Privacy Policy

I. For what purpose and how we collect data

We describe how we handle personal data and use cookies related to the use of our websites https://sustainabilitytransformation.com/ and http://cforst.com/

1. The owner of the website and the data controller is Axel Klimek, you can contact him in writing: Axel Klimek, Quellenweg 31, 65719 Hofheim, or write to us via e-mail: axel.klimek@cforst.com or via >>the contact form<<.

2. Our privacy policy applies to anyone who uses the pages or uses our services and information that we offer, for example by mailing.

3. We do not make your data available to third parties in any form (paid or free). We do not send spam. Our content is only for those interested.

4. You have the right to access, rectify, delete, limit processing, object to processing, transfer this data or submit a complaint to the supervisory authority for their processing at any time. You also have the right to withdraw your consent to the processing of your personal data, if you have given such consent earlier.

5. In some cases, our sites may ask you to create a personal account. By creating an account you can, for example, gain access to more website functionalities.

6. When creating an account on our websites, remember that you do it voluntarily. You can delete, change or correct your data at any time by writing to us.

7.When creating a user account, placing an order, submitting a complaint, withdrawing from the contract, adding a comment, subscribing to the newsletter, subscribing to a webinar, adding a comment or simply contacting us, you provide us with your personal data, and we guarantee you, that your data will remain confidential, secure and will not be shared with any third parties without your express consent.

8. We collect and process some information about people who visit our website mainly for analytical purposes and for the proper operation of websites. In most cases, these are aggregated and anonymous data.

9. We use our own cookies for the proper functioning of the website, in particular for the user account management and the ordering process.

10. We entrust the processing of personal data only to verified and trusted entities providing services related to the processing of personal data.

11. We use Google Analytics analytical tools that collect information about your website visits, such as the subpages you have displayed, the time you spent on the website or the transitions between individual subpages. For this purpose, Google LLC cookies are used for the Google Analytics service. As part of Google Analytics, we collect data on demographics and interests. As part of the cookie settings, you can decide whether you consent to the collection of such data about you or not.

12. In some cases, we use marketing tools such as Facebook Pixel to target you personalized ads on Facebook. This is related to the use of Facebook cookies.

13. We provide the possibility of using social functions, such as sharing content on social networks and subscribing to a social profile. Using these functions may involve the use of cookies of social network administrators such as Facebook, Instagram, YouTube, Twitter, Google+, LinkedIn.

14. We embed videos from YouTube, Vimeo and Wistia on websites. For this purpose, Google LLC cookies are used for the YouTube service, Vimeo Inc cookies and Wista, Inc. cookies. Cookies are only loaded when the video is played.

15. We use the Active Campaign tool for e-mail marketing, which uses cookies to retrieve information about which of our pages you visit, for analytical purposes. For this purpose, Active Campaign, LLC cookies are used.

II. Personal data

The administrator of your personal data within the meaning of the provisions on the protection of personal data is Axel Klimek, Quellenweg 31, 65719 Hofheim, e-mail address: axel.klimek@cforst.com

III. Purposes, legal grounds and period of personal data processing

We have indicated data separate for each purpose of processing, in the scope of their handling. Description in the following paragraphs.

IV. Your eligibility

1. The GDPR (General Data Protection Regulation) grants the following potential rights related to the processing of your personal data:

– the right to access personal data,

– the right to rectify personal data,

– the right to delete personal data,

– the right to limit the processing of personal data,

– the right to object to the processing of personal data,

– the right to transfer data,

– the right to lodge a complaint with a supervisory authority,

– the right to withdraw consent to the processing of personal data, if you have given such consent.

2. The rules related to the implementation of the indicated rights are described in detail in Art. 16 – 21 GDPR. We encourage you to familiarize yourself with these regulations. For our part, we consider it necessary to explain to you that the above-mentioned rights are not absolute and you will not be entitled to all activities of processing your personal data. For your convenience, we have made every effort to indicate the rights you are entitled to as part of the description of individual personal data processing operations.

3. We emphasize that you always have one of the rights indicated above – if you believe that we have violated the provisions on the protection of personal data while processing your personal data, you have the option to lodge a complaint with the supervisory body (the President of the Personal Data Protection Office).

