Our Commitment to Privacy and Data Protection
Scope and version
The use of the application may be subject to additional provisions as specified in the Software as a Service Terms of Service.
Service Authority and Data Protection Officer
The service that is described herein is provided by:
Our external Data Protection Officer is:
Dr. iur. Christian Borchers
Datenschutz Süd GmbH
Legal Basis for the Processing of Personal Data
One of the purposes of using cookies is to make it easier for you to use our service. For example, we use what are called session cookies to recognize when you have already visited individual pages on our website. These are automatically deleted after leaving our website.
We also use temporary cookies that are stored on your device for a specified period of time in order to improve usability. If you re-visit our site in order to use our services, it will automatically be recognized that you have visited us before, as well as which entries and settings you have made to avoid having to re-enter them. Cookies help make the website more user-friendly (e.g. storing login data), control the display of advertisements and can recognize users who have been directed to us by certain partners. Cookies are also used to collect statistical data on website usage and analyze it in order to improve the website.
You have control over how cookies are used on your device. Most browsers have an option that will allow you to restrict or completely prevent the storage of cookies. Please note, however, that without cookies, the usage and in particular the usability can be limited.
All requests to our server are stored in server logs. The legal basis for the collection of the following data is a legitimate interest pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR in ensuring a secure and unhindered internet site. It is necessary to maintain our service, provide error diagnoses and prevent attacks.
These logs include the following information:
URL of the website or file accessed, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, user’s operating system, referrer URL, IP address and the requesting provider.
We do not share this information with third parties. The data collected here will be stored for a maximum of 365 days and will then be made anonymous or deleted. This also applies to the unabridged IP addresses.
To secure the website and optimize loading time, this website uses the Content Delivery Network (CDN) Cloudfront. This is a service provided by Amazon Web Services Inc. (410 Terry Avenue North, Seattle, WA 98109-5210), which duplicates data from a website and provides it to various Amazon Web Services (AWS) servers around the world. By retrieving this data, information about your use of our website (such as your IP address) is transferred to Amazon servers in other EU countries and stored there. This takes place as soon as you enter our website.
The data collected here will be stored for a maximum of 365 days and will then be made anonymous or deleted. This also applies to the unabridged IP addresses.
The legal basis for the collection of the data is a legitimate interest pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR in ensuring a secure and unhindered internet site.
Amazon Web Services Inc.’s participation in the Privacy Shield Agreement ensures a consistent level of data protection for the transferred data.
For more information about Amazon Web Services’ data protection policies, please visit: https://aws.amazon.com/compliance/data-privacy-faq/.
Our website uses GA Audience, a service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).
Google Audience uses, among other things, cookies stored on your computer and other mobile devices (e.g. smartphones, tablets, etc.) to enable the usage analysis of those devices. The data is partially analyzed across all devices. Google Audience receives access to cookies generated through the use of Google AdWords and Google Analytics. Data, in particular the IP address and user activity, may be transferred to a Google Inc. server and stored there. Google Inc. may transfer this information to third parties as required by law or if it is to be processed by a third party.
Data Processing of Business Partners and Customers for Communication, Contract and Payment Processing
itdesign GmbH processes the contact information of customer representatives, interested parties, service providers and other business partners in order to communicate via email, telephone, fax, post and for other contractual transactions. The legal basis for processing personal data of contacts who are not direct contractual partners is pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. This legitimate interest by itdesign GmbH is based on the intention to conduct or initiate a business relationship with customers, interested parties, service providers and other business partners, and to maintain personal contact with business representatives. The legal basis for the processing of personal data (e.g. invoice data) of direct contractual partners (e.g. sole proprietors) is pursuant to Art. 6, Para. 1, Sent. 1(b) GDPR. The data processed here is exclusively used for the fulfillment of the contract.
The contact and payment data collected here will be transferred to third parties who have been commissioned by itdesign GmbH to carry out the contract. This includes the following service providers:
– Zapier (sending notifications of changes to the contract),
– GoCardless (collection of direct debits),
– Chargebee (license management and invoicing).
