Phone: +49 (0)2151 5258 – 0
We appreciate your interest in our website. Protecting your personal data is important to us, therefore we observe the legal regulations on data protection and data security.
In particular, we are subject to the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) in the version applicable since 25 May 2018 and the German Telemedia Act (TMG). In particular, this allows us to collect and use your personal data to the extent necessary to enable you to use our website at www.cc-gruppe.com, including all services and functions contained therein.
Below you will find information on the type of personal data we collect when you use our website and its services and functions, how we use this data and for what purposes.
The Controller within the definition of the EU General Data Protection Regulation (GDPR), other national data protection laws of the Member States of the European Union and other data protection regulations is:
C.C. Holding GmbH
Phone: +49 (0)2151 5258-0
Fax: +49 (0)2151 5258-800
The Data Protection Officer for the Controller is:
180° Datenschutz GmbH
Phone: +49 (0)211 176 072 55
As a matter of principle, we only process the personal data of our users to the extent required to provide a functional website and our content and services. As a rule, we only process the personal data of our users after they have given their consent. An exception is made in cases where prior consent cannot be obtained for factual reasons and the processing of data is permitted by legal regulations.
Insofar as we obtain the consent of the data subject for the processing of personal data, the legal basis in this respect is Article 6(1)(a) of the EU General Data Protection Regulation (GDPR).
For the processing of personal data deemed necessary for the performance of a contract to which the data subject is party, the legal basis in this respect is Article 6(1)(b) of the GDPR. This also applies in the case of processing steps required to implement pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, the legal basis in this respect is Article 6(1)(c) of the GDPR.
In case processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, the legal basis in this respect is Article 6(1)(d) of the GDPR.
If processing is necessary to safeguard the legitimate interests pursued by our company or by a third party, and such interests are not overridden by the interests, fundamental rights and freedoms of the data subject, the legal basis for processing in this respect is Article 6(1)(f) of the GDPR.
The personal data of the data subject is erased or blocked as soon as the purpose of the storage ceases to apply. However, data may still be stored if this has been provided for by the European or national legislator in Union regulations, laws or other regulations to which the Controller is subject. Data is also blocked or erased if a storage period stipulated by the aforementioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
Every time our website is accessed, our system automatically collects data and information from the computer system of the requesting user.
The following data is collected in this process:
We cannot assign this data to specific persons. We never collate this data with other data sources.
The legal basis for the storage of the data is Article 6(1)(f) of the GDPR.
The temporary storage of the IP address by the system is necessary to make the website available to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of a session. Its storage is also necessary to ensure the functionality of the website. Furthermore, the data is used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
Such purposes also include our legitimate interest in data processing pursuant to Article 6(1)(f) of the GDPR.
Data is erased as soon as it is no longer required for the purpose for which it was collected. In the case of data collection for the purpose of providing the website, this is the case when the respective session is ended. Furthermore, the data is erased after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are erased or altered such that assignment of the calling client is not possible.
Data collection for the purpose of providing the website and the storage of data in log files is absolutely essential for the operation of the website. Consequently, the user shall not have the right to object.
In addition to the afore-mentioned data, cookies shall be stored on your computer when you use this website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using and through which we receive certain information. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the online offering as a whole more user-friendly and effective. This website uses the following types of cookies, the scope and function of which are explained below:
Transient cookies are automatically cleared when you close the browser. This includes session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This allows your computer to be recognised when you return to our website. Session cookies are cleared when you log out or close the browser.
The legal basis for the processing of personal data using cookies is defined in Article 6(1)(f) of the GDPR.
There is a contact form on our website which can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored.
An alternative option is to contact us using the e-mail address provided. In this case, the personal data transmitted by e-mail will be stored.
In this context, the data is not passed onto third parties. The data is used exclusively for processing the dialogue.
The legal basis for the processing of data is your consent pursuant to Article 6(1)(a) of the GDPR.
If the aim of contact by e-mail is to conclude a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR.
We only process the personal data from the input mask for the sole purpose of processing the request for contact. In the case of e-mail contact, this is also deemed to be the required legitimate interest in the processing of the data.
The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
Data is erased as soon as it is no longer required for the purpose for which it was collected. In terms of the personal data from the input mask of the contact form and data sent by e-mail, this shall be the case when the respective dialogue with the user has ended. The dialogue is deemed ended when it can be inferred from the circumstances that the facts in question have been clarified in full.
A user may revoke his or her consent to the processing of personal data at any time. If a user contacts us by e-mail, he or she may object to the storage of his or her personal data at any time. In this case, the dialogue cannot be continued.
