Thank you for the interest you have shown in our website and the services we offer. We attach great importance to protecting your personal details. We would like to provide detailed information below on the data we collect when you visit our website and use our services and how we subsequently process and use these, as well as the accompanying technical and organizational measures we adopt to protect your privacy.
I. Scope of application and regulatory foundations
(1) This Privacy Notice provides information about the nature, scope and purpose of the processing of personal data in connection with our online services and the affiliated web pages, functions and content.
(2) As regards the terms used, e. g. “personal data” or their “processing”, please refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
(3) The term “user” includes all categories of persons affected by data processing. This includes our business partners, (potential) customers, and other visitors of our websites. The terms used, such as “user”, are used in a gender-neutral manner.
(4) The term “user” includes all categories of persons affected by data processing. This includes our business partners, (potential) customers, and other visitors of our websites. The terms used, such as “user”, are used in a gender-neutral manner.
- Inventory data (e.g. names and addresses of customers);
- Contact data (e. g. email address, phone number);
- Contract data (e.g. services requested or purchased products);
- Usage data (e.g. websites of our online content that you visited, interests in our services and products);
- Content data (e.g. text entries), as well as
- Technical data (e.g. IP addresses, device information)
(5) The personal data of users are processed for the following purposes in particular:
- Provision of the website, its functions and contents;
- Provision of our contractual services;
- Customer care;
- Replies to contact requests and communication with users;
- Marketing, as well as
- Security of the website.
(6) We only process personal data of the users in strict compliance with the relevant data protection provisions. This means that the data of users are only processed if a statutory permission applies. In particular, this is the case where data processing is necessary or mandatory by law to provide our contractual services (e.g. to process contracts and orders) and for our online services, where the users granted permission or where processing is based on our legitimate interest. Legitimate interests can be the analysis, optimisation, security and the economic operation of our website.
(7) We point out that the legal basis for consents is Art. 6(1) point (a) and Art. 7 GDPR, the legal basis for the processing for performance of our services and execution of contractual measures Art. 6(1) point (b) GDPR, the legal basis for the processing for compliance with our legal obligation Art. 6(1) point (c) GDPR and the legal basis for the processing in order to safeguard our legitimate interests Art. 6(1) point (f) GDPR.
II. Security measures
(1) In accordance with Art. 32 of the GDPR, taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. This is to protect the data processed by us especially against accidental or deliberate manipulation, loss, deletion or unauthorised third-party access. The safety measures also include the encrypted transfer of data between your browser and our server.
(2) In addition, we have put procedures in place that ensure compliance with the rights of data subjects, the erasure of data and a reaction to hazards to data security.
III. Data Dissemination to Third Parties and Third-Party Suppliers
(1) Where in the context of processing we do disclose or transmit your data to other persons and companies (processors or third parties) or otherwise give third parties access to the data, this will only be on the basis of a legal permission. This apples, for example, to a transmission of data to third parties pursuant to Art. 6(1) point (b) GDPR, if this is necessary for contract fulfilment, if you have granted consent (Art. 6(1) point (a), and Art. 7 GDPR), if a legal obligation so provides (Art. 6(1) point (c) GDPR) or based on our legitimate interests pursuant to Art. 6(1) point (f) GDPR (e.g. when using vicarious agents, web hosts, etc.).
(2) ) Where we process data in a third country (i.e. outside the European Union or the European Economic Area) or where we do so using third-party services or where such processing takes place subject to disclosure or transmission of data to third parties, this only takes place if the special conditions set out in Art. 44 et seqq. GDPR are met in addition. That means the processing is based on special safeguards, such as an official decision that the level of data protection corresponds to that of the EU (e.g. ‘Privacy Shield’ for the US), or in compliance with officially recognised special contractual commitments (so-called ‘standard contractual clauses’).
(3) If we commission third parties with the processing of data in terms of a so-called ‘data-processing contract’, this will be on the basis of Art. 28 of the GDPR.
IV. Collection of access data and log files
(1) We will collect data on each access to the server where the service is hosted (referred to as server log files) based on our legitimate interests as defined by Art. 6(1) point (f) GDPR. These data are required for technical reasons to display our website for you and to ensure its stability and security. Access data in particular include the name of the web page visited, the file, the date and time of access, the volume of data transferred, a notification of successful access, the browser type and version used, the user’s operating system, the previously visited web page, and the IP address.
