1. Introduction
With the following data protection policy, we would like to explain to you which types of your personal data (hereinafter also referred to as “data”) we process, for what purposes and to what extent. The Privacy Policy applies to all processing of personal data carried out by us, whether on our websites, in our application Meisterplan, on external websites.
We can adapt this policy from time to time, e.g., to take account of changed processes or new developments.
The use of the application Meisterplan may be subject to additional provisions, which are governed by the Software as a Service Terms. These can be found at https://meisterplan.com/trust-center/terms-of-service-eu/.
2. Responsible Body and Data Protection Officer
itdesign GmbH
Friedrichstr. 12
72072 Tübingen
Germany
Our external data protection officer is:
Dr. iur. Christian Borchers
Datenschutz Süd GmbH
Wörthstrasse 15
97082 Würzburg
office@datenschutz-sued.de
3. Data Processing Overview
The types of data we process, the purposes of their processing, the individuals affected, and the legal bases for the processing depend on the services you use from us or how you interact with us.
Depending on how you use our services, the services and service providers we engage in the processing of your data are listed in the respective annexes. For visitors to our websites, the Annex “Website-Visitors” https://meisterplan.com/trust-center/website-visitors/ applies. If you interact with us and/or enter into a contractual or pre-contractual relationship beyond merely using the websites, the Annex “Subcontractors” https://meisterplan.com/trust-center/subcontractors/ applies. If you additionally use our Meisterplan application (including both productive and non-productive use), the Annex “Subprocessors” https://meisterplan.com/trust-center/subprocessors/ applies. In the event that you use the Meisterplan application, our Software as a Service Terms of Use shall also apply.
4. Relevant Legal Bases
The General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) are primarily applicable. Please note that in addition to the regulations of the GDPR, the national data protection requirements in your or our country of residence and domicile may apply. If more specific legal bases are relevant in individual cases, we will inform you of this in the data protection policy.
The BDSG contains specific provisions for Germany, in particular special regulations on the right to information, the right to erasure, the right of objection, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases, including profiling. It also regulates data processing for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states can apply.
5. Security Measures
We shall take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the data processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as to the access, input, transfer, securing of availability and their separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to threats to the data. Furthermore, we consider the protection of personal data already in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and data protection-friendly default settings.
Shortening the IP address: If it is possible for us or if it is not necessary to save the IP address, we will shorten your IP address or have your IP address shortened. If the IP address is shortened, also known as “IP masking”, the last octet, i.e., the last two digits of an IP address, is deleted (the IP address in this context is an Internet connection through the online access provider individually assigned identifier). The shortening of the IP address is intended to prevent or make it much more difficult to identify a person using their IP address.
SSL encryption (https): We use SSL encryption to protect your data transmitted via our online service. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.
6. Transfer and Disclosure of Personal Data
As part of our processing, it may happen that the data is transferred to other bodies, companies, legally independent organizational units or persons or that the personal data is disclosed to them. The recipients of this data can include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such a case, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements that serve to protect your data with the recipients of your data.
7. Data Processing in Third Countries
If we process data in a third country i.e., outside the European Union (EU) or the European Economic Area (EEA) or if the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this is only in accordance with legal requirements.
Subject to express consent or contractually or legally required transfer, we process or have the data processed only in third countries with a recognized level of data protection, contractual obligation through standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection
8. Use of Cookies
We use cookies on our website pages (meisterplan.com (main domain) and the associated subdomains, eu.meisterplan.com and us.meisterplan.com (software) and help.meisterplan.com (Help Center)). These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Information is stored in the cookie that results in connection with the specific device used. However, this does not mean that we are immediately aware of your identity.
Cookies serve the user-friendliness of our website pages and software (e.g., storage of login data) as well as the recognition of users who have been referred to us by specific partners. Cookies are also used to collect statistical data on website usage and for analysis to optimize the website.
You can find more information about the cookies used by Meisterplan and how you can prevent cookies from being set in our cookie policy: https://meisterplan.com/meisterplan-cookie-policy/.
