OUR COMMITMENT TO PRIVACY AND DATA PROTECTION

Privacy Policy

Last Updated: February 13, 2020 

Overview in Plain English

We have summarized the most important content of our privacy policy for you in plain English. This summary is not complete nor legally binding.

  • The legal basis for the processing of your personal data is the GDPR, to which we adhere.

  • Cookies are used by our website for various reasons – for example, to collect statistical data or to display relevant advertising.

  • Advertising and marketing are an important part of our business. In order to measure the success of our advertising and marketing activities, we use the services of companies with whom we have a concluded data processing agreement.

  • With remarketing, we are able to present targeted advertising to users who have already visited our website.

  • Any form that you fill out – whether for the newsletter, a download or a trial version – leads to a CRM entry. Some forms use reCAPTCHA to avoid spam.

  • You can subscribe to newsletters in multiple ways (e.g. with a form or by checking a box when completing a trial). Subscribing to a newsletter leads to a CRM entry and logging the content of your activities. Trial users will automatically receive a series of emails to assist them with the trial.
    You can cancel or change your newsletter subscriptions at any time. To do so, click on the link at the end of one of these emails.

  • Customer and trial data are processed by various services of third party companies, which have high data protection standards. Either we have concluded a data processing agreement with our subprocessors, or you may enter into a direct, legal relationship.

  • Customer service is either provided by us or our contractual partners. You will find a list of our partners in this document.

  • Data is consolidated from multiple sources: trial form, website, software and emails.
    Data is made anonymous where appropriate and possible – e.g. IP addresses in Google Analytics.

  • You can use social media to share content from our website. Data is only transferred when you click on the corresponding function on the website. Our Social Media Policy regarding our presence in social media can be found at https://meisterplan.com/social-media-privacy-policy/.
  • The data deletion periods for the execution of the contract comply with legal requirements. Server logs are automatically deleted after a maximum of 365 days. Statistical data is automatically deleted or aggregated after 3 years.

1. Scope and version

This Privacy Policy is to inform you about how we collect and process data with respect to the services available at meisterplan.com and its subdomains.

This version of the Privacy Policy is effective as of Feb 13th, 2020. We may revise this policy as necessary in order to reflect changes in procedures or new developments.

The use of the application may be subject to additional provisions as specified in the Software as a Service Terms of Service.

2. Service Authority and Data Protection Officer

The service that is described herein is provided by:

itdesign GmbH
Friedrichstr. 12
72072 Tübingen
Germany

Our external Data Protection Officer is:
Dr. iur. Christian Borchers
Datenschutz Süd GmbH
Wörthstrasse 15
97082 Würzburg
office@datenschutz-sued.de

3. Legal Basis for the Processing of Personal Data

This Privacy Policy is based on Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR). The legal basis for the processing of your personal data is: your consent to data processing (Art. 6, Para. 1, Sent. 1(a) GDPR); fulfillment of a contract or pre-contractual measures (Art. 6, Para. 1, Sent. 1(b) GDPR); a legitimate interest on our part (or by third parties), provided your interests, fundamental rights, and fundamental freedoms are not superseded (Art. 6, Para. 1, Sent. 1(f) GDPR).

4. Cookies

We use cookies on our site. These are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. The cookie stores information about the specific end user device that was used to access the site.  However, the information that is stored in the cookie does not allow us to determine your exact identity.

One of the purposes of using cookies is to make it easier for you to use our service. For example, we use what are called session cookies to recognize when you have already visited individual pages on our website. These are automatically deleted after leaving our website.

We also use temporary cookies that are stored on your device for a specified period of time in order to improve usability. If you re-visit our site in order to use our services, it will automatically be recognized that you have visited us before, as well as which entries and settings you have made to avoid having to re-enter them. Cookies help make the website more user-friendly (e.g. storing login data), control the display of advertisements and can recognize users who have been directed to us by certain partners. Cookies are also used to collect statistical data on website usage and analyze it in order to improve the website.

You have control over how cookies are used on your device. Most browsers have an option that will allow you to restrict or completely prevent the storage of cookies. Please note, however, that without cookies, the usage and in particular the usability can be limited.