All personal data stored in the process of establishing contact shall be erased accordingly.
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics stores cookies on users’ computers (refer to above regarding cookies) which allow us to analyse their use of our website. The information generated by the cookies about their use of our website (including their IP address) will generally be transmitted to and stored by Google on a server in the USA. By activating IP anonymisation, user IP addresses will be abbreviated beforehand by Google within the Member States of the European Union or in other states party to the Agreement on the European Economic Area. (On our website, Google Analytics has been extended by the code “gat._anonymizeIp();” to ensure anonymous recording of IP addresses.) The full IP address will only be transmitted to a Google server in the USA and abbreviated there in exceptional cases. In cases where personal data is transferred to the USA, Google is subject to the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
This information is used on our behalf by Google to evaluate use of our website, to generate reports for us on website activity and to provide other services related to use of our website and the internet. Google may also share such information with third parties to the extent that it is legally required to do so and/or to the extent that third parties process data on behalf of Google. The IP address collected by Google Analytics is not collated with any other data held by Google.
The legal basis for the use of Google Analytics is Article 6(1)(1)(f) of the GDPR.
The processing of personal data of our users enables us to analyse their surfing behaviour. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. Such purposes also include our legitimate interest in processing data pursuant to Article 6(1)(f) of the GDPR. By anonymising IP addresses, the interest of users in the protection of their personal data is duly taken into account.
Data is erased as soon as it is no longer required for the purpose of our records.
You can prevent cookies from being stored on your computer by adjusting the browser software accordingly. In this case, you may not be able to use all functions of our web pages to their full extent. To prevent Google from collecting the data generated by cookies and related to your use of our website (including your IP address) and from processing this data, a browser plug-in is available for download and subsequent installation at the link below: https://tools.google.com/dlpage/gaoptout?hl=de.
Collection by Google Analytics can also be prevented by clicking on the following link (this link must be clicked again every time you clear your cookies). This link sets an opt-out cookie, which prevents the collection of your data when visiting these websites in the future:
Deactivate Google Analytics (the opt-out link must be implemented here).
This site incorporates maps from the service “Google Maps”. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In particular, the processed data includes your IP address and your location data; however, this data cannot be collected without your consent (e.g. through the appropriate settings of your browser). The data may be processed in the USA.
The legal basis for the use of Google Maps is Article 6(1)(1)(f) of the GDPR.
By using Google Maps, we are able to show you geographical information on a map and provide you with an easy way of finding a route from any location to our company.
We would like to point out that we are not privy to any specific knowledge regarding the transmitted data or how this is used by Google. For further information about Google Maps, please refer to https://maps.google.com/help/terms_maps.html. Applicable data protection provisions can be found at https://www.google.com/policies/privacy/.
The processing of data by Google can be changed and excluded at https://adssettings.google.com/authenticated.
To protect input forms on our site, we use the service “reCAPTCHA”. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To our knowledge, the following information is transmitted to “Google”: the referrer URL, the IP address, the behaviour of the website visitors, information about the operating system, browser and length of stay, cookies, display instructions and scripts, the input behaviour of the user and mouse movements in the “reCAPTCHA” checkbox area. The data may be processed in the USA.
Google uses this information, for example, to digitise books and other printed products and to optimise services such as Google Street View and Google Maps (e.g. house number and street name identification).
The legal basis for the use of Google reCAPTCHA is Article 6(1)(1)(f) of the GDPR.
We use the service to protect input forms on our site. By using this service, it is possible to determine whether the corresponding input is of human origin or whether it is misused by automated machine processing.
We would like to point out that we are not privy to any specific knowledge regarding the transmitted data beyond the data mentioned or how this is used by Google. Applicable data protection provisions can be found at https://www.google.com/policies/privacy/.
The IP address transmitted in the context of “reCAPTCHA” will not be collated with any other data held by Google unless you are logged into your Google account while using the “reCAPTCHA” plug-in. If you wish to prevent this transmission and storage of data about you and your behaviour on our website by “Google”, you must log out of “Google” before you visit our site or use the reCAPTCHA plug-in. The processing of data by Google can be changed and excluded at https://adssettings.google.com/authenticated.
If your personal data is processed, you are a data subject as defined by the GDPR and as such you have the following rights with regard to the Controller:
You may request confirmation from the Controller as to whether personal data concerning you is being processed by us.
