Privacy Policy
Privacy Policy
The following statement provides you with an overview of what type of personal data is collected and stored for what purpose when you access our website or use our online services and contact options.
Below, we inform you about your rights as a data subject and, among other things, notify you of the entity responsible for data processing and compliance with data protection regulations.
1. Name and Address of the Controller
CAI GmbH
Erbprinzenstraße 4–12
76133 Karlsruhe
Germany
Email: info@cai-world.com
Phone: (+49) 721 / 161 18 46
Fax: (+49) 721 / 161 18 47
2. Contact Details for Data Protection Matters
Data protection concerns can be directed to datenschutz@cai-world.com.
3. Information on Data Processing / Storage of Information / Definitions
3.1. "Personal data" refers not only to obvious personal information, such as a person's name or address, but also to the IP address and information about which pages a person has visited on the Internet (user behavior).
3.2. Depending on the reason for processing, the provision of personal data may be required by law or contract, or may be necessary for the conclusion of a contract. If this is the case, we will indicate this below and also point out the possible consequences of non-provision. Automated decision-making or profiling pursuant to Article 22 paragraphs 1 and 4 GDPR will also only take place if we explicitly indicate this.
3.3. If you do not provide us with the data in the cases outlined below under Section 4.4 and 4.5, the consequence would be that you cannot use the service / the corresponding function or contact option.
3.4. When accessing our website, information is generally stored in the end user's terminal equipment (website visitor) or information already stored in the terminal equipment is accessed; see Section 4.2 for more details.
Both the storage of information in the end user's terminal equipment or access to information already stored in the terminal equipment, as well as the processing of this information, generally require consent according to Section 25 Para. 1 TTDSG (Telecommunications-Telemedia Data Protection Act), unless an exception regulated in Section 25 Para. 2 TTDSG applies. This is the case, for example, if the data or information is necessary for the transmission of a message, i.e., for displaying the website and its content, as described under Section 4.2.
3.5. The storage of information in the terminal equipment or access to information already stored in the terminal equipment can take place via cookies as well as other technologies. This information varies depending on the configuration settings of the website visitor.
3.6. Cookies are small text files that are stored on your terminal device by your browser. Cookies have different functions. They may be technically strictly necessary to access our website, or serve to make our services more user-friendly and secure, analyze the surfing behavior of our website visitors, or provide personalized advertising.
As a user, you can control the use of cookies. By changing the settings in your browser, you can deactivate or restrict the transmission of cookies. You can delete cookies that have already been stored at any time—including automatically.
However, if you deactivate cookies or do not consent to the setting of certain cookies, it may no longer be possible to fully use all functions of the websites you visit or various online tools.
3.7. A general distinction must be made between so-called first-party cookies, i.e., cookies set by the website operator (see Section 4.3), and third-party cookies, which are placed by third-party services when they are integrated.
Third-party cookies are used to provide third-party providers with information about user behavior on certain websites. If we use third-party services that utilize cookies, we will indicate this below.
Furthermore, a distinction is made between session cookies and persistent cookies.
While session cookies are deleted as soon as the browser is closed, persistent cookies are stored in the browser for a longer period and are partially deleted automatically after an "expiration date" has passed.
3.8. Furthermore, we will generally indicate within the legal basis whether the setting of a cookie and the use of other technologies for individual functions or integrated services requires the consent of the website visitor.
3.9. If personal data that has already been generated by the setting and reading of cookies that are not strictly necessary is to be processed in a subsequent process, further consent from the website visitor is required. In this respect, two consents must be obtained, which, in the opinion of the Conference of Independent Data Protection Authorities of the Federation and the States, can occur in a single action.
We request necessary consents when you access our website via the cookie banner. We use the following software to manage consents:
CookieConsent - v2.8.8
Github link: https://www.github.com/orestbida/cookieconsent
Author: Orest Bida
Released under the MIT License
In some cases, we integrate services and tools from service providers on our website that are based in a third country within the meaning of the EU General Data Protection Regulation (GDPR) or store data on servers in a third country, particularly the USA.
These service providers regularly use cookies and other technologies when providing their services, which in most cases are not strictly necessary. This may result in the data of our website visitors being processed by these service providers.
To ensure the best possible protection of your data when using these services, we have generally agreed upon EU Standard Contractual Clauses with these service providers, which guarantee an appropriate level of data protection, as well as additional guarantees.
Nevertheless, it cannot be ruled out that, as in the case of the USA, US intelligence services or state authorities may access your data based on national legal regulations and that data may be processed without notice.
3.10. In some cases, we use external service providers to process your data (processors within the meaning of Art. 28 GDPR, e.g., hosting providers), to whom we may disclose personal data under certain circumstances. These are carefully selected and commissioned by us, are bound by our instructions, and are monitored regularly. Otherwise, your data will only be disclosed to other recipients if we specifically indicate this below.
