Privacy Policy

Below we inform you about the processing of your personal data in connection with your use of our online offering.

Controller

COM.Create GmbH

Körberheide 101
48157 Münster, Germany

Telephone: +49 (0) 251 59 06 45 72
E-mail: hello@com-create.com

Contact Person

If you have any questions regarding data protection, please contact us using the details above.

Data Retention Period

We generally delete your personal data as soon as it is no longer necessary for the purposes for which it was collected or otherwise processed.

If we have requested your consent and you have given it, we will delete your personal data when you withdraw your consent, unless there is another legal basis for processing.

We will delete your personal data if you object to processing and there are no overriding legitimate grounds for processing, or if you object to processing for direct marketing purposes or related profiling.

If deletion is not possible because processing is still required to fulfill a legal obligation (e.g. statutory retention periods) or to establish, exercise or defend legal claims, we will restrict the processing of your personal data instead.

Further information on retention periods can be found in the sections below.

Your Rights

You have the following rights in relation to your personal data:
– Right of access
– Right to rectification
– Right to erasure
– Right to restriction of processing
– Right to object to processing
– Right to data portability

You have the right to object at any time, for reasons arising from your particular situation, to processing of your personal data carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.

If we process your personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing. We will then no longer process your personal data for these purposes.

You have the right to withdraw your consent to processing of your personal data at any time, if you have given such consent. Withdrawal does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

You have the right to lodge a complaint with a supervisory authority concerning the processing of your personal data by us.

Provision of Your Personal Data

The provision of your personal data is neither legally nor contractually required, nor is it necessary for entering into a contract. You are under no obligation to provide your personal data. Should this change in individual cases, we will inform you separately at the time of data collection (e.g. by marking mandatory fields in input forms).

If you do not provide your personal data, this may mean that we cannot process your data for the purposes described below and you may not be able to use the related services (e.g. without providing your e-mail address you will not receive our newsletter).

Web Hosting

We use external services for web hosting. These services may have access to personal data processed in the context of using our online offering. Further details on the services used, the scope of data processing, and the technologies and procedures employed can be found in the following information and via the provided links.

Google Cloud
Provider: Within the European Economic Area (EEA) and Switzerland, Google services are offered by Google Ireland Limited, Ireland, a subsidiary of Google LLC, United States of America.
Website: https://cloud.google.com/
More information & Privacy: https://policies.google.com/?hl=de and https://business.safety.google/privacy/
The transfer of personal data to third countries depends on the specific Google service and is subject to various EU Standard Contractual Clauses where offered by Google. Further information and Google's data controller responsibilities can be found at: https://business.safety.google/gdpr/. A copy of the EU Standard Contractual Clauses is available there. The provider has joined the EU–US Data Privacy Framework (https://www.dataprivacyframework.gov), ensuring an adequate level of data protection under a European Commission decision.

Webflow
Provider: Webflow, Inc., United States of America.
Website: https://webflow.com/hosting
More information & Privacy: https://webflow.com/legal/privacy and https://webflow.com/legal/eu-privacy-policy
Guarantee: EU Standard Contractual Clauses. A copy of the EU Standard Contractual Clauses can be requested from us. The provider has joined the EU–US Data Privacy Framework (https://www.dataprivacyframework.gov), ensuring an adequate level of data protection under a European Commission decision.

Web Server Log Files

We process your personal data to display our online offering and to ensure its stability and security. In doing so, information (such as requested element, called URL, operating system, date and time of request, browser type and version, IP address, protocol used, amount of data transferred, user agent, referrer URL, time zone difference to GMT, and HTTP status code) is stored in so-called log files (access log, error log, etc.).

If we have obtained your consent, the legal basis for processing is Article 6(1)(a) GDPR. If no consent was required, the legal basis is Article 6(1)(f) GDPR. Our legitimate interest is the proper display of our online offering and ensuring its stability and security.

Security

For security reasons and to protect the transmission of your personal data and other confidential content, we use encryption on our domain. You can recognize this by the “https://” prefix and the lock icon in your browser’s address bar.

Contact

If you contact us, we process your personal data to handle your inquiry.

