PRIVACY POLICY

At DEFACTO Engage, the protection of personal data and sensitive information is of the utmost importance. Merely complying with legal requirements is not sufficient for DEFACTO Engage. Particularly high security can only be achieved through regular expert consultation and critical controls.

For this reason, DEFACTO Engage relies on an external certified data protection officer. This officer neutrally and without internal bias verifies compliance with data protection guidelines. Beyond legal requirements, an information security management system has been established, which considers all aspects of handling information and documents the technical and organizational measures taken.

To ensure that all employees live by the data protection guidelines on a daily basis, regular training sessions as well as workshops on specialized topics – such as the secure use of mobile devices – are conducted. A continuous revision of all critical processes leads to a consistently high level of information security, which in turn forms the basis for technical data protection in all deployed systems. This high quality is confirmed by regular audits carried out by external bodies on behalf of our partners and clients, contributing to continuous improvement.

At this point, we would like to inform you about which data we collect, for what purpose we do so, and how you can exercise control over your data at any time.

1. Controller

The controller within the meaning of the law for the processing of the data is:

DEFACTO Engage GmbH

Am Pestalozziring 2

91058 Erlangen

T: +49 9131 9712 0

E: kontakt@defacto.de

2. Categories of Data, Purpose, and Legal Basis of Processing

You can of course visit our website without providing any personal information. The privacy policy can be accessed via the link at the bottom of every page.

We use your personal data during your visit to our website solely for the operation and optimization of our website. For this purpose, the IP address, various technical data of the end device (e.g., operating system, browser used, etc.), and data about the usage of our website are collected. We do not store this data beyond the legal retention periods or fulfillment of purpose. Processing this data is necessary to ensure the operation of the website. If you do not agree with this processing, we cannot provide you with our online services. This information is analyzed statistically to make the use of our website even more enjoyable for all visitors. There is no linking with any personal data already stored with us. Data collected during the use of the website is deleted after a maximum of 14 months. Storage of data may be extended in individual cases to enforce legal claims, defend against potential legal claims, or due to legal obligations.

The processing of personal data for the operation of the website and network and information security is based on Article 6(1)(f) GDPR. The operation of the website and the associated external presentation of the company is in our legitimate interest. There is no legal or contractual obligation for you to provide data when using our website. However, the operation of the website is not possible without processing your data.

3. Recipients of Data

Personal data is disclosed to third parties to the extent necessary for operating the website, providing functionalities, analysis, marketing, and communication purposes. In this context, we use in particular processors and, where applicable, independent controllers (e.g. web hosting providers, Google, Meta, LinkedIn, CleverReach, Cookiebot/Usercentrics).

When processing form requests and downloads, we use Google Workspace (in particular Google Sheets) for the structured management of prospect and contact data. Processing is carried out on our behalf on the basis of a data processing agreement in accordance with Art. 28 GDPR.

The transfer of personal data to Google servers cannot be ruled out. If data is transferred to third countries (in particular the USA), this is done on the basis of the EU-U.S. Data Privacy Framework or the standard contractual clauses approved by the EU Commission in accordance with Art. 44 ff. GDPR.

4. Contact Form

By filling out the contact form, you provide us with personal data. We may collect the following types of data: name and salutation, email address, telephone number, company. We use this data only to respond to your specific inquiry or request and to provide information. To protect your data, we use a recognized encryption method during transmission. We will retain your personal data for the period necessary to fulfill the purposes described in this notice. Statutory retention periods remain unaffected.

The legal basis for processing general inquiries is your consent under Article 6(1)(a) GDPR.

For inquiries related to contracts or in the context of contract initiation, the legal basis is Article 6(1)(b) GDPR.

The legal basis for inquiries regarding data protection is Article 6(1)(c) GDPR.

Submitting the form constitutes your consent to the processing of the data.