Data Protection Agreements have been concluded and signed with both service providers Zapier and Chargebee.
If you have selected a direct debit authorization for your method of payment, your data will be transferred to the service provider GoCardless. They are individually responsible for data protection. The data transfer takes place on the basis of our legitimate interest pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. Our legitimate interest lies in offering the customer uncomplicated payment transactions and thus making regular payments possible.
To ensure a uniform level of data protection, the service providers are certified according to Privacy-Shield.
Personal data is stored as long as it is needed for business purposes or a legitimate interest to re-establish contact exists.
Customer Service through Third Parties
If you wish to utilize or try out the services and trial versions of Meisterplan, your data will be collected by us and, if necessary, transferred to third parties. These companies are responsible for supporting some customers in their respective official language, for example with support. The legal basis for this is Art. 6, Para. 1, Sent. 1(f) GDPR and our legitimate interest lies in a customer-oriented and friendly service in the respective official language.
The following customers are partly managed by the subsequent national service providers:
– Germany/adensio GmbH, Eportis GmbH, SOLVIN information management GmbH
– Switzerland/diventis GmbH, Projectworld GmbH
– France/ISPA Consulting
– Netherlands/Odysseus Group
– United Kingdom/ILX Group, Sandhill Consultants Ltd.
If your data is processed by service providers within the EU, they are subject to the regulations of the GDPR.
Any other transfer of data to third parties is prohibited. Within our company, your data will be used for the execution or initiation of the business relationship. There will be no processing of your data outside the EU/EEA that deviates from the above listed providers.
Your personal data will be stored for as long as it is required for business purposes or if there is a legitimate interest in contacting you again.
If you become aware of us via a third party who has a contractual relationship with us and visit us through a link on their website, the data provided by you (including but not limited to name, email address and telephone number) will be forwarded to this website provider, who will be informed of the successful completion of a trial or registration process.
Your personal data will be stored by our contractual partners for as long as it is required for business purposes or if there is a legitimate interest in contacting you again.
It is our goal to promote our products on several websites, thereby making them available to a wide range of potential customers. The legal basis for this data collection is Art. 6, Para. 1, Sent. 1(f) GDPR. Our legitimate interest lies in the comprehensive promotion of lead generation.
Analysis by Google Analytics
Browser type and version, browser language, operating system used, geographic origin, page views, time stamps, previously visited pages, interaction with page elements such as forms, search queries, service providers, and data submitted by search engines or advertising platforms.
These are generally transferred to and stored on a Google server in the USA. Google’s participation in the US Privacy Shield ensures a consistent level of data protection. We have entered into a data processing agreement with Google pursuant to Art. 28 of the GDPR. Google Analytics is integrated with the Google Tag Manager service. IP addresses can be anonymized using their settings, but complete anonymization of the collected data will not take place.
For more information on data protection related to Google Analytics, please refer to Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en).
You may deny the installation of cookies by setting the browser software accordingly; however, please note that in this case not all functions of this website will be fully available.
You can also prohibit the collection of data generated by cookies and concerning your use of the website (including your IP address) as well as Google’s processing of this data by downloading and installing a browser add-on at (https://tools.google.com/dlpage/gaoptout?hl=en).
Another way to opt out of web analysis by Google Analytics is to set an opt-out cookie instructing Google not to store or use your data for web analysis purposes. Please note that with this solution, the web analysis will not take place for only as long as the opt-out cookie is stored by the browser. If you would like to set the opt-out cookie now, please click here:
We use this data to maintain and improve our website, evaluate user interaction with the website and evaluate our marketing strategies. The data received via Google Analytics may be combined with other data, e.g. data that you voluntarily provide us through the website. See section entitled “Combining Data”.
The user and activity data that we receive from Google Analytics are deleted within 36 months.
Based on our legitimate interest in the prevention of spam and abuse, we use the reCAPTCHA feature of Google on our website. This function is primarily used to distinguish whether an input is made by a natural person or abusive by automated processing. If reCAPTCHA detects possible inauthenticity of your information, you will receive an email for verification. The service includes the sending of the IP address and possibly other data required by Google for the reCAPTCHA service to Google. The legal basis for the transfer of data is Art. 6 para. 1 lit. f GDPR. Our interest is to ensure the safe operation of our websites and protect against automated attacks.