9. Legal Bases for Data Processing, Categories of Data, and Categories of Data Subjects
Legal Bases: Where processing is based on consent pursuant to Article 6(1)(1)(a) GDPR, we will request your prior consent, which can be withdrawn at any time. Unless expressly stated otherwise in this Privacy Policy or its annexes, all other processing activities are based on our legitimate interests pursuant to Art. 6 (1)(1)(f) GDPR. The specific legitimate interest can be found in the relevant descriptions of the purposes of processing in Section 10 and in the descriptions of purpose related to the respective services and service providers listed in the applicable Annexes.
Categories of Data: Unless expressly stated otherwise and depending on how you use our services, we process the following categories of data: content data (e.g., entries in online forms), usage data (e.g., pages visited, interest in content, access times), and meta/communication data (e.g., device information, IP addresses).
Categories of Data Subjects: Website visitors, interested parties, customers, users of the website, users of Meisterplan services (including trial users), and contractual partners.
10. Overview of Data Processing Activities
Below you will find an overview of our processing activities and their purposes. For details on the individual processing activities, the purposes of the services and service providers involved, as well as special deletion periods, please refer to the relevant annexes for you, depending on the use of our offers.
10.1 Applicant Management
The link “Jobs at Meisterplan” on this page refers to the vacancies on the website https://itdesign.de/karriere/stellenangebote/. Reference is therefore made here to the corresponding data protection policy for applicant management under the heading “Data Protection Policy for the Application Process”.
10.2 Commercial and Business Services
We processes the data of our contractual and business partners, e.g., customers and prospective buyers (collectively referred to as “contractual partners”) in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with the contractual partners (or precontractual), e.g., to answer inquiries. We process this data to fulfill our contractual obligations, to secure our rights and for the purposes of the administrative tasks associated with this information as well as the business organization. We only pass on the data of the contractual partners to third parties within the framework of applicable law to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations or with the consent of the persons concerned (e.g., to participating telecommunications and subcontractors, banks, tax – and legal advisers, payment service providers or tax authorities).
In the context of contractual and other legal relationships, due to legal obligations and to fulfill the contract, we offer the persons concerned efficient and secure payment options and use other payment service providers in addition to banks and credit institutions (collectively “payment service providers”).
The data entered as part of the chosen payment method is processed and stored exclusively by the payment service providers..This means that we do not receive any account or credit card-related information, only information with confirmation or negative information about the payment.
To the extent that we use third-party providers or platforms to deliver our commercial and business services, the terms and conditions and privacy policies of the respective third-party providers or platforms shall apply between you and the respective providers.
Specific Legal Bases: Performance of a contract and pre-contractual inquiries (Article 6(1)(1)(b) GDPR), legal obligation (Article 6(1)(1)(c) GDPR).
10.3 Provision of the Online Service and Web Hosting
In order to be able to provide our online service securely and efficiently, we use the services of web hosting providers, from whose servers (or servers managed by them) the online service can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.
The data processed as part of the provision of the hosting service can include all information relating to the users of our online service that is generated in the context of use and communication. This regularly includes the IP address, which is necessary in order to be able to deliver the content of the online service to browsers, and all entries made within our online service or from websites.
We ourselves (or our web hosting provider) collect data on every access to the server (so-called server log files). The server log files may include the address and name of the retrieved websites and files, the date and time of the retrieval, the amount of data transferred, the notification of successful retrieval, the browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. In the case of meisterplan.com, IP addresses and user agents are the personal data that is processed.
The server log files can be used for security purposes, e.g., to avoid overloading the server (especially in the case of improper attacks, or so-called DDoS attacks) and also to ensure server utilization and stability.
We use a “content delivery network” (CDN). A CDN is a service with the help of which the content of an online service, in particular large media files such as graphics or program scripts, can be delivered faster and more securely with the help of regionally distributed servers connected via the Internet.
10.4 Contacting Us and Feature Requests
When contacting us (e.g., via the contact form, request a demo request, email requests, telephone calls or via social media) and when using the Help Center at help. meisterplan.com (e.g., support requests or feature requests), the details of the person inquiring are processed, provided that these details are necessary to answer the contact requests and any necessary measures requested.