If such processing has taken place, you may request the following information from the Controller:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data processed;
(3) the recipients or categories of recipients to whom the personal data concerning you has been or is still being disclosed;
(4) the planned duration of the storage of the personal data concerning you or, if specific information regarding this is not feasible, criteria for determining the storage period;
(5) the existence of a right to have your personal data concerning you corrected or erased; a right to have processing restricted by the Controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) any available information about the origin of the data if the personal data is not collected from the data subject;
(8) the existence of automatic decision-making, including profiling in accordance with Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Article 46 of the GDPR in connection with the transfer.
You have the right to request that the Controller rectify and/or complete any personal data processed concerning you if it is incorrect or incomplete. The Controller is to make the rectification without undue delay.
In the following circumstances, you may request that the processing of personal data concerning you be restricted:
(1) if you dispute the accuracy of the personal data concerning you for a period which enables the Controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to erase the personal data and instead request that the use of the personal data be restricted;
(3) the Controller no longer requires the personal data for the purposes of processing, but you require it in order to assert, exercise or defend legal claims, or
(4) if you have objected to the processing pursuant to Article 21(1) of the GDPR and it has not yet been established whether the legitimate reasons of the Controller override your reasons.
If the processing of personal data concerning you has been restricted, such data, notwithstanding its storage, may only be processed with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the Controller before the restriction is lifted.
You may request the erasure of personal data concerning you by the Controller without undue delay and the Controller shall be obliged to erase such data without undue delay if one of the following reasons applies:
(1) the personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed;
(2) you revoke your consent upon which the processing is based pursuant to Article 6(1)(a) or (9)(2)(a) of the GDPR, and no other legal basis exists for the processing;
(3) you object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR;
(4) the personal data concerning you has been unlawfully processed;
(5) the erasure of personal data concerning you is necessary to comply with a legal obligation under Union law or Member State law to which the Controller is subject;
(6) the personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.
If the Controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform those controllers processing the personal data that you, as the data subject, have requested the erasure of all links to, or copies or replications of, this personal data.
The right to erasure shall not exist insofar as the processing of data is necessary:
(1) in order to exercise freedom of expression and information;
(2) in order to comply with a legal obligation for processing required by Union or Member State law to which the Controller is subject or to perform a task in the public interest or in the exercise of official authority conferred upon the Controller;
(3) for reasons of public interest in the field of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR insofar as the right referred to under a) is likely to render impossible or seriously impair the attainment of the objectives of such processing; or
(5) in order to assert, exercise or defend legal claims.
If you have exercised the right of rectification, erasure or restriction of processing with regard to the Controller, the Controller shall be obliged to notify all recipients to whom the personal data concerning you has been disclosed of such rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the Controller.
You have the right to receive the personal data concerning you that you have provided to the Controller in a structured, conventional and machine-readable format. Furthermore, you have the right to have this data communicated to another data controller without interference from the Controller to whom the personal data has been made available, provided that
(1) processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or a contract pursuant to Article 6(1)(b) of the GDPR, and
(2) processing takes place by means of an automatic procedure.
In exercising this right, you shall also be entitled to request that the personal data concerning you be transferred directly by one controller to another controller insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data transferability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the Controller.
You have the right to object at any time for reasons arising from your particular situation to the processing of personal data concerning you, which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.
The Controller shall cease to process the personal data concerning you, unless he or she can provide compelling reasons for its processing which override your interests, rights and freedoms or if the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of such personal data for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing.
If you object to processing for direct marketing purposes, personal data concerning you shall cease to be processed for these purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by means of automated procedures using technical specifications.
You have the right to revoke your declaration of consent under data protection law at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent up to the time of the revocation.
You have the right not to be subject to a decision based exclusively on automated processing, including profiling, which may have legal implications for you or which may affect you in a similarly significant way. This shall not apply if the decision is
1) necessary for the conclusion or performance of a contract between you and the Controller;
(2) admissible under Union or Member State law to which the Controller is subject; this decision is permissible and such legal provisions contain appropriate measures to safeguard your rights, freedoms and legitimate interests, or
(3) made with your express consent.
However, these decisions must not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR apply and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
In the cases referred to in (1) and (3), the Controller shall take appropriate measures to safeguard your rights and freedoms and legitimate interests, which include at least the right to obtain human intervention on the part of the Controller, to express your point of view and to contest the decision.
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular, in the Member State where you are resident, work or place of the alleged infringement if you are of the opinion that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
Phone: +49 (0)2151 5258 – 0
We appreciate your interest and want to offer you the best possible customer service. Do not hesitate to let us know your wishes and requirements. We will find a solution that meets your needs – even with special inquiries.