If we have obtained your consent, the legal basis for processing is Article 6(1)(a) GDPR. Otherwise, the legal basis is Article 6(1)(f) GDPR. Our legitimate interest is handling your inquiry. If processing is necessary for the performance of a contract or pre-contractual steps based on your request, the legal basis is also Article 6(1)(b) GDPR.

We use external services to provide and maintain our e-mail mailboxes. These services may have access to personal data processed in the course of contacting us. Further details on these services and their data processing practices are provided below and via the links.

Gmail
Provider: Within the EEA and Switzerland, Google services are offered by Google Ireland Limited, Ireland, a subsidiary of Google LLC, United States of America.
Website: https://www.google.com/intl/de/gmail/about/
More information & Privacy: https://policies.google.com/?hl=de and https://business.safety.google/privacy/
Data transfers to third countries depend on the specific Google service and are subject to EU Standard Contractual Clauses where offered by Google. Further information and the data controller responsibilities of Google can be found at: https://business.safety.google/gdpr/. A copy of the EU Standard Contractual Clauses is available there. The provider has joined the EU–US Data Privacy Framework (https://www.dataprivacyframework.gov), ensuring an adequate level of data protection.

To support the handling of your inquiry, we use support systems (appointment booking, live chat, ticketing/helpdesk, etc.) and external services. These services may access personal data processed through these support channels. Further details are provided below and via the links:

Calendly
Provider: Calendly, LLC, United States of America.
Website: https://calendly.com/de
More information & Privacy: https://calendly.com/privacy, https://calendly.com/security, https://help.calendly.com/hc/de/articles/360007032633
Guarantee: EU Standard Contractual Clauses. A copy of the EU Standard Contractual Clauses can be requested from us. The provider has joined the EU–US Data Privacy Framework (https://www.dataprivacyframework.gov), ensuring an adequate level of data protection under a European Commission decision.

Cookies & Similar Technologies

We use cookies. Cookies are text files stored on your device. We distinguish between session cookies, which are deleted when you close your browser, and persistent cookies, which remain until they expire or are deleted.

In addition to cookies, similar technologies (tracking pixels, web beacons, etc.) may be used. The following statements on cookies also apply to these technologies and related processing (analytics & marketing, etc.), including any consent you may have given.

Cookies may enable certain functions of our online offering. They may also measure reach, optimize content and marketing, and tailor our offering to your interests. Cookies may be set by us or by third-party services.

We use a consent management tool to manage cookies and consents. Details on the cookies used (purpose, retention period, external services, etc.) and the consent tool can be found in the tool and the following sections.

If we have obtained your consent, the legal basis is Article 6(1)(a) GDPR. Otherwise, the legal basis is Article 6(1)(f) GDPR. Our legitimate interest is managing cookies and consents; specific purposes are explained below.

You can prevent cookies by adjusting your browser settings. Below are links for common browsers with further information on cookie management:
– Firefox: https://support.mozilla.org/de/kb/verbesserter-schutz-aktivitatenverfolgung-desktop
– Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
– Internet Explorer / Edge: https://support.microsoft.com/de-de/windows/l%C3%B6schen-und-verwalten-von-cookies-168dab11-0753-043d-7c16-ede5947fc64d
– Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
– Opera: https://help.opera.com/de/latest/web-preferences/#cookies
– Yandex: https://browser.yandex.com/help/personal-data-protection/cookies.html

Further opt-out options can be found at: https://www.youronlinechoices.eu/, https://youradchoices.ca/en/tools, https://optout.aboutads.info/?c=2&lang=EN and https://optout.networkadvertising.org/?c=1.

If you block cookies, this may impair the proper functioning of our online offering. Deleting all cookies will also remove your settings and consents, which must then be reconfigured.

You can also enable “Do Not Track” in your browser to signal that you do not wish to be tracked. Links for common browsers:
– Firefox: https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen
– Chrome: https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DDesktop&hl=de
– Internet Explorer / Edge: https://support.microsoft.com/de-de/windows/verwenden-von-do-not-track-in-internet-explorer-11-ad61fa73-d533-ce96-3f64-2aa3a332e792
– Opera: https://help.opera.com/de/latest/security-and-privacy/
– Safari no longer supports “Do Not Track” as of February 2019. To prevent cross-site tracking in Safari see: https://support.apple.com/de-de/guide/safari/sfri40732/12.0/mac
– Yandex: https://yandex.com/support/browser/personal-data-protection/ytp.html

You can also withdraw or manage your consents at any time via our consent management tool.