3.11. Contacting us - General
When you contact us (e.g., via email or fax), we will process the data you provide, such as your name, email address, and any other contact details you disclose.
| Purpose of processing: | The processing of the aforementioned data is necessary to process or respond to your inquiry submitted when contacting us. |
| Legal basis: | Data processing may be based on different legal grounds depending on the request. In any case, processing is necessary to safeguard our legitimate interests within the meaning of Art. 6 Para. 1 lit. f GDPR. The legitimate interest arises from our desire to follow up on your request and fulfill the purpose of processing. |
| Storage period: | We will delete your personal data as soon as storage is no longer necessary. The exact time is determined on a case-by-case basis, whereby storage must end at the latest if any civil law claims under Section 199 BGB (German Civil Code) are time-barred or if criminal prosecution is no longer possible due to the statute of limitations (Sections 78, 79 StGB - German Criminal Code). |
4. Data Processing via the Website
4.1. Encryption
To ensure that the processing of your personal data is carried out in a manner that protects the data from unauthorized or unlawful processing as well as from accidental loss, destruction, or damage, we use encryption (SSL or TLS) on our website and all subpages.
4.2. Visiting our website
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. This involves the following data:
- Name of the retrieved file
- Date and time of retrieval
- Amount of data transferred
- Notification of whether retrieval was successful
- IP address
- Browser type
- Browser version and language
- Operating system and its interface
- Referrer URL
- Access status/HTTP status code
- Type of terminal device
The data is stored in the log files of software installed by us, which is operated on an IT system of our hoster.
| Purpose of processing | Processing of the aforementioned data is necessary to display the website to you and to ensure the security and stability of our information technology systems as well as the technology of our website. Furthermore, processing is carried out to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack. |
| Legal basis | We have a legitimate interest in data processing within the meaning of Art. 6 Para. 1 lit. f GDPR, whereby the legitimate interest results from the stated purpose. Consent according to Section 25 Para. 2 TTDSG is not required. |
| Storage period | Data is deleted as soon as the data storage can no longer fulfill its purpose. The exact time is determined on a case-by-case basis, whereby storage must end at the latest if any civil law claims under Section 199 BGB are time-barred or if criminal prosecution is no longer possible due to the statute of limitations (Sections 78, 79 StGB). |
4.3. Our Cookies (so-called First-Party Cookies)
We use session and persistent cookies.
Regarding the functions of cookies and how you can generally prevent the setting of cookies, please refer to the sub-item "Information on Data Processing / Storage of Information / Definitions."
Essential Cookies:
Session cookies store the following data:
- Cookie "JSESSIONID"
Assigns an anonymized ID (Session ID) to your browser for the duration of your visit to bundle multiple related requests to the server and assign them to one session. - Cookie "LFR_SESSION_STATE^"
Date information for handling session expiration messages. - Cookie "COMPANY_ID"
Used by the Liferay framework for internal purposes. - Cookie "ID"
Used to maintain the session when the user returns to the portal after closing the browser.
Persistent cookies store the following data:
- Cookie "GUEST_LANGUAGE_ID"
Language selection - Cookie "COOKIE_SUPPORT"
Indicates whether cookies are supported for additional functions. - Cookie "PRIVACY_READ"
Indicates that you agree to the use of cookies on our pages. It is set when you confirm the notice "Use of cookies" with OK. If this cookie exists, the notice will no longer be displayed. - Cookie "COMPANY_ID"
Used by the Liferay framework for internal purposes. - Cookie "ID"
Used to maintain the user session when the user returns to the portal after closing the browser. - Cookies "LOGIN", "REMEMBER_ME", "REMEMBER_ME_TOKEN_VALUE", "REMEMBER_ME_TOKEN_ID"
Enable automatic login via "Save login data" in the login dialog.
Non-essential Cookies:
Persistent cookies store the following data:
- Cookie "audioEnabled"
Automatic activation of the microphone when switching between breakout sessions. - Cookie "videoEnabled"
Automatic activation of the camera when switching between breakout sessions.
Cookies that are strictly necessary do not require consent and are therefore set automatically.