5. Server logs

All requests to our server are stored in server logs. The legal basis for the collection of the following data is a legitimate interest pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR in ensuring a secure and unhindered internet site. It is necessary to maintain our service, provide error diagnoses and prevent attacks.

These logs include the following information:

URL of the website or file accessed, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, user’s operating system, referrer URL, IP address and the requesting provider.

We do not share this information with third parties. The data collected here will be stored for a maximum of 365 days and will then be made anonymous or deleted. This also applies to the unabridged IP addresses.

6. Caching

To secure the website and optimize loading time, this website uses the Content Delivery Network (CDN) Cloudfront. This is a service provided by Amazon Web Services Inc. (410 Terry Avenue North, Seattle, WA 98109-5210), which duplicates data from a website and provides it to various Amazon Web Services (AWS) servers around the world. By retrieving this data, information about your use of our website (such as your IP address) is transferred to Amazon servers in other EU countries and stored there. This takes place as soon as you enter our website.

The data collected here will be stored for a maximum of 365 days and will then be made anonymous or deleted. This also applies to the unabridged IP addresses.

The legal basis for the collection of the data is a legitimate interest pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR in ensuring a secure and unhindered internet site.
Amazon Web Services Inc.’s participation in the Privacy Shield Agreement ensures a consistent level of data protection for the transferred data.

For more information about Amazon Web Services’ data protection policies, please visit: https://aws.amazon.com/compliance/data-privacy-faq/.
The current Privacy Policy of Amazon Web Services can be found at: https://aws.amazon.com/privacy/.

7. Google Audience

Our website uses GA Audience, a service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

Google Audience uses, among other things, cookies stored on your computer and other mobile devices (e.g. smartphones, tablets, etc.) to enable the usage analysis of those devices. The data is partially analyzed across all devices. Google Audience receives access to cookies generated through the use of Google AdWords and Google Analytics. Data, in particular the IP address and user activity, may be transferred to a Google Inc. server and stored there. Google Inc. may transfer this information to third parties as required by law or if it is to be processed by a third party.

The purpose of this measure is to gain customers through precise placement of advertisements to customized target groups (= audiences). The legal basis is your consent to the use of cookies in accordance with Art. 6, Para. 1, Sent. 1(a) GDPR. You may prevent the collection, transfer and processing of personal data by Google Audience by deactivating the use of Java Script in your browser or by installing a tool such as ‘NoScript’. You can also prevent Google from collecting and processing the data generated by Google cookies and concerning your use of the website (including your IP address) by downloading and installing the browser plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=en).

8. Applicant Management

The link “Jobs at Meisterplan” on the following page directs you to the open vacancies on the website https://itdesign.de/karriere/stellenangebote/. Reference is made here to the corresponding Privacy Policy for Applicant Management under the keyword „Datenschutzerklärung für den Bewerbungsprozess“ (available in German).

9. Data Processing of Business Partners and Customers for Communication, Contract and Payment Processing

itdesign GmbH processes the contact information of customer representatives, interested parties, service providers and other business partners in order to communicate via email, telephone, fax, post and for other contractual transactions. The legal basis for processing personal data of contacts who are not direct contractual partners is pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. This legitimate interest by itdesign GmbH is based on the intention to conduct or initiate a business relationship with customers, interested parties, service providers and other business partners, and to maintain personal contact with business representatives. The legal basis for the processing of personal data (e.g. invoice data) of direct contractual partners (e.g. sole proprietors) is pursuant to Art. 6, Para. 1, Sent. 1(b) GDPR. The data processed here is exclusively used for the fulfillment of the contract.

The contact and payment data collected here will be transferred to third parties who have been commissioned by itdesign GmbH to carry out the contract. This includes the following service providers:

  • Zapier (sending notifications of changes to the contract),
  • GoCardless (collection of direct debits),
  • Chargebee (license management and invoicing).

Data Protection Agreements have been concluded and signed with both service providers Zapier and Chargebee.

