CSBG — C. Gathmann Computer-System-Beratung GmbH
Legal

Privacy Policy

The German version shall prevail.

Draft — please have it reviewed legally. This text is a standardized template in accordance with the GDPR and does not replace legal advice. Before publication it should be adapted to the actual processing activities, the hosting provider used and any services/tools, and reviewed legally.

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data-protection laws is:

C. Gathmann Computer-System-Beratung GmbH
Wachtstr. 17-24
Baumwollbörse, Raum 101
D-28195 Bremen
Phone: +49 421 3468513
Email: information@csbg.de
Represented by the managing director: Dipl.-Ing. Christian F. Gathmann

2. General information on data processing

We process personal data of our users only insofar as this is necessary to provide a functional website as well as our content and services. The processing is regularly carried out only after consent of the data subject or where the processing is permitted by statutory provisions.

The legal bases for the processing are in particular Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract or pre-contractual measures), Art. 6(1)(c) GDPR (legal obligation) and Art. 6(1)(f) GDPR (legitimate interest).

3. Collection and processing when visiting the website

When using this website purely for information purposes, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. This data is processed for the duration of the display of the website in order to enable the delivery of the website and to ensure stability and security.

The website is delivered statically; no tracking cookies, no analytics tools and no integrations of external advertising or profiling services are used.

4. Server log files

Every time the website is accessed, the system of the accessing computer automatically records data and information that is stored in the server log files. This may include:

  • anonymized or shortened IP address of the requesting computer
  • date and time of access
  • name and URL of the retrieved file
  • website from which access is made (referrer URL)
  • browser used and, where applicable, the operating system and the name of your access provider
  • transferred data volume and HTTP status code

The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in the technical provision, security and stability of the website. The log files are deleted when the purpose ceases to apply; insofar as data is required for evidentiary purposes, it is exempt from deletion until the final clarification of the respective incident.

5. Hosting

The website is hosted with a service provider in Germany (e.g. Hetzner Online GmbH, Gunzenhausen, Germany). The server is located in a data center in Germany. A data-processing agreement pursuant to Art. 28 GDPR exists or will be concluded with the hosting provider. The provider processes the data arising in connection with the website operation exclusively in accordance with our instructions and to fulfil its service obligations.

Note: The specific host and its location must be verified before publication and adjusted if necessary.

5a. Web analytics with Matomo (self-hosted)

We use Matomo (matomo.org) as self-hosted web analytics software on our own server in the EU. No data is transmitted to third parties, no cookies are set, and your IP address is shortened by its last octet before storage and only ever processed in this anonymised form. As a result, it can no longer be linked back to you personally. We record only:

  • the page you visited (URL) and the previous page (referrer)
  • date, time and approximate time spent on the page
  • browser type and version, operating system, screen resolution
  • the anonymised (shortened) IP address for rough geographic context (country/region)
  • your preferred language

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in privacy-friendly reach and usage analysis). No cross-device recognition takes place. A "Do Not Track" setting in your browser is respected — in that case no analytics data is collected at all. The anonymised aggregated reports are kept indefinitely; subsequent re-identification is excluded because of the upstream IP truncation.

6. Contact

If you contact us by email or telephone, the data you provide (e.g. name, email address, telephone number and the content of your enquiry) is stored by us in order to process your enquiry. The legal basis is Art. 6(1)(b) GDPR insofar as the enquiry is aimed at the conclusion or performance of a contract, otherwise Art. 6(1)(f) GDPR (legitimate interest in answering the enquiry). We delete the data as soon as it is no longer required to achieve the purpose of its collection and no statutory retention obligations conflict.

7. Disclosure of data

Your personal data is only transferred to third parties if this is legally permissible, you have consented, it is necessary for the performance of a contract or a data-processing or service relationship exists. A transfer to third countries outside the EU/EEA is not envisaged.

8. Storage period

Personal data is deleted as soon as the purpose of storage ceases to apply. Storage beyond this may take place if statutory retention periods (e.g. of a commercial or tax-law nature) provide for this.

9. Rights of the data subject

Under the GDPR you have in particular the following rights:

  • access to the data processed about you (Art. 15 GDPR)
  • rectification of inaccurate data (Art. 16 GDPR)
  • erasure of your data stored by us (Art. 17 GDPR)
  • restriction of data processing (Art. 18 GDPR)
  • data portability (Art. 20 GDPR)
  • objection to the processing (Art. 21 GDPR)
  • withdrawal of a given consent with effect for the future (Art. 7(3) GDPR)

To exercise your rights, an informal notification to information@csbg.de is sufficient.

10. Right to lodge a complaint with the supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data-protection supervisory authority, in particular in the member state of your residence, place of work or place of the alleged infringement. The supervisory authority responsible for the registered office of the controller is the State Commissioner for Data Protection and Freedom of Information of the Free Hanseatic City of Bremen.

11. Data security

We take technical and organizational security measures to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The website is delivered via an encrypted TLS connection (HTTPS).

12. Topicality and amendment of this privacy policy

This privacy policy is currently valid. Due to the further development of the website or because of changed statutory or official requirements, it may become necessary to amend this privacy policy.