(2) Log file information shall be saved for a maximum of seven days for security reasons (e. g. clarification of acts of misuse or fraud) and shall be erased afterwards. Data which must be retained for longer periods for the purpose of evidence are exempted from erasure until the respective incident has been cleared up definitively.
V. Provision of contractually-agreed services
(1) We process inventory, contact, contract, and content data in order to comply with our contractual obligations and services pursuant to Art. 6(1) point (b) GDPR. The entries which are marked as mandatory in online forms are required to conclude the contract.
(2) User data can be saved in our customer relationship management system (“CRM system”). We use the CRM System Pipedrive of Pipedrive OÜ, Paldiski mnt 80, Tallinn 10617, Estonia, based on our legitimate interests (efficient and quick processing of customer enquiries and customer relationships) as well as on a contract for contract data processing pursuant to Art. 28 GDPR.
(3) Users that utilise our software service have to register and to create a user account from which they can, amongst others, access the license booked by them and their invoices. As part of the further registration process, your consent to our general terms and conditions and the perusal of our data protection declaration will be obtained. The data we collect is used exclusively to provide our products and services. The processing of the required mandatory information takes place for the purpose of providing our product for the fulfillment of the contract or for the execution of pre-contractual actions in accordance with Art. 6 (1) point b GDPR.
(4) As part of the use of our functions of registration and re-registration as well as the use of our online services, we save the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests in accordance with Art. Art. 6 (1) point (f) GDPR, as well as that of users to protect against misuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so. The data will be automatically deleted after 7 days.
(5) The registration data collected will be deleted as soon as processing is no longer necessary. This usually happens when you stop (terminate) using our offered product. However, we must observe tax and commercial retention periods. The erasure of data to provide contractually agreed services shall take place after expiry of statutory and comparable obligations. If statutory archiving obligations apply, the data shall be erased when these obligations expire (end of retention requirement acc. to commercial (6 years) or tax law (10 years)). Entries in any customer account remain there until they are deleted.
VI. Contacting us
If you contact us by email, the user information is processed for the purpose of handling the contact request in accordance with Art. 6(1) point (b) GDPR. We delete the data collected in this context after their storage is no longer required, or limit processing if there are statutory retention obligations.
(2) Contact form
If you contact us using our contact forms, your e-mail address, your IP address and the date and time of contact will be collected. This data is stored and used for the purpose of answering your request or for contacting and the associated technical administration as well as for tracking in the event of misuse of our contact form.
In addition, we process your data voluntarily provided in the free text field. This can be, for example, your master data (names, addresses), contact details (email, telephone numbers) or other content data (text entries). The processing takes place to answer your inquiries and to communicate with you.
We process your data to fulfill the contract or to carry out pre-contractual measures in accordance with Art. 6 (1) point (b) GDPR, or based on our legitimate interest in accordance with Art. 6(1) point (f) GDPR to answer your request.
Your data will be deleted after your request has been processed, provided there are no statutory retention requirements.
When making an appointment, you have the option of registering for a meeting with one of our employees by selecting the meetings metadata (date, time, duration). We will inform you of the correct mandatory information when registering. We will confirm your first name, last name and email address. You have the option of entering further data e.g. of your organization, position, your own product interests or other content data.
The data is used for the purpose of answering our decisions and to meet the meeting with our employees. We have your data for the fulfillment of the contract or for the processing of pre-contractual handicapped Art. b) GDPR. 6 (1) sentence 1, point (f) GDPR to answer your questions.
We use HubSpot from the service provider HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA to send the invitation by e-mail; Website: https://www.hubspot.de; Data protection declaration: https://legal.hubspot.com/de/privacy-policy. HubSpot Inc. is certified under the EU-US data protection shield and thereby offers a guarantee to comply with the European level of data protection.
We process and store your data as long as it belongs to the fulfillment of purposes as for the contractor and the legislator. If the data is no longer required to fulfill these purposes, they will be deleted regularly unless it is necessary to continue processing it for a limited period (statutory retention requirements).
(1) On our site you have the option to register for our topic-related newsletters and mailings. To register, it is generally sufficient to provide your email address. To enable a personal address, we ask you to optionally give your first and / or last name. Which personal data will continue to be transmitted to us depends on the input mask used for this. If the content of a registration is specifically described, it is decisive for the consent of the user. By subscribing to our newsletter, you agree to the receipt and the procedures described.