If you have selected a direct debit authorization for your method of payment, your data will be transferred to the service provider GoCardless. They are individually responsible for data protection. The data transfer takes place on the basis of our legitimate interest pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. Our legitimate interest lies in offering the customer uncomplicated payment transactions and thus making regular payments possible.

To ensure a uniform level of data protection, the service providers are certified according to Privacy-Shield.

Personal data is stored as long as it is needed for business purposes or a legitimate interest to re-establish contact exists.

10. Customer Service through Third Parties

If you wish to utilize or try out the services and trial versions of Meisterplan, your data will be collected by us and, if necessary, transferred to third parties. These companies are responsible for supporting some customers in their respective official language, for example with support. The legal basis for this is Art. 6, Para. 1, Sent. 1(f) GDPR and our legitimate interest lies in a customer-oriented and friendly service in the respective official language.

The following customers are partly managed by the subsequent national service providers:

  • Germany/adensio GmbH, Eportis GmbH, SOLVIN information management GmbH
  • Switzerland/diventis GmbH, Projectworld GmbH
  • France/ISPA Consulting
  • Netherlands/Odysseus Group
  • United Kingdom/ILX Group, Sandhill Consultants Ltd.

If your data is processed by service providers within the EU, they are subject to the regulations of the GDPR.
Any other transfer of data to third parties is prohibited. Within our company, your data will be used for the execution or initiation of the business relationship. There will be no processing of your data outside the EU/EEA that deviates from the above listed providers.

Your personal data will be stored for as long as it is required for business purposes or if there is a legitimate interest in contacting you again.

11. Lead Data

If you become aware of us via a third party who has a contractual relationship with us and visit us through a link on their website, the data provided by you (including but not limited to name, email address and telephone number) will be forwarded to this website provider, who will be informed of the successful completion of a trial or registration process.

Your personal data will be stored by our contractual partners for as long as it is required for business purposes or if there is a legitimate interest in contacting you again.

It is our goal to promote our products on several websites, thereby making them available to a wide range of potential customers. The legal basis for this data collection is Art. 6, Para. 1, Sent. 1(f) GDPR. Our legitimate interest lies in the comprehensive promotion of lead generation.

12. Analysis by Google Analytics

We use Google Analytics, a web analysis service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for the purpose of customizing the design and continuous optimization of our website and sub-pages (Help Center). For this purpose, we create anonymous user profiles and use cookies. The legal basis for this data collection is our legitimate interest pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. The data processing is used to analyze user behavior in order to improve our marketing strategies and website offerings. Our legitimate interest lies in improving our services and acquiring new customers. Google Analytics collects information, including:

Browser type and version, browser language, operating system used, geographic origin, page views, time stamps, previously visited pages, interaction with page elements such as forms, search queries, service providers, and data submitted by search engines or advertising platforms.

These are generally transferred to and stored on a Google server in the USA. Google’s participation in the US Privacy Shield ensures a consistent level of data protection. We have entered into a data processing agreement with Google pursuant to Art. 28 of the GDPR. Google Analytics is integrated with the Google Tag Manager service. IP addresses can be anonymized using their settings, but complete anonymization of the collected data will not take place.

For more information on data protection related to Google Analytics, please refer to Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en).

You may deny the installation of cookies by setting the browser software accordingly; however, please note that in this case not all functions of this website will be fully available.

You can also prohibit the collection of data generated by cookies and concerning your use of the website (including your IP address) as well as Google’s processing of this data by downloading and installing a browser add-on at (https://tools.google.com/dlpage/gaoptout?hl=en).

Another way to opt out of web analysis by Google Analytics is to not accept cookies by Google Analytics by setting the following switch to “Off”.

We use this data to maintain and improve our website, evaluate user interaction with the website and evaluate our marketing strategies. The data received via Google Analytics may be combined with other data, e.g. data that you voluntarily provide us through the website. See section entitled “Combining Data”.

The user and activity data that we receive from Google Analytics are deleted within 36 months.

