Privacy Statement

On this website, we, Croozer GmbH, provide information about our products and services. The protection of your personal data is very important to us. Therefore, we collect and process your personal data exclusively in accordance with data protection law. On this page, we provide all relevant information on data protection in accordance with Articles 13 and 14 of the EU General Data Protection Regulation (GDPR) on the collection and processing of your personal data.

Responsible for data processing:

Croozer GmbH
An der Hasenkaule 10
D - 50354 Cologne
Managing director: Hanna Grau
Tel: +49 (2233) 95991-0
E-mail: datenschutz@croozer.com

Our data protection officer can be reached at:

Croozer GmbH

• Data Protection Officer -
  An der Hasenkaule 10
  D – 50354 Köln
  Telephone: +49 (2233) 95991-0
  E-mail: datenschutz@croozer.com

Go directly to…

• General Privacy Statement
• End User Privacy Policy
• Privacy Policy for Business Partners
• Privacy Policy for Applicants

General Privacy Statement

When you visit this website and use the various services, we process your personal data as described in detail below.
For the operation of this website with its various services (including the online shop for our customers and the processing of orders), we work together with a number of external service providers, all of whom are carefully selected and contracted to us in accordance with data protection law.

1. Croozer-Cookies

Each time you visit our website, we use so-called cookies, i.e. small text files that are stored in your browser.

a. Session Cookies
For example, we use so-called session cookies, which are retained until you close all browser windows. We need these session cookies so that we can process your queries on our website and direct you to the various sub-pages. It is in our legitimate interests to use session cookies, as otherwise we would not be able to provide our website services in this way (Art. 6 para. 1 lit. f GDPR). If you do not want cookies to be used, you can block the use of cookies in your browser settings. You can still visit our website if you block cookies, but you may not be able to use all the website functions to their full extent.
b. Long-Term Cookies
In addition, we use the following longer-term cookies, which allow us to make our website more user-friendly, namely persistent cookies, which are used for a fixed period of an hour (“frontend” cookie) and of a month (“store” and “croozer-user” cookies).
These cookies remain on your device and enable us to recognise your browser the next time you visit our website (“persistent cookies”) so that, for example, previous settings are retained, e.g. if you place an item in your shopping basket and then leave our site and return again. Persistent cookies are automatically deleted after a pre-defined period, depending on the cookie, as specified above. Long-term cookies enable us to recognize you on your next visit to our website. This recognition using cookies helps us optimise the content of our website and make it more user-friendly for you, e.g. by restoring the contents of your shopping basket when you return. These cookies are stored by Croozer GmbH; our company and the external service providers who are engaged by us to offer support in the operation of the website as processors have access to these cookies.

It is in our legitimate interests to use these cookies in order to make our website as attractive and user-friendly as possible and develop it accordingly (Art. 6 para. 1 lit. f GDPR). If you do not want cookies to be used, you can block the use of cookies in your browser settings. You can still visit our website if you block cookies, but you may not be able to use all the website functions to their full extent.

2. Server Log Files

Furthermore, each time you access our website, your browser transfers access data, so-called server log files, which we process to maintain system security and analyse user statistics. The information that we receive in the server log files includes, in particular, the time of the access, the website from which our website was accessed (referrer URL), the sub-pages accessed, the names of requested files, your IP address, the volume of data transmitted, your browser type and your access provider. This data is required in order to ensure system security, e.g. to identify and block the attacker in the event of a hacker attack. This is in our overriding, legitimate interests (Art. 6 para. 1 lit. f GDPR).
Server log file data also allows us to perform a statistical analysis (scope of use and user behaviour, e.g. total number of visits or total page views in a certain month) which we use to optimize the website design. However, the IP address is shortened and thus anonymised.

3. User Centrics

This is a cookie consent tool based on Usercentrics technology. This tool supports us in obtaining effective user consent for cookies that require consent and cookie-based applications. A cookie consent tool with technology from Usercentrics GmbH, Rosental 4, 80331 Munich (known as “Usercentrics”). When our website is accessed, the cookie consent tool collects certain user information (including the IP address), transmits it to the Usercentrics server and stores it there. The purpose of this is that page views can be clearly assigned to individual users and the consent settings made by the user can be individually recorded, logged and saved for a session duration.

This consent is obtained as follows: By integrating a corresponding JavaScript code, users are shown a banner when the page is called up, in which checkmarks can be given for certain cookies and / or cookie-based applications. The tool blocks the setting of all cookies that require consent until the respective user grants the corresponding consent. It is thus ensured that such cookies are only actually set on the respective end device of the user if consent is given.

Usercentrics is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c DS-GVO. You can change the settings for Usercentrics at any time in the footer via the navigation point “Privacy settings”.

As the person responsible, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.

Since this is a transfer of personal data to third parties, we have concluded an order processing contract with Usercentrics, with which we oblige Usercentrics to protect the data of visitors to our website and not to pass it on to third parties.

Further information on the use of data by Usercentrics can be found in the Usercentrics data protection declaration at https://usercentrics.com/privacy-policy/

4. Social Media

We use offers from third-party providers in several places on our website. These offer our visitors various opportunities for social interaction.

a. Facebook, Pinterest, Instagram
You have the option in various places (e.g. via the grey buttons at the bottom of the sub-pages under “Legal Notice ” and also at various places in our blog and via the homepage) to click on the social media tools (particularly Facebook, Twitter, Instagram, YouTube and Pinterest) and not only to view our information there but also to share information about our offers with other users You can recognise these tools by the respective icons. The plugins are deactivated by default while you visit our website, meaning that no data will be transferred to the corresponding provider unless you click on the respective link.
If you click on one of the links, a new window will open in your browser, and your data will be transferred to the respective provider, particularly the URL of the page from which you came. The same also applies if you do not have your own account with the respective provider or are not logged in.
We have no influence on and no information about what personal data is collected by these third-party providers and what they do with this data. Please keep in mind that some of these providers have headquarters outside of the EU and that your data could therefore be transferred to third countries where an adequate level of data protection is not necessarily guaranteed. More information on the handling of your data is provided by the respective third-party providers.
We receive usage information from Facebook (Facebook Insights), Instagram, YouTube, Twitter and Pinterest. This data is analysed in anonymised form.