If you disagree with Google’s data processing, please do not use this website.
The data evaluated by Google Analytics may be combined with additional user data collected on our website if you decide to activate a trial of Meisterplan. This serves to improve our online services and the application. The following data is combined to form a joint data collection with the stated contents:
Dataset (a), your details given in the trial form
Dataset (b), your activities on the website
Dataset (c), your activities in the application
The combination of data collected here is based on the legitimate interest of itdesign GmbH in accordance with Art. 6, Para. 1, Sent. 1(f) GDPR. The legitimate interest is in improving our end-to-end services as a means of acquiring new customers. The datasets will be stored as long as they are needed for business purposes or as long as there is a legitimate interest in contacting the customer again.
Analysis Using Visual Website Optimizer
We use Visual Website Optimizer, a web analytics service from Wingify (Wingify, Inc., Delhi, India), hereinafter referred to as “VWO”. VWO is used to test and optimize the user-friendliness of our website. VWO collects anonymous statistics on user behavior. We have no way of associating these anonymous measurements with a person, for example through an IP address. In order to obtain meaningful test results, cookies are used: VWO stores user activities, device and browser information as well as a unique user ID (_vwo_uuid) in a cookie, but anonymizes both the IP address and personal content. The data is automatically deleted after 60 days. The legal basis for the storage of cookies is our legitimate interest pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. Our legitimate interest lies in the ability to provide a customer-friendly and optimized web service. You can delete cookies from your browser at any time. In addition, you can opt out of participating in the tests altogether by clicking on the following link: https://vwo.com/opt-out/.
The PIMS and ISMS certifications ensure a uniform level of data protection. A Data Processing Agreement has been concluded and signed with the service provider.
Additional information on data protection and GDPR compliance at VWO can be found here: https://vwo.com/platform/security-compliance/gdpr/.
This website uses Google’s remarketing technology for targeted advertising. Ad placement in Google’s display network is based on a user’s previous visits to this website. This feature stores cookies for 90 days, which are used by Google and third parties for targeted ads. The purpose of this measure is to acquire customers. The legal basis is our legitimate interest under Art. 6, Para. 1, Sent. 1(f) GDPR. Our legitimate interest lies in the acquisition of customers through advertising and the expansion of our online presence.
You can disable ad personalization and customize your Google Display Network settings at https://www.google.com/settings/ads. You can also refuse the storage of cookies in your browser settings or manually delete cookies that have already been set.
We use conversion tracking from various advertisers on our site. When you access our site through advertisements from certain providers, the respective provider places a cookie on your computer which is used to generate statistics about the effectiveness of advertisements based on your behavior. Conversion tracking can be deactivated through the cookie settings in your browser. The purpose of this measure is to acquire customers. The legal basis is our legitimate interest pursuant to Art. 6, Para. 1, Sentence 1(f) GDPR. Our legitimate interest lies in customer acquisition and the control of our marketing activities. Currently, this applies to the Google AdWords provider (a Google offering) and Bing Ads (a Microsoft offering). As part of conversion tracking, data, in particular the IP address and activities of the user, can be transferred to a server of Google Inc. or Microsoft Corporation and stored there for a maximum of 180 days. This information may be transferred from Google Inc. or Microsoft Corporation to third parties, if required to do so by law, or if the information is to be processed by third parties.
Some pages of our website include fonts (“Google Fonts”) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google does not collect any data because these fonts are downloaded from an internal company server.
Plug-Ins from Other Platforms
We use plug-ins from various other platforms, e.g. social media, on our website. The purpose is to increase the level of awareness of our services or to access content. Your data will not be transferred solely by accessing our website because we rely on the Easy Social Share solution when using social media plug-ins. This gives you the opportunity to share our content. However, a data transfer takes place once you click on the corresponding button. The legal basis for this is Art. 6, Para. 1, Sent. 1(f) GDPR.