| Purpose of processing: | Cookies enable us to recognize your browser on your next visit. We use cookies to provide the service, analyze the surfing behavior of our users on our website, and increase user-friendliness. |
| Legal basis: | Insofar as the setting of the cookie and the subsequent processing of the data obtained serve at least the analysis of the user behavior of visitors to our website (tracking) or are not strictly necessary for the provision of the requested service, we obtain the corresponding consents from the data subject according to Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 TTDSG. For strictly necessary cookies, cookies are set to protect our legitimate interests within the meaning of Art. 6 Para. 1 lit. f GDPR, whereby the legitimate interest then arises from our desire to fulfill the purpose of processing. |
| Storage period: | Session cookies are automatically deleted at the end of your visit. Persistent cookies are stored for a specific period (generally for a period of one year) or remain on your terminal device until you delete them. |
4.4. Contacting us - Contact Form
If you contact us via a contact form, the data you enter into the input mask is transmitted and stored. If you use the contact form, the following data is also stored at the time the message is sent:
- IP address
- Date and time
- Name of the retrieved file
- Notification of whether retrieval was successful
- Browser type
- Browser version and language
- Operating system and its interface
| Purpose of processing: | The processing of personal data from the input mask serves to process the contact/your inquiry. The additional data processed at the time of sending serves to prevent misuse of the contact form and ensure the security of our information technology systems. |
| Legal basis: | For the processing of this data, your consent is obtained before the sending process, and reference is made to this privacy policy. Based on your consent, the legal basis for processing is Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 TTDSG. |
| Storage period: | Data is deleted at the latest as soon as data storage can no longer fulfill its purpose. The exact time is determined on a case-by-case basis, whereby storage must end at the latest if any civil law claims under Section 199 BGB are time-barred or if criminal prosecution is no longer possible due to the statute of limitations (Sections 78, 79 StGB). |
4.5. Login / Registration on Website
You have the opportunity to register or log in on our website by providing personal data. Which personal data is transmitted to us is determined, on the one hand, by the respective input mask used for registration/login. On the other hand, your IP address and the date and time of registration/login are additionally stored by registering/logging in on our website. Furthermore, we store the following data from you:
- Notification of whether retrieval was successful
- Browser type
- Browser version and language
- Operating system and its interface
- Referrer URL
- Access status/HTTP status code
- Type of terminal device
| Purpose of processing: | We require the information provided by you during the registration process to provide you with the requested service and to verify your legitimacy to use the website as a registered user. The storage of other data is also carried out to prevent the misuse of our services and, if necessary, to initiate civil and criminal steps in the event of misuse. Processing may also be carried out to fulfill contractual obligations. |
| Legal basis: | The legal basis for the processing of personal data is Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 2 TTDSG based on your consent. Furthermore, the legal basis may also result from Art. 6 Para. 1 lit. b GDPR. |
| Storage period: | We will delete your personal data as soon as storage is no longer necessary. The exact time is determined on a case-by-case basis, whereby storage must end at the latest if any civil law claims under Section 199 BGB are time-barred or if criminal prosecution is no longer possible due to the statute of limitations (Sections 78, 79 StGB). |
5. Social Media
When you access the CAI website, no data is directly processed by or transferred to providers of the social media platforms we use. This is merely a link to CAI's offerings on the respective social media platform. Further information/notices about what happens with the respective social media service providers when you leave the website and who is responsible for processing when you follow the respective link can be found regarding:
We place links to social media platforms to promote the communicative nature of the Internet and thus freedom of expression, and to derive optimization measures regarding our quality and range of services. We have a legitimate interest in this.
6. Information on Data Subject Rights
Based on the processing of your personal data, you are a data subject within the meaning of the GDPR and you are entitled to the following rights against us, whereby we are referred to as the "controller" below:
- Right of access, Art. 15 GDPR
You have the right to request information from the controller as to whether personal data concerning you is being processed. If this is the case, you have a right of access to the information listed in Art. 15 GDPR.
- Right to rectification of personal data, Art. 16 GDPR
According to Art. 16 GDPR, you have the right to demand that the controller rectify or complete personal data concerning you, provided that the personal data concerning you is incorrect or incomplete.
- Right to erasure ("right to be forgotten"), Art. 17 GDPR
In accordance with Art. 17 GDPR, you have the right to demand that the controller delete personal data concerning you.
- Right to restriction of processing, Art. 18 GDPR
As a data subject, you have the right, under the conditions of Art. 18 GDPR, to demand that the controller restrict processing.
- Right to notification, Art. 19 GDPR
According to Art. 19 GDPR, you have the right to be informed about the recipients to whom the personal data concerning you has been disclosed and to whom the controller has notified your assertion of the rights to rectification, erasure, or restriction of your data.
- Right to data portability, Art. 20 GDPR
Under the conditions of Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format. You have the right, under the conditions of Art. 20 GDPR, to transmit this data to another controller without hindrance from the controller to whom the personal data was provided. You have the right to have the personal data transmitted directly from one controller to another, insofar as this is technically feasible.
- Right to object to processing, Art. 21 GDPR
In accordance with Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6 Para. 1 lit. e or lit. f. This also applies to profiling based on these provisions. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct marketing.
- Right not to be subject to an automated decision including profiling, Art. 22 GDPR
As a data subject, you have the right according to Art. 22 GDPR not to be subject to a decision based solely on automated processing—including profiling—which produces legal effects concerning you or similarly significantly affects you.
- Right to withdraw the declaration of consent under data protection law, Art. 7 GDPR
According to Art. 7 GDPR, you have the right to withdraw your consent to the processing of personal data concerning you at any time.
- Right to lodge a complaint with a data protection supervisory authority, Art. 77 GDPR
Without prejudice to any other legal remedies, you have the right to lodge a complaint with a supervisory authority according to Art. 77 GDPR if you believe that the processing of your personal data by us violates the GDPR.
Social Media
If you use our services on external social media platforms, you will find information/notices regarding data protection responsibility and data processing in connection with the respective platform at the links below.
Data protection information/notices regarding:
Facebook
Instagram
Xing
LinkedIn
By accessing the CAI website www.cai-world.com, no data is directly processed by or transferred to the aforementioned social media platforms.