Information on third-party providers:
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, privacy policy: https://www.facebook.com/about/privacy/update?ref=old_policy, https://www.facebook.com/privacy/explanation, https://de-de.facebook.com/policies/cookies, data protection information: https://www.facebook.com/help/568137493302217, terms of service: https://www.facebook.com/legal/terms/update
there also Pinterest and Instagram, additionally: https://help.instagram.com/519522125107875?helpref=page_content
Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Privacy policy: http://www.google.de/intl/de/policies/privacy
YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. Privacy policy: https://policies.google.com/privacy?hl=de&gl=de, data protection information: https://www.youtube.com/intl/en/yt/about/policies/#community-guidelines, terms of service: https://www.youtube.com/t/terms and https://www.youtube.com/t/terms_paidservice

Via the social media links, we enable you to receive even more attractive offers from us through other channels and to communicate directly with these platforms and their users; furthermore, you can easily share offers and information from our company with others in various ways. This is how we design our website to be more attractive and interesting for you. Therefore, the embedding of social media links is in our overriding, legitimate corporate interests (Art. 6 para. 1 lit. f GDPR). By actively clicking on these links, you yourself can decide whether your personal data will be transferred to third-party providers.
Most of the parent companies of the embedded social media providers are based in the United States. Insofar as personal data is sent to the US, an adequate level of data protection is guaranteed via the EU-US Privacy Shield which all of the aforementioned providers have agreed to observe and maintain, insofar as they are based in the US (Facebook, Twitter and Google (under data protection law, Google is responsible for YouTube) – list available at https://www.privacyshield.gov/list).

b. YouTube Video
On our website, you can watch videos: these are embedded in our website so that you can watch the videos directly on our site. Advanced privacy settings are activated for YouTube videos integrated into our site. This means that YouTube does not process your data unless you play an embedded video.
Furthermore, you can also watch the video yourself on youtube.com (via the YouTube icon and via the “share” button); there, you can view our information or communicate with other users about our products and services. In this case, data will also be transferred to YouTube. By clicking on the “share” button, you can use the services of Facebook, Twitter and Google Plus. Here, the same applies as stated above under section 3 a.
If you watch the video (on our site or on YouTube), your data will be transferred to YouTube, in particular the URL of the page from which you came. The same also applies if you do not have your own account with the respective provider or are not logged in.
We have provided additional information for you on the third-party provider YouTube above, under 3a.

5. Google Analytics and Google Maps

This website uses Google Analytics, a web analysis service provided by Google Inc. Google Analytics uses so-called tracking cookies, text files that are saved on your computer and that make it possible to analyse your use of the website. The information generated by the cookie concerning your use of this website is usually transferred to one of Google’s US-based servers and stored there. The website uses Google Analytics with the extension “_anonymizeIp()”. This means that your IP address is truncated and thereby anonymised immediately after being transferred. Your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area prior to transmission. Only in exceptional cases will the full IP address be transferred to one of Google’s US-based servers and truncated there. The IP address initially transferred by your browser and then truncated in the context of Google Analytics will not be linked with other Google data. On behalf of the website provider, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services related to website activity and internet usage to the website provider. Google Analytics cookies and the data collected through them are deleted after a maximum of 26 months.
We use Google Analytics in order to analyse the use of our website and make routine improvements. Using the statistics provided, we are able to improve our website content and make it more interesting for you as the user. For the exceptional cases in which personal data is transferred to the United States, an adequate level of data protection is guaranteed because Google is certified under the EU-US Privacy Shield (list available at https://www.privacyshield.gov/list). It is in our legitimate interests to use these cookies in order to make our website as attractive and user-friendly as possible and develop it accordingly (Art. 6 para. 1 lit. a GDPR). You may block the use of cookies or this service through your browser settings and browser add-ons (e.g. “uBlock origin” or “AdBlock plus”).

Information on the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Privacy policy: https://www.google.de/intl/de/policies/privacy; overview of data protection: https://www.google.com/intl/de/analytics/learn/privacy.html; terms of service: https://www.google.com/analytics/terms/de.html

6. Google Ad Services and DoubleClick

Furthermore, after your visit to our website, we use the IDE cookie from Google to take advantage of the opportunity to show you even more targeted advertising based on your interests. For this purpose, we set a long-term cookie that saves information on which of our products you are interested in. You can delete this cookie manually:
https://adssettings.google.com/authenticated
It is in our legitimate interests to use these cookies in order to make our website as attractive and user-friendly as possible and develop it accordingly (Art. 6 para. 1 lit. f GDPR). You may block the use of cookies or this service through your browser settings and browser add-ons (e.g. “uBlock origin” or “AdBlock plus”).

7. Google Fonts (local embedding)

This website uses so-called Web Fonts provided by Google to ensure the uniform use of fonts on this site. These Google fonts are locally installed at Hostweb GmbH Biegenstr. 20 D-35037 Marburg so that a connection to Google’s servers will not be established in conjunction with this application.
For more information on Google Web Fonts, please follow this link:
https://developers.google.com/fonts/faq
and consult Google’s Data Privacy Declaration under:
https://policies.google.com/privacy?hl=en

7a. Other Connections to Servers
For the programming of our website, we use program parts that offer standardised functionalities and designs. These include in particular the handling of error messages (error logging) in the programming. These are reloaded by means of a direct connection between your browser and these services. For the establishment of this connection to the service provider , an analysis of our website, along with your IP address, is transferred.
A functional, safe and visually attractive design of our website is in our overriding, legitimate interests (Art. 6 para. 1 lit. f GDPR). Through this service, no user analysis is performed, and no user profile is created; your IP address is used exclusively for the targeted transmission of fonts.

