Legal

Privacy policy

This is a courtesy English translation. The legally binding version is the German privacy policy. All references are to the EU General Data Protection Regulation (GDPR / DSGVO).

Data controller

We're glad you're visiting our website. First, we'd like to introduce ourselves as the controller within the meaning of data protection law:

CDLG GLOBAL UG (haftungsbeschränkt)

represented by the managing director Christopher Hähn
Pappelallee 78/79
10437 Berlin, Germany
Phone: +49 (0) 15678583022
Email: hello@neopaq.de

General

In accordance with our legal obligations, we wish to inform you about the collection and use of your personal data.

When you use our website, personal data about you is collected. This can happen because you enter the data yourself — such as your email address. But our system also collects data from you automatically, such as your visit to our website. This happens regardless of which device or software you use to access our website.

Any entry of data by you on our website is voluntary; you suffer no disadvantage by not disclosing your data. However, without certain data we are unable to provide services or conclude contracts. We will point out such mandatory information in each case.

On this website, personal data of the user is only collected within the framework of applicable data protection law, in particular the General Data Protection Regulation (GDPR). The technical terms used in this text are explained in more detail in Art. 4 GDPR.

Under the GDPR, data processing is permitted in particular in three cases:

pursuant to Art. 6(1)(a) and Art. 7 GDPR, if you have consented to the processing of your data by us; in each case we will inform you in advance — in this privacy policy and at the time of consent, in accordance with Art. 4(11) GDPR — precisely for what purposes and under what circumstances your data is processed by us;

pursuant to Art. 6(1)(b) GDPR, if the processing of your personal data is necessary for initiating, concluding or performing a contractual relationship;

pursuant to Art. 6(1)(f) GDPR, if, following a balancing of interests, the processing is necessary to safeguard our legitimate interests; these include in particular our interest in analysing, optimising and securing the offering on our website — primarily an analysis of user behaviour, the creation of profiles for advertising purposes and the storage of access data, as well as the use of third-party providers.

Inventory data, usage data

We collect inventory data (e.g. name, address and email address, and any services used) insofar as it is necessary to establish, structure or change a contractual relationship between us and the user.

We also collect usage data (e.g. visits to the website, interest in products) to enable and bill the use of the services on our website by the user. We only merge usage data where this is necessary for billing purposes. Otherwise we will only create usage data pseudonymously and only insofar as you have not objected. You can send this objection at any time to the address given in the imprint or to the controller named in this privacy policy. The legal basis for this data processing is, on the one hand, our legitimate interest in analysing the website and your use of it under Art. 6(1)(f) GDPR and, where applicable, the legal permission to store data in the context of initiating a contractual relationship under Art. 6(1)(b) GDPR. In addition, on every use of this website our host stores information — known as server log files — which is automatically transmitted by your browser. These are:

your IP address
type and version of your browser
hostname
time of visit
the page from which you visited our site
name of the page accessed
the exact time of access, and
the volume of data transferred

This data is used only for statistical purposes and does not allow us to identify you as a user.

Consent

Where we ask for your consent to process your data, we will inform you in clear language and in an easily accessible way about the cases for which you are granting consent. Every consent we request is voluntary; any advantage you wish to obtain by granting consent can also be obtained without it — just ask us.

For every consent, you have the right to withdraw at any time a consent you have given for the processing of your personal data. This can be done by informal notice, e.g. via our contact form, an email to the address in the imprint, or an unsubscribe link (where we offer one). Your withdrawal does not affect the lawfulness of the processing carried out up to that point.

In principle, your data remains stored only for as long as the purpose of the respective processing requires. Longer storage is considered above all if this is still necessary for legal action by us or for our other legitimate interests, or if we are legally obliged to retain your data (e.g. within statutory retention periods, which are generally 6 or even 10 years).

Rights of users

You can request free information from us at any time about the personal data we have stored about you. To prevent misuse, identification of your person will be required.

You can request rectification (including by completion) of incorrect data at any time, as well as restriction of its processing or the deletion of your data. This applies in particular if the purpose of processing has ceased, a required consent has been withdrawn and there is no other legal basis, or our data processing is unlawful. We will then promptly rectify, block or delete your personal data within the legal framework.