Our legitimate interest lies in presenting our content to a wide audience and providing you the opportunity to express your opinion.
Please note that clicking a share icon or an embedded YouTube video will result in certain data being transferred to the respective social media service provider, for example:
- the address of the website where the activated social plug-in is located,
- date and time the website was accessed or the social plug-in was activated,
- information about the browser and operating system used,
- your current IP address.
If you are already logged in to the corresponding social media service at the time the social plug-in is activated, the social media service provider is also able to determine your user name and possibly even your real name from the above data.
This data can also be processed by the social media service provider in countries outside the European Union. We have no influence on the scope, type and purpose of data processing by the social media service provider. Please note that the social media service provider is able to create anonymous and even individualized user profiles with the above mentioned data.
Privacy Policies of Other Service Providers
Our website offers you a variety of ways to contact us or to answer existing questions quickly and easily. To do this we use the following third party providers with which we have an existing data processing agreement. This ensures that your data is processed by third parties in accordance with data protection regulations.
Hosting the Quest
The online community on quest.meisterplan.com is hosted by Invision Community (Invision Power Services, Inc., PO Box 2365, Forest, VA 24551, USA). Data provided on quest.meisterplan.com (e.g. user name, contact data) will be processed by this provider outside the EU/EEA. The legal basis for this is pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. The data collection is based on our legitimate interest in providing you with a platform in which to discuss content related to our application and to easily contact us with any questions. Your posts will be stored for as long as they are relevant to the community. The storage period therefore depends on the content of your post. Should you request that we delete your account, your posts will also be deleted.
A Data Processing Agreement has been concluded and signed with this service provider.
Our service at help.meisterplan.com is hosted by the provider Zendesk (Zendesk, Inc., San Francisco, California, USA). When you use the Help Center, Zendesk will collect your IP address as detected by the Zendesk Edge architecture and store it in the United States. The data will be deleted after a maximum of 120 days. The data processing is carried out in accordance with Art. 6, Para. 1, Sent. 1(f) GDPR. Our legitimate interest lies in providing an uncomplicated and user-friendly help center and information site.
Zendesk will also store the email address and content of a voluntarily submitted request using the contact form at help.meisterplan.com. Personal data is stored for as long as it is required for business purposes or if there is a legitimate interest in contacting you again. Data processing is carried out in accordance with Art. 6, Para. 1, Sent. 1(f) GDPR. Our legitimate interest lies in answering customer requests. The data collected here will be exclusively used to answer your inquiry.
Zendesk’s participation in the Privacy-Shield Agreement ensures a uniform level of data protection for the transferred data. A Data Processing Agreement has been concluded and signed with this service provider.
Chargebee (Chargebee, Inc. 340 S. Lemon Avenue, Suite #1537, Walnut, CA 91789, USA) is used as a webshop solution for license management and invoicing.
Chargebee is certified under the EU-US Privacy Shield Agreement (certificate available here: https://www.privacyshield.gov/list) and thus offers an additional assurance of compliance with European data protection law.
Contract Change Notifications
Zapier (Zapier, Inc. 548 Market St. #62411, San Francisco, CA 94104-5401, USA) is used to send notifications of contract changes to the customer or provider.
Zapier is certified under the EU-US Privacy Shield Agreement (certificate available here: https://www.privacyshield.gov/list) and thus offers an additional assurance of compliance with European data protection law.
Payments by Direct Debit
GoCardless (GoCardless Ltd. Sutton Yard, 65 Goswell Road, London, EC1V 7EN, United Kingdom) executes payments by direct debit.
GoCardless does not act as an order processor, rather as a data controller. As the end customer, you therefore have a direct legal relationship with GoCardless regarding the use of your personal information by GoCardless. You can find additional information at https://gocardless.com/legal/privacy.
Sending Transactional E-Mails
Mailgun (Mailgun Technologies, Inc., 535 Mission St., San Francisco, CA 94105, USA), which processes data outside the EU/EEA, is used to automatically send transaction emails, i.e. to activate a requested test version or to send information from the Webshop. The necessary data is automatically recorded and processed in the reply email. In order to send a confirmation email, your name, email address, IP address and your mail server are processed. The legal basis for processing the collected data is pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. Our legitimate interest lies in sending the customer a prompt confirmation email, regardless of the time of order.
