cc|digital factory 365


Data Protection Declaration

COSMO CONSULT TIC GmbH (Listemannstr. 10, 39104 Magdeburg, Tel.: 0391-25497-0, email: takes the protection of personal data very seriously. We treat your personal data as confidential and in accordance with both legislative data protection regulations and this data protection declaration.

In what follows you will find information on how Cosmo Consult collects and uses personal data, in particular what data is collected during your visit on and how it is used. In section number 4 we provide you with information about your rights under the EU Data Protection Regulation and how you can exercise those rights.

We will not share your personal data with third parties without your consent or without a legal obligation; we will use it only for the technical administration of the web pages. If you are one of our customers, we will use your data for customer management and for marketing only to the extent required and legally permitted. As one of our customers, you are always entitled to revoke permission for the promotional use of your data at any time.

Personal data will only be collected or transmitted to state institutions and authorities within the context of mandatory national legislation.

Here we now offer you the possibility to conclude an EU-DSGVO-compliant contract agreement with us: SharePoint Link

1.0 General

The object of this data protection declaration is the collection, processing and use of personal data by the website

1.1 Collection and processing of personal data

Our website can generally be used without providing personal data. Personal data, such as the user’s name, address, telephone number or email address, is only recorded if the user provides this information voluntarily. We use the personal data provided solely to meet your requirements.

We will process your personal data for the following purposes.

a) Contract fulfillment
We will process your data in order to be able to fulfill our contracts. This also applies to information that you provide to us in the context of pre-contractual correspondence. The specific purpose of the data processing depends on the product and the application submitted; it may also be used to analyze your needs and to determine which products and services are suitable for you. For the fulfillment of the contract we need your name, your address, and your telephone number or e-mail address, so that we can contact you. We also need your personal data in order to determine whether we can offer you products and services and if so which ones. You can find details concerning the respective purposes of the data processing in the contract documents and our general terms and conditions.
This data processing is done on the basis of Article 6 (1) b GDPR.

b) Measures for your security
The situations in which we use your personal data include:

  • We analyze your data to protect you or your company from fraudulent activities. This might be the case if, for example, you have been the victim of identity theft or if unauthorized persons have gained access to your user account in some other way;
  • To improve the reliability of our web applications, our IT support will work closely with you in case of technical problems. In this context, we also evaluate logs of page views, actions performed, etc.;
  • To ensure IT security;
  • To be able to document and prove facts for the eventuality of possible legal disputes.

This data processing is done on the basis of Article 6 (1) f GDPR.

c) On the basis of your consent
If you have granted consent for the processing of your personal data for one or more specified purposes, then it is permissible for us to process your data. You may revoke your consent with a view to the future at any time without incurring any cost other than the base rate for transmission (the cost of your Internet connection). However, the revocation of consent does not affect the legality of the processing up to the revocation.
The processing of this data for this purpose is done on the basis of Article 6 (1) a of the GDPR.

d) On the basis of legal requirements or in the public interest
As a company, we are subject to a wide variety of legal requirements (for example, arising from tax legislation). In order to comply with our legal obligations, we process only the personal data that is absolutely necessary for that purpose.

In accordance with applicable data protection regulations, we do not store your personal data longer than is necessary for the purpose of the processing concerned. When the data is no longer required for the fulfillment of contractual or legal obligations, we regularly delete it, unless it is necessary to store it temporarily. The following reasons may be grounds for retaining the data:

  • There are obligations to retain data under commercial and tax law that must be complied with: time periods of up to 10 years are prescribed for the retention of data according to the regulations of the commercial code and the tax code.
  • To preserve evidence for the event of legal disputes within the framework of the statutory limitation period: civil law limitation periods can be up to 30 years, although statutes of limitation periods regularly expire after three years.

1.2 Cookies

Web pages sometimes use so-called cookies. Cookies are small text files that allow specific device-related information to be saved on the device used by the user (PC, smartphone, or similar) to access the web page. On the one hand, they serve the user-friendliness of web pages and thereby the users (e.g. saving login data) and on the other hand they serve to gather statistical data on website use in order to analyse this to improve what is on offer.

You can configure your browser in such a way that you are informed of the placement of cookies and only allow them on a case-by-case basis, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

1.3 Use of Youtube

On our website we use plugins from the YouTube page, which is operated by YouTube LLC, a subsidiary of Google, 901 Cherry Ave., San Bruno, CA 94066, USA. If you access a page from our website that contains such a plugin, your browser will establish a direct connection with YouTube’s servers. The Youtube server will be informed which of our pages you have visited. If you are logged in to your YouTube account, you can allow YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account. For more information about the handling of user data, please refer to YouTube’s privacy policy at:

1.4 Contact requests / demo account

Some pages on our website offer you the option of contacting us or request a demo account for further functions.  We will only use information transmitted in this way to process your request or to provide access to the demo system. Data collected in this way will not be passed on to third parties or reconciled with data that may have been collected by other components of our website.

