Data Protection and Compliance

1. Data Protection by DriveLock

Privacy is an important and sensitive issue, especially when it comes to security solutions. DriveLock is committed to respecting the privacy of our customers and employees, and our compliance and security team ensures that DriveLock fulfils its global data protection requirements and protects the privacy of individuals, customers, applicants and employees.

This trust is based on security, data protection and compliance.

DriveLock SE takes your legitimate data protection concerns very seriously and complies with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG-new), the Telecommunications Digital Services Data Protection Act (TDDDG) and, where applicable, the provisions of other applicable data protection regulations.

DriveLock SE handles the data transmitted by you carefully and conscientiously. Insofar as data of any kind is collected, processed or used, this is always done in accordance with the statutory provisions or with your express consent.

The protection of privacy is of crucial importance for the future of Internet-based business models and for the development of an Internet-based economy. DriveLock SE emphasises its commitment to the protection of privacy with this privacy statement. Below you will find information on how DriveLock SE handles personal data on this website.

This privacy policy applies to this and all other websites that refer to this privacy policy. Other data protection provisions may apply to individual DriveLock SE companies. We therefore ask you to read the privacy policies of all websites you visit carefully.

The controller pursuant to Art. 4 (7) of the General Data Protection Regulation (GDPR) is:  

DriveLock SE 
Landsbergerstr. 396 
81241 Munich, Germany
Tel: +49 (0)89 5463649 - 0

Email: info(at)drivelock.com

You can contact our data protection officer at DriveLock SE at:

DriveLock SE 
Thomas Fletschinger 
Email: dsb(at)drivelock.com 

The following information is intended to help summarise the necessary transparency with regard to data protection and security for you.

2. Our most important data protection principles

3. Dealing with data

3.1 Methods of data collection

In terms of data protection, it is important to understand what data is collected, disseminated and stored.

You manage the amount and type of data sent to DriveLock by using and configuring the DriveLock Agent, management consoles, training and assessments, APIs and integrations. These components may be provided by DriveLock or your component providers.

We also collect a range of general data and information each time the DriveLock website is accessed by a data subject or an automated system.

3.2 Marketing and sales-related data

Collection and processing of personal data

DriveLock SE would like to better understand your wishes and interests and offer you the best possible service. DriveLock SE therefore collects and uses personal information in the manner described below and in accordance with applicable data protection law.

This general data and information, which we collect when you visit our website, is stored in the server log files. The following can be recorded:

• an internet protocol address (IP address),
• the date and time of access to the website,
• the exact sub-page that was accessed on our website,
• the website from which you accessed,
• our website (so-called referrer)
  the browser used and its version
  and the operating system used for access.

We process the aforementioned data for the following purposes:

• to ensure a smooth connection to the website,
• to optimise the content of our website for you
• and to ensure system security and stability.

These points are in your and our legitimate interest. In addition, we may also use this data to fulfil our legal obligations in cooperation with law enforcement authorities. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.

We also collect and process data that you provide to us voluntarily, for example when you register for events, subscribe to newsletters, test or download our products or take part in online surveys.

3.3 What data do we collect and why?

With the help of the data collected, DriveLock SE would like to offer you optimal personalised support. DriveLock SE will only use your data as described in this statement. Any subsequent change to the purpose of use is subject to your express consent, unless the change is otherwise legitimised by applicable legal provisions.

We process your data for the following purposes, among others:

• To process orders and deliver ordered services and products.
• To inform you about our services, products and other matters. In some cases, this may include information from other companies and business partners,
• To tailor information about our services and products to your specific needs. For example, we may provide you with information about the exact services or products you have requested or are interested in.
• So that we can contact you, answer (customer) enquiries and provide information on shipping and billing issues.
• To conduct voluntary customer surveys in order to continuously improve our services and products.
• To process job enquiries.
• To fulfil contractual obligations.

IP-Adressen

IP addresses are used to analyse malfunctions, to administer the website and to obtain demographic information. We also use IP addresses and possibly other information that you have made available to us on this website in order to find out which pages of our website are accessed and which topics are of interest to our visitors. We use the knowledge gained to provide you with optimised information about our products and services. DriveLock SE only collects such data in anonymised form and will not link it to a registered user's profile without their consent.

DriveLock SE only collects data in connection with your visit to the DriveLock website. We do not collect any personal data in connection with your visits to the websites of other companies or organisations that do not belong to DriveLock SE.

