smarterSec GmbH takes your legitimate data protection concerns very seriously and complies with the provisions of the General Data Protection Regulation (GDPR), the Telemedia Act and also, where applicable, the provisions of other applicable data protection regulations.
smarterSec GmbH handles the data you provide carefully and conscientiously. Insofar as data of any kind is collected, processed or used, this is always done within the framework of the legal provisions or with your express consent.
The protection of privacy is of crucial importance for the future of internet-based business models and for the development of an internet-based economy. smarterSec GmbH underlines its commitment to the protection of privacy with this privacy statement. In the following, you will learn how smarterSec GmbH handles personal data on this website.
This privacy statement applies to this and all other websites that link to this privacy statement. Under certain circumstances, other data protection provisions apply to individual smarterSec GmbH companies.
Responsible according to Art. 4 para. 7 of the General Data Protection Regulation (GDPR) is:
Commercial register: HRB 741084
Register court: Mannheim
Phone: ++49 0721 160800 0
You can reach our external data protection officer at smarterSec GmbH at:
Global data protection standards
Our handling of personal data has been aligned with global principles and standards in terms of transparency in the use of personal data, observance and granting of rights of choice, access regulations, rules on data integrity, data security, data sharing and monitoring the lawfulness of processing. smarterSec GmbH complies with the General Data Protection Regulation (GDPR).
Where required by applicable data protection law, we will also explicitly ask for your consent for the further processing of personal data collected on this website or provided by you.
Collection and processing of personal data
smarterSec GmbH wants to better understand your needs and interests and provide you with the best possible service. Therefore, smarterSec GmbH collects and uses personal information in the manner described below and in accordance with applicable data protection laws.
In addition, we collect and process data that you voluntarily provide to us, for example, when you register for events, subscribe to newsletters, participate in online surveys, join discussion groups or forums, or make purchases.
What data do we collect and why?
With the help of the collected data, smarterSec GmbH would like to provide you with consistent personal support. smarterSec GmbH uses your data exclusively as described in this statement. Any subsequent change in the purpose of use is subject to your express consent unless the change is otherwise legitimized by applicable law.
We always process your personal data for a specific purpose.
In particular, we may process your personal data for the following purposes:
- To maintain our relationship with you, for example, through our databases, in which we aggregate data about you from our various sources in order to get an overview of the cooperation; also, to improve and individualize our understanding of your preferences and our communication with you;
- to process orders and deliver ordered services and products;
- to perform tasks in preparation for or fulfillment of contracts;
- to maintain records of business transactions;
- to provide you with appropriate and up-to-date information about research, and our products and services;
- to improve the quality of our products and services by tailoring our offerings to your specific needs;
- to respond to your inquiries and provide you with efficient support;
- to manage communication and collaboration with you;
- to track our activities (e.g., measure collaboration or sales, number of appointments/meetings, topics discussed, materials presented);
- to invite you to events we sponsor or use (e.g., presentations, conferences);
- to grant you access to our specified IT systems so that you can use certain services provided by smarterSec GmbH;
- to manage our IT resources, including infrastructure management and business continuity;
- to protect the company’s economic interests and to ensure compliance and reporting (e.g., compliance with our policies and local legal requirements, taxes and deductions, adherence to internally established grant limits, management of alleged instances of misconduct or fraud, conducting audits and defending litigation);
- for archiving and record keeping;
- for processing job inquiries;
- for billing and accounting; and
- other purposes as may be required by law and regulation.
- In certain cases, we are required by law to transfer data to a requesting government agency (institution or authority). The legal basis for the processing is Art. 6 para. 1 c GDPR or § 24 para. 2 no. 1 BDSG.
- In some cases, business partners require personal data of our clients. This is usually done in the context of order fulfillment. This is expressly provided for by law. smarterSec GmbH also remains responsible for the protection of your data in this case – if applicable, alongside the order processor. The respective business partner works according to our instructions, which smarterSec GmbH ensures through strict contractual regulations.
- To fulfill the legal obligations to record, document and report to competent authorities.