(2) The newsletter and e-mails are sent on the basis of your consent in accordance with Art. 6 (1) point (a) GDPR (possibly in conjunction with § 7 (2) No. 3 UWG) or, if consent is not required, on the basis of our legitimate interests in direct marketing in accordance with Art. 6 (1) point (f) GDPR in conjunction with Section 7 (3) UWG, if and insofar as this is legal, e.g. in the case of existing customer advertising, is allowed.
(3) We use HubSpot from the service provider HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA for sending the emails; Website: https://www.hubspot.de; Data protection declaration: https://legal.hubspot.com/de/privacy-policy. HubSpot Inc. is certified under the EU-US Privacy Shield and thus offers a guarantee to comply with the European level of data protection.
(4) The registration for our newsletter basically takes place in a so-called double opt-in procedure. This means that after the registration you will receive an email asking you to confirm your registration. This confirmation is necessary so that nobody can register with someone else´s email address. The registrations for the newsletter are logged in order to be able to demonstrate the registration process in accordance with the legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the shipping service provider are also logged.
The registration process is based on our legitimate interests in accordance with Art. 6 (1) point (f) GDPR recorded to demonstrate that it was carried out in accordance with the law. The logging of the registration process is done for the purpose of demonstrating its proper process.
(5) You can revoke your consent to receiving our newsletter or emails at any time with future effect by confirming the unsubscribe link at the end of each email.
(6) Based on our legitimate interests, we can save the e-mail addresses we have withdrawn for up to three years before we delete them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for cancellation is possible at any time, provided that the previous consent is confirmed. In the event of obligations to permanently observe contradictions, we reserve the right to save the email address for this purpose only in a blacklist.
IX. Newsletters and email tracking
(1) Our newsletters and mailings contain a so-called “web beacon”, that means a pixel-sized file that is retrieved when the email is opened by the server of our shipping service provider. As part of this retrieval, technical information such as information about the browser and Your system, as well as your IP address and the time of access.
(2) ) This information is used for the technical improvement of our newsletter and our mailing based on the technical data or the target groups and their reading behavior based on their location (which can be determined using the IP address) or the access times. This analysis also includes determining whether the emails are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual recipients. However, it is neither our aim nor, if used, that of the shipping service provider to observe individual users. The evaluations rather serve us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
(3) For the analysis we use HubSpot from the service provider HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA; Website: https://www.hubspot.de; Data protection declaration: https://legal.hubspot.com/de/privacy-policy. HubSpot Inc. is certified under the EU-US Privacy Shield and thus offers a guarantee to comply with the European level of data protection.
(4) The evaluation of the newsletter and the measurement of success take place, subject to an express consent of the users following Art. 6 (1) point (a) GDPR, based on our legitimate interests in accordance with Art. 6 (1) point (f) GDPR for the purpose of using a user-friendly and secure newsletter system that serves both our business interests and the expectations of the users.
(5) A separate revocation of the success measurement is unfortunately not possible, in this case the entire subscription to the newsletter must be canceled or objected to.
Click here to update the cookie settings:
(1) We use cookie technology for our website. Cookies are small text files that are stored on your end device, as assigned accordingly by the browser that you use, which allow the entity that places the cookie (in this case, us) to then receive certain information. Cookies cannot run programs or transmit viruses to your computer. Their purpose is to make the overall web offering more user-friendly and effective.
(3) You can erase the cookies in the security settings of your browser at any time. Furthermore, you can configure your browser setting according to your requirements and can, for example, decline the acceptance of third party cookies or any cookies at all. Please note that in this case, you may not be able to use all of the functions of our website.
XI. Google Analytics
(2) Google will use this information on our behalf to analyse the usage of our online services by the users, compile reports on the activities within these online services and to provide further services to us which are connected to the usage of these online services and internet usage. In this connection, pseudonymous usage profiles of users may be created.
(3) We use Google Analytics to show ads which are provided by Google web services and their partners only to those users who have shown interest in our online services or have certain characteristics (e. g. interest in certain topics or products which is determined based on visited web pages) which we transmit to Google (referred to as “remarketing” or “Google Analytics audiences”). With the help of remarketing audiences, we would also like to ensure that our ads correspond to the potential interest of the users and do not constitute an annoyance.
(4) We only use Google Analytics with enabled IP anonymisation. This means that the users’ IP address is abbreviated by Google within Member States of the European Union or in other states that are a party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and shortened there.
