Meisterplan values your privacy

Privacy Policy

Last updated: December 8, 2023

Overview in Layman’s Terms

For a quick overview, we have summarized the most important content of our data protection policy in layman’s terms. This summary is not complete and is not legally binding.

  • The legal basis for the processing of your personal data is the GDPR, to which we adhere.
  • Cookies are used by our website for various purposes – for example, to collect statistical data or to display relevant advertising.
  • Advertising and marketing are an important building block for us. In order to be able to measure the success of our advertising and marketing activities, we use the services of companies with which we have concluded an order processing agreement. With remarketing, we display relevant advertising to users who have already visited our pages.
  • Forms that you fill out – be it for the newsletter, a download or a trial version – lead to an entry in our contact database. Some forms use reCAPTCHA to avoid spam.
  • You can subscribe to newsletters in various ways (e.g., via a form or by activating a checkbox when registering a trial version). Subscribing to a newsletter results in a CRM entry and a log of your activities with content. Trial users will automatically receive a series of emails to help them use the trial. You can cancel or change your newsletter subscription at any time. To do so, click on the link to unsubscribe at the bottom of the email.
  • Data from customers and trials are processed through various services from third-party companies with high standards of data protection. We have concluded an order processing agreement with our subcontractors, or you are entering into a direct legal relationship.
  • Customer care is provided by us or by our contractual partners. A list of partners can be found in this declaration.
  • Data is merged from different sources: trial form, website, software and emails. Data is anonymized when it is possible and makes sense (e.g,. IP addresses in Google Analytics).
  • You can use social media to share content from our site. Data will only be transmitted if you click on the corresponding function on the website. Our social media guidelines for our presence in social media can be found at https://meisterplan.com/trust-center/social-media-privacy-policy/
  • The data deletion periods for the execution of the contract comply with the legal requirements. Server logs are automatically deleted after 365 days at the latest. Statistical data is automatically deleted or aggregated after 5 years.

 

1 Introduction

With the following data protection policy, we would like to explain to you which types of your personal data (hereinafter also referred to as “data”) we process, for what purposes and to what extent. The data protection policy applies to all processing of personal data carried out by us, both in the context of the provision of our services as well as in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online service”).

The terms used are not gender specific.

We can adapt this policy from time to time, e.g., to take account of changed processes or new developments.

Further provisions may apply to the use of the application, which are regulated by the Software as a Service Terms.

 

2 Responsible Body and Data Protection Officer

The offer described here is provided by:
itdesign GmbH
Friedrichstr. 12
72072 Tübingen
Germany

Our external data protection officer is:
Dr. iur. Christian Borchers
Datenschutz Süd GmbH
Wörthstrasse 15
97082 Würzburg
office@datenschutz-sued.de

 

3 Data Processing Overview

The following overview summarizes the types and purposes of data processed and refers to the data subjects.

Types of Data Processed

  • Inventory data (e.g., names, addresses)
  • Content data (e.g., entries in online forms)
  • Contact details (e.g., email, phone numbers)
  • Meta/communication data (e.g., device information, IP addresses)
  • Usage data (e.g., websites visited, interest in content, access times)
  • Contract data (e.g., subject of the contract, duration, customer category)
  • Payment data (e.g., bank details, invoices, payment history)

Categories of Data Subjects

  • Employees (e.g., employees, applicants, former employees)
  • Business and contractual partners
  • Prospective buyers
  • Communication partners
  • Customers
  • Users (e.g., website visitors, users of online services)

Purposes of Data Processing

  • A/B tests
  • Provision of our online service and user-friendliness
  • Conversion measurement (measurement of the effectiveness of marketing measures)
  • Office and organizational procedures
  • Click tracking
  • Content Delivery Network (CDN)
  • Cross-device tracking (cross-device processing of user data for marketing purposes)
  • Direct marketing (e.g., by mail or email)
  • Feedback (e.g., collecting feedback via the online form)
  • Heatmaps (mouse movements on the part of the user, which are summarized into an overall picture.)
  • Interest-based and behavioral marketing
  • Contact requests and communication
  • Profiling (creation of user profiles)
  • Remarketing
  • Range measurement (e.g., access statistics, detection of returning visitors)
  • Safety measures
  • Tracking (e.g., interest/behavioral profiling, use of cookies)
  • Surveys and questionnaires (e.g., surveys with input options, multiple choice questions)
  • Provision of contractual services and customer service
  • Management and answering of inquiries
  • Target group formation (determination of target groups relevant for marketing purposes or other output of content)

 

4 Relevant Legal Bases

In the following, we share the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process the personal data. Please note that in addition to the regulations of the GDPR, the national data protection requirements in your or our country of residence and domicile may apply. If more specific legal bases are relevant in individual cases, we will inform you of this in the data protection policy.

  • Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR) – The person concerned has given their consent to the processing of their personal data for a specific purpose or for several specific purposes.
  • Fulfillment of the contract and precontractual inquiries (Art. 6 Para. 1 S. 1 lit. b.GDPR) – The processing is necessary for the fulfillment of a contract to which the data subject is a party or for the implementation of precontractual measures that are requested by the data subject respectively.
  • Legal obligation (Art. 6 Para. 1 S. 1 lit. c. GDPR) – The processing is necessary to fulfill a legal obligation to which the person responsible is subject.
  • Perception of public interests (Art. 6 Para. 1 S. 1 lit. e. GDPR) – The processing is necessary for the performance of a task that is in the public interest or is carried out in the exercise of official authority that has been transferred to the person responsible.
  • Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR) – The processing is necessary to safeguard the legitimate interests of the controller or a third-party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.

National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes in particular the law on the protection against misuse of personal data during data processing (Federal Data Protection Act – BDSG). The BDSG contains in particular special regulations on the right to information, the right to erasure, the right of objection, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases, including profiling. It also regulates data processing for the purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states can apply.