Email addresses

If you provide us with your e-mail address or enter it via the contact form, we will also contact you by e-mail. You can opt out of receiving emails from DriveLock SE at any time.

Orders and registration for events

Our website contains forms that you can fill out to request information and services.

Use of external service providers

We work together with service providers who process certain data on our behalf. This is done exclusively in accordance with the applicable data protection law. In particular, we have concluded data processing agreements with our service providers that fulfil the requirements of Article 28 of the GDPR.

Notes on the newsletter and consent

The following information explains the content of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.

Content of the newsletter

We only send newsletters and emails (hereinafter ‘newsletter’) with the consent of the recipient or with legal authorisation. The content described when registering for the newsletter is decisive for the user's consent.

Double opt-in and logging

Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary to ensure that no-one can register using other people's e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address.

Registration data

To subscribe to the newsletter, it is sufficient to enter your e-mail address.

You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the ‘unsubscribe’ link in the newsletter.

Disclosure of data, transfer to third countries

Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:

1. 1. you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR, § 26 para. 2 Federal Data Protection Act (BDSG),
   2. the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data, 
   3. in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c) GDPR and 
   4. this is legally permissible and necessary for the fulfilment of a contractual relationship with you or for pre-contractual measures at your request in accordance with Art. 6 para. 1 sentence 1 lit. b) GDPR, § 26 para. 1 BDSG.

3.3 What data is processed by Drivelock HYPERSECURE Platform?

DriveLock provides you with a detailed insight into events surrounding your data security in order to analyse them effectively. In addition to the basic business information required to use our services, such as name and email address, DriveLock collects data required to provide the product we offer. For customers who share more sensitive information, including personal data, additional contractual obligations may be required to fulfil legal requirements. Depending on the type of data being shared, we may provide service-specific and other supplemental terms, Data Processing Agreements (DPA) and/or a User Agreement.

With regard to data protection when using DriveLock solutions, it is important to understand what data is processed. DriveLock categorises the data to be processed into three groups:

Neutral data

This first group includes all configuration data. This is essentially the technical description of the security definitions. These are per se free of personal information.

Customer-specific data - Inventory

In order to protect end devices, it is essential to know these devices. DriveLock therefore creates an inventory of all devices on which a DriveLock Agent is installed. In addition to relevant hardware information, this inventory also includes data on device statuses and installed software.

This data is collected in order to use it for rule definition on the one hand and to log the enforcement of the defined set of rules based on the device statuses on the other.

User and computer-related data

DriveLock also records event data for all security-relevant events from users and end devices. This data is collected in order to prove or document the protection status of the end device. On the other hand, this data provides the basis for necessary forensic investigations in the context of cyber incidents.

This category also includes data that is collected as part of user training or user assessments. This data also serves as proof of the measures taken and their effectiveness.

Exclusion of data

DriveLock provides you with instructions, tools and recommendations that enable you to purge, obfuscate, filter or otherwise reduce access to unnecessary private or personal data contained in the data you provide to DriveLock. Further information on these tools and recommendations can be found in our documents.

Data centre locations

As a customer, you select the country in which your data is to be hosted from a predefined list of locations when setting up the account. DriveLock will not change the hosting location of your data. As part of support activities, your employees and DriveLock employees can also access the data outside your host country.

For the DACH region, our primary data centre is the Microsoft Azure Data Centre Germany West. The data centre is located in Frankfurt am Main.

With DE-CIX, Frankfurt has the largest Internet exchange in the world with a throughput of 10 terabits/sec. That is a world record! In addition to the high IT security certificates, German data centres are subject to a number of other requirements for building technology.

The data centres located in Frankfurt are subject to German laws, e.g. for fire protection, and therefore offer the highest level of security in terms of power supply and operation in the event of failures.

Here you benefit from both high security and very low latency.

In addition, our Frankfurt data centre location is secured by a backup data centre in Paris. The databases are transferred to the Microsoft Azure France Central data centre via online log shipping.

This combination of fail-safety means that the data remains in the legal area of the EU and the GDPR.

