CSMM Data Privacy

CSMM Privacy Statement

as of January 2025

The following Privacy Statement informs you about the personal data that CSMM GmbH ("we" or "CSMM") processes when you visit our website under https://www.cs-mm.com/ ("website") and use other means of communication (e.g., email, telephone, etc.) to contact us and to maintain business relations with us. We explain the respective legal basis, the purpose and the manner of our processing of personal data. Moreover, we inform you about your rights in this connection and the duration of data storage.

Personal data includes all information that identifies you or can be used to identify you. This includes, for example, your name, your email address and your telephone number, but also an online identifier.

1. Data Controller and Data Protection Officer

The controller of the processing of personal data pursuant to Art. 4 No. 7 of the EU General Data Protection Regulation (GDPR) is:

CSMM GmbH
Werk 3, Atelierstraße 14
81671 München, Germany
Phone: +49 (0)89 9601599-0
Fax +49 (0)89 9601599-99
Email: info@cs-mm.com

In order to exercise your rights or to obtain further information, please contact our Data Protection Officer under: datenschutz@cs-mm.com

2. Processing Purposes and Legal Basis for the Processing of Data in Detail

a. Server log files when accessing our website

Whenever you visit our website, your browser automatically sends specific information to the server of our website. This information is automatically collected upon each access to our website and is automatically stored in so-called "server logs" or "system log files". This information includes:

the IP address currently assigned to your device
the date and time of the request
the time zone
the specific page or file accessed
the http status code and the data volume transferred
the website from which your request was received
the browser used
the operating system of your device
the language selected

This data is used by the web server to display the website contents on your device in the best possible way.

The temporary storage of your IP address by the system is necessary to deploy the website to the computer of the user. For this purpose, the IP address of the user is stored for up to 7 days. The log files are stored to ensure the operability of the website: This data is processed to discover and fix errors of the website, to determine the capacity utilisation of the website, or implement improvements, as well as to guarantee the security of our information technology systems. These purposes also reflect our legitimate interest in the data processing as defined in Art. 6(1) (f) of the GDPR. This Article also constitutes the legal basis for the data processing. This data will not be merged with data from other data sources and will also not be evaluated for marketing purposes.

b. Cookies and associated functions/technologies

We use so-called cookies on our website. Cookies are small text files that are stored on your device and that save specific settings and data to share with our system via your browser. A cookie usually contains the name of the domain from which the cookie-data was sent, as well as information about the age of the cookies and a characteristic sequence of numbers allowing clear identification of your browser when you access the website again. Cookies allow our system to recognise the device of the user and to make any default settings immediately available. Once a user accesses the website, a cookie is transmitted to the hard drive of the user's device.

We deploy cookies to guarantee the functionality of the individual modules. Some elements of our website require that the accessing browser can also be identified after a page change. This includes the cookies listed on the detail page.

The user data collected by technically necessary cookies will not be used to create user profiles.

The legal basis for the processing of personal data using cookies is constituted by Art. 6(1) (f) of the GDPR and for the use of cookies is constituted by Section 25(2) No. 2 of the TDDDG (German Telecommunications Digital Services Data Protection Act). The option to use the website also reflect our legitimate Interest in processing the personal data under Art. 6(1) (f) or the GDPR.

The storage period for cookies varies depending on whether so-called session cookies or temporary cookies are concerned. Session cookies are automatically deleted after you have left our website. Temporary cookies are stored on your device for a specified period.

3. Contact

If you send us requests by email, your message including your contact details provided therein will be stored and processed by us for the purpose of processing and answering the request as well as for the case of follow-up questions. This data will not be transferred to third parties, unless this is necessary for processing and answering your contact request or you have given your explicit consent.

If you contact us under any existing contractual relationship or contact us in advance to obtain information about our service offering or our services, the data and information provided by you will be processed for processing and answering your contact request pursuant to Art. 6(1) Sentence 1 (b) of the GDPR. Otherwise, the processing of personal data is carried out to safeguard our legitimate interests under Art. 6(1) Sentence 1 (f) of the GDPR in providing appropriate responses to customer or contact requests.