Mailgun’s participation in the Privacy-Shield Agreement ensures a uniform level of data protection in the transfer of personal data. The collected data will be deleted as soon as the test period of 30 days is over. A Data Processing Agreement has been concluded and signed with this service provider.
Sending Marketing E-Mails
There are several ways to subscribe to newsletters on our website:
- If you request various content such as white papers, it is necessary to provide an email address. After you have registered for the content, you will be able to access the download and will receive an email containing an offer for the newsletter.
- When requesting a trial access via the website, you can also subscribe to the newsletter, taking into account Art. 7, Para. 4 GDPR, which is voluntary.
- Lastly, you can fill out a form on several pages of the website on which you can subscribe to the newsletter.
In compliance with data protection regulations, subscription is completed using a double opt-in procedure. After entering your email address, you will receive a confirmation email containing a corresponding link. Here you can confirm your subscription to the newsletter. This is how we verify that you are the owner of the email address provided and that you agree to receive the newsletter. Additional data will only be collected on a voluntary basis.
The legal basis for data processing related to the distribution of newsletters is your consent pursuant to Art. 6, Para. 1, Sent. 1(a) GDPR and Sec. 7, Para. 2, No. 3 in the Act Against Unfair Competition. The purpose of data processing when ordering a newsletter is to inform our interested parties about new offers and interesting topics relating to our software applications.
Use of the shipping service provider Evalanche, performance of statistical surveys and analyses, and recording the subscription procedure are all based on our legitimate interests pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. Our interest lies in a user-friendly and secure newsletter system that serves both our business interests, such as direct advertising, and meets user expectations.
Subscriptions to the newsletter are logged in order to prove that the subscription process complies with legal requirements. This includes storing login and confirmation times, as well as the IP address. Changes to your stored data are also logged. The data will be deleted upon request (e.g. via an email to firstname.lastname@example.org).
We use Evalanche, a service of SC-Networks GmbH (Enzianstr. 2, 82319 Starnberg, Germany) to send our newsletter. A Data Processing Agreement has been concluded and signed with this service provider.
The newsletters contain tracking pixels, which are used to show whether a newsletter has been opened by you or not. Technical information such as information on your browser and system, the end device and mail client used, and your IP address and time of retrieval are initially collected. This information is used for the technical improvement of our services based on technical data or target groups and their reading habits based on retrieval locations (which can be determined by IP address) or access times.
The statistical data collection includes whether the newsletters are opened, when they are opened, which links are clicked and whether the delivery of the emails was successful. Reading duration is also recorded, although this is only done on a target group basis.
You can cancel your subscription to our newsletter at any time. You can unsubscribe by clicking on the unsubscribe link in any newsletter, in your personal profile or by sending an email to email@example.com. You have the right to cancel the newsletter at any time without affecting your right to previous data processing.
The collected data will not be shared with third parties.
Use of Social Media Logins
You have the option of registering for our Quest website with your social media accounts, making it unnecessary for you to create another account. In order to authenticate your registration, we will receive the following information from the respective social media provider:
- Numerical Social Media ID,
- First and Last Name,
- Email Address
- Profile Picture
- Current Position (LinkedIn only)
The legal basis for collecting the above mentioned data is your consent according to Art. 6, Para. 1, Sent. 1(a) GDPR. By registering with a social media account, you consent to the transfer, collection and use of your data as follows:
I agree to the following data being transferred to Invision Power Services, Inc. by my social media service provider as part of the social login process:
- Numerical Social Media ID,
- First and Last Name,
- Email Address,
- Profile Picture,
- Current Position (LinkedIn only).
This data may be stored by Invision Power Services, Inc. (see section “Hosting the Quest”) in my personal forum account and used solely for registration purposes within the forum. I am aware that by using a social media login, the operator of the respective social media service automatically becomes aware that I have connected my social media account to a forum account on https://quest.meisterplan.com/.