7b. Trusted Shops
Provided that you have given us your explicit consent by ticking the respective box or clicking on the respective button during or after the ordering process (“Rate Later”), we will forward your email address to Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne, Germany (www.trustedshops.de), so that this company can send you an email reminder with the option for rating your purchase. The legal basis for this is Art. 6 para 1 lit. a of the GDPR.
This consent can be withdrawn at any time by sending a message to Trusted Shops at datenschutz@trustedshops.de.

8. Dealer Section

We have a dealer section on our website for the dealers with whom we work and the dealers who are interested in working with us. The dealer section can also be reached via our website. From the dealer section, it is possible to reach us via a contact email and to subscribe to our newsletter.

a. Form for New Dealers
At https://www.croozer.com/de-DE/haendler-bereich, interested dealers can find a form that they can fill out and return to us via email or fax. In order to get to know your business better, we ask for further information: e.g. information on your business (including the billing and shipping address and details about the branches where products should be sent, on the distribution channels (stationary and online), on the products you sell and on sales figures), on the owner of the business and on communication (contact persons).

The processing of your personal data is required in this context in order to take steps at your request prior to entering into a contract and – if a contract with you is concluded – for the fulfilment of the contract between you and Croozer GmbH (Art. 6 para. 1 lit. b of the GDPR). For us, it is important that the respective contact persons can be quickly and easily reached; the processing of the personal data of your employees (whom you can name as contact persons) is performed on the basis of overriding, legitimate interests (Art. 6 para. 1 lit. f GDPR).
The data will be stored for the duration of the contractual relationship with Croozer GmbH and subsequently for the retention period required by law; when changes are made to the information (e.g. on the owner or the contact persons), the old information will be deleted. If no partnership results, then the data will be deleted in accordance with the retention period required by law.

b. Dealer Contact Form
In addition, our dealers have the possibility to contact us via a dealer contact form. This form can be opened in the dealer section; it is also possible to open the form on the website https://www.croozer.com/de-DE/ (via “Contact”) (you are then redirected to the respective page).
The required fields on this form are your message, the subject of your message, your title, your surname/company, the address of your company and the email address of your company. You can voluntarily provide your first name, additional names/company names and telephone and fax numbers. We only process your data as required to answer your inquiry. After we have responded to your inquiry, this data will be deleted insofar as there is no retention period required by law.
We need the data in order to quickly forward your inquiry to the responsible employee at our company so that your inquiry can be answered without delay. In this sense, the data provided by you is processed on the basis of overriding, legitimate interests (Art. 6 para. 1 lit. f GDPR).

c. Newsletter
After a dealer agreement has been concluded, our dealers have the opportunity to subscribe to our email newsletter in order to stay up to date on news from our company. For this purpose, we will ask you for your email address. You can also voluntarily provide us with your first name and surname (as well as title) if you would like the newsletter to be personally addressed to you. We use the data that you provide to us for the newsletter subscription exclusively for the purpose of sending you the newsletter. In this context, we work with an external service provider for the technical implementation: This website uses Sendinblue for the sending of newsletters. The provider is the Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. This company has been carefully selected and contracted to us in accordance with data protection law.
Prior to the first newsletter, we require your consent (Art. 6 para. 1 lit. a of the GDPR). You can withdraw your consent at any time by using the unsubscribe link included in every newsletter. For this purpose, simply use the unsubscribe function in the newsletter or contact us directly using the contact details provided above.

9. Making Contact: Email Function

On various sub-pages, we offer you the opportunity to make direct contact with us or our dealers via email. If you click on one of the email addresses with coloured letters, your email program will open, and you can send an email to the respective email address, which will be automatically inserted into the “to” field. We have no influence on the data processing by the email program of your respective provider; we only provide a link to your email program.
We will use information that you send us via email exclusively for processing your inquiry; this information will be deleted as soon as the communication is completed, unless a certain retention period is required by law. This processing of the information you send to us is in our legitimate interests (Art. 6 para. 1 lit. f GDPR).

10. Contact Form

When you submit an enquiry through our contact form, the data you provided on the form, including the contact information you entered, shall be stored by us for the purpose of processing your enquiry and for use in the event of follow-up questions. Your personal data will not be provided to third parties without your consent. If your enquiry is related to the performance of a contract or to the implementation of pre-contractual measures, your data will be processed on the basis of Art. 6 para. 1 lit. b of the GDPR. In all other cases, the processing is carried out on the basis of our legitimate interest in the effective handling of enquiries submitted to us (Art. 6 para. 1 lit. f GDPR) or on the basis of consent given by you (Art. 6 para. 1 lit. a GDPR), insofar as consent has been requested. We will retain the data that you entered on the contact form until you ask us to delete the respective data, until you withdraw your consent to the processing of the data or until the purpose of the processing no longer applies (e.g. after your enquiry has been fully processed). This shall be without prejudice to any mandatory legal provisions – in particular retention periods.

11. Online Shop

In addition to the purely informational use of our website, you can also order our products online (only on https://www.croozer.com/de-DE/) if you wish to do so. For this purpose, there is an online shop solely for end consumers www.croozer.com, for which the terms and conditions apply to consumers; there is a separate online shop for dealers that is exclusively accessible on the basis of a dealer agreement through an account area with restricted access. In order to process an order, we require additional personal data from you. This data is only collected, stored and processed if you share it with us in the context of your product order. The data in fields marked with an asterisk (title, first name, surname, address, email address) is required for processing an order.

We use the data you have provided without your separate consent exclusively for the purpose of fulfilling and processing your order. On a case-by-case basis, we use your email address to contact you should special situations arise (e.g. late payment) in the processing of your order. The legal basis for the processing of this data is Art. 6 para 1 lit. b of the GDPR. Upon complete fulfilment of the contract and full payment of the purchase price, your personal data will be blocked from further usage and erased upon expiry of the retention periods stipulated by applicable tax and commercial law provisions (10 years for billing-relevant data), provided that you have not expressly agreed to the further use of your data.