 

5 Security Measures

We shall take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the data processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as to the access, input, transfer, securing of availability and their separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to threats to the data. Furthermore, we consider the protection of personal data already in the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and data protection-friendly default settings.

Shortening the IP address: If it is possible for us or if it is not necessary to save the IP address, we will shorten your IP address or have your IP address shortened. If the IP address is shortened, also known as “IP masking”, the last octet, i.e.,, the last two digits of an IP address, is deleted (the IP address in this context is an Internet connection through the online access provider individually assigned identifier). The shortening of the IP address is intended to prevent or make it much more difficult to identify a person using their IP address.

SSL encryption (https): We use SSL encryption to protect your data transmitted via our online service. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.

 

6 Transfer and Disclosure of Personal Data

As part of our processing of personal data, it may happen that the data is transferred to other bodies, companies, legally independent organizational units or persons or that the personal data is disclosed to them. The recipients of this data can include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such a case, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements that serve to protect your data with the recipients of your data.

 

7 Data Processing in Third Countries

If we process data in a third country (i.e.,, outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this is only in accordance with legal requirements.

Subject to express consent or contractually or legally required transfer, we process or have the data processed only in third countries with a recognized level of data protection, contractual obligation through standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection

 

8 Use of Cookies

We use cookies on our website pages (meisterplan.com (main domain) and the associated subdomains, eu.meisterplan.com and us.meisterplan.com (software) and help.meisterplan.com (Help Center)). These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Information is stored in the cookie that results in connection with the specific device used. However, this does not mean that we are immediately aware of your identity.

Cookies serve the user-friendliness of our website pages and software (e.g., storage of login data) as well as the recognition of users who have been referred to us by specific partners. Cookies are also used to collect statistical data on website usage and for analysis to optimize the website.

You can find more information about the cookies used by Meisterplan and how you can prevent cookies from being set in our cookie policy: https://meisterplan.com/trust-center/meisterplan-cookie-policy/

Notes on legal bases: The legal basis on which we process your personal data with the help of cookies depends on whether we ask for your consent. If you have given consent to the use of cookies, the legal basis for processing your data is the declared consent in accordance with Article 6 Paragraph 1 Clause 1 lit. GDPR.

Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests in the business operation of our services and their improvement or, if the use of cookies is necessary, to fulfill our contractual obligations.

Storage period: Please refer to the cookie policy to determine the storage period of the cookies: https://meisterplan.com/trust-center/meisterplan-cookie-policy/. If we do not provide you with explicit information on the storage period of permanent cookies in the cookie policy, please assume that the storage period can be up to two years.

General information on revocation and objection (opt-out): Depending on whether the processing takes place on the basis of consent or legal permission, you have the option at any time to revoke your consent or to object to the processing of your data using cookie technologies (collectively referred to as “opt-out”). You can first explain your objection using the settings of your browser, e.g., by deactivating the use of cookies (which can also restrict the functionality of our online service). An objection to the use of cookies for online marketing purposes can also be explained by means of a variety of services, especially in the case of tracking, through the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you can use the “Borlabs” plugin on our website to adjust your cookie settings.

Processing of cookie data on the basis of consent: Before we process or have data processed in the context of the use of cookies, we ask you for consent that can be revoked at any time. Until consent has been given, only cookies that are strictly necessary for the operation of our online service (e.g., country allocation for the trial version) or are necessary for economic operation (analytics and conversion tracking) are used.

  • Processed data types: usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Affected persons: users (e.g., website visitors, and software users).
  • Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

 

9 Applicant Management

The link “Jobs at Meisterplan” on this page refers to the vacancies on the website https://itdesign.de/karriere/stellenangebote/. Reference is therefore made here to the corresponding data protection policy for applicant management under the heading “Data Protection Policy for the Application Process”.

 

10 Commercial and Business Services

itdesign GmbH processes the data of our contractual and business partners, e.g., customers and prospective buyers (collectively referred to as “contractual partners”) in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with the contractual partners (or precontractual), e.g., to answer inquiries. We process this data to fulfill our contractual obligations, to secure our rights and for the purposes of the administrative tasks associated with this information as well as the business organization. We only pass on the data of the contractual partners to third parties within the framework of applicable law to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations or with the consent of the persons concerned (e.g., to participating telecommunications and subcontractors, banks, tax – and legal advisers, payment service providers or tax authorities). The contractual partners will be informed about other forms of data processing, e.g., for marketing purposes, within the scope of this data protection policy.

In the context of contractual and other legal relationships, due to legal obligations and to fulfill the contract, we offer the persons concerned efficient and secure payment options and use other payment service providers in addition to banks and credit institutions (collectively “payment service providers”).
The data processed by the payment service provider includes inventory data such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, sum and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed and stored by the payment service providers.This means that we do not receive any account or credit card-related information, only information with confirmation or negative information about the payment. Under certain circumstances, the data will be transmitted to credit agencies by the payment service provider. The purpose of this transmission is to check your identity and creditworthiness. For this purpose, we refer to the terms and conditions and the data protection information of the payment service providers.
For payment transactions, the terms and conditions and the data protection information of the respective payment service provider apply, which can be called up within the respective websites or transaction applications. We also refer to these for the purpose of further information and assertion of rights of revocation, information and other data subjects.

 

We will inform the contracting parties before or within the scope of data collection, e.g., in online forms, by special marking in the form of asterisks or in person, which data are required for the aforementioned purposes.

Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection policies of the respective third-party providers or platforms apply in the relationship between users and providers.

Shop: We process the data of our customers in order to enable them to select, purchase or order the selected products, goods and related services, as well as their payment and delivery or execution. We use the services of banks and payment service providers to process payment transactions. The information required is marked as such in the context of the order or comparable acquisition process and includes the information required for delivery or provision and billing as well as contact information in order to be able to hold any consultation.