Specific Legal Basis: Performance of a contract and pre-contractual inquiries (Article 6(1)(1)(b) GDPR).
10.5 User Feedback
When contacting us for the purpose of user feedback (e.g., via a feedback form), the details of the user are processed, provided that these details are necessary to evaluate the feedback, to answer the feedback and to communicate about any requested measures.
10.6 Customer Care and Customer Referral through Third Parties
If you use the services and trial versions of Meisterplan via our platforms (e.g., meisterplan.com) or would like to try them out, your data will be collected by us and, if necessary, passed on to third parties. These third-party companies are entrusted with the support of interested parties and customers in the respective official language.
If you become aware of Meisterplan through a partner, the partner will inform us of this. The aim is that your trial version is assigned to the partner and that we avoid double contact.
If you come to our website from the website of a third-party company with a contractual relationship with us (e.g., our partners) and register a trial version, we will forward this information to our partner. We aim to present our products on other websites as well.
10.7 Video Conferencing, Online Meetings, Webinars and Screen Sharing
We use platforms and applications from other providers (hereinafter referred to as “third-party providers”) for the purpose of holding video and audio conferences, webinars and other types of video and audio meetings. When selecting third-party providers and their services, we observe the legal requirements.
If you communicate with us via video or audio conference via the Internet, GoToMeeting or Microsoft Teams, or if you receive an invitation to use Microsoft 365 (e.g., Microsoft Teams, Microsoft SharePoint online), your personal data will be processed by us and by the provider of the respective conference tools.
In this context, data of the participants are processed and stored on the servers of the third-party providers, insofar as they are part of communication processes with us. This data can include, in particular, registration and contact data, visual and vocal contributions as well as entries in chats and the content of shared screens.
If users are referred to third-party providers or to their software or platforms in the context of communication, business or other relationships with us, the third-party providers can process usage data and metadata for security purposes, service optimization or marketing purposes. We therefore ask you to observe the data protection information of the respective third-party provider.
10.8 Cloud Services
We use Microsoft 365 so-called “Microsoft Cloud Services” for communication and collaboration in the context of processing inquiries and to optimize our internal processes (usually teams for collaboration, Outlook for email communication and SharePoint for document management and other applications).
In this context, personal data can be processed and stored on the servers of the provider, insofar as they are part of communication process with us or otherwise processed by us, as set out in this data protection policy. This data can include, in particular, master data and contact details of the users, data on transactions, contracts, other processes and their content. The cloud service providers also process usage data and metadata, which they use for security purposes and for service optimization.
If we use the cloud services to provide forms or other documents and content to other users or publicly accessible websites, the providers may store cookies on the users’ devices for the purposes of web analysis or to remember user settings (e.g., in the case of media control).
You can find more information about the cookies used by Meisterplan in our cookie statement: https://meisterplan.com/meisterplan-cookie-policy/
10.9 Newsletters and Marketing Emails, Emails about Using Meisterplan
We send newsletters, emails and other electronic notifications (hereinafter “newsletters”) only with the consent of the recipient or legal permission. If the content of the newsletter is specifically described when registering for the newsletter, they are decisive for the consent of the user. In addition, our newsletters contain information about our services and us.
In order to subscribe to our newsletters, it is generally sufficient to provide your email address. However, we can ask you to provide a name for the purpose of addressing you personally in the newsletter, or to provide further information if this is necessary for the purposes of the newsletter.
If you subscribe to the newsletter via the additional checkbox when registering a trial version, we will store the information you provided for the trial (first name, last name, company, phone number) together with your newsletter registration in our contact software.
Double opt-in procedure: The registration for our newsletter takes place in a double opt-in procedure. This means that after registration you will receive an email in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with someone else’s email address. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the shipping service provider are also logged.
Contents:
- After actively registering for our newsletter, you will receive information about us, our services (e.g., round table), promotions and offers. You will receive this information until you unsubscribe or file an objection.
- After registering a trial version, you will automatically receive several emails about your trial version with information about your access, help materials and tips on how to get the most out of your trial version. You will only receive this information during your trial period and up to six months after the end of your trial period.