Under no circumstances will the collected data be sold or passed on to third parties without user consent or legal authorisation. Without the involvement of third parties (in compliance with data protection law), it would not be possible for us to process your order. Therefore, we work with various third parties, in particular:

• with external service providers who provide technical support for the delivery of our products and services, and who have been carefully selected and contracted to us in accordance with data protection law,
• with postal service providers, who are involved with the processing of your order (shipping), and
• with payment service providers for the processing of your payment in cooperation with the certified payment providers Mollie, PayPal and Amazon Pay (see below), depending on the payment type you select.

We would like to provide you with more detailed information on the processing of data in connection with the following services:
Amazon Pay
The provider of this payment service is Amazon Payments Europe S.C.A., 38 avenue J.F. Kennedy, L-1855 Luxembourg. For more information on how your data is processed, please read the Amazon Pay privacy policy under the following link: https://pay.amazon.de/help/201212490?ld=APDELPADirect.

PayPal
The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”). 79 / 91 Data is transferred to the US on the basis of the European Commission’s Standard Contractual Clauses (SCCs). More information can be found here: https://www.paypal.com/us/webapps/mpp/ua/pocpsa-full.
You can find more information on the PayPal Privacy Statement: https://www.paypal.com/us/webapps/mpp/ua/privacy-full.

Mollie
The provider of this payment service is Mollie B.V., Keizersgracht 126, 1015CW Amsterdam, Netherlands (hereinafter referred to as “Mollie”). Services provided by Mollie enable us to offer various payment methods on our website. You can find more information in the Mollie Privacy Statement: https://www.mollie.com/en/privacy

12. Google Maps

We use Google Maps in order to show you our location, as well as the locations of our partners. We have embedded Google Maps into our website so that we can show the corresponding maps directly on our website. As a result, you can see the locations of nearby dealers at a glance. In this context, the application may request location data from your device; you can block this information in your browser settings.
Google Maps is a service that is offered by Google, Inc. By clicking on the map itself (e.g. if you access information on a dealer), you can open an external window where the Google Maps services are available (including route planning). You can also view the location of our company via the German version of our homepage (by clicking on “Croozer Store”) in an external field if you click on the corresponding field (on “Auf Google Maps anzeigen”).
Through your visit to our website, Google receives information.

More information on Google can be found above under “Google Analytics”.

The embedding of maps enables us to make our services more attractive and interesting for you and is therefore in our overriding, legitimate corporate interests (Art. 6 para. 1 lit. f GDPR).

13. Data Security

In order to ensure the highest possible level of protection for your personal data, we have implemented technical and organisational security measures using SSL/TLS encryption (https standard). These measures serve to ensure a risk-appropriate level of protection taking into account the current state of technology.

14. Newsletter

Sendinblue

This website uses Sendinblue for the sending of newsletters. The provider is the Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
Sendinblue services can, among other things, be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter are archived on Sendinblue’s servers in Germany.
Data analysis by Sendinblue

Sendinblue enables us to analyze our newsletter campaigns. For instance, it allows us to see whether a newsletter message has been opened and, if so, which links may have been clicked. This enables us to determine, which links drew an extraordinary number of clicks.

Moreover, we are also able to see whether once the e-mail was opened or a link was clicked, any previously defined actions were taken (conversion rate). This allows us to determine whether you have made a purchase after clicking on the newsletter.

Sendinblue also enables us to divide the subscribers to our newsletter into various categories (i.e., to
“cluster” recipients). For instance, newsletter recipients can be categorized based on age, gender, or place of residence. This enables us to tailor our newsletter more effectively to the needs of the respective target groups.
If you do not want to permit an analysis by Sendinblue, you must unsubscribe from the newsletter. We provide a link for you to do this in every newsletter message. Moreover, you can also unsubscribe from the newsletter right on the website.
For detailed information on the functions of Sendinblue please follow this link:
https://www.sendinblue.com/newsletter-software/.
Legal basis

The data is processed based on your consent (Art. 6(1)(a) GDPR). You may revoke any consent you have given at any time by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place prior to your revocation.
Storage period
The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.
For more details, please consult the Data Protection Regulations of Sendinblue at
https://de.sendinblue.com/datenschutz-uebersicht/.
Execution of a contract data processing agreement
We have executed a contract with Sendinblue, in which we require Newsletters2Go to protect our customers’ data and to refrain from sharing such data with third parties.

Discount vouchers
In the context of your participation in the Customer Dialogue programme, you may be offered discount vouchers. In addition, these discount coupons could also be made available to you in the context of after sales or other marketing cooperation programmes and activities.

15. Data Subject Rights

If personal data related to you as a natural person is processed, you have a number of data-protection rights that we are responsible for upholding. In accordance with Section 34 of the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and Article 15 of the GDPR, you have the right to obtain information about your personal data that is being stored and its source, the recipients or categories of recipients to whom the personal data has been disclosed and the purpose of its storage.
Furthermore, you also have the right (as per Section 35 BDSG and Articles 16-18 GDPR) to the rectification, erasure or restriction (of the processing) of your personal data. In addition, you can request the transmission of your data to another controller in accordance with Article 20 of the GDPR.

You can also object to the further processing of your data if we process your data for the purposes of a legitimate interests (Art. 6 para. 1 lit. f GDPR). If we are not processing your data for advertising purposes, you can only object for reasons arising from your personal situation. As of the date on which you exercise this right to object, we will stop processing your personal data until your objection has been reviewed. If the review reveals that your objection is justified, we will delete the data (Section 36 BDSG, Article 21 GDPR).

You can withdraw your consent to the processing of your personal data (Art. 6 para. 1 lit. a GDPR) at any time; in such cases we will no longer process your personal data unless we are permitted to do so by law.

An objection or withdrawal of consent does not affect the admissibility of the processing up to the time of the objection or withdrawal of consent.
We will act to uphold your rights free of charge and without delay. Please use the contact details provided at the beginning of this privacy policy to contact us or our data protection officer in order to exercise your rights.
Lastly, you have the right to complain to the competent supervisory authority in accordance with Art. 77 of the GDPR.