Meisterplan trial version: We process the data of our registered users and any trial users (hereinafter uniformly referred to as “users”) in order to be able to provide them with our contractual services and on the basis of legitimate interests to ensure the security of our service and to be able to further develop it. The information required is identified as such in the context of the completion of the order, order or comparable contract and includes the information required for the provision of services and billing as well as contact information in order to be able to hold any consultations.

  • Processed data types: inventory data (e.g., names, addresses), payment data (e.g., bank details, invoices, payment history), contact details (e.g., email, phone numbers), contract data (e.g., subject of the contract, term, customer category), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Affected persons: interested parties, business and contractual partners, customers.
  • Purposes of processing: Provision of contractual services and customer service, contact inquiries and communication, office and organizational procedures, administration and answering of inquiries, security measures.
  • Legal basis: contract fulfillment and precontractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legal obligation (Art. 6 Par. 1 S. 1 lit. c. GDPR).
  • Storage period: The deletion periods are based on the legal requirements for deletion and storage. Customerdata used for license accounting will be deleted 10 years after the system expires. For more information on the deletion periods we apply, please refer to the table under “Deletion of data” at the end of the Data protection policy.

Used services and service providers:

A current and complete list of subcontractors used can be found at meisterplan.com/subcontractors/.

 

11 Provision of the Online Service and Web Hosting

In order to be able to provide our online service securely and efficiently, we use the services of web hosting providers, from whose servers (or servers managed by them) the online service can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.

The data processed as part of the provision of the hosting service can include all information relating to the users of our online service that is generated in the context of use and communication. This regularly includes the IP address, which is necessary in order to be able to deliver the content of the online service to browsers, and all entries made within our online service or from websites.

Collection of access data and log files: We ourselves (or our web hosting provider) collect data on every access to the server (so-called server log files). The server log files may include the address and name of the retrieved websites and files, the date and time of the retrieval, the amount of data transferred, the notification of successful retrieval, the browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. In the case of meisterplan.com, IP addresses and user agents are the personal data that is processed.

The server log files can be used for security purposes, e.g., to avoid overloading the server (especially in the case of improper attacks, or so-called DDoS attacks) and also to ensure server utilization and stability.

Content delivery network: We use a “content delivery network” (CDN). A CDN is a service with the help of which the content of an online service, in particular large media files such as graphics or program scripts, can be delivered faster and more securely with the help of regionally distributed servers connected via the Internet.

By retrieving this data, information about your use of our website (such as your IP address) is transmitted.

  • Processed data types: content data (e.g., entries in online forms), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Affected persons: users (e.g., website visitors, users of online services).
  • Processing purposes: Content Delivery Network (CDN), and hosting.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
  • Storage period: The data collected here will not be stored for longer than 365 days and then anonymized or deleted. This also applies to the unabridged IP addresses.

Used services and service providers:

On our part, an order processing contract was concluded with Amazon and Pagely in accordance with Art. 28 GDPR.

The processed data is transferred to an Amazon and Pagely server in the USA (third country) and stored there. For the USA there is no adequacy decision by the European Commission and therefore no data protection level comparable to that of the European Union, so that in particular the exercise of data subject rights is more difficult and access to the data by state authorities cannot be ruled out. However, we have concluded standard contractual clauses with Amazon and Pagely, by means of which Amazon and Pagely is obliged to comply with European data protection standards. Please contact our data protection officer if you would like more information or copies.

 

12 Receipt of Applications via App Stores

The Meisterplan mobile apps for employees (not the main application) are purchased via special online platforms operated by other service providers (so-called “App Stores”). In this context, the data protection notices of the respective app stores apply in addition to our data protection notices. This is particularly true with regard to the range measurement and interest-based marketing methods used on the platforms.

  • Processed data types: inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Affected persons: customers and prospects.
  • Purpose of processing: Provision of contractual services and customer service.
  • Legal basis: Contract fulfillment and precontractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Par. 1 S. 1 lit. f. GDPR).

Used services and service providers:

 

13 Contacting Us and Feature Requests

When contacting us (e.g., via the contact form, request a demo request, email requests, telephone calls or via social media) and when using the Help Center at help. meisterplan.com (e.g., support requests or feature requests), the details of the person inquiring are processed, provided that these details are necessary to answer the contact requests and any necessary measures requested.

The answering of contact requests in the context of contractual or precontractual relationships is carried out to fulfill our contractual obligations or to answer (pre)contractual inquiries and otherwise to answer requests on the basis of legitimate interests.

  • Processed data types: inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., entries in online forms), payment data (e.g., bank details, invoices, payment history), contract data (e.g., subject matter of the contract, term, customer category), meta -/communication data (e.g., device information, IP addresses), usage data (e.g., websites visited, interest in content, access times, attachments (documents and images).
  • Affected persons: communication partners, customers, users (e.g., website visitors, users of online services).
  • Purposes of processing: contact requests and communication, administration and answering of inquiries, feedback (e.g., collecting feedback via online form), surveys and questionnaires (e.g., surveys with input options, multiple-choice questions).
  • Legal basis: Contract fulfillment and precontractual inquiries (Art. 6 Para. 1 S. 1 lit.b.GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit.f. GDPR), representation of public interests (Art. 6 Par. 1 S. 1 lit. e. GDPR).
  • Storage period: The deletion periods are based on the legal requirements for deletion and storage: Data used for license accounting will be deleted 10 years after the system has expired. The address record stored in the CRM system is stored for 6 years after it has been created and then deleted, provided that the processing purpose is omitted. If the purpose and legality of the data storage continue to exist when the deletion date is reached, the deletion date will be extended by a further 6 years. Marketing contacts, as well as cookie data, are deleted after 2 years at the latest, provided the processing purpose no longer applies. If the purpose and legality of the data storage continue to exist, the deletion date will be extended by a further 2 years.

Used services and service providers:

Contracts for order processing under Article 28 GDPR were concluded with Hubspot, Zendesk, Product Board and Microsoft.