Further business contact and follow-up on downloads

If you download content (e.g., white papers) from our website or contact us via a form, we also process the data you provide for the purpose of following up on your inquiry and initiating business relationships in the B2B sector.

This may include individual contact by email or telephone to arrange a further discussion.

If your professional profile is publicly accessible, contact may also be made via professional networks such as LinkedIn.

The legal basis for this processing is Art. 6 (1) (f) GDPR. Our legitimate interest lies in addressing interested parties in an appropriate manner and developing business contacts.

You have the right to object to this processing at any time in accordance with Art. 21 GDPR.

5. Newsletter

If you would like to receive the newsletter offered on the website, we require your email address, name, and salutation, as well as other information that allows us to verify that you are the owner of the provided email address and agree to receive the newsletter. No further data is collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered into the newsletter subscription form is based solely on your consent (Article 6(1)(a) GDPR). You can revoke your consent to the storage of the data, the email address, and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing already carried out remains unaffected by the revocation.

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after unsubscribing from the newsletter. After the statutory retention period of three years (regular limitation), this data is deleted. Data stored for other purposes with us remains unaffected.

The newsletter is sent by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. CleverReach is a service for organizing and analyzing newsletter distribution. The data you enter for newsletter subscription (e.g., email address) is stored on CleverReach servers in Germany or Ireland.

Our newsletters sent with CleverReach allow us to analyze the behavior of newsletter recipients. Among other things, it can be analyzed how many recipients opened the newsletter message and how often which link in the newsletter was clicked. Conversion tracking can also analyze whether a predefined action (e.g., purchase of a product on our website) took place after clicking the link in the newsletter.

For more information on data analysis by CleverReach newsletters, see: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/

Data processing is based on your consent under Article 6(1)(a) GDPR. You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing already carried out remains unaffected by the revocation. If you do not want analysis by CleverReach, you must unsubscribe from the newsletter. We provide an appropriate link in every newsletter message.

The data you provide for the purpose of newsletter subscription will be stored by us until you unsubscribe and deleted from our servers as well as the servers of CleverReach after cancellation. Data stored for other purposes remains unaffected.

Further details can be found in CleverReach’s privacy policy at: https://www.cleverreach.com/de/datenschutz/

6. Cookies

We use cookies and similar technologies which, depending on their purpose, are classified as strictly necessary, statistics, functional, or marketing cookies. The use of statistics, functional, and marketing cookies requires consent pursuant to § 25 (1) TDDDG in conjunction with Art. 6 (1) lit. a GDPR. Cookies are short text snippets we store on your computer. Cookies do not execute commands on your computer and therefore pose no security risk.

Session cookies store certain information while you browse our website and are technically necessary for specific functions. These cookies are deleted when you leave our website. The use of these strictly necessary cookies does not require consent under § 25(2) No. 2 TDDDG.

Permanent cookies, on the other hand, remain stored on your device after your visit and help us make our online offering more user-friendly – for example, by remembering that you have already visited our website. We only use these cookies with your consent.

Our website uses Cookiebot from Usercentrics A/S to manage consents. Cookiebot helps us collect and document cookie consents in compliance with the GDPR. The legal basis for the use of the consent management tool is Art. 6 (1) lit. f GDPR (legitimate interest in the legally compliant collection and documentation of consent) as well as § 25 (2) no. 2 TDDDG for technically necessary access.

7. Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses so-called "cookies", text files stored on your computer, which enable an analysis of your use of the website.

The storage period depends on the respective purpose of processing. For Google Analytics, a data retention period of a maximum of 14 months is configured; longer storage only takes place where required by law or for the assertion or defense of legal claims.

Among other things, the following data is collected from you: IP address, time spent on the website, language, location, and the browser you use. The analysis is carried out using an algorithm (machine learning), which measures and analyzes your usage behavior and can recognize you across devices.

Your IP address is anonymized by default before being transmitted to Google.

We have also disabled the collection of exact location, position, and device data.