Contact information for the competent supervisory authority:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44, 40102 Düsseldorf, Germany
Tel.: +49 (0) 211/38424-0 Fax: +49 (0) 211/38424-10 Email: poststelle@ldi.nrw.de

Information on Data Protection According to Art. 13 GDPR

For the processing of applicant data

Submitted application documents and other data collected in the context of the application process that can be used to personally identify you as the applicant are considered protected personal data in the sense of Art. 4 para. 1 of the General Data Protection Regulation (EU) 2016/679 (GDPR). In this text, we provide you with detailed information on the processing of your applicant data in accordance with Art. 13 of the GDPR.
Our company processes your personal data exclusively in accordance with data protection law, in particular the GDPR and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG). Under applicable data-protection legislation, your personal data may only be collected, stored, disseminated or used (data processing, Art. 4 para. 2 GDPR) with your express consent (Art. 6 para. 1 lit. a, in conjunction with Art. 7 GDPR) or if a legal provision expressly permits or requires us to do so. In particular, the processing of your personal data is lawful if necessary for deciding whether to establish an employment relationship or, after the employment relationship has been established, to conduct or terminate the contractual relationship (Section 26 para. 1 BDSG, Art. 6 para. 1 lit. b GDPR ). The same applies if the data processing is necessary for purposes other than the employment relationship for safeguarding the legitimate interests of the controller and there is no reason to believe that these interests are overridden by your legitimate interests (as the data subject) for excluding the processing or use of the data (Art. 6 para. 1 lit. f GDPR).

Responsibility and Contact Person

The “controller” (as per Art. 4 para. 7 GDPR) responsible for the processing of your personal data in the context of the employment relationship, including the application process is:

Croozer GmbH
Personalabteilung (HR Department)
An der Hasenkaule 10
50354 Hürth
Germany
Telephone: +49 (0) 2233-95991-0
Email: bewerbung@croozer.com
Managing directors: Hanna Grau

If you have any questions concerning data protection at Croozer GmbH, please feel free to contact our Data Protection Officer at any time: Croozer GmbH, - Data Protection Officer -, Oskar-Jäger-Str. 125, 50825 Cologne, Germany, datenschutz@croozer.com

Personal Data and Purposes of Processing

1. Application for an advertised position

In order to apply for a certain position, you need to provide us with information on your personal profile and qualifications through the customary, informative application documents. We receive applications regularly at the email address bewerbung@croozer.com. This email address is only accessible by the Human Resources Department and – for technical reasons – the IT Administration. In general, we will also confirm the receipt of your application. This confirmation is routinely sent via email. We communicate with you via secure and encrypted email connections (TLS).

We will only use the information found in your application documents for making hiring decisions related to the position(s) for which you have explicitly applied. For this purpose, we will assess your application documents in the Human Resources Department, and then, if after the initial review process you are selected as a potential candidate for the position to be filled, these documents will be made available to the company employees who will take part in the respective decision-making process, including the managing directors. In addition, we process your application documents electronically in our email system and store them on our server as a PDF document in a protected file to which only the Human Resources Department and – for technical reasons – the IT Administration have access; we make the data available to the other employees involved in the hiring process via a file on our server with restricted access. If necessary, we additionally use printouts and copies (on paper). During the application process we may collect additional personal data from you personally, from generally accessible sources or from former employers and education providers, for these information purposes. The legal bases for the processing of your personal data are Art. 6 para. 1 lit. b of the GDPR and Section 26, para. 1 of the BDSG.

If you are not hired at the end of the application process, we will delete and destroy all of your application data within six months after you have conclusively rejected our job offer or we have conclusively rejected your application.
If you are hired at the end of the application process, we will – in accordance with Art. 6 para. 1 lit. b of the GDPR and Section 26 para. 1 of the BDSG – add your application documents to your personnel file because it contains information about your personal profile and qualifications that may be necessary for the purpose of executing the employment relationship. In addition, your application documents will be stored on our server in the employee file, to which only the Human Resources Department, the managing directors and – for technical reasons – the IT Administration have access. Additionally, a printout will be placed in the respective paper file and stored in a locked cabinet in the Human Resources Department. Your application documents will be deleted three years after the termination of the employment relationship.

2. Unsolicited Applications

If you send us an unsolicited application that makes no reference to a specific position, we may use your application documents in the context of hiring decisions for any potentially suitable job vacancy. For this purpose, we will first review your application documents in the Human Resources Department and then send them via email to the heads of the departments where there may be a suitable job vacancy for you in the future.

In all cases, we process your application documents electronically in our email system. Additionally, for the continued application process, we store interesting applications on our server as PDF documents in a protected file to which only the Human Resources Department and – for technical reasons – the IT Administration have access; we make the data available to the other employees involved in the hiring process via a file on our server with restricted access. If necessary, we additionally use printouts and copies (on paper).

As soon as your application documents are reviewed in the context of an application process, we may collect additional personal data from you personally, from generally accessible sources or from former employers and education providers for the purpose of obtaining more detailed information about your personal profile and qualifications. Your application data will be duly deleted and destroyed within one year after the receipt of your application, but not until all application processes involving your application documents have concluded or until six months after you have conclusively rejected a job offer from our company or if we have conclusively rejected your application.

These time limits do not apply if you have given your concrete and voluntary consent for a longer period of storage for your data.

If you are hired at the end of the application process, we will – in accordance with Art. 6 para. 1 lit. b of the GDPR and Section 26 para. 1 of the BDSG – add your application documents to your personnel file because it contains information about your personal profile and qualifications that may be necessary for the purpose of executing the employment relationship. In addition, your application documents will be stored on our server in the employee file, to which only the Human Resources Department, the managing directors and – for technical reasons – the IT Administration have access. Additionally, a printout will be placed in the respective paper file and stored in a locked cabinet in the Human Resources Department. Your application documents will be deleted three years after the termination of the employment relationship.