Data centre locations

Data security

Privacy, security and confidentiality are part of the design of the DriveLock HYPERSECURE platform and every service we offer. DriveLock regularly conducts data protection and security training for all its employees. On our security page you can get an overview of our security posture and learn more about our ISO 27001 certification and the Alliance for Cybersecurity. DriveLock has created a self-service portal where customers and prospects can view the documents that support the company's privacy, security and compliance programmes. Please contact your DriveLock representative who can help you gain access to these documents. There you will find detailed documentation on the security of the DriveLock platform, such as copies of our independent audit certificates, incident response plans and much more.

DriveLock's sub-processors

In order to provide our services, we may share your data with certain of our trusted providers (sub-processors). These transfers will only occur in certain cases - for example, we may need to share your personal data with our hosting provider, or with one of our subsidiaries to provide you with technical support in a different time zone. Data may also be passed on to one of our platform partners. This depends on the services you choose to use. At least 30 days before we engage a new sub-processor, we will add it to our list of sub-processors. Before we engage a new sub-processor, we subject them to a rigorous onboarding process to ensure that we can securely provide them with the personal data we receive from our customers. This includes reviewing each provider's security and privacy practices to ensure that they meet our strict requirements, and we require them to sign a DPA with us that (1) provides a level of protection for personal data at least as high as that in our DPA with you, and (2) includes SCCs for all onward transfers of personal data.

4. Key Definitions

4.1 Personal data

Data that can be used either directly or indirectly to identify a person. An example of personal data that DriveLock may process is email addresses for authentication and use of DriveLock services.

4.2 Customer data

Data from our customers' environments that is sent to DriveLock. For the purposes of the GDPR, we are a processor of this data, but the customer remains the controller. The customer has control over the type and amount of this data that we receive. 

4.3 Account data

Data about the customer that the customer provides to DriveLock when creating an account. This includes fields such as first name, surname and email addresses for logins or billing. The easiest way to visualise this is as the data of our customers' employees.

4.4 Usage data

All data relating to the configuration and use of DriveLock platform products by our customers.

4.5 Data processing

In the context of the General Data Protection Regulation, processing refers to all operations carried out by an organisation that involve personal data. Examples include recording, structuring, combining, modifying and more.

4.6 Data Processing Agreement (DPA)

According to the General Data Protection Regulation (GDPR), a data protection agreement (DPA) is required for any data processing by third parties, which specifies the purpose of the data processing, the rights of the data subjects, procedures in the event of data breaches and much more. Read the DriveLock Data Processing Agreement here.

4.7 Standard Contractual Clauses (SCCs)

SCCs are clauses that are added to our data processing agreement to ensure that adequate data protection safeguards are in place for all data sent from the EU to third countries that are not part of the Union.

4.8 Services

In our DPA, the term ‘Services’ refers to the product to which a customer subscribes (accessible via https://de.drivelock.cloud/ and other websites). The services are the technology that collects and processes customer data. In our DPA, the term ‘Services’ does not include alpha, beta and other pre-commercial versions of DriveLock products. 

5. Resources

5.1 End customer license agreements (EULA)

You can find our current End User License Agreement (EULA) here: Download

5.2 Data processing agreement (AVV / DPA)

The current version of the Data Processing Agreement (DPA) for the use of the cloud-based HYPERSECURE Platform can be found here: Download

5.3 DriveLock SLA / Support specification

The current version of the support specification can be found here: Download

5.4 Technical measures to protect the data

General information

• A dedicated database is available for each customer.
  Databases are encrypted with transparent data encryption (TDE). In addition to the actual database, this also includes transaction logs and data backups.
• All data transport routes are SSL-encrypted.
• Data is processed and stored in Germany and the EU.

Zero Trust approach with Microsoft Azure PIM

We use a Zero Trust approach with the help of Microsoft Azure Privileged Identity Management (PIM) to ensure that access to your data in the cloud is strictly controlled:

• Just-in-Time (JIT) privileged access: our administrators are only given temporary access to your sensitive data when required. This minimizes the risk of unauthorized access.
• Time-bound access: Administrators can only access your data within a defined period of time, e.g. for one hour. This ensures that access is limited in time.  
• Multi-factor authentication (MFA): Additional security is provided by using MFA to ensure that only authorized persons can access your data.
• Notification to central collection point: Every access to your data is logged and reported to a central point in order to detect possible security breaches immediately.  
• Historical logs: All accesses are recorded and can be reviewed later to ensure the security of your data.  
• Read-only access: It is important to note that none of our administrators or developers are able to delete or copy your data. This ensures the integrity and confidentiality of your data, even for users with elevated privileges.