The personal data processed in this respect specifically includes the following data:

First name, last name
Email address
Telephone number, if applicable
Subject
Content of the message

Your data will be retained by us until the purpose of storage no longer applies. This is generally the case after the processing of your request has been completed. Mandatory statutory provisions, in particular retention periods, remain unaffected thereby.

4. Newsletter

Our website provides you with the option to subscribe to our newsletter. For the dispatch of the newsletter and for the management of the content website, we use the services of the service provider Mailchimp, c/o The Rocket Science Group, LLC, 405 N. Angier Ave. NE, Atlanta, GA 30312, USA, www.mailchimp.com, Tax ID: MOSS No. EU342008134, who acts as a processor under Art. 28 of the GDPR on our instruction and on our behalf. Personal data will not be processed for other purposes and will not be transferred to third parties. For the subscription, we use a so-called double opt-in procedure, in which you are sent, after entering your email address, a link via which you can confirm your subscription within 24 hours. If you fail to confirm, the subscription will be deleted. Once you have sent the confirmation, we will store your email address until you unsubscribe from the newsletter and only for the purpose of dispatching the newsletter. The legal basis is constituted by Art. 6(1) (a) of the GDPR.

To prevent misuse, we will store the time of access of your subscription and confirmation. The only mandatory information for the subscription is your email address. We do not request further data.

You may revoke your consent to the receipt of the newsletter with effect for the future at any time by clicking on the link contained in each newsletter. A revocation does not have any effect on the data processing in the past based on your consent.

5. Use of Service Providers by CSMM

The server hosting is provided by:
Enter GmbH, Lörenskogstr. 1
85748 Garching b. München, Germany
Phone: +49 89 3230833-0
Email: info@enter-support.de

Responsible for the content under Section 55(2) of the RStV (German Broadcasting Treaty):
Matthias May (Managing Director)
Local Court of Munich, registered under HRB 196585
Tax ID: 143/133/90730
VAT ID: DE281616387

6. Social Media

We are present on various social media platforms which are presented below in detail. We use our social media presence for the purpose of informing about our service offering and communicating with (potential) users. If you contact us via these social media, we act as the data controller jointly with the operators of the social media. However, we can Influence the associated data processing operations only to a degree. Personal data published by you on social media platforms may be used for market research and advertising purposes.

a. LinkedIn

The following information refers to the data processing when you use the CSMM LinkedIn page available under https://de.linkedin.com/company/csmm-gmbh (hereinafter "LinkedIn Page").

Please also note the privacy policy of LinkedIn. Information about the processing of data by LinkedIn in the case of interactions with the LinkedIn Page, about the legal bases and purposes of the processing of personal data as well as about the data deletion and storage period by LinkedIn is available under: https://de.linkedin.com/legal/privacy-policy

Where CSMM and LinkedIn act as joint data controller under Art. 26(1) of the GDPR, the agreement concluded between CSMM and LinkedIn applies, which is available under: https://legal.linkedin.com/pages-joint-controller-addendum

Contact details of LinkedIn:
LinkedIn Ireland Unlimited Company
Wilton Place
Dublin 2, Ireland

Contact details of the Data Protection Officer of LinkedIn Ireland Unlimited Company: https://www.linkedin.com/help/linkedin/ask/TSO-DPO

Supervisory data protection authority for LinkedIn:
Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28, Ireland
+353 578 684 800
+353 761 104 800
Online form: https://forms.dataprotection.ie/contact
Website: https://www.dataprotection.ie/

Users intending to assert rights of data subjects against LinkedIn should following this link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO

Whenever users interact with the LinkedIn Page, CSMM will process the following personal data of the users:

public profile information of the user
personal data provided in posts
personal data provided in comments
personal data provided via LinkedIn messages when CSMM is contacted
further data of the users collected by LinkedIn Insights (analytics services relating to the use of and interaction with LinkedIn pages). LinkedIn does not provide any personal data to CSMM. CSMM is provided only with numerical evaluations of LinkedIn relating to the use of and interaction of the users with the LinkedIn Page. Further information about the processing of Insights data collected in interactions with the LinkedIn Page is available under: https://legal.linkedin.com/pages-joint-controller-addendum
pose questions via the LinkedIn Page regarding the service offering and services of CSMM, or
request other information via the LinkedIn Page of CSMM
First name, last name
Form of address
Employer
Position
City, country
Personal data provided by the user when contacting us
Evaluation of the analyses and statistics for the LinkedIn Page created and provided by LinkedIn regarding the interaction by the users with the LinkedIn Page
Improvement of the LinkedIn Page in terms of ease of use and appeal as well as implementation of marketing measures
Communication and interaction via the LinkedIn Page opened up by the users
current followers of the LinkedIn Page (with current workplace, date on which the page was followed, location, job function, seniority, industry, company size)
breakdown of visitors with time of the website visit, job function, location, seniority, industry and company size)
Privacy Policy of LinkedIn: https://de.linkedin.com/legal/privacy-policy
Information on page insights: https://legal.linkedin.com/pages-joint-controller-addendum

We process personal data of the users for the purpose of performing contracts concluded by us with the users or for the purpose of implementing precontractual measures (Art. 6(1) (b) of the GDPR). Personal data will be provided to us, whenever the users:

The type of the processed data depends on which data is provided by the user to CSMM. Generally, the following data Is concerned:

Moreover, we process personal data of the users to safeguard our legitimate interests (Art. 6(1) (f) of the GDPR) referring to the following purposes:

We do not have any access to the personal data processed by LinkedIn in the context of Insights, but only to the data of the aggregated page insights, which relates to the following evaluations over a specific period of time:

Further statistical data of the members and visitors of LinkedIn is processed. Otherwise, LinkedIn does not provide any further personal data to us. We are provided only with numerical evaluations of LinkedIn relating to the use of and interaction of the users with the LinkedIn Page.

LinkedIn fulfils all obligations arising from the GDPR regarding the processing of the Insights data. We do not make any decision regarding the processing of Insights data and any further information under Art. 13 of the GDPR. This data and information are only provided by LinkedIn. Information about the legal bases and purposes of the processing of personal data by LinkedIn as well as the essentials of the Insights add-on are available here:

b. Instagram

The following information refers to the data processing when you use the CSMM Instagram page available under https://www.instagram.com/csmm_architecturematters/ (hereinafter "Instagram Page").

Please also note the privacy policy of Instagram. Information about the processing of data by Instagram in the case of interactions with the Instagram Page, about the legal bases and purposes of the processing of personal data as well as about the data deletion and storage period by Instagram is available under: https://help.instagram.com/519522125107875

Instagram fulfils all obligations arising from the GDPR regarding the processing of the Analytics data. We do not make any decision regarding the processing of Analytics data and any further information under Art. 13 of the GDPR. This data and information are only provided by Instagram Analytics.

Contact details of Instagram:
Instagram Inc.
1601 Willow Road
Menlo Park
CA 94025, USA

Contact details of the Data Protection Officer of Instagram:
Meta Platforms Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2, Ireland

Supervisory data protection authority for Instagram:
Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28, Ireland
Online form: https://forms.dataprotection.ie/contact
Website: https://www.dataprotection.ie/

Users intending to assert rights of data subjects against Instagram should following this link: https://help.instagram.com/477434105621119/?locale=de_DE

Whenever users interact with the Instagram Page, CSMM will process the following personal data of the users:

public profile information of the user
personal data provided in posts
personal data provided in responses to posts
when persons on photos are marked
app-related, browser-related and device-related information

Information from partners, providers and third parties: further statistical data of the users of Instagram is processed via Instagram Analytics (analytics services relating to the use of and interaction with Instagram pages) processes. Instagram does not provide any personal data to CSMM. is provided only with numerical evaluations of Instagram relating to the use of and interaction of the users with the Instagram Page.