(5) The IP address which is transmitted by the user’s browser will not be combined with other data from Google. Users have the option to prevent the saving of cookies by a corresponding setting in the browser software; in addition, users can prevent the transmission of the data which is generated by the cookie and refer to the usage of the online services to Google and the processing of these data by Google by downloading and installing the browser plug-in which is available under the following link:
(6) Information of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001.
(1) Based on our legitimate interests (i. e. interest in the analysis, optimisation and economical operation of our online services in accordance with Art. 6(1) point (f) GDPR), we use the marketing and remarketing services (in short “Google Marketing Services”) by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”). Google is certified according to the Privacy Shield Agreement and thus guarantees compliance with the European Data Protection Legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
(2) The Google Marketing Services allow us to display ads for and on our website in a more targeted manner to present only ads to users which potentially correspond to their interests. If e. g. ads are displayed for products in which a user has shown interest on other webpages, this is called “remarketing”. For this purpose, a Google code is executed directly by Google when our web pages and other web pages on which Google Marketing Services are active are accessed and so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) are embedded. With the help of these tags, an individual cookie, i.e. a small file, is saved on the user’s device (instead of cookies other comparable technologies may also be used). Cookies can be set by various domains including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. The web pages visited by the user, the content they are interested in, the offers they clicked on as well as technical information on browser and operating system, referring web sites, duration of the visit and other information regarding the usage of the online services are stored in this file. In addition, the user’s IP address is recorded. In this regard, we inform you within the scope of Google Analytics that the IP address is abbreviated in EU member states or other states in the European Economic Area and is only transmitted as a whole to a Google server in the USA and abbreviated there in exceptional cases. The IP address will not be matched with data of the user within other services provided by Google. Google may connect the above information to corresponding information from other sources. If the user subsequently visits other web pages, ads which are adjusted to their interests can be displayed.
(3) The data of the users will be processed pseudonymously within the scope of Google Marketing Services. This means that Google saves and processes e. g. not the user’s name or email address, but the relevant data based on cookies in pseudonymous user profiles. This means that from Google’s point of view, the ads are not managed and displayed for an actually identified person but for cookie owners independent of the identity of the cookie owner. This does not apply if a user has expressly allowed Google to process data without pseudonymisation. The information which Google Marketing Services has collected on the user are transmitted to Google and saved on Google servers in the USA.
(4) Google Marketing Services we use include the online advertising program “Google AdWords” and others. In case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies can therefore not be tracked via the websites of AdWords customers. The information which was obtained with the help of the cookie is used to create conversion statistics for AdWords customers who opted for conversion tracking. AdWords customers receive information on the total number of users who clicked on their advertisement and were referred to a page with a conversion tracking tag. They do not, however, receive any information which can be used for the personal identification of users.
(6) For further information on data use for marketing purposes by Google, please refer to the overview page: https://policies.google.com/technologies/ads; ; Google’s Privacy Notice is available under https://policies.google.com/privacy. If you would like to object to the interest-related advertising by Google Marketing Services, you can use the setting and opt-out options provided by Google, please refer to https://adssettings.google.com/authenticated.
XIII. Outreach analysis with Matomo
(1) The outreach analysis with Matomo includes the collection and storage of the following data: the browser type and browser version used by you, the operating system you use, your country of origin, date and time of the server request, the number of visits, the time you spend on the website, and the external links you click on. The IP address of the users is anonymised before it is stored.
(3) Users can object to the anonymised collection of data with the programme Matomo with effect for the future at any time by clicking on the link below. In this case, a so-called opt-out cookie will be placed in your web browser, which means Matomo will no longer collect any session data. However, if the users delete their cookies, the opt-out cookie will be deleted as well, so that the users will have to reactivate it.
XIV. Use of social media plug-ins
(1) We currently use the following social media plug-ins: Facebook, Google+, and Twitter. We use what is referred to as the so-called “double click solution”. This means that when you visit our website, categorically no personal data will initially be forwarded to the providers of the plug-ins. You can recognise the provider of the plug-in by the first letters of its name being marked on the box or the logo. We provide you with the possibility to communicate directly with the plug-in provider by using the button. Only when you click the highlighted box, thereby enabling it, does the plug-in provider receive the information that you have accessed the corresponding page on our website. The data stated under section 4 of this Policy will also be transmitted. By activating the plug-in, your personal data will be transferred to the respective plug-in provider and stored there (in the case of the American (USA) providers, in the USA). As the plug-in provider mainly carries out the data collection using cookies, we recommend erasing all cookies with the use of the security settings of your browser before clicking on the greyed out box.