It is important to emphasize that these measures are not applied in isolation, but always in combination. This is crucial to minimize the risk of a data leak from an internal perspective. Your data is protected by multiple layers of protection to ensure that it is not compromised.

Microsoft - a strong partner

Our entire infrastructure is subject to permanent monitoring with regard to availability, vulnerabilities and possible intrusions. The necessary security controls are regularly analyzed by DriveLock and appropriate measures are taken if necessary.

In addition, we continuously optimize the security settings of our high-availability clusters.

Product functions for data protection

• Multi-factor based user login .
• Comprehensive roles and rights model defines access to data.
• Sensitive data such as users, computer names, information from events, security awareness or alarm messages can be anonymized.
• Event data is automatically deleted after 30 days (or the interval of your choice) 

TOMs at DriveLock

The DriveLock internal Technical and Organizational Measures regulate the data protection requirements for commissioned data processing by DriveLock SE within the meaning of Art. 28 GDPR and the technical and organizational measures (TOMs) pursuant to Art. 32 para. 1 lit. B GDPR.

6. Data subprocessors

6.1 DriveLock HYPERSECURE Platform

Mit den hier genannten Subunternehmen bestehen Datenverarbeitungsverträge, die die Standardvertragsklauseln für die Übermittlung personenbezogener Daten an Drittländer gemäß der Verordnung (EU) 2016/679 des Europäischen Parlaments und des Rates umfassen. 

Data processing contracts are in place with the subcontractors mentioned here, which include the standard contractual clauses for the transfer of personal data to third countries in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council.

Unterauftragsverarbeiter

DriveLock HYPERSECURE Platform

Mit den hier genannten Subunternehmen bestehen Datenverarbeitungsverträge, die die Standardvertragsklauseln für die Übermittlung personenbezogener Daten an Drittländer gemäß der Verordnung (EU) 2016/679 des Europäischen Parlaments und des Rates umfassen. 

Der Verantwortliche hat die Inanspruchnahme folgender Unterauftragsverarbeiter genehmigt:

6.2 DriveLock Marketing Analysetools

The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the tracking tools described in more detail below.

Privacy policy for the use of Usercentrics (Cookiebot has been integrated) 

We use the Usercentrics cookie tool from Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany (Usercentrics). This enables us to obtain and manage the consent of website users for data processing. Processing is necessary for compliance with a legal obligation (Art. 7 para. 1 GDPR) to which we are subject (Art. 6 para. 1 sentence 1 lit. c GDPR). The following data is processed for this purpose:

Date and time of access Browser information Device information Geographical location Cookie preferences URL of the page visited.

The functionality of the website is not guaranteed without the processing.

Usercentrics is the recipient of your personal data and acts as a processor for us. The data will be deleted after 3 years.

The processing takes place in the European Union. Further information on objection and removal options vis-à-vis Usercentrics can be found at: https://usercentrics.com/de/datenschutzerklaerung/

Privacy policy on the use of SEMrush

This website uses the online marketing optimization tool of SEMrush Inc. The operating company of the SEMrush services is Semrush Inc, Na Hřebenech II 1718/10, Nusle, 140 00 Praha, Czech Republic (hereinafter “SEMrush”)

SEMrush uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a SEMrush server and stored in the Czech Republic.

You can find more information on terms of use and data protection at https://de.semrush.com/company/legal/privacy-policy/#3.

On behalf of the operator of this website, SEMrush will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

If you have any further questions, please do not hesitate to contact us.

Privacy policy for the use of Google Tag Manager

We use “Google Tag Manager” on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”). Google Tag Manager enables us as marketers to manage website tags via an interface. The Google Tag Manager tool, which implements the tags, is a cookie-free domain and does not itself collect any personal data. Google Tag Manager triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

Information from the third-party provider: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland

Further information on data protection can be found on the following Google websites:

• Privacy policy: https://policies.google.com/privacy?hl=de&gl=de
• FAQ Google Tag Manager: https://www.google.com/intl/de/tagmanager/faq.html
• Google Tag Manager terms of use: https://www.google.com/intl/de/tagmanag

Privacy Policy for the Use of Google Maps

This page uses the Google Maps service via an API. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the features of Google Maps, it is necessary to store your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence over this data transmission. The use of Google Maps is in the interest of providing an appealing presentation of our online offers and in making it easy to find the locations mentioned on our website. This represents a legitimate interest in accordance with Art. 6(1)(f) of the GDPR.