IP addresses are used for malfunction analysis, website administration, and to gather demographic information. We also use IP addresses and, where applicable, other information that you have provided to us on this website to learn which pages from our offering are accessed and what topics interest our visitors. We use the knowledge gained to be able to offer you an optimized range of information on our products and services. As a matter of principle, smarterSec GmbH only collects such data in anonymized form and will not link it to a registered user’s profile without the user’s consent. When a user visits our website, only the domain name is recorded by default.
smarterSec GmbH only collects data in connection with your visit to the website. We do not collect any personal data in connection with your visits to the websites of other companies or organizations that do not belong to smarterSec GmbH.
b) In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your terminal device for a certain fixed period of time. If you visit our website again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.
d) The cookies process data and are necessary for the aforementioned purposes to protect our legitimate interests and those of third parties in accordance with Art. 6 (1) p. 1 lit. f) GDPR.
e) Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.
If you give us your e-mail address or provide it via the contact form, we will also contact you by e-mail. We will not share your e-mail address with any third party outside smarterSec GmbH. You can decide at any time not to receive any more e-mails from smarterSec GmbH.
Orders and registration for events
Our website contains order forms that you can fill out to request information, products and services.
Use of external service providers
We work with service providers who process certain data on our behalf. This is done exclusively in accordance with the applicable data protection law. In particular, we have entered into data processing on behalf agreements with our service providers that meet the requirements of Article 28 of the GDPR.
Disclosure of data, transfer to third countries
The transfer of your personal data to third parties for purposes other than those listed below does not take place. We will only pass on your personal data to third parties if:
(a) you have given your express consent to this in accordance with Art. 6 (1) p. 1 lit. a) GDPR, § 26 (2) Federal Data Protection Act (BDSG),
b) the disclosure is necessary in accordance with Art. 6 para. 1 p. 1 lit. f) GDPR for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
c) in the event that a legal obligation exists for the disclosure pursuant to Art. 6 (1) sentence 1 lit. c) GDPR, and
d) this is legally permissible and necessary according to Art. 6 para. 1 p. 1 lit. b) GDPR, § 26 para. 1 BDSG for the processing of a contractual relationship with you or for pre-contractual measures at your instigation.
If necessary, smarterSec GmbH will also share information with business partners, service providers, third parties or subcontractors. This may be necessary to provide a service you have requested, such as for customer service purposes or to inform you about tax-related topics and services.
Your personal information will not be disclosed, sold or otherwise made available to third parties for marketing purposes without your prior consent.
smarterSec GmbH may be required to disclose your data and related information in response to a court or government order. We also reserve the right to use your data to assert or defend against legal claims.
In the event of an acquisition or merger with another company, disclosure or transfer of personal information to prospective or actual purchasers may be required. smarterSec GmbH will strive to protect the information as much as possible in such an event.
We use the service “Microsoft Teams ” of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA (hereinafter “Microsoft Teams”) to conduct online meetings, video conferences and/or webinars. In case of using Microsoft Teams, different data are processed.
Here, the scope of the processed data depends on the data you provide before or during participation in an online meeting or video conference or webinar. In the context of using Microsoft Teams, data of the communication participants is processed and stored on Microsoft Teams servers. This data may include, in particular, your login data (name, email address, phone (optional) and password) and meeting data (topic, participant IP address, device information, description (optional)).
In addition, visual and auditory contributions of the participants, as well as voice input in chats may be processed. When processing personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 (1) lit. b GDPR serves as the legal basis. If you have given us your consent for the processing of your data, the processing is based on Art. 6 (1) a GDPR. Consent given can be revoked at any time with effect for the future. Otherwise, the legal basis for data processing when conducting online meetings, videoconferences or webinars is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in the effective conduct of the online meeting, webinar or videoconference.
For data transfers to the USA, the Provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
If you subscribe to our company’s newsletter, the data in the respective input mask will be transmitted to the controller. The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration, you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other people’s e-mail addresses. When registering for the newsletter, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data is used exclusively for sending the newsletter. The subscription to the newsletter can be terminated at any time. Likewise, consent to the storage of personal data can be revoked at any time. For this purpose, a corresponding link can be found in each newsletter.
The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a) GDPR, if the user has given his consent. The legal basis for sending the newsletter as a result of the sale of goods or services is § 7 (3) UWG.