We process personal data of the users to safeguard our legitimate interests (Art. 6(1) (f) of the GDPR) referring to the following purposes:

Evaluation of the analyses and statistics for the Instagram Page created and provided by Instagram regarding the interaction by the users with the Instagram Page
Communication and interaction via the Instagram Page opened up by the users

We do not have any access to the personal data processed by Instagram in the context of Analytics.

7. Applications

The purpose of the processing of your data is to execute the application procedure wherein we process the personal data that you have attached to your application (e.g., master data, contact details, information about your professional career, graduations, professional qualifications, etc.) or that you communicate in the context of job interviews.

The processing of your candidate data is carried out on the basis of Art. 6(1) (b and Art. 6(1) (f) of the GDPR. Any special categories of personal data communicated by you in addition on a voluntary basis within the meaning of Art. 9(1) of the GDPR will be processed in addition under Art. 9(2) (a) of the GDPR (e.g., health data).

Your data relating to an application for a job advertisement is stored and processed by us during the ongoing application process. If the application procedure does not lead to your recruitment, your application details will be deleted upon completion of the application procedure for the relevant position once a period of six months has passed.

8. No Transfer of Personal Data

As a basic rule, we will not transfer your personal data, beyond the processing activities described, to third parties, unless you have consented to a transfer of personal data, or unless we are entitled or obliged to transfer personal data due to legal provisions and/or administrative or judicial orders. In particular, this may involve the provision of information for purposes of criminal prosecution, civil protection or enforcement of intellectual property rights.

9. Rights of Data Subjects

You have the following rights regarding your personal data that you may assert against CSMM:

Right to information: You have the right under Art. 15 of the GDPR to obtain information about your personal data processed by CSMM.
Right to correction: If the information about you is no longer accurate, you have the right under Art. 16 of the GDPR to request a correction. If your data is incomplete, you have the right to request a completion.
Right to deletion: You have the right under Art. 17 of the GDPR to request the deletion of your personal data.
Right to limitation of the processing: You have the right under Art. 18 of the GDPR to request a limitation of the processing of your personal data.
Right to object to the processing: You have the right at any time, for reasons arising from your specific situation to object to the processing of your personal data that is carried out due to Art. 6(1) Sentence 1 (e) or (f) of the GDPR, under Art. 21(1) of the GDPR. In this case, CSMM will not continue to process your data, unless we can prove compelling legitimate reasons for the processing overriding your interests, rights and freedoms, and in particular, if the processing serves to assert and exercise or defend legal claims (Art. 21(1) of the GDPR). Moreover, you have the right under Art. 21(2) of the GDPR at any time to object to the processing of personal data about you for the purpose of direct marketing; this also applies to any profiling associated with such direct marketing. Any profiling by CSMM does not take place.
Right to revoke the consent: If you have consented to a processing of data, you may at any time revoke your consent with effect for the future. This means that your revocation has no effect on the processing of data performed by us between the granting of your consent and the revocation of your consent. You do not have justify your revocation. An informal notification by email to datenschutz@cs-mm.com is sufficient.
Right to data portability: You have the right to obtain the personal data about you provided to us by you in a structured, common and machine-readable format ("Data Portability") as well as the right to have this data transferred to another data controller, if the condition of Art. 20(1) (a), (b) of the GDPR is met (Art. 20 of the GDPR).

You may assert your rights by notice to the contact details referred to in Clause 1 above or to the Data Protection Officer also referred to in Clause 1 above.

If data subjects hold the view that the processing of their personal data violates the privacy law, they have, in addition, the right under Art. 77 of the GDPR to complain, at their own discretion, to a supervisory data protection authority, which includes the Supervisory Data Protection Authority responsible for CSMM:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach, Germany

Postfach 1349
91504 Ansbach, Germany
Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
Email: poststelle@lda.bayern.de