More information on how user data is handled can be found in Google's privacy policy: policies.google.com/privacy?

Privacy Policy for the Use of Google Web Fonts

This page uses so-called Web Fonts, provided by Google, to ensure a uniform display of fonts. When you access a page, your browser loads the required Web Fonts into your browser cache to display texts and fonts correctly.

For this purpose, the browser you are using must establish a connection to Google's servers. In doing so, Google becomes aware that our website was accessed via your IP address. The use of Google Web Fonts is in the interest of a consistent and appealing presentation of our online offerings. This represents a legitimate interest in accordance with Art. 6(1)(f) of the GDPR.

If your browser does not support Web Fonts, a standard font from your computer will be used.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy.

Privacy policy GoToWebinar

DriveLock uses the “GoToWebinar” program from LogMeIn to conduct webinars. Registration data is forwarded to GoToWebinar to conduct the webinar and stored there. After registration, users receive e-mails from GoToWebinar with the dial-in data for the desired webinar. Further information on LogMeIn's data protection can be found at: https://www.logmeininc.com/de/legal/privacy

Hubspot usage

This website uses HubSpot. HubSpot is a software solution for controlling and implementing inbound marketing. The stored information is saved on HubSpot servers. It can be used by us to contact visitors to our website and to determine which of our company's services are of interest to them. All information we collect is subject to this privacy policy. We use all information collected solely to optimize our marketing.

HubSpot is a software company from the USA with a branch in Ireland. 
Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500 HubSpot is subject to TRUSTe's Privacy Seal and the U.S. - EU Safe Harbor Framework and the U.S. - Swiss Safe Harbor Framework. You can view Hubspot's privacy policy at https://www.hubspot.com/legal/privacy-policy.

Privacy policy for the use of LinkedIN 

The “LinkedIn share button” is used on this website as well as the tracking of ads in the LinkedIN network with reference to the DriveLock websites.  The LinkedIN network is operated by LinkedIn Ireland Unlimited Company 
Wilton Place, Dublin 2. Please visit the following website for the latest version of LinkedIN's privacy policy: https://www.linkedin.com/legal/privacy-policy

Privacy policy for LinkedIn Insight tag

This website uses the LinkedIn Insight tag from LinkedIn (LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland) to track conversions, retarget our website visitors and gain additional information about members who view our ads. This information is also used to display interest-specific and relevant offers and recommendations after you have shown an interest in certain products, information and offers on our website.

The LinkedIn Insight tag enables the collection of data including URL, referrer URL, IP address, device and browser properties (user agent) and timestamp. IP addresses are truncated or hashed (if they are used to reach members across devices). The members' direct identifiers are removed within seven days in order to pseudonymize the data. This remaining pseudonymized data is then deleted within 180 days. You can find out more about data processing by LinkedIn at any time at https://www.linkedin.com/legal/privacy-policy and object to this.

We use the LinkedIn Insight tag to customize our website and to advertise it (legitimate interest pursuant to Art. 6 (1) lit f. GDPR). 
LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To deactivate LinkedIn on our website, click here if you have a LinkedIn user account: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out or here if you use LinkedIn as a guest: https://www.linkedin.com/psettings/guest-controls. You can also object directly via our consent banner.

The LinkedIn services require data to be transferred to the USA.
The data transfer takes place on the basis of standard contractual clauses.Information on this can be found here: https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy.

Privacy policy for Marketing Solutions (formerly LinkedIn Ads)

We use “Marketing Solutions (formerly LinkedIn Ads)” on our website, a service provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter referred to as “Marketing Solutions”). Marketing Solutions stores and processes information about your user behavior on our website. Among other things, Marketing Solutions uses cookies, i.e. small text files that are stored locally in the cache of your web browser on your end device and that enable an analysis of your use of our website.

We use Marketing Solutions for marketing and optimization purposes, in particular to analyze the use of our website and to continuously improve individual functions and offers as well as the user experience. By statistically evaluating user behavior, we can improve our offer and make it more interesting for you as a user. This also constitutes our legitimate interest in the processing of the aforementioned data by the third-party provider. The legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR.

