Name and address of the person responsible for processing. The following addressee is the controller in the sense of the European GDPR and other applicable privacy laws in EU member states:
Company data protection officer
Frank Haug (Data Protection Officer (TÜV-certified)
F.H.S. Data-Forensic GmbH & Co. KG
Legal basis for processing personal data
If we obtain the consent of the data subject for processing personal data,
article 6 section 1 letter a (GDPR) shall serve as the
legal basis for processing personal data.
Where processing personal data is required for the performance of a contract
to which the data subject is a party, article 6 section 1 letter b
GDPR shall be the legal basis. This also applies to processing which is
required for the performance of pre-contractual measures.
If processing of personal data is necessary for compliance with a legal
obligation to which the controller is subject, article 6 section 1 letter c
GDPR shall be the legal basis.
In case that the vital interest of the data subject or of another
natural person makes processing of personal data necessary,
article 6 section 1 letter d GDPR shall be the legal basis.
If processing is necessary to safeguard the legitimate interests of our company or
a third party and this aforementioned interest is not overridden by the interests or fundamental rights and freedoms
of the data subject, article 6 section 1 letter f GDPR shall serve as
the legal basis for processing.
What kind of Information is collected and how is this information used?
If you request information, products or services through CSA Group’s websites, you may be asked to provide personal information. Personal information refers to any information relating to an identified or identifiable natural person, such as an identification number, physical, physiological, mental, economic, cultural, or social identifiers. The CSA Group collects personal information about you in connection with many of our services. When working with or using the CSA Group, you may be prompted to register for an account. When you do so, the CSA Group may ask you for personal information such as your name, contact details, including your mailing address, your email address, your username and your password or your credit card information. In addition, you may be providing personal information when:
(i) communicating with the CSA Group via telephone, chat, email, online forms, social media, and other methods of communication,
(ii) subscribing CSA Group’s marketing material,
(iii) you apply for a job, or
(iv) you provide services to the CSA Group.
We collect this information to provide you products and services, such as to fulfill your requests for products or to help us personalize our offerings to you. In some cases, your information must be shared with a third-party service provider to fulfil your order and to provide you with the information, products or services you have requested. We also use your personal information to support our business functions, such as fraud prevention, marketing, and legal functions including but not limited to:
Website Usage Information
We may also collect technical information about you when you visit the CSA Group website, which your web browser automatically sends whenever you visit a website on the Internet. “Technical Information” is information that does not identify you directly as an individual, but which could be used to indirectly identify you. Our servers and analytic services (described below) automatically record this information. This may include your Internet Protocol (“IP”) address (a number that is automatically assigned to your computer by your internet service provider), the address of the website you are coming from, the time you spend on our website, the pages visited, what you do on those pages, if you find the site through a search engine, the keywords you used, browser type and language, and the date and time of your request. The CSA Group also uses the web analytics services of FullStory and live chat services of LivePerson to analyze, monitor, and facilitate visitor interactions on CSA Group’s website.
If you would like to learn more information about LivePerson’s services and privacy policies, visit http://www.liveperson.com/policies/customer-website-privacy. If you would like to learn more information about FullStory’s services and privacy policies, visit
Gathering your information helps us track visits to the CSA Group’s websites, understand and evaluate the customer experience, improve the content and layout of our website, and customize the web experience, ensure our websites and other services work correctly, and support our customer analytic efforts. The CSA Group will only attempt to link the logs to identifiable individuals if that is necessary for investigating data security breaches, breach of contract, violation of CSA Group’s policies and procedures, or a contravention of laws.
The following information describes the cookies used on the site and why they are used. Users located in the European Union explicitly agree to cookies being used while browsing the site by clicking “Accept”. For detailed guidance explaining what cookies are and how to control or delete them, we recommend you visit http://www.aboutcookies.org and http://www.youronlinechoices.eu
Google Analytics Cookies
We use Google Analytics Cookies to collect information about user behaviour. Google Analytics stores information about the pages you visit, how long you are on the site, how you got here, and what you click on. Since we sell products, it’s important for us to understand statistics about how many of the visitors to our site actually make a purchase, and this is the kind of data that these cookies will track. This is important to you as it means that we can accurately make business predictions that allow us to monitor our advertising and product costs to ensure the best possible price. This analytics data is not connected with personally identifiable information. We do not collect or store your personal information, e.g., your name or address. Therefore, this information cannot be used to identify you.
If you want to find out more about Google’s privacy policies as regards its analytics service, visit https://support.google.com/analytics/answer/6004245?hl=en.