13. Analysis by wiredminds

Meisterplan uses a counting pixel technology provided by wiredminds GmbH (www.wiredminds.de) to analyze visitor behavior. If necessary, data is collected, processed and stored, from which user profiles are created under a pseudonym. Wherever possible and reasonable, these usage profiles are completely anonymized. Cookies can be used for this purpose. Cookies are small text files that are stored in the visitor’s internet browser and serve to recognize the internet browser. The collected data, which may also contain personal data, will be transmitted to wiredminds or collected directly by wiredminds. wiredminds may use information that is left by visiting the websites to create anonymized usage profiles. The data obtained without explicit consent of the affected person will not be used to personally identify the visitor of this website and will not be merged with personal data of the bearer of the pseudonym. Whenever IP addresses are recorded, their immediate anonymization takes place by deleting the last number block.

Permission for data collection, processing and storage can be revoked at any time with effect
for the future under the following link:

Exclude from tracking.

14. reCAPTCHA

Based on our legitimate interest in the prevention of spam and abuse, we use the reCAPTCHA feature of Google on our website. This function is primarily used to distinguish whether an input is made by a natural person or abusive by automated processing. If reCAPTCHA detects possible inauthenticity of your information, you will receive an email for verification. The service includes the sending of the IP address and possibly other data required by Google for the reCAPTCHA service to Google. The legal basis for the transfer of data is Art. 6 para. 1 lit. f GDPR. Our interest is to ensure the safe operation of our websites and protect against automated attacks.

Additional information about Google reCAPTCHA and Google’s privacy policy can be found at:

https://www.google.com/intl/en/policies/privacy/ and

https://www.google.com/recaptcha/intro/android.html.

If you disagree with Google’s data processing, please do not use this website.

15. Combining Data

Data analyzed by Google Analytics may be consolidated with additional user data collected on our website if you decide to activate a Meisterplan trial. This helps to improve online content as well as the application. The following data sets are consolidated into a combined database with the above-mentioned content:

  • Data Set (a), Trial form details
  • Data Set (b), Website activity
  • Data Set (c), Activity in the Application
  • Data Set (d), Activity with marketing emails

The consolidation of the data collected here is carried out by itdesign GmbH on the basis of legitimate interest in accordance with Art. 6 Para. 1 Sent. 1(f) GDPR. Legitimate interest is based on the improvement of our end-to-end service for customer acquisition. The data records are stored for as long as they are needed for the purpose of carrying out the business relationship or if there is a justified interest in contacting them again.

16. Analysis Using Visual Website Optimizer

We use Visual Website Optimizer, a web analytics service from Wingify (Wingify, Inc., Delhi, India), hereinafter referred to as “VWO”. VWO is used to test and optimize the user-friendliness of our website. VWO collects anonymous statistics on user behavior. We have no way of associating these anonymous measurements with a person, for example through an IP address. In order to obtain meaningful test results, cookies are used: VWO stores user activities, device and browser information as well as a unique user ID (_vwo_uuid) in a cookie, but anonymizes both the IP address and personal content. The data is automatically deleted after 60 days. The legal basis for the storage of cookies is our legitimate interest pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. Our legitimate interest lies in the ability to provide a customer-friendly and optimized web service. You can delete cookies from your browser at any time. In addition, you can opt out of participating in the tests altogether by clicking on the following link: https://vwo.com/opt-out/.

The PIMS and ISMS certifications ensure a uniform level of data protection. A Data Processing Agreement has been concluded and signed with the service provider.

Additional information on data protection and GDPR compliance at VWO can be found here: https://vwo.com/platform/security-compliance/gdpr/.

17. Remarketing

This website uses Google’s remarketing technology for targeted advertising. Ad placement in Google’s display network is based on a user’s previous visits to this website. This feature stores cookies for 90 days, which are used by Google and third parties for targeted ads. The purpose of this measure is to acquire customers. The legal basis is our legitimate interest under Art. 6, Para. 1, Sent. 1(f) GDPR. Our legitimate interest lies in the acquisition of customers through advertising and the expansion of our online presence.

You can disable ad personalization and customize your Google Display Network settings at https://www.google.com/settings/ads. You can also refuse the storage of cookies in your browser settings or manually delete cookies that have already been set.