You will also receive the product newsletter with information about further product development , release information and discontinuations. You will continue to receive this information until you unsubscribe or file an objection.
If you are from a country where the law allows it, you will also be automatically subscribed to the general newsletter when you register for a trial version. You will continue to receive this information until you unsubscribe or file an objection.
Analysis and success measurement: The newsletters contain a so-called “web beacon”, i.e., a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a shipping service provider, from its server initially technical information, such as information about the browser and your system, as well as your IP address and the time of access, is collected.
This information is used to technically improve our newsletter on the basis of the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. This analysis also includes determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our endeavor nor, if used, that of the shipping service provider to observe individual users. Rather, the evaluations serve us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
The evaluation of the newsletter and the measurement of success are based on our legitimate interests for the purpose of using a user-friendly and secure newsletter system that serves both our business interests and the expectations of the users.
A separate revocation of the performance measurement is unfortunately not possible, in this case the entire newsletter subscription must be canceled or unsubscribed.
Prerequisite for the use of free services: Consent to the sending of email can be made dependent on the use of free services (e.g., access to certain content such as white papers or participation in certain campaigns such as webinars). If users want to use the free service without registering for the newsletter, we ask you to contact us by email at mail@meisterplan.com.
10.10 Advertising Communication via Email, Mail, Fax or Phone
We process personal data for the purposes of advertising communication, which can take place via various channels, such as email, activation of a trial version, telephone, mail or fax, in accordance with legal requirements.
10.11 Web Analysis, Monitoring and Optimization
The web analysis is used to evaluate visitor flows from meisterplan.com and the subdomains and can include behavior, interests or demographic information about the visitors, such as age or gender, as pseudonymous values. With the help of the range analysis, we can, for example, recognize at which time our online service or its functions or content are used most often or invite you to reuse these services. We can also understand which areas need optimization. Furthermore, through the use of so-called fingerprinting, we can with high probability achieve device identification to better protect our website against malicious activities.
In addition to web analysis, we can also use test procedures, for example, to test and optimize different versions of our online service or its components.
For these purposes, so-called user profiles can be created and stored in a file (so-called “cookie”) or similar processes can be used for the same purpose. This information can include, for example, content viewed, websites visited and elements and technical information used there, such as the browser used, the computer system used and information on times of use, and data that is automatically transmitted during a server request, such as screen, OS, device name (so-called basic identification input signals). If users have consented to their location data being collected, this can also be processed, depending on the provider.
We use the data to maintain, improve, and protect our website, to evaluate user interaction with the website and to evaluate our marketing strategies. The data that we receive via Google Analytics or fingerprinting can be merged with other data, e.g., data that you voluntarily provide to us via the website or that is automatically transmitted during your visit to our website. See section “Merging Data”.
The IP addresses of the users are also saved. However, we use an IP masking process (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) are stored in the context of web analysis, A/B testing and optimization; only pseudonyms are stored. This means that we and the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.
Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economical and recipient-friendly services). In this context, we would like to draw your attention to the information on the use of cookies in this Data protection policy.
10.12 Online Marketing and Online Advertising
We process personal data for online marketing purposes, which can include, in particular, the marketing of advertising space or the presentation of advertising and other content (collectively referred to as “content”) based on the potential interests of users and the measurement of their effectiveness.
For these purposes, so-called user profiles are created and stored in a file (called a “cookie”) or similar processes are used, by means of which the user information relevant to the presentation of the aforementioned content is saved. This information can include content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times. If users have consented to their location data being collected, this can also be processed.
The IP addresses of the users are also saved. However, we use available IP masking procedures (ie, using a pseudonym by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) are stored in the online marketing process, but only pseudonyms. This means that we and the providers of online marketing processes do not know the actual identity of the users, but only the information stored in their profiles.
The information in the profiles is usually stored in the cookies or by means of similar processes. These cookies can later generally also be read out on other websites that use the same online marketing process, analyzed for the purpose of displaying content and supplemented with additional data and stored on the server of the online marketing process provider.