1.5 Objection to advertising emails

The use of contact data published in compliance with German legislation on providing company information for sending advertisements and informational material that is not expressly requested is hereby rejected. The operators of the web pages expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, for example via spam emails.

1.6 Amendment to the data protection declaration

We reserve the right to amend this data protection declaration from time to time based on updates of this website. We therefore recommend that you visit this website regularly to make sure that you agree with the amendments.

1.7 Revocation, amendments, corrections and updates

You have the right to access the information on your stored personal data, its origin and recipients, and the purpose of data processing free-of-charge and at any time, and you also have the right to correct, block or delete this data. For this purpose and in case of additional questions on the topic of personal data, you may contact us at any time at the address provided in the imprint.

2.0 Data Protection Officer

If you have questions regarding the processing of your personal data or require additional information on the topic of data protection, please do not hesitate to contact our data protection manager.

Mr Marco Schröder
2b Advice GmbH
Joseph-Schrumpeter-Straße 15
53227 Bonn


3.0 Members of the Joint Controllership Agreement

As the joint controllership body, COSMO CONSULT Group, the companies listed here have entered into a data protection agreement in accordance with Article 26 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: GDPR) as amended.

3.1 Overview of all Partners and Contractors

COSMO CONSULT has concluded data processing agreements with strategic partners and other service providers in accordance with Article 28 GDPR with effect for all companies of the group. COSMO CONSULT uses the service providers listed as approved subcontractors. Here you can find the Overview of all Contractors and Partners.

3.2 Order Data Processing Agreement

Article 28 ff. EU-GDPR lays out detailed statutory rules on the processing of personal data by service providers.  If you pass on personal data of your company, business partners or customers, it is important that you do so in a manner that is legally compliant and in accordance with the new EU Regulation.

If you have your customer data processed directly or remotely by COSMO CONSULT or if you make it available to us for the purpose of processing service requests, we are now offering the opportunity for you to conclude an EU-GDPR-compliant contract agreement with us that guarantees you complete legal certainty. In order to make the necessary processes as convenient and transparent as possible for you, an application form is available under the following link:SharePoint Link
Simply log in here with your YourCOSMO user account.
In the online form you can then enter the specific details about the type and scope of the data to be processed. On the basis of this, we will create a processor contract tailored to your needs. Please note: No additional costs arise for you in connection with the application or preparing or concluding the contract!

3.3 Data protection and Data Security at COSMO CONSULT

COSMO CONSULT has taken measures in the areas of construction, personnel, organization and technology that ensure the security of objects and data, as well as uninterrupted operations.
The technical and organizational data-protection measures deal with the following:

  • Organizational control, physical access control, system access control, data access control, transfer control, order control, availability control and the separation requirement
  • Type of data exchange, provision of data, nature and circumstances of processing, data storage as well as the kind of and environment for data transmission
  • Measures to permanently secure the confidentiality, integrity, availability and capacity of the systems and services and the ability to rapidly restore the availability of and access to personal data in the event of a physical or technical incident. A procedure for periodically reviewing, assessing and evaluating the effectiveness of these measures.

As a general principle, the technical and organizational measures of COSMO CONSULT are affected by technological progress and continuing development.  COSMO CONSULT will take all measures necessary to increase security. You can download the current documentation of the technical and organizational measures “Data Protection and Data Security at COSMO CONSULT” here.

4.0 Rights of affected persons

You always have the right to receive information about your stored personal data, its origin, the recipients of that data as well as the the purpose of the data processing free of charge at any time. If the data is not correct, you are entitled to require us to correct it or, if it is incomplete, to remedy that. If we have given your data to third parties with your consent, we will inform them of this action in certain legal circumstances.

If the data processing is done in the public interest or on the basis of a balance of interests, you have the right to object to the data processing for reasons arising from your particular situation.
If your data is no longer needed for the original purpose, you have revoked your consent and there is no other legal basis for processing the data, or if your data is being processed unlawfully, you are entitled to require us to delete your data. This also applies if your objection to the processing is legally effective or your data must be deleted to fulfill a legal obligation.
Please note that before deleting your data, we must confirm that there is no legitimate reason or legal obligation to process your personal data.

You are entitled to demand that the processing of your data be restricted if you dispute the accuracy of the data, we still need the data in order to assert legal claims, the data is being processed unlawfully or you have objected to the processing and the review of your case is still pending.

If you provide us with personal data, you have the right to receive that data on request in a transferable and machine-readable format or to have that data provided to another person named by you.

Of course, you also have the right to lodge a complaint with the competent authority at any time if our conduct in relation to your personal data gives you grounds to do so.

cc|digital factory 365