4. You can also always ask us to provide you with information about what data we have about you and for what purposes we process it. Just send a message using the form on the website. However, we have made every effort to ensure that the information you are interested in is comprehensively presented in this privacy policy. You can also use the e-mail address axel.klimek@cforst.com in case of any questions related to the processing of your personal data.

V. Security

1. We guarantee the confidentiality of all collected data. We ensure that all security and personal data protection measures required by the provisions on the protection of personal data are taken. Personal data is collected with due diligence and adequately protected against access by unauthorized persons.

VI. Data recipients

1.Your data may be processed by our subcontractors, i.e. entities whose services we use to process data and provide services to you or fulfill your orders:

– Domainfactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning, to store personal data on the server,

– Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025 for the purpose of processing cookies and handling activities in social media,

– Google Inc. 1600 Amphitheater Parkway Mountain View, CA 94043 in order to process cookies, index the page, display it correctly in the google browser or support displaying ads in the google ads system,

– LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085,

– Active Campaign, 1 N Dearborn St 5th floor, Chicago, IL 60602, in order to use the mailing system in which your data is processed, if you subscribed to the newsletter,

– proper operation of the systems of banking entities or their emissaries and institutions that, in accordance with the law, due security and with all security measures, make payments in the online store.

2. All entities entrusted with the processing of personal data guarantee the use of appropriate measures for the protection and security of personal data required by law.

VII. Objectives of data processing

1. User’s account

When creating a user account, you must provide the data necessary to create an account, such as name and e-mail address, possibly address data or telephone number. Providing this data is voluntary, but often necessary to create an account. As part of editing account details, you can provide your further details.

The data provided to us in connection with the creation of an account are processed in order to set up and maintain an account on the basis of a contract for the provision of electronic services concluded through account registration (Article 6 (1) (b) of the GDPR).

The data contained in the account will be processed for the duration of the account operation. When you decide to delete your account, we will also delete the data contained therein. Remember, however, that deleting an account does not delete information about orders placed by you using the account.

You can correct the data contained in your account at any time. You can also decide to delete your account at any time. You also have the right to transfer the data referred to in art. 20 GDPR.

2. Orders

When placing an order, you must provide the data necessary to complete the order, such as name and surname, billing address, e-mail address, telephone number. Providing data is voluntary, but necessary to place an order.

The data provided to us in connection with the order are processed in order to fulfill the order (Article 6 (1) (b) of the GDPR), issue an invoice (Article 6 (1) (c) of the GDPR), include the invoice in our accounting documentation (Article 6 (1) (c) of the GDPR) and for archival and statistical purposes (Article 6 (1) (f) of the GDPR).

Data about orders will be processed for the time necessary to perform the order, and then until the expiry of the limitation period for claims under the contract. In addition, after this deadline, the data may still be processed by us for statistical purposes. Remember also that we are obliged to keep invoices with your personal data for a period of 5 years from the end of the tax year in which the tax obligation arose.

In the case of data about orders, you cannot rectify this data after the order has been processed. You also cannot object to data processing and demand the deletion of data until the expiry of the limitation period for claims under the contract. Similarly, you cannot object to the processing of data and request the deletion of data contained in invoices. After the expiry of the limitation period for claims under the contract, you can, however, object to our processing of your data for statistical purposes, as well as request the removal of your data from our database.

In relation to order data, you also have the right to transfer the data referred to in art. 20 GDPR.

3. Newsletter

If you want to subscribe to the newsletter, you must provide us with your e-mail address and name via the newsletter subscription form. Providing data is voluntary, but necessary to subscribe to the newsletter.

The data provided to us when subscribing to the newsletter is used to send you a newsletter, and the legal basis for their processing is your consent (Article 6 (1) (a) of the GDPR) expressed when subscribing to the newsletter. Consent is expressed by voluntarily providing your data.

The data will be processed for the duration of the newsletter, unless you unsubscribe earlier, which will delete your data from the database.

You can correct your data stored in the newsletter database at any time, as well as request their removal by resigning from receiving the newsletter. You also have the right to transfer the data referred to in art. 20 GDPR.

4. Webinars

If you want to participate in the webinar we organize, you must provide us with your personal data such as your e-mail address and your first and / or last name. Providing data is voluntary, but necessary to participate in the webinar.

The data provided to us in connection with participation in the webinar is used to organize the webinar, and the legal basis for their processing is your consent (Article 6 (1) (a) of the GDPR) resulting from the subscription to the webinar.