You can find more information about the cookies used by Meisterplan in our cookie statement: https://meisterplan.com/meisterplan-cookie-policy/.
As an exception, clear data can be assigned to the profiles. This is the case if the users are, for example, members of a social network whose online marketing process we use and the network connects the profiles of the users with the aforementioned information. We ask you to note that users can make additional agreements with the providers, e.g., by giving their consent during registration.
Unless otherwise stated, we ask you to assume that the cookies used will be stored for a period of two years.
Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economical and recipient-friendly services). In this context, we would like to draw your attention to the information on the use of cookies in this data protection policy.
Conversion tracking: In principle, we only have access to summarized information about the success of our advertisements. However, we can use conversion measurements to check which of our online marketing processes have led to a conversion, i.e., for example, to a contract with us. The conversion measurement is used solely to analyze the success of our marketing measures. If you reach our website via advertisements from certain providers, the respective provider places a cookie on your computer, which is used to generate statistics on the effectiveness of advertisements based on your behavior.
10.13 Plugins, Embedded Functions and Content
We incorporate functional and content elements into our online service that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These can be graphics, videos or social media buttons as well as posts (hereinafter uniformly referred to as “content”).
The integration always presupposes that the third-party providers of this content process the IP address of the user, since without the IP address they would not be able to send the content to their browser. The IP address is therefore required for the display of the content or functions. We strive to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and contain, among other things, technical information on the browser and operating system, the websites to be referred to, the time of visit and other information on the use of our online service, as well as being linked to such information from other sources.
10.14 Making Online Appointments
We use software from other providers (hereinafter referred to as “third-party providers”) for the purpose of organizing meetings. When selecting third-party providers and their services, we observe the legal requirements.
In this context, personal data can be processed and stored on the servers of third-party providers. The data entered by the user (name, email address, desired date) to schedule an appointment as well as the IP address are transmitted when the appointment is made. If users are referred to the third-party providers or their software or platforms in the course of communication, business or other relationships with us, the third-party providers can process usage data and metadata for security purposes, for service optimization or for marketing purposes. We, therefore, ask you to review the data protection information of the respective third-party provider.
10.15 Online Surveys
We use software from other providers (hereafter referred to as “third-party providers”) for the purpose of conducting surveys. When selecting third-party providers and their services, we ensure their compliance with legal requirements.
Our employment of such providers means personal data can be processed and stored on the servers of third-party providers in some cases. The data entered by the user (e.g. name or NPS score) are transmitted when the user completes a survey. If users are referred to the third-party providers or their software or platforms in the course of communication, business or other activities with us, the third-party providers can process usage data and metadata for security purposes, for service optimization or for marketing purposes. Therefore, we ask you to review the data protection information of the relevant third-party provider.
10.16 Use of a Trial Account
You can register for a free trial account for our Meisterplan system. In addition to the data needed to register (email address and system name), we also process the data you entered during the trial period. Further information can be found in the terms and conditions (https://meisterplan.com/terms-of-service-us/).
The data entered for a trial system will be hosted in Frankfurt/Main (Germany) or Oregon (USA) according to your selection. A transfer to third parties takes place within the EU on the basis of order processing contracts concluded with service providers from Germany. Your data will only be transferred to a third country if you should decide to do so.
With the application for the trial version, you agree to the terms and conditions (https://meisterplan.com/terms-of-service-us/) and automatically receive a contract for order processing with us as the contractor. Further information can be found in this contract.
You also have the option to sign up for the trial using your Google or Microsoft account. By signing in, we receive certain data (e.g., your name and email address) directly from the respective provider. This data is required to grant you access to the trial and may also be used for marketing purposes. Please note that data processing by Google and Microsoft is carried out independently of us and is subject to the respective provider’s privacy policy. We therefore recommend reviewing the privacy notices of the respective third-party providers.
Specific Legal Basis: Performance of a contract and pre-contractual inquiries (Article 6(1)(1)(b) GDPR).