The processed data is transmitted to a Zendesk or Microsoft server in the USA (third country) and stored there. For the USA, there is no adequacy decision by the European Commission and therefore no data protection level comparable to that of the European Union, so that, in particular, the exercise of data subject rights is more difficult and access to the data by state authorities cannot be ruled out. We have concluded standard contractual clauses with Zendesk and Microsoft, by means of which Zendesk and Microsoft are obliged to comply with European data protection standards. Please contact our data protection officer if you would like more information or copies.

 

14 User Feedback

When contacting us for the purpose of user feedback (e.g., via the feedback form), the details of the user are processed, provided that these details are necessary to evaulate the feedback, to answer the feedback and to communicate about any requested measures.

The processing of user feedback is based on the legitimate interests in processsing and responding to the inquiries.

  • Processed data types: content data (e.g., entries in online forms)
  • Affected persons: users (e.g., via Product Board or the Meisterplan application)
  • Purposes of processing: Surveys on product development
  • Legal basis: legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDRP)
  • Storage period: The deletion periods are based on the legal requirements for deletion and storage.

Used services and service providers:

 

15 Customer Care and Customer Referral through Third Parties

If you use the services and trial versions of Meisterplan via our platforms (e.g., meisterplan.com) or would like to try them out, your data will be collected by us and, if necessary, passed on to third parties. These third-party companies are entrusted with the support of interested parties and customers in the respective official language.

If you become aware of Meisterplan through a partner, the partner will inform us of this. The aim is that your trial version is assigned to the partner and that we avoid double contact.

If you come to our website from the website of a third-party company with a contractual relationship with us (e.g., our partners) and register a trial version, we will forward this information to our partner. We aim to present our products on other websites as well.

Processed data types: inventory data (e.g., names, addresses), contact details (e.g., email, phone numbers) and content data (e.g., entries in online forms)

  • Data subjects: customers, users.
  • Purposes of processing: contact requests and communication, management and answering of requests. Customer-friendly and customer-friendly support in the respective official language
  • Legal basis: Contract fulfillment and precontractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Par. 1 S. 1 lit. f. GDPR).
  • Storage period: Your personal data will be stored by our contractual partners for as long as they are required for the purpose of conducting business relationships or for as long as there is a legitimate interest in re-establishing contact.

Partners:

  • Germany/adensio GmbH, Eportis GmbH, SOLVIN information management GmbH
  • Switzerland/diventis GmbH, Projectworld GmbH
  • France/ISPA Consulting
  • Netherlands/Odysseus Group
  • UK/ILX Group, Sandhill Consultants Ltd.

If your data by service providers within the EU or UK are processed, they are subject to the provisions of GDPR. Switzerland is a secure third country to which the European Commission has confirmed an adequate level of data protection per adequacy decision.

 

16 Video Conferencing, Online Meetings, Webinars and Screen Sharing

We use platforms and applications from other providers (hereinafter referred to as “third-party providers”) for the purpose of holding video and audio conferences, webinars and other types of video and audio meetings. When selecting third-party providers and their services, we observe the legal requirements.

If you communicate with us via video or audio conference via the Internet, GoToMeeting or Microsoft Teams, or if you receive an invitation to use Microsoft 365 (e.g., Microsoft Teams, Microsoft SharePoint online), your personal data will be processed by us and by the provider of the respective conference tools.

In this context, data of the participants are processed and stored on the servers of the third-party providers, insofar as they are part of communication processes with us. This data can include, in particular, registration and contact data, visual and vocal contributions as well as entries in chats and the content of shared screens.

If users are referred to third-party providers or to their software or platforms in the context of communication, business or other relationships with us, the third-party providers can process usage data and metadata for security purposes, service optimization or marketing purposes. We therefore ask you to observe the data protection information of the respective third-party provider.

Notes on legal bases: If we ask users for their consent to the use of third-party providers or certain functions (e.g., consent to the recording of conversations), the legal basis for processing is consent. Furthermore, their use can be part of our (pre)contractual services, provided that the use of third-party providers has been agreed on in this context. Otherwise, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners.

  • Processed data types: inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., entries in online forms), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
    Furthermore, the provider of the tool processes all technical data required to handle online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker as well as the type of connection.
  • Affected persons: communication partners, users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of contractual services and customer service, contact requests and communication, office and organizational procedures.
  • Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), contract fulfillment and precontractual inquiries (Art. 6 Para. 1 S. 1 lit. b.GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit.f.GDPR).
  • Storage period: The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete them, revoke your consent to storage or the purpose for data storage no longer applies. Saved cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.
    We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Used services and service providers:

Contracts for order processing under Article 28 GDPR were concluded with the service providers GoToMeeting and Microsoft.

With GoToMeeting and GoToWebinar, data is transferred to contractual partners from the EU. With this processing of your data, it may be transferred to countries outside the EU or EEA (so-called third countries). As far as necessary, standard contractual clauses have been concluded with the respective service providers.

In the case of Microsoft Teams, the processed data is transferred to a Microsoft server in the USA (third country) and stored there. For the USA, there is no adequacy decision by the European Commission and therefore no data protection level comparable to that of the European Union, so that, in particular, the exercise of data subject rights is more difficult and access to the data by state authorities cannot be ruled out. We have concluded standard contractual clauses with Microsoft, by means of which Microsoft is obliged to comply with European data protection standards. Please contact our data protection officer if you would like more information or copies.

 

17 Cloud Services

We use Microsoft 365 so-called “Microsoft Cloud Services” for communication and collaboration in the context of processing inquiries and to optimize our internal processes (usually teams for collaboration, Outlook for email communication and SharePoint for document management and other applications).

In this context, personal data can be processed and stored on the servers of the provider, insofar as they are part of communication process with us or otherwise processed by us, as set out in this data protection policy. This data can include, in particular, master data and contact details of the users, data on transactions, contracts, other processes and their content. The cloud service providers also process usage data and metadata, which they use for security purposes and for service optimization.