Due to the activation of IP anonymization on these websites, your IP address is shortened by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission. More about how Google uses this data can be found here: https://policies.google.com/privacy/partners?hl=de

Data transfers to the USA are based on the Data Privacy Framework.

Google Analytics is only used if you agree to the use of cookies. The legal basis is Article 6(1)(a) GDPR.

You can revoke this consent at any time by clicking the "Cookie Settings" button under the "Cookies" section and saving a new selection.

The data collected with Google Analytics is evaluated internally.

Via Google Tag Manager, we integrate various tracking tags, including those from Google Analytics 4 (GA4). The following information is collected:

Pages viewed (pageviews)
User’s dwell time on the website (e.g., ≥ 30s, ≥ 60s, ≥ 120s)
Scroll depth (measured scroll events at 25%, 50%, 75%, and 100%)
Language settings, browser used, device type, and operating system
Anonymized IP address (via IP masking)

This data helps us better understand how our website is used, optimize content, and improve user-friendliness. Processing is based on your consent pursuant to Article 6(1)(a) GDPR in conjunction with § 25 TDDDG.

The collected data is anonymized by Google within the EU and may be transferred to the USA. Google is certified under the Data Privacy Framework. Further information on data processing can be found at: https://policies.google.com/privacy

8. Use of Google Remarketing

This website uses the remarketing feature of Google Ireland Limited. This function serves to present interest-based advertisements to visitors of the website within the Google advertising network. A so-called “cookie” is stored in the browser of the website visitor, which enables the visitor to be recognized when they access websites that belong to Google’s advertising network. On these websites, the visitor may be shown advertisements related to content that the visitor previously viewed on websites that use Google’s remarketing feature.

Within the scope of Google Remarketing, online identifiers (e.g. cookie IDs, truncated IP addresses, device information) may be processed. Processing takes place exclusively on the basis of your consent. Should you nevertheless not wish to use Google’s remarketing function, you can generally deactivate it by making the corresponding settings at http://www.google.com/settings/ads. Alternatively, you can disable the use of cookies for interest-based advertising through the Network Advertising Initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp.

The Google Remarketing cookie is only set on our website if you consent to the use of cookies via the cookie bar. The legal basis is Art. 6(1)(a) GDPR.

9. Events

We also process personal data in the context of customer events. Processing for the purpose of organizing the event is based on Art. 6(1)(b) GDPR. Your registration for the event establishes a contractual relationship.

The processing of data for the purpose of inviting you to our events is in our legitimate interest. Invitations are sent to customers by email who have given us their consent for this purpose or by post to customers who have not consented to email marketing.

After an event, we ask participants about their experiences, wishes, and suggestions related to the event. For this purpose, we send participants an email with a link to the survey. The legal basis for the aforementioned processing is Art. 6(1)(f) GDPR. In this context, we would like to draw your attention to your right of objection.

10. Our Social Media Presences

We use the so-called Meta Pixel (formerly Facebook Pixel) on our website. This service is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Meta").

When you access a page of our website that includes the Meta Pixel, your browser establishes a direct connection with the Meta servers. Meta thereby receives the information that you have accessed the corresponding page of our website. If you are logged into Meta, your visit can be linked to your user account. Actions on our website (e.g., purchases made) can also be tracked.

We use the Meta Pixel to analyze the effectiveness of our advertising (“conversion tracking”) and to display interest-based advertising (“retargeting”) on Meta services such as Facebook or Instagram. More on data processing by Meta is available at: https://www.facebook.com/policy.php

The data transfer to Meta is based on the EU Commission’s standard contractual clauses (Art. 46 GDPR). The processing is carried out only with your consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. You can revoke this consent at any time.