11. Merging Data
If you choose to activate a trial of Meisterplan, the data analyzed by Google Analytics and Fingerprint may be combined with additional user data collected on our website. This serves toimprovement of the online service and the application Meisterplan andfor network and information security. In this context, the following data records are consolidated into a unified data set containing the specified information:
- Record (a), your details in the trial form
(first name, last name, email address, company name, desired system name, phone number (optional))
- Data record (b), your activities on the website
(browser type and browser version, browser language, operating system used, geographical origin, page views, time stamp, mouse movements, previously visited page, interaction with page elements such as scrollbar, forms, search queries, service providers and search engines or advertising platforms transmitted data)
- Data record (c), your activities in the application
(server logs (e.g., IP address, time stamp), statistical data on the use of the application (e.g., web browser, triggered actions) and application data (data that the customer receives during use of the application.))
- Record (d), your activities with marketing emails
(opening emails, clicking on URLs)
12. Deletion of Data
The data we process will be deleted in accordance with legal requirements once the consent permitting the processing has been withdrawn or other legal permissions no longer apply (e.g., if the purpose of the processing no longer exists or the data is no longer necessary for that purpose).
If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to those purposes. In such cases, the data will be blocked and not processed for any other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons, or data whose storage is necessary for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person.
If different or specific retention periods apply, these can be found in the Annexes relevant to you.
Deletion periods for the data collected in connection with the use of the SaaS application and listed in Section 9 (Part 1) of the Software as a Service conditions:
| Data category | Purpose of processing | Deletion periods
|
| Personal data of the marketing contacts | Gaining new customers through marketing measures. | The deletion periods are based on the legal requirements for deletion and storage: The address data set stored in the CRM system will be stored for 2 years after it has been created and then deleted if the processing purpose no longer applies. If the purpose and legality of the data storage continue to exist when the deletion date is reached, the deletion date will be extended by a further 2 years. |
| Personal data of the contact person at the customer | Execution of the contract, especially in the context of license accounting | The deletion periods are based on the legal requirements for deletion and storage: Data used for license accounting will be deleted 10 years after the system has expired. The data stored in the CRM system address record is stored on the system for 6 years and then deleted, unless the purpose of the processing is omitted. If the purpose and legality of the data storage continue to exist when the deletion date is reached, the deletion date will be extended by a further 6 years. |
| Server logs | Finding and correcting errors, averting dangers and maintaining the technical operation of the application | The data is automatically deleted after 365 days. |
| Statistical data on the use of the application | Permanent provision of the offer, the adaptation to the evolving needs of the users, the improvement of the user experience in the application and the optimization of the internal processes of the provider | The data will be deleted or aggregated after 5 years.
|
13. Rights with Regard to Our Data Processing
- Revocation of consent: If your data is processed on the basis of consent, e.g., within the meaning of Art. 6 Para. 1 S. 1 lit. a GDPR, you can revoke your consent to the processing of your data at any time. The legality of the previous processing remains unaffected.
- Objection (Art. 21 GDPR): If the data processing takes place out of a legitimate interest on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR, you have the right to object to the processing of your personal data. The corresponding processing would therefore be omitted if our compelling interest does not outweigh your interests.
- Right to information (Art. 15 (1) GDPR): You have the right to request information about your personal data free of charge.
- Correction (Art. 16 GDPR): You have the right to correct incorrect data and to have incomplete data completed, taking into account the purposes of processing.
- Deletion (Art. 17 GDPR): You have the right to have your personal data deleted or to restrict their processing (Art. 18 GDPR) if deletion is not legally possible.
- Data portability (Art. 20 GDPR): You have the right to receive your personal data in a commonly used machine-readable format.
- Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. The data protection supervisory authority of the federal state in which you reside or in which the responsible party is based maintains responsibility.
If you have any questions, please contact our data protection officer specified above.
14. No Obligation to Provide Personal Data
The provision of personal data is not required by law or contract or required for the conclusion of a contract, unless otherwise stated in the sub-items above. There is no obligation to provide personal data, unless otherwise stated. Failure to provide personal data may mean that we cannot answer your contact inquiries, cannot provide you with all the functions of our website or we cannot enable you to use our software free of charge.