18. Conversion Tracking

We use conversion tracking on our site. If you visit our site through ads from certain vendors, the vendor will place a cookie on your computer allowing us to compile statistics on the effectiveness of ads based on your activity.

The purpose of this measure is to attract customers. Our legitimate interest according to Art. 6 Para. 1 Sent. 1(f) GDPR is the legal basis for this measure. Our legitimate interest lies in the acquisition of customers and the control of our marketing measures.

This currently applies to the following provider:

  • Linkedin Ads (a Linkedin offer, LinkedIn Ireland Unlimited Company
    Wilton Place, Dublin 2, Ireland)

During the conversion tracking process, data, in particular the IP address and user activity, may be transmitted to a server of the above mentioned company and stored there for a maximum of 180 days. From there, this information may be transferred to third parties if required by law, or if the data is to be processed by third parties.

Conversion tracking can be disabled via the cookie settings in your browser.

19. Google Fonts

Some pages of our website include fonts (“Google Fonts”) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google does not collect any data because these fonts are downloaded from an internal company server.

20. IP-Based Content Display

This website contains data from GeoLite2, a database from MaxMind, which is available at https://www.maxmind.com.

Our Terms of Service and the currency of our license prices depend on the location of the website visitor. In order to show the user the applicable Terms of Service and currency, this content is IP-based. For this we use GeoLite2, a database from MaxMind, Inc. (14 Spring Street, 3rd Floor, Waltham, MA 02451, USA), for IP geolocations. We are not able to trace exact households or addresses. No data is transmitted to MaxMind, Inc., as the comparison of IP addresses with the database takes place locally on our servers.

21. Plug-Ins from Other Platforms

We use plug-ins from various other platforms, e.g. social media, on our website. The purpose is to increase the level of awareness of our services or to access content. Your data will not be transferred solely by accessing our website because we rely on the Easy Social Share solution when using social media plug-ins. This gives you the opportunity to share our content. However, a data transfer takes place once you click on the corresponding button. The legal basis for this is Art. 6, Para. 1, Sent. 1(f) GDPR.

Our legitimate interest lies in presenting our content to a wide audience and providing you the opportunity to express your opinion.

Please note that clicking a share icon or an embedded YouTube video will result in certain data being transferred to the respective social media service provider, for example:

  • the address of the website where the activated social plug-in is located,
  • date and time the website was accessed or the social plug-in was activated,
  • information about the browser and operating system used,
  • your current IP address.

If you are already logged in to the corresponding social media service at the time the social plug-in is activated, the social media service provider is also able to determine your user name and possibly even your real name from the above data.

This data can also be processed by the social media service provider in countries outside the European Union. We have no influence on the scope, type and purpose of data processing by the social media service provider. Please note that the social media service provider is able to create anonymous and even individualized user profiles with the above mentioned data.

22. Privacy Policies of Other Service Providers

Our website offers you a variety of ways to contact us or to answer existing questions quickly and easily. To do this we use the following third party providers with which we have an existing data processing agreement. This ensures that your data is processed by third parties in accordance with data protection regulations.

Hosting the Quest

The online community on quest.meisterplan.com is hosted by Invision Community (Invision Power Services, Inc., PO Box 2365, Forest, VA 24551, USA). Data provided on quest.meisterplan.com (e.g. user name, contact data) will be processed by this provider outside the EU/EEA. The legal basis for this is pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. The data collection is based on our legitimate interest in providing you with a platform in which to discuss content related to our application and to easily contact us with any questions. Your posts will be stored for as long as they are relevant to the community. The storage period therefore depends on the content of your post. Should you request that we delete your account, your posts will also be deleted.

A Data Processing Agreement has been concluded and signed with this service provider.

Help Center

Our service at help.meisterplan.com is hosted by the provider Zendesk (Zendesk, Inc., San Francisco, California, USA). When you use the Help Center, Zendesk will collect your IP address as detected by the Zendesk Edge architecture and store it in the United States. The data will be deleted after a maximum of 120 days. The data processing is carried out in accordance with Art. 6, Para. 1, Sent. 1(f) GDPR. Our legitimate interest lies in providing an uncomplicated and user-friendly help center and information site.