We also use the LinkedIn Insight Tag, an analytics tool provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2, Ireland. It enables the tracking of page visits and conversions as well as retargeting measures. Collected data includes, among others, IP address (shortened or hashed), referrer URL, device and browser characteristics, and timestamp. A transfer of data to third countries (in particular the USA) may take place. Safeguards are implemented on the basis of the EU Commission’s Standard Contractual Clauses pursuant to Art. 46 GDPR.

The data is processed pseudonymously and collected only with your consent. The legal basis is Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. More information can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy

When using services provided by Google, Meta, LinkedIn, and YouTube, personal data may be transferred to the USA. Such transfers take place on the basis of the EU-U.S. Data Privacy Framework or the Standard Contractual Clauses pursuant to Art. 44 et seq. GDPR.

Cookie List

A cookie is a small text file that is stored on your device when you visit a website. This file contains information that allows a user to be recognized or provides certain functions of a website. Cookies are used, among other things, to make websites more user-friendly and to analyze usage data.

On our website, we use both so-called "first-party cookies" – i.e., cookies set directly by us – and "third-party cookies," which originate from external service providers. Their use complies with the General Data Protection Regulation (GDPR), particularly Art. 6(1)(a) (consent) and (f) (legitimate interest), unless explicit consent is required.

Cookie Categories Used

Strictly Necessary Cookies
These cookies are essential for the website to function and cannot be disabled. They are usually set only in response to actions you take, such as setting your privacy preferences or filling out forms.
Statistics cookies
These cookies enable us to analyze and understand the use of our website. They collect information about how visitors interact with the website, e.g., which pages are accessed, how long visitors stay on the website, or how they arrived at the website. The data collected is usually evaluated in aggregate form and is used exclusively to improve the functionality, content, and user-friendliness of the website. Statistical evaluation primarily serves the analysis and optimization of the website. Use of the collected data for advertising purposes only takes place if separate consent has been given (e.g. within the scope of remarketing functions).
Functional Cookies
These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers.
Marketing Cookies
These cookies may be set via our website by our advertising partners. They are used to build a profile of your interests and show you relevant ads on other websites.