If we use the cloud services to provide forms or other documents and content to other users or publicly accessible websites, the providers may store cookies on the users’ devices for the purposes of web analysis or to remember user settings (e.g., in the case of media control).

You can find more information about the cookies used by Meisterplan in our cookie statement: https://meisterplan.com/trust-center/meisterplan-cookie-policy/

Notes on legal bases: If we ask for consent for the use of cloud services, the legal basis for processing is consent. Furthermore, their use can be part of our (pre)contractual services, provided that the use of the cloud services has been agreed on in this context. Otherwise, user data will be processed on the basis of our legitimate interests (ie, interest in efficient and secure administrative and collaboration processes).

  • Processed data types: inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., entries in online forms), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device Information, IP addresses).
  • Affected persons: Customers, employees (e.g., employees, applicants, former employees), interested parties, communication partners.
  • Purposes of processing: office and organizational procedures.
  • Storage period: This data is stored by Microsoft for a specific purpose and deleted when the purpose no longer applies.
  • Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), contract fulfillment and precontractual inquiries (Art. 6 Para. 1 S. 1 lit. b.GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit.f.GDPR).

Used services and service providers:

A contract for order processing under Article 28 GDPR was concluded with the service provider Microsoft.

In the case of Microsoft Teams, the processed data is transferred to a Microsoft server in the USA (third country) and stored there. For the USA, there is no adequacy decision by the European Commission and therefore no data protection level comparable to that of the European Union, so that, in particular, the exercise of data subject rights is more difficult and access to the data by state authorities cannot be ruled out. We have concluded standard contractual clauses with Microsoft, by means of which Microsoft is obliged to comply with European data protection standards. Please contact our data protection officer if you would like more information or copies.

 

18 Newsletters and Marketing Emails, Emails about Using Meisterplan

We send newsletters, emails and other electronic notifications (hereinafter “newsletters”) only with the consent of the recipient or legal permission. If the content of the newsletter is specifically described when registering for the newsletter, they are decisive for the consent of the user. In addition, our newsletters contain information about our services and us.

In order to subscribe to our newsletters, it is generally sufficient to provide your email address. However, we can ask you to provide a name for the purpose of addressing you personally in the newsletter, or to provide further information if this is necessary for the purposes of the newsletter.
If you subscribe to the newsletter via the additional checkbox when registering a trial version, we will store the information you provided for the trial (first name, last name, company, phone number) together with your newsletter registration in our contact software.

Double opt-in procedure: The registration for our newsletter takes place in a double opt-in procedure. This means that after registration you will receive an email in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with someone else’s email address. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the shipping service provider are also logged.

Deletion and restriction of processing: We can save the unsubscribed email addresses for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time. In the event of obligations to permanently observe contradictions, we reserve the right to store the email address in a block list for this purpose alone.

The logging of the registration process takes place on the basis of our legitimate interests for the purpose of proving that it has proceeded properly. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure mailing system.

Notes on legal bases: The newsletter is sent on the basis of the recipient’s consent or, if consent is not required, on the basis of our legitimate interests in direct marketing, if and to the extent that this is permitted by law, e.g., in the case of advertising to existing customers. Insofar as we commission a service provider to send emails, this is done on the basis of our legitimate interests. The registration process is recorded based on our legitimate interests to demonstrate that it was carried out in accordance with the law.

Contents:

  • After registering for our newsletter, you will receive information about us, our services (e.g., round table), promotions and offers. You will receive this information until you unsubscribe or file an objection.
  • After registering a trial version, you will automatically receive several emails about your trial version with information about your access, help materials and tips on how to get the most out of your trial version. You will only receive this information during your trial period and up to six months after the end of your trial period.
    You will also receive the product newsletter with information about further product development , release information and discontinuations. You will continue to receive this information until you unsubscribe or file an objection.
    If you are from a country where the law allows it, you will also be automatically subscribed to the general newsletter when you register for a trial version. You will continue to receive this information until you unsubscribe or file an objection. 

Analysis and success measurement: The newsletters contain a so-called “web beacon”, i.e., a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a shipping service provider, from its server initially technical information, such as information about the browser and your system, as well as your IP address and the time of access, is collected.

This information is used to technically improve our newsletter on the basis of the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. This analysis also includes determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our endeavor nor, if used, that of the shipping service provider to observe individual users. Rather, the evaluations serve us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

The evaluation of the newsletter and the measurement of success are based on our legitimate interests for the purpose of using a user-friendly and secure newsletter system that serves both our business interests and the expectations of the users.

A separate revocation of the performance measurement is unfortunately not possible, in this case the entire newsletter subscription must be canceled or unsubscribed.

  • Prerequisite for the use of free services: Consent to the sending of email can be made dependent on the use of free services (e.g., access to certain content such as white papers or participation in certain campaigns such as webinars). If users want to use the free service without registering for the newsletter, we ask you to contact us by email at mail@meisterplan.com.
  • Processed data types: inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), form data (e.g., the information you provide), meta/communication data (e.g., device information, IP addresses), usage data (e.g., websites visited, interest in content, access times).
  • Affected persons: communication partners, users (e.g., website visitors, users of online services).
  • Purposes of processing: direct marketing (e.g., by email or post), customer service, range measurement (e.g., access statistics, recognition of returning visitors), tracking (e.g., interest-/behavior-related profiling, use of cookies), profiling (creation of user profiles).
  • Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR) for newsletters, legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR) for trial emails.
  • Opposition option (opt-out): You can cancel the receipt of our newsletter at any time, i.e., revoke your consent or object to further receipt. You will find a link to unsubscribe to the newsletter either at the end of each newsletter or you can use one of the contact options given above, preferably email.
  • Deletion periods: The deletion periods are based on the legal requirements for deletion and storage. The address data set stored in the CRM system is stored for 6 years after it has been created and then deleted if the processing purpose no longer applies. If the purpose and legality of the data storage continue to exist when the deletion date is reached, the deletion date will be extended by a further 6 years.