5. Complaints and withdrawal from the contract

If you file a complaint or withdraw from the contract, you provide us with the personal data contained in the complaint or the declaration of withdrawal from the contract, which includes your name and surname, address, telephone number, e-mail address, bank account number. Providing data is voluntary, but necessary to submit a complaint or withdraw from the contract.

The data provided to us in connection with the submission of a complaint or withdrawal from the contract are used to implement the complaint procedure or the procedure for withdrawing from the contract (Article 6 (1) (c) of the GDPR).

The data will be processed for the time necessary to implement the complaint procedure or the withdrawal procedure. Complaints and statements of withdrawal from the contract may also be archived for statistical purposes.

In the case of data contained in complaints and declarations of withdrawal from the contract, you cannot rectify this data. You also cannot object to data processing and demand the deletion of data until the expiry of the limitation period for claims under the contract. After the expiry of the limitation period for claims under the contract, you can, however, object to our processing of your data for statistical purposes, as well as request the removal of your data from our database.

6. E-mail contact

By contacting us via e-mail, including sending an inquiry via the contact form, you naturally provide us with your e-mail address as the sender’s address. In addition, you can also include other personal data in the message. Providing data is voluntary, but necessary to make contact.

In this case, your data is processed in order to contact you, and the basis for processing is art. 6 sec. 1 lit. a GDPR, i.e. your consent resulting from initiating contact with us. The legal basis for processing after the end of contact is the justified purpose of archiving correspondence for internal purposes (Article 6 (1) (c) of the GDPR).

The content of the correspondence may be archived and we are not able to clearly determine when it will be deleted. You have the right to request a history of correspondence with us (if it was subject to archiving), as well as request its removal, unless its archiving is justified due to our overriding interests, e.g. defense against potential claims on your part.

7. Comments

If you want to add a comment on the blog, you must complete the form and enter your e-mail address and name. Providing data is voluntary, but necessary to add a comment.

The data provided when adding a comment is used to publish a comment on the blog, and the legal basis for their processing is your consent (Article 6 (1) (a) of the GDPR) resulting from adding a comment.

The data will be processed for the duration of the blog comments, unless you request removal of the comment in advance, which will delete your data from the database.

This does not guarantee that your comment or photo will be deleted elsewhere on the web, because when commenting, you must be aware of the duplication mechanisms described on the privacy policy pages of entities such as Facebook, Instagram, YouTube, Twitter, Google+, LinkedIn, Disqus, Quora. The policy is described in the further part of our Privacy Policy. When commenting on social media, you are not guaranteed that your comment will not be duplicated, as well as a deleted photo that may appear elsewhere on the web due to the mechanism of duplication in social media by users, about which we inform you here.

You can correct your data assigned to the comment at any time, as well as request its removal on the websites we run. You also have the right to transfer the data referred to in art. 20 GDPR. On some websites, you can exercise these rights directly as part of your user account, for example in the Disqus system.

VIII. Cookies and other tracking technologies

1. What are cookies?

Our website and store, like almost all other websites, use cookies.

Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone), which can be read by our IT system (own cookies) or the IT system of third parties (third party cookies).

Some of the cookies we use are deleted after the end of the browser session, i.e. after closing it (so-called session cookies). Other cookies are stored on your end device and allow us to recognize your browser the next time you visit the website (persistent cookies). See below for more details.

2. Consent to cookies

During the first visit to the website, you are shown information about the use of cookies. You can always change cookie settings from your browser or delete cookies altogether. Browsers manage cookie settings in various ways. In the auxiliary menu of the web browser you will find explanations on how to change cookie settings.

Remember that disabling or limiting the use of cookies may cause difficulties in using our website, as well as many other websites that use cookies

3. Own cookies

We use our own cookies to ensure the proper functioning of the website, in particular the ordering process and logging into the user’s account.

4. Third party cookies

Our website, like most modern websites, uses functions provided by third parties, which involves the use of cookies from third parties. The use of such cookies is described below.

IX. Google Analytics

1. We use the Google Analytics tool provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. We carry out activities in this area based on our legitimate interest, consisting in the creation of statistics and their analysis in order to optimize our websites.

2. Google Analytics automatically collects information about your use of our website. The information collected in this way is most often transferred to a Google server in the United States and stored there.