YOU MAY OBJECT AT ANY TIME TO ANY PROCESSING OF YOUR PERSONAL DATA THAT WE BASE ON A BALANCING WITH YOUR INTERESTS UNDER ART. 6(1)(f) GDPR, WHERE THERE ARE GROUNDS ARISING FROM YOUR PARTICULAR PERSONAL SITUATION. WE WILL THEN NO LONGER PROCESS YOUR DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS ON OUR PART.

You can request that the data stored about you be transferred to you in a machine-readable form.

If you feel that our data processing infringes your rights, you can lodge a complaint with the competent supervisory authority.

If a change to the privacy policy becomes necessary for legal or factual reasons, we will update this page accordingly. No changes will be made to the consents granted by the user.

Inventory data

We collect inventory data insofar as it is necessary to establish, structure or change a contractual relationship (including a free one) between us and the user.

This may include: customer data (e.g. name, address), contact data (e.g. email address, phone number), service data (e.g. service ordered, term, fee).

When establishing the usage relationship, we will request this data from you (e.g. name, address and email address) and also tell you to what extent the information is mandatory in order to establish the usage relationship.

Usage data

We also collect usage data to enable the use of the services on our website by the user. This may include: usage information (e.g. pages or areas accessed, duration of visit, interest in services), content data (e.g. data you enter or upload, texts, images, sounds, videos), metadata (e.g. identity of your device, location, IP address).

We only merge usage data where this is necessary for billing purposes. Otherwise we only create usage data pseudonymously and only insofar as you have not objected. You can send this objection at any time to the address given in the imprint or to the controller named in this privacy policy.

The legal basis for this data processing is, on the one hand, our legitimate interest in analysing the website and its use under Art. 6(1)(f) GDPR and, where applicable, the legal permission to store data in the context of initiating a contractual relationship under Art. 6(1)(b) GDPR.

Host

1&1 IONOS SE

Our website is made available on the internet by a service provider (provider or host).

For this we use the service of 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany.

We have concluded a data processing agreement with our provider.

Under it, our provider is obliged to process your data only on our behalf and according to our instructions.

Further information on data processing by our provider can be found in its privacy policy at https://www.ionos.de/terms-gtc/terms-privacy.

The legal basis for this data processing is, on the one hand, our legitimate interest in providing and using our website on the internet under Art. 6(1)(f) GDPR, and, where applicable, the legal permission to store data in the context of initiating a contractual relationship under Art. 6(1)(b) GDPR.

On every use of this website our provider processes information — known as server log files — which is automatically transmitted by your browser on every access to websites on the internet. These are:

your IP address
type and version of your browser
hostname
time of visit
the website from which you visited our website
name of the website accessed
the exact time of access, and
the volume of data transferred

This data is used only for statistical purposes and does not allow us to identify you as a user.

Web analytics

Pirsch Analytics

To analyse the use of our website statistically, we use Pirsch Analytics, a web analytics service provided by the German company Emvi Software GmbH.

Pirsch Analytics works entirely without cookies and without cross-device recognition. No cookies are set and no personal data that would allow the identification of individual users is stored. To distinguish visits, an anonymised, non-reversible hash value is used that changes daily; IP addresses are not stored.

The data is processed and stored exclusively on servers in Germany. We use the analysis to understand how our website is used (such as page views, traffic sources and devices used) and to improve our offering. In addition, we record anonymised events – such as the successful submission of our enquiry form or the opening of our appointment-booking link – to measure the effectiveness of our content. No personal data is transmitted in the process.

The legal basis is our legitimate interest in a needs-based design and statistical analysis of our website pursuant to Art. 6 (1) (f) GDPR. As Pirsch Analytics operates without cookies and without personal data, no consent is required.

We have concluded a data processing agreement with the provider pursuant to Art. 28 GDPR. Further information on data protection at Pirsch Analytics is available at https://pirsch.io/.

Advertising

Insofar as we send advertising, we do so exclusively within the framework of § 7(3) UWG (German Act Against Unfair Competition) or on the basis of your consent.

First contact via electronic enquiry

If you contact us electronically (e.g. email, fax, phone, messenger, etc.), we store and process the data you have provided (e.g. name, contact information, content of the enquiry). The legal basis for this is our legitimate interest in effective customer communication under Art. 6(1)(a) GDPR and, insofar as it concerns an enquiry to enter into or perform a contract, also Art. 6(1)(b) GDPR.

We will only pass this data on to third parties insofar as it is necessary (under Art. 6(1)(b) GDPR) to perform the contract, corresponds to the overriding interest in an effective service (under Art. 6(1)(f) GDPR), or where your consent (under Art. 6(1)(a) GDPR) or another legal permission or obligation exists.