Used services and service providers:

A contract for order processing under Article 28 GDPR was concluded with HubSpot.

With Hubspot,data is transferred to contractors from the EU. With this processing of your data, it may be transferred to countries outside the EU or EEA (so-called third countries). As far as necessary, standard contractual clauses have been concluded with the respective service providers.

 

19 Transactional Emails

We only send transactional emails with the consent of the recipient or legal permission. These are emails to activate your free trial, to reset your password or notifications about the software.

Notes on legal bases: Transaction emails are sent on the basis of the fulfillment of the contract to offer the customer prompt access to the requested software.

  • Analysis and success measurement: There is no analysis or success measurement. Processed data types: inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), form data (e.g., the information you provide), meta/communication data (e.g., device information, IP addresses).
  • Affected persons: users (trial version).
  • Purposes of processing: Granting timely access to the requested software, provision of contractual services and customer service.
  • Legal basis: contract fulfillment and precontractual inquiries (Art. 6 Para. 1 S. 1 lit. b.GDPR).
  • Opposition option (opt-out): You can cancel the receipt of our transaction emails at any time, i.e., withdraw your consent or object to further receipt. You will find a link to unsubscribe from the transaction emails either at the end of each email or you can use one of the contact options given above, preferably email.
  • Storage period: The data collected will be deleted at the latest as soon as the trial period of 30 days is over.


Used services and service providers:

 

A contract for order processing under Article 28 GDPR was concluded with Mailgun.

The processed data is transferred to a Mailgun server in the USA (third country) and stored there. For the USA, there is no adequacy decision by the European Commission and therefore no data protection level comparable to that of the European Union, so that, in particular, the exercise of data subject rights is more difficult and access to the data by state authorities cannot be ruled out. We have concluded standard contractual clauses with Mailgun, by means of which Mailgun is obliged to comply with European data protection standards. Please contact our data protection officer if you would like more information or copies.

 

20 Advertising Communication via Email, Mail, Fax or Phone

We process personal data for the purposes of advertising communication, which can take place via various channels, such as email, activation of a trial version, telephone, mail or fax, in accordance with legal requirements.

  • Processed data types: inventory data (e.g., names, addresses), contact details (e.g., email, phone numbers).
  • Affected persons: communication partner.
  • Purposes of processing: direct marketing (e.g., by email or mail), sales communication and consulting communication.
  • Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR)
  • Storage period: The recipients have the right to revoke their consent at any time or to object to promotional communication at any time.
    After revocation or objection, we can store the data required to prove consent for up to 2 years on the basis of our legitimate interests before we delete them. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time.

 

21 Web Analysis, Monitoring and Optimization

The web analysis (also known as “range measurement”) is used to evaluate visitor flows from meisterplan.com and the subdomains and can include behavior, interests or demographic information about the visitors, such as age or gender, as pseudonymous values. With the help of the range analysis, we can, for example, recognize at which time our online service or its functions or content are used most often or invite you to reuse these services. We can also understand which areas need optimization.

In addition to web analysis, we can also use test procedures, for example, to test and optimize different versions of our online service or its components.

For these purposes, so-called user profiles can be created and stored in a file (so-called “cookie”) or similar processes can be used for the same purpose. This information can include, for example, content viewed, websites visited and elements and technical information used there, such as the browser used, the computer system used and information on times of use. If users have consented to their location data being collected, this can also be processed, depending on the provider.

We use the data to maintain and improve our website, to evaluate user interaction with the website and to evaluate our marketing strategies. The data that we receive via Google Analytics can be merged with other data, e.g., data that you voluntarily provide to us via the website. See section “Merging Data”.

The IP addresses of the users are also saved. However, we use an IP masking process (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) are stored in the context of web analysis, A/B testing and optimization; only pseudonyms are stored. This means that we and the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economical and recipient-friendly services). In this context, we would like to draw your attention to the information on the use of cookies in this Data protection policy.

  • Processed data types: usage data (e.g., websites visited, interest in content, search terms, access times), meta/communication data (e.g., device information, IP addresses).
  • Affected persons: users (e.g., website visitors, users of the free trial)
  • Purposes of processing: Range measurement (e.g., access statistics, recognition of returning visitors), tracking (e.g., interest/behavior-related profiling, use of cookies), conversion measurement (measurement of the effectiveness of marketing activities), creation of user profiles, interest-based and behavior-related marketing, click tracking, A/B tests, feedback (e.g., collecting feedback via an online form), heat maps (mouse movements by the user, which are summarized into an overall picture.), surveys and questionnaires (e.g., surveys with input options, multiple-choice questions).
  • Security measures: IP masking (pseudonymization of the IP address), Masking of all individual user input (e.g. data entered in forms or project names in the free trial).
  • Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
  • Storage period: The user and event data collected by Google Analytics will be deleted within a period of 26 months. All data at Hotjar is automatically deleted after 365 days.

Used services and service providers:

Contracts for order processing under Article 28 GDPR were concluded with Google, Microsoft and Swifteq.

You can find more information about the cookies used by Meisterplan in our cookie statement: https://meisterplan.com/trust-center/meisterplan-cookie-policy/

For VWO, Google and Microsoft, the information generated in the cookie is transferred to a server in the USA (third country) and stored there. It is possible that Google and Microsoft use this data for any of its own purposes and links it to other data records, e.g., your search history or your personal accounts known to Google or Microsoft. We have no influence on this data processing. The data processing is mainly done by Google and Microsoft. For the USA, there is no adequacy decision by the European Commission and therefore no data protection level comparable to that of the European Union, so that, in particular, the exercise of data subject rights is more difficult and access to the data by state authorities cannot be ruled out. We have concluded standard contractual clauses with Google and Microsoft, by means of which Google and Microsoft are obliged to comply with European data protection standards. Please contact our data protection officer if you would like more information or copies.