Zendesk will also store the email address and content of a voluntarily submitted request using the contact form at help.meisterplan.com. Personal data is stored for as long as it is required for business purposes or if there is a legitimate interest in contacting you again. Data processing is carried out in accordance with Art. 6, Para. 1, Sent. 1(f) GDPR. Our legitimate interest lies in answering customer requests. The data collected here will be exclusively used to answer your inquiry.
Zendesk’s participation in the Privacy-Shield Agreement ensures a uniform level of data protection for the transferred data. A Data Processing Agreement has been concluded and signed with this service provider.

Webshop

Chargebee (Chargebee, Inc. 340 S. Lemon Avenue, Suite #1537, Walnut, CA 91789, USA) is used as a webshop solution for license management and invoicing.

Chargebee is certified under the EU-US Privacy Shield Agreement (certificate available here: https://www.privacyshield.gov/list) and thus offers an additional assurance of compliance with European data protection law.

Contract Change Notifications

Zapier (Zapier, Inc. 548 Market St. #62411, San Francisco, CA 94104-5401, USA) is used to send notifications of contract changes to the customer or provider.

Zapier is certified under the EU-US Privacy Shield Agreement (certificate available here: https://www.privacyshield.gov/list) and thus offers an additional assurance of compliance with European data protection law.

Payments by Direct Debit

GoCardless (GoCardless Ltd. Sutton Yard, 65 Goswell Road, London, EC1V 7EN, United Kingdom) executes payments by direct debit.

GoCardless does not act as an order processor, rather as a data controller. As the end customer, you therefore have a direct legal relationship with GoCardless regarding the use of your personal information by GoCardless. You can find additional information at https://gocardless.com/legal/privacy.

Sending Transactional E-Mails

Mailgun (Mailgun Technologies, Inc., 535 Mission St., San Francisco, CA 94105, USA), which processes data outside the EU/EEA, is used to automatically send transaction emails, i.e. to activate a requested test version or to send information from the Webshop. The necessary data is automatically recorded and processed in the reply email. In order to send a confirmation email, your name, email address, IP address and your mail server are processed. The legal basis for processing the collected data is pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. Our legitimate interest lies in sending the customer a prompt confirmation email, regardless of the time of order.

Mailgun’s participation in the Privacy-Shield Agreement ensures a uniform level of data protection in the transfer of personal data. The collected data will be deleted as soon as the test period of 30 days is over. A Data Processing Agreement has been concluded and signed with this service provider.

23. Use of Social Media Logins

You have the option of registering for our Quest website with your social media accounts, making it unnecessary for you to create another account. In order to authenticate your registration, we will receive the following information from the respective social media provider:

  • Numerical Social Media ID,
  • First and Last Name,
  • Email Address
  • Profile Picture
  • Current Position (LinkedIn only)

The legal basis for collecting the above mentioned data is your consent according to Art. 6, Para. 1, Sent. 1(a) GDPR. By registering with a social media account, you consent to the transfer, collection and use of your data as follows:

I agree to the following data being transferred to Invision Power Services, Inc. by my social media service provider as part of the social login process:

  • Numerical Social Media ID,
  • First and Last Name,
  • Email Address,
  • Profile Picture,
  • Current Position (LinkedIn only).

This data may be stored by Invision Power Services, Inc. (see section “Hosting the Quest”) in my personal forum account and used solely for registration purposes within the forum. I am aware that by using a social media login, the operator of the respective social media service automatically becomes aware that I have connected my social media account to a forum account on https://quest.meisterplan.com/.

You can withdraw your consent at any time by sending an email to mail@meisterplan.com. In this case, further use of the social media login is no longer possible. All registration data received up to this point will be deleted.

For more information on your social media provider’s privacy settings regarding your login, please refer to the Privacy Policy and Terms of Service for each provider.

The data collected will be used exclusively by Invision Power Services, Inc. (see section “Hosting the Quest”). The data will not be transferred to third parties. The data submitted during registration will be used as described and stored until consent is withdrawn.

