Version: September 14th 2020
In addition, cepharum offers extended services on the basis of contractual agreements. These include
A person using at least one of these offers against payment or free of charge is considered a customer of cepharum, which then sets up a customer account and manages it to support the contractual relationship. A customer account includes both data that is only managed internally and data that can be viewed directly by the customer via the aforementioned extended access options.
In these terms, visitors and customers are commonly referred to as users as soon as explanations commonly apply to both roles.
cepharum rents servers operated in the EU from companies located in Germany in order to operate its own offers and services for its customers. In the context of this declaration, these servers are commonly referred to as cepharum's servers.
In this statement, the term data is exclusively used by proxy for personal data in the sense of §4 (1) GDPR.
The subject of this declaration is the collection, processing and use of data by cepharum when using the services offered by cepharum. Furthermore, this declaration extends to data that a user actively provides in the course of this use.
This declaration expressly does not concern data collected, stored and/or otherwise processed by cepharum's customers with their own offers and their functions. Here, the data protection declarations of the respective customers apply.
The responsible party by means of data protection law is cepharum. If you have any questions about the use of the data or if you wish to make use of the legal remedies described herein, please send an e-mail to:
As an option, sent postal inquiries to:
Postfach 74 01 43
The supervisory authority is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
With regard to their personal data, users have the right to request:
The use of the data is governed by the applicable legal provisions, in particular the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG) and the General Data Protection Regulation (GDPR).
The aforementioned rights of users may be partially restricted by statutory provisions in the Telecommunications Act (TKG) and by provisions in the Principles for the Proper Keeping and Retention of Books, Records and Documents in Electronic Form and for Data Access (GoBD).
cepharum logs the use of its own offers and the offers of its customers by collecting traffic data in the sense of §3 No. 30 TKG.
Traffic data is primarily generated by
Traffic data - in general or based on the type of access - includes
cepharum is obligated by legal provisions to archive communication contents, which are transmitted to or from cepharum by electronic and non-electronic means, on a long-term basis. This expressly includes contents of e-mails.
When commissioning the provision of services or ordering distributed goods, the customer is asked to provide personal information. Of these, only those details that are required for the respective contractual relationship are provided as mandatory details.
The collection of this usage data can be completely prevented by settings in the browser ("Do Not Track" option).
Cookies are files that are stored on the computer of a user when using web-based services of cepharum and that are transferred to the servers of cepharum on subsequent accesses to those services. They are necessary to enable extended functionalities in web-based services. Therefore, a waiver of cookies may lead to functional limitations of the offered services.
Cookies can be stored for a short time until the browser is closed or for a long time until a future expiration date, depending on the purpose.
cepharum sets one or more cookies
The storage of cookies on the user's hard disk can be prevented by activating browser settings such as "do not accept cookies" or similar. Further information on this can be found in the instructions of the respective browser. The user can delete all cookies set at any time via browser functions, regardless of the storage desired by cepharum.
cepharum guarantees that, in addition to cookies, no hidden alternative technologies (such as ETags) are used in order to ensure the possibilities achievable with cookies even without the user's consent to the storage of cookies.
cepharum uses the collected data for the purposes described below. Any change or extension requires the immediate consent of the user.
The data in the customer account concerning the person and address of the user, as well as data records assigned to the account concerning transactions (such as orders, deliveries, invoices) within a contractual relationship are used for its establishment, administration and billing.
The collection of traffic data serves
The data provided by users when using services is stored on cepharum's servers and copied and archived as part of backups of all data inventories. Any further use of this data does not take place.
The data contained in the communication with cepharum is stored internally and only offered for inspection to authorized institutions within the regulations of the GoBD.
This data can only be deleted in accordance with the GoBD.
cepharum may transmit data to third parties only if
cepharum uses fonts in its own web-based services which, for licensing reasons, are only available through direct retrieval from third-party providers. This makes it technically possible for these providers, as licensors, to log user access to cepharum's web-based services.
cepharum has no influence on whether and in what form and to what extent this collection is carried out by the licensors and whether and to what extent it is possible for them to reconstruct a possibly initially missing personal reference in the collected data. cepharum hereby informs users of its services that in this case cepharum does not pass on data to third parties, but the user's browser is instructed to retrieve the fonts and cepharum is not involved in this retrieval. It is up to the user's browser or the user himself to ignore these instructions for the protection of his data by settings in the browser.
The following services of their respective providers are used:
In order to avoid comparable possibilities of logging user behavior on its web-based offers by third parties, cepharum refrains from using so-called Content Delivery Networks (CDN) and the direct integration of functions of social media platforms, external analysis tools and map services.
As far as the user's data is no longer required for the purposes mentioned above, including billing, and also no longer has to be retained due to legal regulations, it will be deleted. It should be noted that whenever data is deleted, it is initially only blocked and then only finally deleted with a time delay in order to prevent accidental deletion or intentional damage. For technical reasons, data is duplicated in data backup files and service mirroring. For technical reasons, such copies are only deleted after a maximum delay of 30 days.
cepharum treats the user's data with care and intends to protect it as best as possible against unauthorized access, loss, misuse or destruction. For this purpose, various measures corresponding to the current technical state of the art are taken. Passwords for user and customer accounts are always stored in an irreversibly coded form.
cepharum uses encrypted connections for the transmission of data between the computer of users and the servers of cepharum. This makes it more difficult to directly eavesdrop transmitted data, but cannot guarantee absolute security, e.g. against the reading of encrypted data and its long-term decryption.
The user acknowledges that cepharum operates publicly accessible server systems on the internet for the provision of available services and is technically capable of viewing all data of the user stored there (web pages, e-mails, logbooks, databases). Furthermore, the user acknowledges that unauthorized access to this data by third parties cannot be completely ruled out, even with additional encryption according to the current state of the art.
In case of unforeseen unauthorized access, loss or misuse of data, resulting in risks to the user, cepharum is obligated to immediately notify the user as well as the competent supervisory authority about the nature and consequences of the violation and the measures taken.
cepharum is not liable for any damages,
caused to the customer or his data stored on cepharum's servers due to improper handling by the customer. This includes
caused by unauthorized or improper access to data of a user on the transmission path between the user's computer and cepharum's servers.
This data protection declaration does not concern the protection of data related to third parties which customers collect and process in the course of providing their own services. In such cases, the customer is obligated to publish a separate data protection declaration for its offers. The customer shall expressly indemnify cepharum from any liability or damage claims of third parties arising from the use of the customer's offers in return.
cepharum reserves the right to adapt this privacy statement to upcoming forms of data use or upcoming requirements for this statement.