 

22 Online Marketing and Online Advertising

We process personal data for online marketing purposes, which can include, in particular, the marketing of advertising space or the presentation of advertising and other content (collectively referred to as “content”) based on the potential interests of users and the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (called a “cookie”) or similar processes are used, by means of which the user information relevant to the presentation of the aforementioned content is saved. This information can include content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times. If users have consented to their location data being collected, this can also be processed.

The IP addresses of the users are also saved. However, we use available IP masking procedures (ie, using a pseudonym by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) are stored in the online marketing process, but only pseudonyms. This means that we and the providers of online marketing processes do not know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in the cookies or by means of similar processes. These cookies can later generally also be read out on other websites that use the same online marketing process, analyzed for the purpose of displaying content and supplemented with additional data and stored on the server of the online marketing process provider.

You can find more information about the cookies used by Meisterplan in our cookie statement: https://meisterplan.com/trust-center/meisterplan-cookie-policy/

As an exception, clear data can be assigned to the profiles. This is the case if the users are, for example, members of a social network whose online marketing process we use and the network connects the profiles of the users with the aforementioned information. We ask you to note that users can make additional agreements with the providers, e.g., by giving their consent during registration.

Unless otherwise stated, we ask you to assume that the cookies used will be stored for a period of two years.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economical and recipient-friendly services). In this context, we would like to draw your attention to the information on the use of cookies in this data protection policy.

Target group formation with Google Analytics: We use Google Analytics in order to display the advertisements placed by Google and its partners’ advertising services only to users who have also shown an interest in our online service or who have certain characteristics (e.g., interests in certain topics or products which are determined on the basis of the websites visited) which we transmit to Google (so-called “remarketing” or “Google Analytics audiences”). With the help of remarketing audiences, we would also like to ensure that our ads correspond to the potential interest of the users.

In the case of Google, the information generated in the cookie is transferred to a Google server in the USA (third country) and stored there. It is possible that Google uses this data for any of its own purposes and links it to other data records, e.g., your search history or your personal accounts known to Google. We have no influence on this data processing. The data processing is mainly done by Google. For the USA, there is no adequacy decision by the European Commission and therefore no data protection level comparable to that of the European Union, so that, in particular, the exercise of data subject rights is more difficult and access to the data by state authorities cannot be ruled out. We have concluded standard contractual clauses with Google, by means of which Google is obliged to comply with European data protection standards. Please contact our data protection officer if you would like more information or copies.

 

Conversion tracking: In principle, we only have access to summarized information about the success of our advertisements. However, we can use conversion measurements to check which of our online marketing processes have led to a conversion, i.e., for example, to a contract with us. The conversion measurement is used solely to analyze the success of our marketing measures. If you reach our website via advertisements from certain providers, the respective provider places a cookie on your computer, which is used to generate statistics on the effectiveness of advertisements based on your behavior.

This currently affects the following advertising platforms that are tracked in Google Tag Manager for a day:

  • Google Analytics Universal Analytics Tag
  • Bing Ads or Microsoft Advertising Universal Event Tracking
  • LinkedIn Insight Day
  • Twitter Universal Website Tag
  • Capterra Conversion Tracking

Facebook Pixel and target group formation (custom audiences): With the help of Facebook Pixel (or comparable functions, for the conversion of event data or contact information via interfaces in apps), Facebook is on the one hand able to identify the visitors of our online service as a target group. To determine the presentation of advertisements (called “Facebook Ads”). Accordingly, we use Facebook Pixel only to send Facebook ads to users on Facebook and within the services of the partners cooperating with Facebook (called “Audience Network”) https://www.facebook.com/audicencenetwork/) who have also shown an interest in our online service or who have certain characteristics (e.g., interest in certain topics or products that can be seen from the websites visited) that we transmit to Facebook as what is called “Custom Audiences” of Facebook Pixel. We also want to ensure that our Facebook ads correspond to the potential interest of the user and are not annoying. With the help of Facebook Pixel, we can also understand the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook advertisement (so-called “conversion measurement”).

We are jointly responsible, together with Facebook Ireland Ltd., for the collection or receipt of “event data” through Facebook Pixel and similar functions (e.g., interfaces) that are executed or obtained as part of a transmission for the following purposes as part of a transfer: a) display of content advertising information that corresponds to the presumed interests of users; b) delivery of commercial and transactional messages (e.g., addressing users via Facebook Messenger); c) Improving the delivery of ads and personalization of functions and content (e.g., improving the recognition of which content or advertising information is presumed to be in the interests of users). We have concluded a special agreement with Facebook (“Additional For Persons Responsible”, https://www.facebook.com/legal/controller_addendum) which regulates in particular which security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to comply with the affected rights (i.e., users can, for example, send information or deletion requests directly to Facebook). Note: If Facebook provides us with metrics, analyses and reports (which are aggregated, i.e., do not receive information about individual users and are anonymous to us), then such processing does not take place within the scope of joint responsibility, but on the basis of an order processing contract (“Data Processing Conditions “, https://www.facebook.com/legal/terms/dataprocessing) , “Data Security Conditions” (https://www.facebook.com/legal/terms/data_security_terms) and with regard to processing in the USA on the basis of standard contractual clauses (“Facebook-EU data transfer https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (in particular to information, deletion, opposition and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook.