24. Sending of Marketing Emails and Marketing Automation

We use HubSpot for our online marketing activities. HubSpot is a service of HubSpot, Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA).

This is an integrated software solution with which we cover various aspects of our online marketing.

These include:

  • Contact management and profiling (e.g. user segmentation)
  • Sending of marketing emails

25. Contact Management and Profiling

There are several ways on our website to submit a form with your contact information. When you complete and submit a contact form in order to request a trial or subscribe to marketing emails, a CRM (Customer Relationship Management) entry is created in HubSpot with the information you provided along with additional information regarding your visit to the website. HubSpot collects this additional information using “cookies”, which are text files stored on your computer allowing us to analyze your activities with our content. This includes the following personal data:

  • Location
  • Viewed pages and forms
  • Length of visit
  • Data entered into forms (for example the email address provided for a newsletter registration)

The legal basis is our legitimate interest according to Art. 6 para. 1(f) GDPR. Our interest is aimed at the acquisition of customers by promptly replying to contacts, sending requested marketing emails and conducting statistical surveys and analyses.

The cookies are stored up to 13 months. IP addresses are not stored. The CRM data is deleted as soon as it is no longer required for the purpose of its collection, or the user revokes consent to the processing of data (e.g. by sending an email to mail@meisterplan.com) or unsubscribes from further communication on their profile page.

26. Sending of Marketing Emails

Our website offers you several ways to subscribe to marketing emails sent via HubSpot:

  • When you request various content (such as a white paper), it is necessary to provide an email address. Once you have registered for the content, you will be able to access the download and will receive an email with the opportunity to opt-in to the newsletter.
  • When requesting trial access through the website, you may also choose to opt-in to the newsletter in accordance with Art. 7 Para. 4 GDPR.
  • There are several pages on the website where you can complete a form to opt-in to the newsletter.
  • After registering for a trial version, you will automatically receive several emails with information on access, help materials and onboarding.

The legal basis for data processing for the purpose of sending marketing emails is your consent in accordance with Art. 6 para. 1 sent. 1(a) GDPR. The objective of data processing when ordering marketing emails is to inform our interested parties of new offers and relevant topics concerning our software application and the Lean PPM framework.

To ensure data protection-compliant consent, the newsletter subscription uses a double opt-in procedure. After entering your email address, you will receive a confirmation email with a corresponding link. This will confirm your subscription to the newsletters. With this we verify that you are the owner of the email address provided, and that you agree to receive the newsletter. Additional data is only collected on a voluntary basis.

Subscriptions to marketing emails are logged so that the process can be verified in accordance with legal requirements. This includes the storage of both time of registration and time of confirmation. Changes to your stored data are also logged. This data is stored in addition to the data mentioned in the “Contact Management and Profiling” section.

Statistical surveys also include determining if the marketing emails are opened, when they are opened, which links are clicked and whether the delivery of the emails was successful.

You can revoke your consent to receive future marketing emails at any time. This does not affect our right to previously processed data. You can unsubscribe to this service by clicking the unsubscribe link included in every newsletter, in your personal mailing profile or by sending an email to mail@meisterplan.com. If you revoke your consent to receive our newsletters, the data collected for this purpose will be deleted immediately, unless it is required for another purpose.

All data (contact management/sending of marketing emails) are processed on the marketing platform HubSpot and therefore transmitted to HubSpot, Inc. and affiliated companies. Although HubSpot has operated a data center in Frankfurt since 2018, HubSpot cannot guarantee that data will not be sent to the USA. When HubSpot shares your information with other HubSpot affiliates, HubSpot is in compliance with the EU-US Privacy Shield Agreement and the Swiss-U.S. Privacy Shield for the transfer of information collected in the European Economic Area and Switzerland.

HubSpot’s participation in the US Privacy Shield ensures a uniform level of data protection. In addition, we have entered into a contract with HubSpot for order processing pursuant to Art. 28 of the GDPR.