Analytics & Marketing

We process your personal data to measure the reach of our online offering, tailor it to demand and interests, and thereby optimize our online offering and our marketing.

If we have requested your consent and you have given it, the legal basis for processing is Article 6(1)(a) GDPR. If we have not requested your consent, the legal basis for processing is Article 6(1)(f) GDPR. Our legitimate interest is the optimization of our online offering and our marketing.

We use external services for analysis and marketing. Profiling (for advertising, personalized information, etc.) may also occur. Profiling may be conducted across services and devices. Further information on the services used, the scope of data processing, the technologies and procedures employed, whether profiling takes place, and—if applicable—details on the logic involved and the extent and intended effects of such processing for you can be found in the detailed information about the services we use at the end of this section and via the links provided there.

Further information on cookies & similar technologies can be found above.

Google Ads Conversion Tracking
Provider: Within the European Economic Area (EEA) and Switzerland, Google services are offered by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.
Website: https://support.google.com/google-ads/answer/1722022?hl=de
More information & Privacy: https://policies.google.com/?hl=de and https://business.safety.google/privacy/
The transfer of personal data to third countries depends on the specific Google service and is subject to EU Standard Contractual Clauses where offered by Google. Further information and Google’s data controller responsibilities can be found at: https://business.safety.google/gdpr/. A copy of the EU Standard Contractual Clauses is available there. The provider has joined the EU–US Data Privacy Framework (https://www.dataprivacyframework.gov), ensuring an adequate level of data protection under a European Commission decision.

Google Ads Enhanced Conversions
Provider: Google Ireland Limited, Ireland (EEA & Switzerland).
Website: https://support.google.com/google-ads/answer/9888656?hl=de
More information & Privacy: https://policies.google.com/?hl=de and https://business.safety.google/privacy/
Data transfers to third countries are subject to the EU Standard Contractual Clauses and the EU–US Data Privacy Framework as described above.

Google Analytics
Provider: Google Ireland Limited, Ireland (EEA & Switzerland).
Website: https://marketingplatform.google.com/intl/de/about/analytics/
More information & Privacy: https://support.google.com/analytics/answer/6004245?hl=de, https://policies.google.com/?hl=de and https://business.safety.google/privacy/
Data transfers are subject to the EU Standard Contractual Clauses and the EU–US Data Privacy Framework as described above.

Google Analytics 4
Provider: Google Ireland Limited, Ireland (EEA & Switzerland).
Website: https://support.google.com/analytics/answer/10089681?hl=de
More information & Privacy: https://support.google.com/analytics/answer/6004245?hl=de, https://policies.google.com/?hl=de and https://business.safety.google/privacy/
Data transfers are subject to the EU Standard Contractual Clauses and the EU–US Data Privacy Framework as described above.

Google Remarketing
Provider: Google Ireland Limited, Ireland (EEA & Switzerland).
Website: https://support.google.com/google-ads/answer/2453998
More information & Privacy: https://policies.google.com/?hl=de and https://business.safety.google/privacy/
Data transfers are subject to the EU Standard Contractual Clauses and the EU–US Data Privacy Framework as described above.

Google Tag Manager
Provider: Google Ireland Limited, Ireland (EEA & Switzerland).
Website: https://support.google.com/tagmanager/answer/6102821?hl=de
More information & Privacy: https://policies.google.com/?hl=de and https://business.safety.google/privacy/
Data transfers are subject to the EU Standard Contractual Clauses and the EU–US Data Privacy Framework as described above.

LinkedIn Conversion Tracking
Provider: If you are in the EU, EEA or Switzerland, the service is provided by LinkedIn Ireland Unlimited Company, Ireland; otherwise by LinkedIn Corporation, USA.
Website: https://business.linkedin.com/de-de/marketing-solutions/conversion-tracking
More information & Privacy: https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy and https://de.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy
Guarantee: EU Standard Contractual Clauses. A copy can be requested from us. The provider has joined the EU–US Data Privacy Framework (https://www.dataprivacyframework.gov), ensuring adequate data protection under a European Commission decision.