Our Cooperation with Third-Party Companies

Like other companies, we too benefit from the advantages of a society and business community that is based on the division of labour. In the area of data processing, this means that we do not perform all data processing activities on an in-house basis. Some activities are performed by external service providers:

• Career platforms: In order to find you, we also advertise our job vacancies on external career platforms, such as the German employment office (Agentur für Arbeit) or Stepstone. If you apply for a job through one of these platforms, the platform will send us your documents where appropriate. No further collaboration takes place.
• External (IT) service companies that, as so-called “data processors”, have concluded contracts with us in which they undertake to process data strictly in accordance with our specifications and instructions and to take comprehensive technical and organisational measures to protect this data.
• External (IT) service companies that work for us under their own responsibility and are contractually obliged to take technical and organisational measures to protect data.

Your Data-Protection Rights and the Responsibilities of Those Who Hold and Process Your Personal Data

If we process your personal data, you have a number of data-protection rights that we are responsible for upholding. You have the right

• to obtain information about your personal data that is being stored and its source, the purpose of the processing and the recipients or categories of recipients to whom the personal data has been disclosed (Art. 15 GDPR, Section 34 BDSG),
• under certain circumstances to request the rectification, restriction of processing or erasure of your personal data by us (Articles 16–18 GDPR, Section 35 BDSG),
• to request the transmission of your data to another controller (Article 20 GDPR) and
• to lodge a complaint with us or the competent supervisory authority about the processing of your personal data (Article 77 GDPR).

You can also object to the further processing of your data if we process your data for the purposes of a legitimate interest (Art. 6 para. 1 lit. f GDPR). Since we do not process your data for advertising purposes, you can only object for reasons arising from your personal situation. As of the date on which you exercise this right to object, we will stop processing the personal data to which your objection refers until your objection has been reviewed. If the review reveals that your objection is justified, we will delete the data (Section 36 BDSG, Article 21 GDPR). __
__
You can withdraw your consent to the processing of your personal data (Art. 6 para. 1 lit. a GDPR) at any time; in such cases we will no longer process your personal data unless we are permitted to do so by law.

A justified objection or withdrawal of consent does not affect the lawfulness of processing up to the time of the objection or withdrawal of consent.

We will act to uphold your rights free of charge and without delay. Please use the contact details provided to contact us or our data protection officer in order to exercise your rights or obtain clarification on any other issue.

For complaints that fall under Art. 77 of the GDPR, please contact the competent supervisory authority using the contact details provided above.

End User Privacy Policy

This privacy policy for end users provides information about the processing of your personal data by

Croozer GmbH
An der Hasenkaule 10
50354 Hürth, Germany

According to Art. 4 lit. 1 GDPR, your personal data includes all information that relates or can be related to your person, in particular through association with an identifier like a name or with an organisation number or customer number that can be used for identifying your person.
We, as the data controller, make this data protection information available for end users (“Privacy Policy”), in order to explain the data-processing operations concerning the end users who are connected with Croozer GmbH.

Scope:

This privacy policy applies to the end users of Croozer GmbH.

Categories of personal data and data sources:

Croozer GmbH processes the following personal data from you:

• Name, contact information, services or products offered, contract information, communication content (such as emails or business letters), payment information, billing information and personal data that arises in the course of the business relationship.

Purposes, legal bases and consequences of data processing:

Your personal data is used for fulfilling contractual obligations with the end user (including the fulfilment of contractual service obligations, invoice processing, communication and compliance with legal obligations), for marketing and CRM activities and for fraud prevention.

The legal bases for the processing of your data by Croozer GmbH include the following:

• Performance of a contract to which the end user is party (Article 6(1)(b) GDPR);
• Legitimate interests pursued by Croozer GmbH, (Article 6(1)(f) GDPR). Legitimate interests can include in particular marketing and CRM activities, as well as the prevention of fraud, IT misuse, money laundering, operation of a whistleblowing system, physical security, IT and network security, and internal investigations.
• Consent (Article 6(1)(a) GDPR);
• Compliance with legal obligations (Article 6(1)(c) GDPR);
• The provision of personal data is voluntary and necessary for the conclusion and/or performance of the contractual relationship. Should you not provide this data, some end-use-management and administrative processes may be delayed or rendered impossible.

Categories of recipients:

Croozer GmbH may use service-providers who act as processors in order to provide IT and other administrative support (e.g. service providers who offer IT hosting or maintenance support). These service providers may have access to your personal data if this access is necessary for the provision of such services.

Access to your personal data is limited to persons who require the information for the completion of their activities.

Croozer GmbH may disclose your personal data if such disclosure is required or requested by government agencies, courts, external authorities or similar third parties.

Storage duration:

Personal data is stored by Croozer GmbH and its service-providers as long as is necessary to fulfil our obligations. The data is stored as long as is necessary to fulfil the respective purposes in accordance with the GDPR. As soon as Croozer GmbH no longer requires the data for the purpose of compliance with contractual or legal obligations, the respective data is deleted from our systems and records, and/or measures are taken to properly anonymise your personal data so that it is no longer identifiable. The exceptions to this are cases in which we must keep your personal data in order to comply with legal or regulatory obligations to which Croozer GmbH is subject, e.g. statutory retention obligations that are associated with the commercial code, tax law or money-laundering act and usually require data retention for between 5 and 10 years, or we must secure evidence within the period of the statute of limitations, which is normally 3 years, but can also extend to up to 30 years.

Your rights:

If you have given your consent to certain data-processing activities, you can revoke this consent at any time, with effect for the future. This revocation does not affect the legality of the processing carried out on the basis of the consent before the revocation.

The applicable data protection regulations grant you the following rights:

• Right of access, Art. 15 GDPR
  You have the right to information regarding the data we process concerning you.
• Right to rectification, Art. 16 GDPR
  You have the right to the rectification of your data, wherever such data is incorrect or incomplete. Incomplete data must be completed taking into account the purpose of the processing.
• Right to erasure, Art. 17 GDPR
  You have the right to demand the erasure of your data under certain circumstances. This is in particular the case if this data is no longer required for the original purpose for which it was collected and processed.
• Right to restriction of processing, Art. 18 GDPR
  You have the right to restrict the processing of your personal data. This means that your data will not be deleted but will be flagged to restrict its further processing or use.
• Right to data portability, Art. 20 GDPR
  You have the right to receive the personal data that you have made available to Croozer GmbH. We will provide the data in a structured, commonly used and machine readable format. Furthermore, you have the right to transfer this data to another responsible party without hindrance from Croozer GmbH.
• Right to object to unacceptable data processing, Art. 21 GDPR
  You as the data subject are entitled for reasons arising from your special situation to object at any time to the processing of the personal data relating to you that is being processed on the basis of Article 6(1)(e) or Article 6(1)(f) of the General Data Protection Regulation (GDPR).