Additional information on HubSpot’s privacy policy can be found here: https://legal.hubspot.com/privacy-policy
Additional information from HubSpot regarding the EU data protection regulations can be found here: https://legal.hubspot.com/data-privacy

You can prevent the overall storage of cookies by HubSpot at any time through your browser settings.

27. Data Collection from Mail/Email Messages and Registration/Contact Forms

We may collect additional data voluntarily provided by you in various ways, such as through a contact request using the contact form, an inquiry via email, telephone or mail, or when requesting and activating a trial version. The basis for collecting and processing your data is pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. Our legitimate interest lies in answering customer requests, providing uncomplicated and secure communication channels for data protection as well as the non-binding provision of our trial software. The data required for this can be found in the mandatory fields of the corresponding forms. Any other data provided will be determined by you. The data collected here will only be used to answer your inquiry or to provide you with the corresponding demonstration software.

28. Use of Trial Accounts

You can register for a free trial account with our Meisterplan system. In addition to the data required for registration (email address and system name), we will also process the data entered during your trial period. For additional information, please refer to the Terms of Service (https://meisterplan.com/terms-of-service-eu/).

Upon activating a trial version, the following data will also be collected:

Time of interaction with the forms, ID of the Google Analytics cookie, internal ID of the generated test instance, and telephone number (optional). This serves to maintain our trial process operation, support sales and evaluate our marketing strategies. Your data will be stored for as long as it is required for business purposes or if there is a legitimate interest in contacting you again.

The legal basis for this data processing is pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. Our legitimate interest lies in providing the potential customer with the best possible and unrestricted insight into our software application using real data. In addition, availability of the information already entered into the software should be made possible after purchase.

The data entered for your trial system will be hosted in Frankfurt/Main (Germany) or Oregon (USA) according to your selection. Transfer to third parties takes place within the EU based on signed Data Processing Agreements with service providers from Germany. Your data will only be transferred to a third country if you decide to do so. In doing so, the data is transferred to and hosted by the provider AWS. A uniform level of data protection is ensured through their participation in the Privacy-Shield Agreement. There is also a Data Processing Agreement with this service provider.

By submitting a request for the trial version, you agree to the Terms of Service (https://meisterplan.com/terms-of-service-eu/) and will automatically receive a contract for a Data Processing Agreement with itdesign GmbH as the supplier. Additional information can be found in this contract.

29. Deletion Periods

Our deletion periods shall be in accordance with the current legal requirements for deletion and storage.

30. Rights with Regards to Our Data Processing

You have the following rights with regards to our processing your personal data:

  • Withdrawal of consent: If your data is processed on the basis of consent, e.g. within the scope of Art. 6, Para. 1, Sent. 1(a) GDPR, you can withdraw your consent to the processing of your data at any time. The lawfulness of any previous processing remains unaffected.
  • Objection (Art. 21 GDPR): Provided that data is processed based on a legitimate interest pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR, you nevertheless have the right to object to the processing of your personal data. The corresponding processing would therefore be discontinued, provided that our compelling interest does not surpass your interests.
  • Data access (Art. 15, Para. 1 GDPR): You have the right to obtain information on your personal data free of charge.
  • Rectification (Art. 16 GDPR): You have the right to rectify inaccurate data and to have incomplete data completed, taking into account the purposes of the processing.
  • Erasure (Art. 17 GDPR): You have the right to the deletion of your personal data or to the Restriction (Art. 18 GDPR) of its processing if deletion is not legally possible.
  • Data portability (Art. 20 GDPR): You have the right to receive your personal data in a commonly used and machine-readable format.
  • Right of appeal: You have the right to appeal to a regulatory agency. The data protection supervisory authority responsible is that of the federal state in which you live or in which the person responsible is based.

Please contact our Data Protection Officer if you have any questions.

31. Non-Obligatory Provision of Personal Data

The provision of personal data is not required by law or contract nor is it necessary for the conclusion of a contract, unless otherwise stated in the above list. There is no obligation to provide personal data unless otherwise stated. Failure to provide personal information may result in us not being able to respond to your contact requests, provide you with all the features of our website or allow you to use our software free of charge.