You can withdraw your consent at any time by sending an email to firstname.lastname@example.org. In this case, further use of the social media login is no longer possible. All registration data received up to this point will be deleted.
The data collected will be used exclusively by Invision Power Services, Inc. (see section “Hosting the Quest”). The data will not be transferred to third parties. The data submitted during registration will be used as described and stored until consent is withdrawn.
Data Collection from Mail/Email Messages and Registration/Contact Forms
We may collect additional data voluntarily provided by you in various ways, such as through a contact request using the contact form, an inquiry via email, telephone or mail, or when requesting and activating a trial version. The basis for collecting and processing your data is pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. Our legitimate interest lies in answering customer requests, providing uncomplicated and secure communication channels for data protection as well as the non-binding provision of our trial software. The data required for this can be found in the mandatory fields of the corresponding forms. Any other data provided will be determined by you. The data collected here will only be used to answer your inquiry or to provide you with the corresponding demonstration software.
Use of Trial Accounts
You can register for a free trial account with our Meisterplan system. In addition to the data required for registration (email address and system name), we will also process the data entered during your trial period. For additional information, please refer to the Terms of Service (https://meisterplan.com/terms-of-service-eu/).
Upon activating a trial version, the following data will also be collected:
Time of interaction with the forms, ID of the Google Analytics cookie, internal ID of the generated test instance, and telephone number (optional). This serves to maintain our trial process operation, support sales and evaluate our marketing strategies. Your data will be stored for as long as it is required for business purposes or if there is a legitimate interest in contacting you again.
The legal basis for this data processing is pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. Our legitimate interest lies in providing the potential customer with the best possible and unrestricted insight into our software application using real data. In addition, availability of the information already entered into the software should be made possible after purchase.
The data entered for your trial system will be hosted in Frankfurt/Main (Germany) or Oregon (USA) according to your selection. Transfer to third parties takes place within the EU based on signed Data Processing Agreements with service providers from Germany. Your data will only be transferred to a third country if you decide to do so. In doing so, the data is transferred to and hosted by the provider AWS. A uniform level of data protection is ensured through their participation in the Privacy-Shield Agreement. There is also a Data Processing Agreement with this service provider.
By submitting a request for the trial version, you agree to the Terms of Service (https://meisterplan.com/terms-of-service-eu/) and will automatically receive a contract for a Data Processing Agreement with itdesign GmbH as the supplier. Additional information can be found in this contract.
Rights with Regards to Our Data Processing
You have the following rights with regards to our processing your personal data:
- Withdrawal of consent: If your data is processed on the basis of consent, e.g. within the scope of Art. 6, Para. 1, Sent. 1(a) GDPR, you can withdraw your consent to the processing of your data at any time. The lawfulness of any previous processing remains unaffected.
- Objection (Art. 21 GDPR): Provided that data is processed based on a legitimate interest pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR, you nevertheless have the right to object to the processing of your personal data. The corresponding processing would therefore be discontinued, provided that our compelling interest does not surpass your interests.
- Data access (Art. 15, Para. 1 GDPR): You have the right to obtain information on your personal data free of charge.
- Rectification (Art. 16 GDPR): You have the right to rectify inaccurate data and to have incomplete data completed, taking into account the purposes of the processing.
- Erasure (Art. 17 GDPR): You have the right to the deletion of your personal data or to the Restriction (Art. 18 GDPR) of its processing if deletion is not legally possible.
- Data portability (Art. 20 GDPR): You have the right to receive your personal data in a commonly used and machine-readable format.
- Right of appeal: You have the right to appeal to a regulatory agency. The data protection supervisory authority responsible is that of the federal state in which you live or in which the person responsible is based.
Please contact our Data Protection Officer if you have any questions.
Non-Obligatory Provision of Personal Data
The provision of personal data is not required by law or contract nor is it necessary for the conclusion of a contract, unless otherwise stated in the above list. There is no obligation to provide personal data unless otherwise stated. Failure to provide personal information may result in us not being able to respond to your contact requests, provide you with all the features of our website or allow you to use our software free of charge.