Use of rapidmail
Description and purpose: We use rapidmail to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. Among other things, rapidmail is used to organize and analyze the dispatch of newsletters. The data entered by you for the purpose of receiving the newsletter is stored on rapidmail’s servers in Germany. If you do not want any analysis by rapidmail, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message. For the purpose of analysis, the e-mails sent with rapidmail contain a so-called tracking pixel, which connects to the servers of rapidmail when the e-mail is opened. In this way, it can be determined whether a newsletter message has been opened. Furthermore, with the help of rapidmail, we can determine whether and which links in the newsletter message are clicked.
Legal basis: The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR.
Recipient: The recipient of the data is rapidmail GmbH.
Transmission to third countries: There is no transfer of data to third countries.
Duration: The data stored by us as part of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and the servers of rapidmail after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.
Possibility of revocation: You have the possibility to revoke your consent to data processing with effect for the future at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.
Further data protection information: For more details, please refer to the data security notices of rapidmail at: https://www.rapidmail.de/datensicherheit.
For more details on the analysis functions of rapidmail, please refer to the following link: https://www.rapidmail.de/wissen-und-hilfe
This website uses the YouTube embedding function to display and play videos from the provider “YouTube”, which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
According to information from “YouTube”, these are used, among other things, to collect video statistics, to improve user-friendliness and to prevent abusive behavior. If you are logged in to Google, your data is directly assigned to your account when you click on a video. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation is carried out in particular in accordance with Art. 6 para. 1 lit.f GDPR on the basis of Google’s legitimate interests in the insertion of personalized advertising, market research and/or needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
The use of YouTube may also result in the transmission of personal data to the servers of Google LLC. in the USA. Regardless of a playback of the embedded videos, a connection to the Google network is established each time this website is called up, which may trigger further data processing operations without our influence.
For the transfer of data from the EU to the USA, the Provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.
Further information on Google data protection can be found at:
This website uses the technical platform and services of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland for the information service offered on Instagram at https://www.instagram.com.
We would like to point out that you use this Instagram page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).
Collection of personal data
When you visit our Instagram page, Instagram and thus the associated company Facebook collect, among other things, your IP address and other information that is present in the form of cookies on your PC. This information is used to provide us, as operators of the Instagram pages, with statistical information about the use of the Instagram page. Facebook provides more detailed information on this at the following link:
Instagram’s full data policy can be found here:
We have no influence on the data collection and further processing by Instagram. Furthermore, it is not recognizable for us to what extent, at which location and for how long the data is stored, to what extent Instagram and Facebook comply with existing deletion obligations, which evaluations and links are made with the data and to whom the data is passed on. If you would like to avoid that Instagram and Facebook processes personal data transmitted by you to us, please contact us by other means. Our full contact details can be found in our imprint on Instagram.
The data collected about you in this context is processed by Facebook Ireland Ltd. and may be transferred to countries outside the European Union in the process. What information Instagram/ Facebook receives and how it is used is described in general terms by Instagram/ Facebook in its data usage guidelines. There you will also find information on how to contact Facebook and on the settings options for advertisements. The data usage guidelines are available at the following link:
The full data policy of Instagram can be found here:
In what way Instagram & Facebook uses the data from the visit of Instagram pages for its own purposes, to what extent activities on the Instagram and Facebook pages are assigned to individual users, how long Instagram & Facebook stores this data and whether data from a visit to the Instagram page is passed on to third parties, is not conclusively and clearly named by Instagram & Facebook and is not known to us.
Insofar as the data you provide to us via Facebook is also or exclusively processed by Facebook, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is also the data controller within the meaning of the General Data Protection Regulation (GDPR) in addition to us.
Facebook data protection officer
The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
When you access an Instagram page, the IP address assigned to your terminal equipment is transmitted to Instagram/ Facebook. According to Facebook, this IP address is anonymized (for “German” IP addresses) and deleted after 90 days. Facebook also stores information about the end devices of its users (e.g. as part of the function “Login notification” function); if necessary, Facebook is thus able to assign IP addresses to individual users.