Due to the fact that Croozer GmbH processes and uses your personal data primarily for the purpose of its contractual relationship with you, Croozer GmbH generally has compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.

In order to exercise your rights, contact us as specified in the section “Questions”.

Complaints to the supervisory authority regarding data privacy breaches

You have the right to lodge a complaint with the responsible supervisory authority if you believe that the processing of your data is contrary to data protection law. This follows from Art. 77 EU General Data Protection Regulation. Complaints to the supervisory authority can be informal.

Automated decision-making /Profiling:

Croozer GmbH does not use automated decision-making.

Questions:
You can contact the Croozer GmbH data protection officer using the following channels: Email: datenschutz@croozer.com

Privacy Policy for Business Partners

Privacy Policy for Business Partners

This privacy policy for business partners provides information about the processing of your personal data by

Croozer GmbH
An der Hasenkaule 10
50354 Hürth, Germany
Managing director: Hanna Grau HRB 25590, Cologne District Court

According to Art. 4 lit. 1 GDPR, your personal data includes all information that relates or can be related to your person, in particular through association with an identifier like a name or with an organisation number or customer number that can be used for identifying your person.
We, as the data controller, make this data protection information available for business partners (“Privacy Policy”), in order to explain the data-processing operations concerning our customers, business partners and suppliers (together with “__business partners__”) and, if applicable, their employees who are connected with Croozer GmbH.

Scope:

This policy applies if you are an independent business partner of Croozer GmbH or if you are an employee of a business partner and are working with Croozer GmbH on behalf of the business partner.

Categories of personal data and data sources:

Croozer GmbH processes the following personal data from you, your company or third parties:

• Personal data related to independent business partners: name, business contact information, services or products offered, contract information, communication content (such as emails or business letters), payment information, billing information and personal data that arises in the course of the business relationship
• Personal data related to employees of a business partner: name, business contact information, name of employer, title/position and communication content (such as emails or business letters)

Purposes, legal bases and consequences of data processing:

Your personal data is used for fulfilling contractual obligations with the business partner (including the fulfilment of contractual service obligations, invoice processing, communication and compliance with legal obligations), for marketing and CRM activities and for fraud prevention.
The legal bases for the processing of your data by Croozer GmbH include the following:

• Performance of a contract to which the business partner is party (Article 6(1)(b) GDPR)
• Legitimate interests pursued by Croozer GmbH, (Article 6(1)(f) GDPR). Legitimate interests can include in particular marketing and CRM activities, as well as the prevention of fraud, IT misuse, money laundering, operation of a whistleblowing system, physical security, IT and network security, and internal investigations.
• Consent (Article 6(1)(a) GDPR)
• Compliance with legal obligations (Article 6(1)(c) GDPR)

The provision of personal data is voluntary and necessary for the conclusion and/or performance of the contractual relationship. Should you not provide this data, some business-partner-management and administrative processes may be delayed or rendered impossible.

Categories of recipients:

Croozer GmbH may use service-providers who act as processors in order to provide IT and other administrative support (e.g. service providers who offer IT hosting or maintenance support). These service providers may have access to your personal data if this access is necessary for the provision of such services.
Access to your personal data is limited to persons who require the information for the completion of their activities.
Croozer GmbH may disclose your personal data if such disclosure is required or requested by government agencies, courts, external authorities or similar third parties.

Storage duration:
Personal data is stored by Croozer GmbH and its service-providers as long as is necessary to fulfil our obligations. The data is stored as long as is necessary to fulfil the respective purposes in accordance with the GDPR. As soon as Croozer GmbH no longer requires the data for the purpose of compliance with contractual or legal obligations, the respective data is deleted from our systems and records, and/or measures are taken to properly anonymise your personal data so that it is no longer identifiable. The exceptions to this are cases in which we must keep your personal data in order to comply with legal or regulatory obligations to which Croozer GmbH is subject, e.g. statutory retention obligations that are associated with the commercial code, tax law or money-laundering act and usually require data retention for between 5 and 10 years, or we must secure evidence within the period of the statute of limitations, which is normally 3 years, but can also extend to up to 30 years.

Your rights:
If you have given your consent to certain data-processing activities, you can revoke this consent at any time, with effect for the future. This revocation does not affect the legality of the processing carried out on the basis of the consent before the revocation.

The applicable data protection regulations grant you the following rights:

• Right of access, Art. 15 GDPR: You have the right to information regarding the data we process concerning you.
• Right to rectification, Art. 16 GDPR: You have the right to the rectification of your data, wherever such data is incorrect or incomplete. Incomplete data must be completed taking into account the purpose of the processing.
• Right to erasure, Art. 17 GDPR: You have the right to demand the erasure of your data under certain circumstances. This is in particular the case if this data is no longer required for the original purpose for which it was collected and processed.
• Right to restriction of processing, Art. 18 GDPR: You have the right to restrict the processing of your personal data. This means that your data will not be deleted but will be flagged to restrict its further processing or use.
• Right to data portability, Art. 20 GDPR: You have the right to receive the personal data that you have made available to Croozer GmbH. We will provide the data in a structured, commonly used and machine readable format. Furthermore, you have the right to transfer this data to another responsible party without hindrance from Croozer GmbH.
• Right to object to unacceptable data processing, Art. 21 GDPR: You as the data subject are entitled for reasons arising from your special situation to object at any time to the processing of the personal data relating to you that is being processed on the basis of Article 6(1)(e) or Article 6(1)(f) of the General Data Protection Regulation (GDPR).

Due to the fact that Croozer GmbH processes and uses your personal data primarily for the purpose of its contractual relationship with you, Croozer GmbH generally has compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.