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all the functions of our website to their full extent. You can also prevent the collection of the aforementioned information by LinkedIn by setting an opt-out cookie on one of the websites linked below:

• https://www.linkedin.com/psettings/guest-controls 
• http://optout.aboutads.info/?c=2#!/
• http://www.youronlinechoices.com/de/praeferenzmanagement

Please note that this setting will be deleted if you delete your cookies. You can object to the collection and forwarding of personal data or prevent the processing of this data by deactivating the execution of Java Script in your browser. You can also prevent the execution of Java Script code altogether by installing a Java Script blocker (e.g. https://noscript.net/ or https://www.ghostery.com). We would like to point out that in this case you may not be able to use all the functions of our website to their full extent.

In addition, LinkedIn has submitted to the Privacy Shield agreement concluded between the European Union and the USA and is certified. LinkedIn thereby undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

Information from the third-party provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Further information from the third-party provider on data protection can be found on the following website: https://www.linkedin.com/legal/privacy-policy

Privacy policy for LinkedIn Analytics

We use “LinkedIn Analytics” on our website, a service provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter referred to as: “LinkedIn”). LinkedIn Analytics stores and processes information about your user behavior on our website. Among other things, LinkedIn Analytics uses cookies, i.e. small text files that are stored locally in the cache of your web browser on your end device and that enable an analysis of your use of our website.

We use LinkedIn Analytics for marketing and optimization purposes, in particular to analyze the use of our website and to continuously improve individual functions and offers as well as the user experience. By statistically evaluating user behavior, we can improve our offer and make it more interesting for you as a user. This is also our legitimate interest in the processing of the above data by the third-party provider. The legal basis is Art. 6 para. 1 sentence 1 lit. f) GDPR.

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all the functions of our website to their full extent. You can also prevent the collection of the aforementioned information by LinkedIn by setting an opt-out cookie on one of the websites linked below: 

• https://www.linkedin.com/psettings/guest-controls
• http://optout.aboutads.info/?c=2#!/
• http://www.youronlinechoices.com/de/praferenzmanagement/

Please note that this setting will be deleted if you delete your cookies. You can object to the collection and forwarding of personal data or prevent the processing of this data by deactivating the execution of Java Script in your browser. You can also prevent the execution of Java Script code altogether by installing a Java Script blocker (e.g. https://noscript.net/ or https://www.ghostery.com). We would like to point out that in this case you may not be able to use all the functions of our website to their full extent.

In addition, LinkedIn has submitted to the Privacy Shield agreement concluded between the European Union and the USA and is certified. LinkedIn thereby undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

Information from the third-party provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Further information from the third-party provider on data protection can be found on the following website: https://www.linkedin.com/legal/privacy-policy 

Privacy policy for Microsoft Dynamics 365 Customer Voice

We use the “Dynamics 365 Customer Voice” service (operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Dynamics 365 Customer Voice is a feedback management application that allows us to easily track our customer metrics. For example, it allows us to quickly capture feedback across multiple channels and create personalized surveys. The insights gained can then be collated and evaluated using the service. The personal data collected with Dynamics 365 Customer Voice is only processed within the European Union. The use of the Dynamics 365 Customer Voice service is in our legitimate interest (Art. 6 I S. 1 f GDPR), as we want to use the service to optimize our offering. You can view Microsoft's privacy policy here: https://privacy.microsoft.com/de-de/privacystatement

Privacy policy for the use of Surfe

In order to get in touch with potential business customers on LinkedIn, DriveLock also uses the prospecting and synchronization functions of Surfe on the basis of a legitimate interest in addition to HubSpot. Surfe acts as a data processor and does not store any personal data of prospects. Further information about Surfe's privacy policy and data protection can be found here: https://www.surfe.com/privacy-policy/ and https://www.surfe.com/data-protecti

Privacy policy for the use of N.Rich

We work with our partners to provide targeted advertising and behavioral analysis of our current and potential customers. When you visit our website or access a marketing email sent by us, your browsing activity may be tracked via cookies. Cookie-based data may be shared and exchanged with our partners for the above purposes. You can stop this data collection at any time by adjusting your browser settings or opting out on our partner's website (see below).

N Technologies Inc. (https://n.rich) | Privacy Notice: https://n.rich/privacy-notice | Opt-out: https://n.rich/optout 

Privacy Policy for the Use of Twitter

Our pages include features of the Twitter service. These features are provided by Twitter Inc., Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and shared with other users. In the process, data is also transmitted to Twitter. We point out that, as the provider of these pages, we have no knowledge of the content of the transmitted data or how it is used by Twitter. Further information can be found in Twitter's privacy policy at https://twitter.com/privacy.