You can request free information from us at any time about the purpose of processing, the origin and, where applicable, recipients of your personal data. You may also assert the rectification, deletion and restriction of the processing of your personal data. You can object at any time to the (further) processing of your data and have a right to data portability as well as a right to lodge a complaint with the competent supervisory authority.

In principle, your data remains stored only for as long as the purpose of the respective processing requires. Longer storage is considered above all if this is still necessary for legal action or legitimate interests, or where a legal obligation to retain the data exists (e.g. tax retention periods, limitation periods).

Storage period

For your inventory data that was necessary to perform a (including free) contractual relationship, this means we store it until the contractual relationship is fully performed or terminated, plus the limitation period (generally 2 or 3 years), plus a reasonable surcharge for any interruption of the limitation period.

For your usage data collected in the course of your use of the website, this means we only store it for as long as is still necessary for the proper functioning of our website and our legitimate interest extends. Statistical information will primarily be stored pseudonymised only.

Beyond that, we still store your data insofar as we are legally obliged to do so. These are in particular the tax retention periods, which are generally 6 or even 10 years.

Disclosure of data

Disclosure to third parties

We dislike spam as much as you do. We will therefore not pass on your data to third parties unless this is legally permitted.

Disclosure of your data may either

be necessary to perform a contract and then permitted under Art. 6(1)(b) GDPR, or

be permitted on the basis of our legitimate interest in an effective service under Art. 6(1)(f) GDPR,

be covered by a consent you have given, or

become necessary if we are lawfully required by a state or authority to release your data under Art. 6(1)(c) GDPR.

Insofar as your data is passed on to third parties, this is set out in this privacy policy.

Data transfer outside the EU

Insofar as we transfer personal data to countries outside the European Union, in particular to the USA, in accordance with the provisions below, we only carry out such a transfer where an adequate level of data protection, appropriate safeguards or your consent exist, and thus a transfer permitted under the GDPR.

Rights of users

You can request free information from us at any time about the personal data we have stored about you. To prevent misuse, identification of your person will be required.

Deletion, rectification, restriction

Objection

WE WILL THEN NO LONGER PROCESS YOUR DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS ON OUR PART.

Data portability

You can request that the data stored about you be transferred to you in a machine-readable form.

Complaint

If you feel that our data processing infringes your rights, you can lodge a complaint with the competent supervisory authority.

Change to the privacy policy

If a change to the privacy policy becomes necessary for legal or factual reasons, we will update this page accordingly. No changes will be made to the consents granted by the user.

Data entry

Encryption

When you enter data on our website — whether in a contact form, when registering, logging in or for payment purposes — the page on which you enter the data is encrypted. This means third parties cannot read along the data you enter. You recognise the encryption by the padlock symbol in your browser and by the address bar beginning with "https" rather than just "http".

Contact form

General contact form

If you fill out a contact form or send us an email or other electronic message, your details are stored for processing the enquiry, possible follow-up questions or related further questions, and used only within the scope of the enquiry.

Your data is entered in encrypted form, so that third parties cannot read it during entry even if they have access to the network (e.g. on unsecured public Wi-Fi).

The basis for this storage is our legitimate interest in communicating with interested users under Art. 6(1)(f) GDPR and, for contract enquiries, the storage of contract data under Art. 6(1)(b) GDPR.

Your data remains stored for as long as processing the enquiry requires, in particular where storage is still necessary for performing/settling a contract, for legal action by us or for our other legitimate interests, or where we are legally obliged to retain your data (e.g. within tax retention periods).

Quote / offer

On our website you'll find a contact form with which you can request a quote for our services. We request the data shown in the form that is necessary to prepare the quote.

Your data is entered in encrypted form, so that third parties cannot read it during entry.

The basis for this storage is our legitimate interest in communicating with interested users under Art. 6(1)(f) GDPR and, for contract enquiries, the storage of contract data under Art. 6(1)(b) GDPR.

Contact by email

If you send us enquiries by email, your data is forwarded to us for the purpose of processing your request (Art. 6(1) GDPR) by the service provider Formspree.io Inc. The transmission to Formspree.io Inc. takes place via the HTTPS protocol. As a result we receive an unencrypted email from Formspree.io Inc. containing the data you entered. Formspree.io Inc. is a US service provider and submits to the requirements of the EU (GDPR). Personal data is deleted once it is no longer required or no statutory retention obligations stand in the way of deletion.