LinkedIn Insight Tag
Provider: LinkedIn Ireland Unlimited Company (EU/EEA/Switzerland) or LinkedIn Corporation (rest of world).
Website: https://business.linkedin.com/de-de/marketing-solutions/insight-tag
More information & Privacy: https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy and https://de.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy
Guarantee: EU Standard Contractual Clauses. A copy can be requested from us. The provider has joined the EU–US Data Privacy Framework (https://www.dataprivacyframework.gov), ensuring adequate data protection under a European Commission decision.

Microsoft Advertising
Provider: Microsoft Ireland Operations Limited, Ireland (EEA & Switzerland), a subsidiary of Microsoft Corporation, USA.
Website: https://about.ads.microsoft.com/de-de
More information & Privacy: https://privacy.microsoft.com/de-de/ and https://www.microsoft.com/de-de/trust-center/privacy
Guarantee: EU Standard Contractual Clauses. A copy can be requested from us. The provider has joined the EU–US Data Privacy Framework (https://www.dataprivacyframework.gov), ensuring adequate data protection under a European Commission decision.

Social Media Presences

We maintain social media presences on external services to communicate with users and optimize our online offering and our marketing.

This privacy policy also applies to the following social media presences:
– Facebook: https://www.facebook.com/COMCreate-192849388936095
– Instagram: https://www.instagram.com/com.create/
– LinkedIn: https://www.linkedin.com/company/com-create
– YouTube: https://www.youtube.com/channel/UCUh2BxgkLkuVAqwurKjQVUQ
– WhatsApp Business

Social Media Content/Plugins

We use social media content/plugins from external services to display their content and functions in order to optimize our online offering and our marketing.

Profiling (for advertising, personalized information etc.) may also occur across services and devices. Further details are provided in the information about the services we use at the end of this section and via the links provided.

Facebook
Provider: Meta Platforms Ireland Limited, Ireland, a subsidiary of Meta Platforms, Inc., USA. Joint controller with us. Agreement available at https://www.facebook.com/legal/terms/page_controller_addendum and https://www.facebook.com/legal/controller_addendum.
More information & Privacy: https://developers.facebook.com/docs/plugins/, https://www.facebook.com/legal/terms/information_about_page_insights_data, https://www.facebook.com/privacy/policy/, https://de-de.facebook.com/policies/cookies/, https://www.facebook.com/help/566994660333381?ref=dp and https://de-de.facebook.com/help/568137493302217
Guarantee: EU Standard Contractual Clauses. A copy can be requested from us. The provider has joined the EU–US Data Privacy Framework (https://www.dataprivacyframework.gov), ensuring adequate data protection under a European Commission decision.

Instagram
Provider: Meta Platforms Ireland Limited, Ireland. A subsidiary of Meta Platforms, Inc., USA.
Website: https://www.instagram.com
More information & Privacy: https://help.instagram.com/581066165581870 and https://help.instagram.com/519522125107875
Guarantee: EU Standard Contractual Clauses. A copy can be requested from us. The provider has joined the EU–US Data Privacy Framework (https://www.dataprivacyframework.gov), ensuring adequate data protection under a European Commission decision.

LinkedIn
Provider: LinkedIn Ireland Unlimited Company (EU/EEA/Switzerland) or LinkedIn Corporation (rest of world).
Website: https://www.linkedin.com
More information & Privacy: https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy and https://de.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy
Guarantee: EU Standard Contractual Clauses. A copy can be requested from us. The provider has joined the EU–US Data Privacy Framework (https://www.dataprivacyframework.gov), ensuring adequate data protection under a European Commission decision.

WhatsApp
Provider: If users are in the EEA (including the EU) or designated territories, the service is provided by WhatsApp Ireland Limited, Ireland; otherwise by WhatsApp LLC, USA.
Website: https://www.whatsapp.com/
More information & Privacy: https://www.whatsapp.com/privacy, https://www.whatsapp.com/legal/ and https://www.whatsapp.com/legal/privacy-policy-eea
Guarantee: EU Standard Contractual Clauses. A copy can be requested from us. The provider has joined the EU–US Data Privacy Framework (https://www.dataprivacyframework.gov), ensuring adequate data protection under a European Commission decision.