You can change your privacy settings on Twitter in the account settings at https://twitter.com/account/settings.

Privacy Policy for the Use of UserVoice

Our pages include features of the UserVoice service. These features are provided by UserVoice Inc., UserVoice, 121 2nd St. Fl 4, San Francisco, CA 94105, USA. UserVoice, Inc. has self-certified to the EU-U.S. Privacy Shield. UserVoice also maintains an affirmative commitment to the U.S.-Swiss Safe Harbor Framework and its principles.

You have two options to access the services we offer through UserVoice: either through the embedded widget on our website and DriveLock Web User Interface or directly on the page https://drivelock.uservoice.com/. To use the services of UserVoice, you must register with a name and email address. By using UserVoice and the ability to share your ideas with the community and evaluate the ideas of others, only the ideas you describe and your self-chosen username will be shared with other users. Data is also transmitted to UserVoice. We point out that, as the provider of these pages, we have no knowledge of the content of the transmitted data or how it is used by UserVoice, except for your email address, the web browser, and the operating system used. Further information can be found in UserVoice's privacy policy at https://drivelock.uservoice.com/tos#privacy-policy as well as at https://www.uservoice.com/tos/.

Privacy Policy for the Use of Xing

Our website uses functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time one of our pages containing XING functions is accessed, a connection to XING servers is established. To our knowledge, no personal data is stored in this process. In particular, no IP addresses are stored or usage behavior analyzed.

Further information on data protection and the XING Share button can be found in XING's privacy policy at https://www.xing.com/app/share?op=data_protection. 

Privacy Policy for the Use of YouTube

Our website uses plugins from the YouTube site, operated by Google. The operator of these pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plugin, a connection to YouTube's servers is established. In the process, the YouTube server is informed which of our pages you visited. If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account. Further information on the handling of user data can be found in YouTube's privacy policy at https://www.google.de/intl/de/policies/privacy.

Privacy Policy for the Use of Survey Monkey

To conduct surveys on our websites, we use the services of SurveyMonkey Europe UC, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland. When you voluntarily participate in this survey, SurveyMonkey collects information about the device and application you use to participate. This includes the IP address, your operating system version, device type, as well as system and performance information, and browser type. If you participate in the survey via a mobile device, SurveyMonkey also collects the device's UUID. SurveyMonkey also uses third-party tracking services, which in turn use cookies and page tags (also known as web beacons) to collect usage data and user statistics. We have no control over the extent of the data collected by SurveyMonkey. Further information on the cookies used by SurveyMonkey, data protection, and data retention can be found at the following link: https://www.surveymonkey.de/mp/legal/privacy/.

You can prevent the installation of cookies by deleting existing cookies and disabling the storage of cookies in your web browser settings. Please note that in this case, you may not be able to fully use all the functions of our websites.

We use SurveyMonkey to provide you with surveys. Our legitimate interest in processing the mentioned data lies in this purpose, which is based on Art. 6(1)(f) of the GDPR.

SurveyMonkey Europe UC is a subsidiary of SurveyMonkey Inc. based in the USA. It is possible that the data collected by SurveyMonkey may also be transferred to the USA. SurveyMonkey is committed to adhering to the standards and regulations of European data protection laws.

Cookies

1. We use cookies on our website(s). These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our websites. Cookies do not cause any harm to your device, nor do they contain viruses, trojans, or other harmful software. The cookie stores information related to the specific device you are using. However, this does not mean that we obtain direct knowledge of your identity.
2. The use of cookies serves to make the use of our offerings more pleasant for you. Additionally, we also use cookies to optimize user-friendliness, which are stored on your device. If you visit our website again to use our services, it will automatically recognize that you have been with us before and which inputs and settings you have made, so you don't have to re-enter them.
3. We also use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offerings for you. These cookies allow us to automatically recognize that you have visited us before when you return to our website.
4. The processing of data by cookies is necessary to safeguard our legitimate interests, as well as those of third parties, in accordance with Art. 6(1)(f) of the GDPR.
5. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer, or a notice always appears before a new cookie is created. Completely disabling cookies may, however, prevent you from using all the features of our website.