In order to exercise your rights, contact us as specified in the section “Questions”.

Complaints to the supervisory authority regarding data privacy breaches:

You have the right to lodge a complaint with the responsible supervisory authority if you believe that the processing of your data is contrary to data protection law. This follows from Art. 77 EU General Data Protection Regulation. Complaints to the supervisory authority can be informal.

Automated decision-making /Profiling:
Croozer GmbH does not use automated decision-making.

Questions:
You can contact the Croozer GmbH data protection officer using the following channels:
Email: datenschutz@croozer.com

Privacy Policy for Applicants

This privacy policy for applicants provides information about the processing of your personal data by

Croozer GmbH
An der Hasenkaule 10
50354 Hürth, Germany

According to Art. 4 lit. 1 of the General Data Protection Regulation (GDPR), your personal data includes all information that relates or can be related to your person, in particular through association with an identifier like a name or with an organisation number or personnel number that can be used for identifying your person.

Personal information and personal data:
Croozer GmbH collects and processes the following personal data (in both paper and digital form) that you have provided in the context of your application (collectively, “Applicant data”):

• Contact information, such as your name, postal address and email address;
• Information on your professional experience and skills, as well as any previous work experience, language skills, performance assessment, evaluations and ratings;
• Photo (if voluntarily provided).

The processing of special types of personal data is not provided for. However, if you provide this data, such as health information, it will also be processed.

Purposes, legal bases and consequences of data processing:

Applicant data is collected and processed for recruitment purposes in order to assess the skills and suitability of the candidates who have applied for a position (collectively, “Processing purposes”):

The legal bases for the processing of your data by Croozer GmbH include the following:

• Processing in the context of employment (Art. 88 GDPR in connection with Section 26 of the German Federal Data Protection Act, BDSG)
• Legitimate interests pursued by Croozer GmbH (Article 6(1)(f) GDPR).
• Consent, if given by you and permitted by law (Article 6(1)(a) of the GDPR pursuant to Article 88 of the GDPR and Section 26(2) of the German Federal Data Protection Act, BDSG);
• Compliance with legal obligations (Article 6(1)(c) GDPR);
• Your personal data is provided on a voluntary basis. However, should you not provide this data, the recruitment process could be rendered impossible or seriously impaired to such an extent that Croozer GmbH would unfortunately be unable to consider your application.

Categories of recipients:

Croozer GmbH may use service-providers who act as processors in order to provide IT and other administrative support (e.g. service providers who offer IT hosting or maintenance support). These service providers may have access to your personal data if this access is necessary for the provision of such services.
Access to your personal data is limited to persons who require the information for the completion of their activities.

Storage duration:

Application data will be stored by Croozer GmbH and, if applicable, its service-providers as long as is necessary to fulfil their obligations and in accordance with the applicable data protection law for the time necessary to fulfil the purposes for which it was collected.

Croozer GmbH will delete your application data no later than six months after we have notified you that your application will not be taken into consideration. This time limit does not apply if, upon our request, you have given your express consent for us to store your data for a longer period, because we would like to store your information in our talent pool (Art. 7 GDPR); in this case, the data will be deleted at the end of the period specified in the consent or when you withdraw your consent. The data is deleted subject to a right to storage as per Art. 17 (3) of the GDPR or in accordance with applicable rules in the German Federal Data Protection Act (BDSG). If you are hired, your application will be added to the personnel file created for you and will be considered part thereof under data protection law.

Your rights:

If you have given your consent to certain data-processing activities, you may withdraw this consent at any time, with effect for the future. This withdrawal does not affect the legality of the processing carried out on the basis of the consent before its withdrawal.

The applicable data protection regulations grant you the following rights:

• Right of access, Art. 15 GDPR You have the right to information regarding the data we process concerning you.

• Right to rectification, Art. 16 GDPR You have the right to the rectification of your data, wherever such data is incorrect or incomplete. Incomplete data must be completed taking into account the purpose of the processing.

• Right to erasure, Art. 17 GDPR You have the right to demand the erasure of your data under certain circumstances. This is in particular the case if this data is no longer required for the original purpose for which it was collected and processed.

• Right to restriction of processing, Art. 18 GDPR You have the right to restrict the processing of your personal data. This means that your data will not be deleted but will be flagged to restrict its further processing or use.

• Right to data portability, Art. 20 GDPR You have the right to receive the personal data that you have made available to Croozer GmbH. We will provide the data in a structured, commonly used and machine readable format. Furthermore, you have the right to transfer this data to another responsible party without hindrance from Croozer GmbH.

• Right to object to unacceptable data processing, Art. 21 GDPR You are entitled for reasons arising from your special situation to object at any time to the processing of the personal data relating to you that is being processed on the basis of Article 6(1)(e) or Article 6(1)(f) of the GDPR. Due to the fact that Croozer GmbH processes and uses your personal data primarily for the purpose of its contractual relationship with you, Croozer GmbH generally has compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.

In order to exercise your rights, contact us as described in the section “Questions”.

Complaints to the supervisory authority regarding data privacy breaches:

You have the right to lodge a complaint with the responsible supervisory authority if you believe that the processing of your data is contrary to data protection law. This follows from Art. 77 of the GDPR. Complaints to the supervisory authority can be informal.

Automated decision-making/Profiling:

Croozer GmbH does not use automated decision-making in the context of your application process.

Questions:

You can contact the Croozer GmbH data protection officer using the following channels:
Email: datenschutz@croozer.com

Addition to the Privacy Policy

Objection to promotional emails
In accordance with Section 7 (2) of the German Act against Unfair Competition (UWG), electronic mail (e.g. emails) without the addressee’s consent are always an unacceptable nuisance and therefore a violation of the law.
The operators of this website expressly prohibit the use of contact details provided in accordance with the obligation to publish a legal notice (‘Impressumspflicht’) for the purpose of sending any advertising or informational materials not expressly requested. The operators of this website expressly reserve the right to take legal action in the event of receiving unsolicited advertising information such as ‘spam’ mail.

__Status as of March, 15th 2023_