Current Cookie List

Name	Provider	Third-party	Category	Duration	Purpose
Next-Locale	defacto.de	No	Strictly necessary (1)	Session	Saves the language selected by the user for the website.
bcookie	LinkedIn Ireland Unlimited Company	Yes	Marketing (1)	1 year	Browser identification for recognizing users and delivering targeted advertising via LinkedIn.
li_gc	LinkedIn Ireland Unlimited Company	Yes	Marketing (1)	180 days	Stores the user’s consent to the use of cookies by LinkedIn.
CookieConsent	www.defacto.de	No	Strictly necessary (1)	1 year	Stores the user’s cookie consent status for the current domain.
lidc	LinkedIn Ireland Unlimited Company	Yes	Marketing (4)	1 day	Optimizes data routing and assignment of LinkedIn advertising requests.
lastExternalReferrer	Meta Platforms Ireland Ltd.	Yes	Marketing (4)	Persistent	Determines from which external source the user accessed the website for advertising attribution.
lastExternalReferrerTime	Meta Platforms Ireland Ltd.	Yes	Marketing (4)	Persistent	Stores the time of the last external referrer for advertising attribution.
topicsLastReferenceTime	Meta Platforms Ireland Ltd.	Yes	Marketing (4)	Persistent	Collects cross-website usage information to improve advertising relevance.
_fbp	Meta Platforms Ireland Ltd.	Yes	Marketing (4)	3 months	Used by Facebook to deliver a range of advertising products and to measure advertising effectiveness.
_ga	Google LLC	Yes	Statistics (2)	2 years	Distinguishes users and analyzes user behavior on the website (Google Analytics).
ga #	Google LLC	Yes	Statistics (2)	2 years	Stores and counts page views for usage analysis (Google Analytics).
__Secure-ROLLOUT_TOKEN	Google LLC (YouTube)	Yes	Functional (3)	Variable	Controls the gradual rollout of YouTube features and experiments.
LAST_RESULT_ENTRY_KEY	Google LLC (YouTube)	Yes	Functional (3)	Session	Stores the last search or selection action within YouTube for functional control.
YSC	Google LLC (YouTube)	Yes	Marketing (4)	Session	Stores a unique session ID for statistical recording of video views.
VISITOR_INFO1_LIVE	Google LLC (YouTube)	Yes	Marketing (4)	6 months	Estimates the user’s bandwidth to optimize video delivery.
__Secure-YEC	Google LLC (YouTube)	Yes	Marketing (4)	13 months	Used for security and integrity purposes and fraud prevention within the Google/YouTube ecosystem.
__Secure-YNID	Google LLC (YouTube)	Yes	Marketing (4)	13 months	Stores a unique ID for recognizing and securing Google services.
ytidb::LAST_RESULT_ENTRY_KEY	Google LLC (YouTube)	Yes	Functional (3)	Persistent	Stores the last interactions with YouTube content in the browser (IndexedDB).
yt-remote-device-id	Google LLC (YouTube)	Yes	Functional (3)	Persistent	Identifies the playback device to synchronize YouTube functions.
yt-remote-connected-devices	Google LLC (YouTube)	Yes	Functional (3)	Persistent	Stores connected devices for YouTube playback.
yt-remote-session-app	Google LLC (YouTube)	Yes	Functional (3)	Session	Stores information about the active YouTube session.
yt-remote-session-name	Google LLC (YouTube)	Yes	Functional (3)	Session	Assigns the current YouTube session to an application.
yt-remote-fast-check-period	Google LLC (YouTube)	Yes	Functional (3)	Session	Technical control cookie for synchronizing YouTube streams.
yt-remote-cast-available	Google LLC (YouTube)	Yes	Functional (3)	Session	Checks whether cast functions are available for YouTube.
yt-remote-cast-installed	Google LLC (YouTube)	Yes	Functional (3)	Session	Detects installed cast components for YouTube.
LogsDatabaseV2:V\|\|LogsRequestsStore	Google LLC	Yes	Functional (3)	Persistent	Technical browser storage for logging service requests (IndexedDB).
ServiceWorkerLogsDatabase#SWHealthLog	Google LLC	Yes	Functional (3)	Persistent	Technical logging of the service worker status of Google services.
YtIdbMeta#databases	Google LLC (YouTube)	Yes	Functional (3)	Persistent	Metadata about YouTube IndexedDB databases in the browser.

YouTube content is only loaded after consent has been given. Before consent is granted, no YouTube cookies or comparable storage technologies are set.

Please note that the cookie list may change due to technical adjustments. The current version is reviewed and updated regularly.

11. Your Rights Regarding the Processing of Your Personal Data

You have various rights concerning the processing of personal data, which we would like to inform you about below. Details of your rights can also be found in Articles 15 to 21 GDPR and §§ 32 to 37 of the Federal Data Protection Act (“BDSG”).

You have the right to obtain information about your personal data. You may also request the correction of incorrect data.

Furthermore, you have the right – under certain conditions – to request the deletion of data, the restriction of data processing, and the right to data portability. You can object to processing based on Art. 6(1)(f) GDPR as well as to potential profiling according to Art. 21 GDPR. Any consent you have given in connection with the use of the website can be withdrawn at any time without giving reasons and with effect for the future.

All aforementioned rights under Articles 15 to 21 GDPR can be asserted informally by email or post to the controller.

You also have the right to lodge a complaint with the relevant supervisory authority if you believe that your data is being processed unlawfully. A list of data protection officers and their contact information can be found at:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

If you have any questions, you are welcome to contact our external data protection officer:

Contact Person	Attorney Christian Krösch
Company	SLK Compliance Services GmbH
Adress	Königsbrücker Straße 76
	01099 Dresden
Telephone	+49 351 89676360
E-Mail	datenschutz@slk-compliance.de