Google AdSense Cookies
The Google AdSense service we use to serve advertising uses a DoubleClick cookie to serve more relevant ads across the web and to limit the number of times that a given ad is shown to you.
For more information on Google AdSense, visit the official Google AdSense privacy FAQ at https://support.google.com/adsense/answer/3394713?hl=en.
Do Not Track
If you generally do not want to use any cookies, you can opt out in some browsers by turning on “Do Not Track” or opt out directly by visiting http://www.aboutads.info/choices. We currently do not support “Do Not Track” browser settings, but we intend to do this in the future once there is a consistent industry standard for compliance.
Disclosure of Personal Information to Third Parties and International transfers
The personal information you provide on our site is never disclosed to third parties (other than our trusted service providers) without your consent. We do not sell, rent, or trade your personal information to other organizations or companies with your explicit consent. When personal information is shared with others, it is only in ways that have been explained to you in advance. The limited exceptions to this rule apply when:
CSA Group may also share customer information within our family of companies for a variety of purposes, for example to provide you with the latest information about our products and services and to offer you our latest promotions. To facilitate our global operations, the CSA Group may transfer your personal data from our home country to other CSA Group locations across the world. To protect your personal information, we will only transfer data to countries that provide an “adequate” level of personal data protection. If the data is transferred to countries without ‘adequate’ protection, as determined by the European Parliament, we will use additional safeguards to ensure your data is protected.
Security Measures Taken to Protect Personal Information by the Company
Security of all information is of the utmost importance for CSA Group. The CSA Group uses technical and physical safeguards to protect the security of your personal information from unauthorized disclosure. We use current best-practice encryption procedures to keep all information secure. We also do our best to ensure that only necessary people and third parties have access to your personal information. Nevertheless, such security measures cannot prevent all loss, misuse, or alteration of personal information and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law. In case of a data security breach, we will notify you without delay of any loss, misuse, or alteration of personal information that may affect you. We will notify relevant regulatory bodies within 72 hours of a security breach.
We also require that our third-party service providers and channel partners agree to keep private all confidential information we share with them and to use it only to perform their obligations in the agreements we have in place with them. These third-party service providers and channel partners are expected to maintain privacy and security protections that are consistent with CSA Group’s privacy and information security policies.
Data Retention and Storage
The CSA Group retains your information for business purposes, for as long as your account is active, and/or as long as is reasonably necessary to provide you with our products and services. The CSA Group will also retain your information as long as reasonably necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We also retain cached or archived copies of your information for a reasonable period of time. At any point in time, you can withdraw your consent, and we will immediately stop processing your data.
Any personal information collected about EU data subjects on our websites is processed in Canada by the CSA Group or by a third party acting on our behalf. When you provide personal information to CSA Group, you consent to the processing of your information in Canada or the United States of America. Our websites are hosted in United States of America.
Contact to Update/Delete Personal Information
You have the right to access and limit the use and disclosure of your personal data. If you would like to express your opinion, challenge an explanation of data use, or otherwise obtain further information, contact privacy(at)csagroup.org. If your personal information changes or is inaccurate after registration, you have the right to request a change. Please notify us and we will update or correct your information. At any point in time, you can confirm your data is being processed and request to access your data. If you wish to access/confirm your data is being processed, please contact privacy(at)csagroup.org.
Right to data portability
Please note, at any time, if you desire to obtain or transfer your information, we will provide you with your personal data in a structured and commonly used electronic format.
Right to Erasure
You have the right to request that the CSA Group erase all of your personal data for a variety of reasons, including if the data is no longer necessary for its original purpose or if you withdraw consent. If the CSA Group receives such a request, it will inform all third parties who have the data of this request. For additional information on how you can request data erasure, please contact privacy(at)csagroup.org.
Right to Restrict Processing
Even if your personal data is still stored by a company, now or in the future, you can request that the CSA Group stop using or processing your data. If you wish to restrict data processing, please contact privacy(at)csagroup.org.
Right to Object
If your personal data is processed based on legitimate interests according to article 6 section 1 sentence 1 letter f GDPR, you have the right to object to the processing of your personal data according to article 21 GDPR, if there are grounds relating to your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement without stating any grounds relating to a particular situation. All it takes to enforce your right to revoke or right to object is an email to privacy(at)csagroup.org.
Right to lodge a complaint with a supervisory authority
According to article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority in your usual place of residence or workplace or our corporate headquarters.
Questions and Contact information