPR

You have the right to withdraw your consent(s) – even partially – at any time with effect for the future. revoke. The withdrawal of consent(s) shall not affect the lawfulness of processing based on consent(s) before its/their withdrawal. As a result, we may no longer continue the data processing that was based on this/these consent(s) in the future, provided that there are no legal obligations or contractual provisions to the contrary.

XIX Right to information pursuant to Art. 15 GDPR

Every data subject has a right of access to personal data concerning them. The right of access extends to all data processed by us. The right can be exercised easily and at regular intervals so that all data subjects are always aware of the processing of their personal data and can check its lawfulness (see recital 63 GDPR). The right of access includes in particular the following information:

• The purpose of the processing
• The data categories
• The recipients / categories of recipients, in particular recipients from international organizations or third countries; if a third country is involved, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.
• Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.
• All available information about the origin of the data if the personal data is not collected from the data subject.
• All available information on the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR
• The existence of a right to
  • Correction or
  • erasure of the personal data concerning them or
  • the restriction of processing by the controller or
  • a right to object to this processing and
  • the existence of a right to lodge a complaint with a supervisory authority

If a data subject wishes to exercise this right of access, he or she may, at any time, contact us using the contact details provided at the beginning of this privacy policy.

XX. Right to rectification pursuant to Art. 16 GDPR

Every data subject has the right to obtain from our company without undue delay the rectification of inaccurate personal data concerning him or her. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.

If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact us using the contact details provided at the beginning of this privacy policy.

XXI Right to erasure (right to be forgotten) pursuant to Art. 17 GDPR

Every data subject has the right to erasure and to be forgotten and can demand that we erase the personal data concerning them without undue delay, provided that one of the following reasons applies and insofar as the processing is not necessary:

• The personal data was collected or otherwise processed for purposes for which it is no longer necessary.
• The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
• The data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR.
• The personal data was processed unlawfully.
• The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
• The personal data was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

If one of the aforementioned reasons applies and a data subject wishes to request the erasure of personal data, they can contact us at any time using the contact details provided at the beginning of this privacy policy. The controller will ensure that the request for erasure is complied with immediately.

XXII Right to restriction of processing pursuant to Art. 18 GDPR

Every data subject has the right to obtain from the controller restriction of processing where one of the following applies:

• The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
• The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
• The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
• The data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by the controller, he or she may contact us at any time using the contact details provided at the beginning of this privacy policy. The controller will arrange for the restriction of processing.

XXIII Right to data portability pursuant to Art. 20 GDPR

Each data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising their right to data portability pursuant to Art. 20 (1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others. To assert the right to data portability, the data subject can contact us at any time using the contact details provided at the beginning of this privacy policy.

XXIV Right to object pursuant to Art. 21 GDPR

Every data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR. This also applies to profiling based on these provisions.

The controller shall no longer process the personal data in the event of an objection, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. If the controller processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This also applies to profiling insofar as it is associated with such direct advertising. If the data subject objects to the controller to the processing for direct marketing purposes, the controller will no longer process the personal data for these purposes.
In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by the controller for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise the right to object, the data subject may contact us at any time using the contact details provided at the beginning of this privacy policy.

XXV. Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.

The supervisory authority responsible for us is:

State Commissioner for Data Protection and Freedom of Information Saxony-Anhalt
P.O. Box 1947
39009 Magdeburg
Phone: +49 (0)391 / 81803-0
E-mail: poststelle@lfd.sachsen-anhalt.de
Homepage: https://datenschutz.sachsen-anhalt.de/landesbeauftragte

Of course, you can also contact any other data protection supervisory authority as described above.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.