If you are currently logged in to Instagram as a user, a cookie with your Instagram ID is located on your end device. This enables Facebook to track that you have visited this page and how you have used it. This also applies to all other Instagram pages. Via Instagram buttons embedded in websites, it is possible for Facebook to record your visits to these website pages and assign them to your Instagram profile. Based on this data, content or advertising can be offered tailored to you.
If you want to avoid this, you should log out of Instagram & Facebook or deactivate the “stay logged in” function, delete the cookies present on your device and exit and restart your browser. In this way, Instagram & Facebook information through which you can be directly identified will be deleted. This will allow you to use our Instagram page without revealing your identifier. When you access interactive features of the page (like, comment, share, message, etc.), a login screen will appear.
After any login, you will again be recognizable to Instagram/ Facebook as a specific user.
Links to other websites
Our website may contain links to third-party websites. smarterSec GmbH is not responsible for the privacy practices or the content of websites outside smarterSec GmbH.
smarterSec GmbH will retain personal data only for as long as is necessary for the purpose for which it was collected or as required by law.
Data protection information in the application process
(1) We process the applicant data only for the purpose of and within the scope of the application procedure in accordance with the legal requirements. Applicant data is processed to fulfill our (pre)contractual obligations within the scope of the application procedure in accordance with Art. 6 (1) lit. b. GDPR Art. 6 para. 1 lit. f. GDPR insofar as the data processing becomes necessary for us, e.g. within the scope of legal procedures (in Germany, § 26 BDSG also applies).
(2) The application procedure requires applicants to provide us with applicant data. Required applicant data includes personal details, postal and contact addresses, and the documents pertaining to the application, such as cover letter, resume, and references. In addition, applicants may voluntarily provide us with additional information.
(4) Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily disclosed within the scope of the application procedure, their processing shall additionally be carried out in accordance with Art. 9 (2) lit. b GDPR (e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR are requested from applicants as part of the application process, their processing is additionally carried out in accordance with Art. 9 (2) a GDPR (e.g. health data, if this is necessary for the exercise of the profession).
(5) Applicants can send us their applications by post or by e-mail. However, please note that e-mails are generally not encrypted and applicants must ensure encryption themselves. We can therefore accept no responsibility for the transmission path of the application between the sender and receipt on our server. If the applicant has concerns about the security of the application documents sent by e-mail, we recommend that the application documents be sent by post.
(6) In the event of a successful application, the data provided by the applicants may be processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicants’ data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
(7) Subject to a justified withdrawal by the applicants, the deletion will take place after the application process has ended for six months so that we can answer any follow-up questions about the application and satisfy our obligations to provide evidence under the Equal Treatment Act.
In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted after two years.
If you are awarded a position during the application process, the data will be transferred from the applicant data system to our HR information system and deleted 10 years after the end of the employment relationship.
Invoices for any reimbursement of travel expenses are archived in accordance with tax law requirements.
Data subject rights
You have the right,
a) to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction, processing or objection, the existence of a right of complaint, the origin of your data, if it was not collected by us, such as the existence of automated decision-making and, if applicable, meaningful information about its details;
b) in accordance with Art. 16 GDPR, to demand the immediate correction of incorrect or the completion of your personal data stored by us;
c) pursuant to Art. 17 GDPR, to request the erasure of personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation on grounds of public interest, or for the assertion, exercise or defense of legal claims;
d) according to Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 GDPR;
e) pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
f) in accordance with Art. 7 (3) GDPR, to revoke your consent once given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future; and
g) complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the registered office of our company for this purpose.
The competent supervisory authority for data protection of smarterSec GmbH is:
Baden-Württemberg Supervisory Authority
The State Commissioner for Data Protection of Baden-Württemberg
P.O. Box 10 29 32, 70025 Stuttgart
Urbanstr. 32, 70182 Stuttgart
Tel. 0711 615541 – 0
Fax: 0711 615541 – 15
For the assertion of the aforementioned rights as well as for questions regarding data protection, you can contact the person responsible in accordance with the aforementioned point 1 or send a corresponding e-mail to firstname.lastname@example.org.
Right of objection
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation. If you wish to make use of your right of revocation or objection, it is sufficient to send an e-mail to email@example.com.
a) Within the website visit, we use the widespread SSL procedure (Secure Sockets Layer) in conjunction with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
b) We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.