3. Due to the anonymity of the IP address activated by us, your IP address is shortened before forwarding. Only in exceptional cases is the full IP address sent to a Google server in the United States and shortened there. The anonymized IP address provided by your browser as part of Google Analytics is, as a rule, not combined with other Google data.

4. Due to the fact that Google LLC is based in the USA and uses technical infrastructure located in the USA, it joined the EU-US-Privacy Shield program in order to ensure an adequate level of personal data protection required by the European law. As part of the agreement between the US and the European Commission, the latter has established an adequate level of data protection in the case of companies certified by the Privacy Shield.

5. You can prevent the recording of the data collected by cookies regarding your use of our website by Google, as well as the processing of this data by Google, by installing a browser plug at the following address: https://tools.google.com/dlpage/gaoptout.

6. As part of Google Analytics, we also collect demographic data and data about interests. As part of the cookie settings, you can disable Google Analytics cookies directly from our website.

7. If you are interested in details related to data processing as part of Google Analytics, we encourage you to read the explanations prepared by Google: https://support.google.com/analytics/answer/6004245.

X. Social Media

1. Our websites use plugins and other social tools provided by social networks such as Facebook, Twitter, Instagram, Google, LinkedIn.

2. By displaying our website containing such a plug-in, your browser will establish a direct connection with the servers of social network administrators (service providers). The content of the plugin is transferred by the given service provider directly to your browser and integrated with the website. Thanks to this integration, service providers receive information that your browser has displayed our website, even if you do not have a profile with a given service provider or are not logged in at the moment. Such information (along with your IP address) is sent by your browser directly to the server of a given service provider (some servers are located in the USA) and stored there.

3. If you have logged in to one of the social networking sites, this service provider will be able to directly assign a visit to our website to your profile on a given social networking site.

4. If you use a given plug-in, eg by clicking on the “Like” or “Share” button, the relevant information will also be sent directly to the server of the given service provider and stored there.

5. In addition, this information will be published on a given social networking site and will appear to people added as your contacts. The purpose and scope of data collection and their further processing and use by service providers, as well as the possibility of contact and your rights in this regard and the possibility of making settings to protect your privacy are described in the privacy policy of individual service providers:

Facebook – https://www.facebook.com/legal/FB_Work_Privacy,

Instagram – https://help.instagram.com/519522125107875?helpref=page_content,

Twitter – https://twitter.com/en/privacy,

Google – https://policies.google.com/privacy?hl=pl,

LinkedIn – https://www.linkedin.com/legal/privacy-policy.

6. If you do not want social networking sites to assign the data collected during your visit to our website directly to your profile on a given website, you must log out of this website before visiting our website. You can also completely prevent loading of plugins on the website by using appropriate extensions for your browser, e.g. blocking scripts.

XI. Video

1. We embed videos from YouTube and Vimeo on websites. For this purpose, cookies from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA regarding the YouTube service and cookies from Vimeo Inc and Wistia Inc. are used. Cookies are only loaded when the video is played. If you do not agree to their loading, refrain from playing the video

2. By playing the video, Google. Wistia or Vimeo receive information about it, even if you do not have a profile with the service provider or are not logged in at the time. Such information (along with your IP address) is sent by your browser directly to the server of a given service provider (some servers are located in the USA) and stored there.

3. If you have logged in to Google, Wistia or Vimeo, this service provider will be able to directly assign the video playback on our website to your profile on a given social network. The purpose and scope of data collection and their further processing and use by service providers, as well as the possibility of contact and your rights in this regard and the possibility of making settings to protect your privacy are described in the privacy policy of individual service providers.

4. If you do not want Google, Wistia or Vimeo to assign the data collected during video playback on our website directly to your profile on a given website, you must log out of this website before visiting our website. You can also completely prevent loading of plugins on the website by using appropriate extensions for your browser, e.g. blocking scripts.

5. We encourage you to read the details of Google’s privacy policy: https://policies.google.com/privacy, Vimeo: https://vimeo.com/privacy and Wistia: https://wistia.com/privacy

XII. Server logs

1. Using the website involves sending queries to the server on which the website is stored. Each query directed to the server is saved in the server logs.

2. Logs include Your IP address, server date and time, information about the web browser and operating system you use. Logs are saved and stored on the server.

3. The data stored in the server logs are not associated with specific people using the website and are not used by us to identify you.

4. The server logs are only auxiliary material used to administer the website, and their content is not disclosed to anyone except those authorized to administer the server.