Social media

Social media links

General notes

We use links to refer to the social media presences we offer.

Unlike social media plugins, links do not already cause the social media platform to learn of your visit when our page loads.

Like any link, however, they will at the latest cause your data to be processed by the social media platform once you activate the link.

As a rule, the social media platform will store cookies on your device or even store your usage behaviour against your account, especially if you are logged in yourself.

The social media platform can analyse your usage behaviour with your data and use it for (interest-based) advertising.

This may result in advertising being shown to you inside and outside the social media platform.

Please consider for yourself whether you want to accept this, and only use a social media platform if you have informed yourself sufficiently about the data processing there and agree with it (this applies in particular if you do not yet use it) — we have included links to the privacy policies of the social media platforms in each case.

Facebook

Our site uses links to our presence on the social network Facebook of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. It is only a normal link; when you access our site, Facebook does not learn of your visit to our website. However, if you click the link, you are forwarded to Facebook, and Facebook thereby learns that you had visited our site.

Your data is transferred by Facebook Ireland on the basis of the standard contractual clauses to Facebook in the USA. In addition, this provider is certified under the EU-US Data Privacy Framework. This makes the transfer of data to the USA legally secure on the basis of the adequacy decision of 10 July 2023.

We have no knowledge of, and no influence over, the collection and use of your data by Facebook that may be possible after activating the link. Further information can be found in Facebook's privacy policy at https://de-de.facebook.com/policy.php.

Instagram

Our site uses links to our presence on the social network Instagram of Instagram LLC, now Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

It is only a normal link; when you access our site, Instagram does not learn of your visit to our website. However, if you click the link, you are forwarded to Instagram, and Instagram or Facebook thereby learns that you had visited our site.

Your data is transferred by Meta Platforms Ireland on the basis of the standard contractual clauses to Meta Platforms in the USA. In addition, this provider is certified under the EU-US Data Privacy Framework. This makes the transfer of data to the USA legally secure on the basis of the adequacy decision of 10 July 2023.

We have no knowledge of, and no influence over, the collection and use of your data by Instagram/Facebook that may be possible after activating the link. Further information can be found in Instagram's privacy policy at https://privacycenter.instagram.com/policy.

Our site uses links to our presence on the social network LinkedIn of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 2029 Stierlin Ct. Ste. 200 Mountain View, CA 94043, USA.

It is only a normal link; when you access our site, LinkedIn does not learn of your visit to our website. However, if you click the link, you are forwarded to LinkedIn, and LinkedIn thereby learns that you had visited our site.

This may result in your data being passed on to the USA.

We have no knowledge of, and no influence over, the collection and use of your data by LinkedIn that may be possible after activating the link. Further information can be found in LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy?_l=de_DE.

Online appointment calendar

Calendly

For scheduling appointments we use, within the scope of our legitimate interest in a technically sound online offering and its economically efficient design and optimisation under Art. 6(1)(f) GDPR, the Calendly calendar https://calendly.com/de, a service of Calendly LLC, 1315 Peachtree St NE, Atlanta, GA 30309, USA.

As a result, the data you enter when scheduling an appointment is sent to Calendly. Your data is thus transferred to the USA.

Further information on Calendly's privacy provisions can be found at https://calendly.com/legal/privacy-notice.

We have concluded a data processing agreement with Calendly under which Calendly processes the data only according to our instructions.

We have also ensured that your data is only passed on to the USA on the basis of a contract under the standard contractual clauses.

Under the GDPR and the CJEU this is a legal basis for transferring data to the USA. In addition, this provider is certified under the EU-US Data Privacy Framework.

This makes the transfer of data to the USA legally secure on the basis of the adequacy decision of 10 July 2023.

To schedule the appointment we request the data asked for in the Calendly form and record your IP address at the time of entry.

This data is not passed on to third parties by us or Calendly and serves us only for statistical purposes and the organisation of appointments.

Your data is entered in encrypted form, so that third parties cannot read it during entry.

Further information on the data collected by Calendly and the handling of your data can be found in Calendly's privacy policy.

Your data remains stored for as long as the reason for the appointment is still relevant, in particular where storage is still necessary for performing/settling a contract, for legal action by us or for our other legitimate interests, or where we are legally obliged to retain your data (e.g. within tax retention periods). If your appointment is resolved without further consequences, your data is deleted.