YouTube
Provider: Google Ireland Limited, Ireland (EEA & Switzerland), a subsidiary of Google LLC, USA.
Website: https://www.youtube.com
More information & Privacy: https://policies.google.com/?hl=de and https://business.safety.google/privacy/
Data transfers are subject to the EU Standard Contractual Clauses and the EU–US Data Privacy Framework as described above.

Fonts & Scripts

We use fonts and scripts from external services to display our online offering and ensure up-to-date assets.

If we have requested your consent and you have given it, the legal basis for processing is Article 6(1)(a) GDPR. If we have not requested your consent, the legal basis for processing is Article 6(1)(f) GDPR. Our legitimate interest is the proper display of our online offering and ensuring current fonts and scripts.

Profiling may occur across services and devices. Further details are provided in the information about the services we use at the end of this section and via the links provided.

Google Fonts
Provider: Google Ireland Limited, Ireland (EEA & Switzerland).
Website: https://fonts.google.com/
More information & Privacy: https://policies.google.com/?hl=de and https://business.safety.google/privacy/
Data transfers are subject to the EU Standard Contractual Clauses and the EU–US Data Privacy Framework as described above.

Maps

We use maps from external services to show our location and enable related features.

Profiling may occur across services and devices. Further details are provided in the information about the services we use at the end of this section and via the links provided.

Google Maps
Provider: Google Ireland Limited, Ireland (EEA & Switzerland).
Website: https://www.google.de/maps
More information & Privacy: https://policies.google.com/?hl=de and https://business.safety.google/privacy/
Data transfers are subject to the EU Standard Contractual Clauses and the EU–US Data Privacy Framework as described above.

Review Platforms

We use review platforms and process your personal data to collect feedback and optimize our online offering and marketing.

If we or the platforms ask for your consent and you give it, the legal basis is Article 6(1)(a) GDPR. If not, the legal basis is Article 6(1)(f) GDPR. Our legitimate interest is the optimization of our online offering and our marketing.

If we or the platforms ask for your consent to remind you to leave a review and you agree, the legal basis is Article 6(1)(a) GDPR.

Further information on the platforms used, the scope of data processing, and the technologies and procedures employed can be found in the detailed information about the platforms we use at the end of this section and via the links provided.

Google Customer Reviews
Provider: Google Ireland Limited, Ireland (EEA & Switzerland).
Website: https://support.google.com/merchants/answer/7124326?hl=de
More information & Privacy: https://policies.google.com/?hl=de and https://business.safety.google/privacy/
Data transfers are subject to the EU Standard Contractual Clauses and the EU–US Data Privacy Framework as described above.

Job Applications

If you apply to us, we process your personal data to conduct the application process and decide on an employment relationship. After completion, we restrict processing and delete or return your data no later than six months after you receive notice of rejection, unless you have consented to further use.

If we have requested your consent and you have given it, the legal basis is Article 6(1)(a) GDPR. If not, the legal basis is Article 6(1)(f) GDPR. Our legitimate interest is the proper conduct of the application process and defense against claims arising from rejection. If processing is required to decide on an employment relationship, the legal basis is § 26(1) sentence 1 BDSG.

CAPTCHAs

We use CAPTCHAs to protect our offering from abusive, automated or malicious inputs (e.g. in forms).

If we have requested your consent and you have given it, the legal basis is Article 6(1)(a) GDPR. If not, the legal basis is Article 6(1)(f) GDPR. Our legitimate interest is the protection of our offering and abuse prevention.

We use external services to provide CAPTCHAs. Profiling may also occur across services and devices. Further details are provided in the information about the services we use at the end of this section and via the links provided.

Google reCAPTCHA
Provider: Google Ireland Limited, Ireland (EEA & Switzerland).
Website: https://www.google.com/recaptcha/
More information & Privacy: https://policies.google.com/?hl=de and https://business.safety.google/privacy/
Data transfers are subject to the EU Standard Contractual Clauses and the EU–US Data Privacy Framework as described above.

Comments

If you leave comments (on blog posts, products, etc.), we process your personal data to display your comments and prevent abuse.

This privacy policy was created using the configurator by getLaw.de.