(2) We have no influence on the collected data or the data processing procedures, nor are we aware of the full extent of the data that is collected, the purposes of the processing or the retention periods. Further, we do not have any information on the erasure of the data that is collected by the providers of the plug-ins.
(3) The plug-in provider will store the data collected about you as a user profile and use it for the purposes of advertising, market research and/or the custom configuration of their website. Data (including data of users who are not logged in) are for example evaluated in this way to provide custom advertising and to inform other users of the social network about your use of our website. You have the right to object to the creation of such user profiles; if you intend to exercise this right, you must contact the respective plug-in provider. With the plug-ins, we offer you the possibility to interact with social networks and other users so that we can improve our website and make it more interesting for you, the user. The legal basis for the use of plug-ins is Art. 6(1) point (f) GDPR.
(4) The forwarding of data takes place regardless of whether you have an account with the plug-in provider and are logged in or not. If you are logged in with the plug-in provider, the data collected by us about you will directly be assigned to your existing account with the plug-in provider. If you press the activated button and link to the page e.g., the plug-in provider will also store this information in your user account and share it publicly with your contacts. We recommend that you regularly log out after using a social network, especially before activating the button, as this will allow you to prevent the plug-in provider assigning something to your profile.
(5) Further information on the purpose and scope of data collection and processing by the plug-in provider is available in the following privacy policies of these providers. There, you will also find further information about your rights regarding this topic and your settings options for the protection of your private sphere.
- Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php;
further information on data collection:
Facebook has agreed to comply with the EU-US Privacy Shield,
- Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA;
Google has agreed to comply with the EU-US Privacy Shield,
- Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.
Twitter has agreed to comply with the EU-US Privacy Shield,
XV. Embedding YouTube Videos
(1) We have embedded YouTube videos in our online offering which are stored at https://www.YouTube.com and can be played directly from our website. All such videos have been embedded in the “enhanced data protection mode”, which means that no data about you as a user will be transferred to YouTube if you do not play the videos. The data stated in paragraph 2 will only be transferred if you play the videos. We have no control over such transfer of data.
(2) When you visit the website, YouTube receives information that you have accessed the relevant sub-page of our website. The data stated under section 4 of this Policy will also be transmitted. This will take place regardless of whether YouTube provides a user account into which you are logged in or if no user account exists. If you are logged into Google, your data will be associated directly with your account. If you do not want the data to be assigned to your YouTube profile, you must log out before activating the button. YouTube will store your data as user profiles and use them for the purposes of advertising, market research and/or the needs-based configuration of its website. In particular, this evaluation takes place (including for users who are not logged in) for the provision of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of such user profiles; if you intend to exercise this right, please contact YouTube.
Google may process your personal data in the US, and has agreed to comply with the EU-US – Privacy Shield,
XVI. Rights of the users
(1) ) Users have the right to obtain information about the personal data that we process in relation to them free of charge and upon their request.
(2) In addition, users are entitled to rectification of inaccurate data, restriction of processing and erasure of their personal data, where applicable, the right to data portability and, if unlawful data processing is assumed, the right to lodge a complaint with the competent supervisory authority.
(3) Moreover, users can, with effect for the future, withdraw consents.
(4) The contact person is our data protection officer:
DID Dresdner Institut für Datenschutz | Stiftung bürgerlichen Rechts
XVII. Erasure of data
(1) The data we have saved will be erased as soon as they are no longer required for their purpose and the erasure does not conflict with any statutory retention obligations. If the data of the users are not erased, since they are required for other purposes which are permitted by law, their processing will be restricted. This means that the data will be blocked and not processed for any other purposes. This applies e. g. to data which has to be preserved due to commercial law or tax law.
(2) In accordance with legal requirements, data are stored for 6 years pursuant to section 257 clause 1 Commercial Code (e.g. commercial and business correspondence) and for 10 years pursuant to section 147 clause 1 Fiscal Code (e.g. account books and booking confirmations).
XVIII. Right to Object
Users can object to the future processing of their personal data according to the legal requirements at any time. The right to object applies, in particular, to the processing for direct marketing purposes.