  • Processed data types: usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses), location data (information on the geographical position of a device or a person), social data (data subject to social secrecy and processed, e.g., by social security institutions, social assistance institutions or pension authorities), event data (Facebook) (“event data” is data sent to us, for example, via Facebook Pixel (via apps or in other ways) and can relate to people or their actions. The data includes e.g., information about website visits, interactions with content, functions, installations of apps, purchases of products, etc. The event data is used for the purpose of creation of target groups for content and advertising information (custom audiences) processed; event data does not contain the actual content (such as written comments), no login information and no contact information (i.e., no names, email addresses and phone numbers). Event data is deleted by Facebook after a maximum of two years, the target groups formed from them are deleted with the deletion of our Facebook account).
  • Affected persons: users (e.g., website visitors, users of online services), interested parties, customers, employees (e.g., employees, applicants, former employees), communication partners.
  • Purposes of processing: Tracking (e.g., interest/behavior-related profiling, use of cookies), remarketing, conversion measurement (measurement of the effectiveness of marketing measures), interest-based and behavior-related marketing, profiling (creation of user profiles), range measurement (e.g., access statistics, recognition of returning visitors), Target group formation (determination of target groups relevant for marketing purposes or other output of content), cross-device tracking (cross-device processing of user data for marketing purposes).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
  • Opt-out): We refer to the data protection information of the respective provider and the options for objection given to the provider (called “opt-out”). If no explicit opt-out option has been specified, you have the option of switching off cookies in your browser settings. However, this can restrict the functions of our online service. We therefore also recommend the following opt-out options, which are offered in summary for the respective areas:
    a) Europe: https://youonlinechoices.edu.
    b) Canada: https://www.youradchoices.ca/choices.
    c) USA: https://www.aboutads.info/choices.
    d) Cross-regional: https://optout.aboutads.info
  • Storage period: The user and event data collected by Google Tag Manager will be deleted within a period of 26 months. We have no influence on the storage period of your data, which is stored by the operators of the advertising platforms for their own purposes. For details, please contact the operators of the tools directly.

Used services and service providers:

  • Google Tag Manager
    Google Tag Manager is a solution with which we manage website tags via an interface and thus integrate other services into our online service (please refer to further information in this data protection policy). With the Tag Manager itself (which implements the tags) no user profiles are created or cookies are stored. Google only learns the user’s IP address, which is necessary to run Google Tag Manager.
    Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
    Website: https://marketingplatform.google.com
    Data protection policy: https://policies.google.com/privacy
  • Google Analytics:
    Online Marketing and Web Analysis.
    Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
    Website: https://marketingplatform.google.com/about/analytics/
    Data protection policy: https://policies.google.com/privacy
    Opt-out:
    Opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=en
    Settings for the display of advertisements: https://adssettings.google.com/authenticated
    Another way to object to web analysis by Google Analytics is to not allow cookies from Google Analytics. You can use the following “Borlabs” switch to specify whether you want to allow analysis by Google Analytics (On) or not (Off).
  • Google Signals
    We use the “Google Signals” service within Google Analytics. This extends existing Google Analytics functions to merge cross-device data. This only affects users who have agreed to personalized ads in their Google account.
    Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Mother Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
    Website: https://marketingplatform.google.com
    Privacy Policy: https://policies.google.com/privacy.
  • Google Ads and conversion measurement
    We use the online marketing process “Google Ads” to place advertisements in the Google advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who are suspected of being interested in the ads. We also measure the conversion of the ads. However, we only learn the anonymous total number of users who clicked on our ad and were forwarded to a page with a so-called “conversion tracking tag”. However, we do not receive any information that could be used to identify users.
    Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
    Website: https://marketingplatform.google.com
    Data protection policy: https://policies.google.com/privacy
  • Facebook Pixel and Target Group Formation (Custom Audiences) (integrated via Google Tag Manager)
    Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA
    website: https://www.facebook.com
    Privacy Policy: https://www.facebook.com/about/privacy
    Opt-out: https://www.facebook.com/settings?tab=ads
  • LinkedIn (integrated via Google Tag Manager)
    Insights Tag/Conversion Measurement.
    Service provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
    Website: https://www.linkedin.com
    Security measures: IP masking (pseudonymization of the IP address)
    Data protection policy: https://www.linkedin.com/legal/privacy-policy
    Cookie Policy: https://www.linkedin.com/legal/cookie_policy
    Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
  • Microsoft Advertising (integrated via Google Tag Manager)
    Temarketing/Conversion Measurement.
    Service Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
    Website: https://about.ads.microsoft.com/
    Privacy Policy: https://privacy.microsoft.com/privacystatement/
    Opt-out: https://choice.microsoft.com/opt-out.
  • Twitter (integrated via Google Tag Manager)
    Twitter Marketing and Advertisements
    Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
    Website: https://twitter.com
    Data protection policy: https://twitter.com/en/privacy
    Opt-out: https://twitter.com/personalization
  • Capterra (integrated via Google Tag Manager)
    Capterra Conversion Tracking.
    Service Provider: Capterra Inc., 1201 Wilson Blvd, 9th Floor, Arlington, VA 22209
    Website: https://www.capterra.com/
    Privacy Policy: https://www.capterra.com/legal/privacy-policy

A contract for order processing under Article 28 GDPR was concluded with Google.

For Google, the information generated in the cookie is transferred to a Google server in the USA (third country) and stored there. It is possible that Google uses this data for any of its own purposes and links it to other data records, e.g., your search history or your personal accounts known to Google. We have no influence on this data processing. The data processing is mainly done by Google. For the USA, there is no adequacy decision by the European Commission and therefore no data protection level comparable to that of the European Union, so that, in particular, the exercise of data subject rights is more difficult and access to the data by state authorities cannot be ruled out. We have concluded standard contractual clauses with Google, by means of which Google is obliged to comply with European data protection standards. Please contact our data protection officer if you would like more information or copies.

 

23 Plugins, Embedded Functions and Content

We incorporate functional and content elements into our online service that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These can be graphics, videos or social media buttons as well as posts (hereinafter uniformly referred to as “content”).

The integration always presupposes that the third-party providers of this content process the IP address of the user, since without the IP address they would not be able to send the content to their browser. The IP address is therefore required for the display of the content or functions. We strive to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and contain, among other things, technical information on the browser and operating system, the websites to be referred to, the time of visit and other information on the use of our online service, as well as being linked to such information from other sources.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economical and recipient-friendly services). In this context, we would like to draw your attention to the information on the use of cookies in this Data protection policy.

  • Processed data types: usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses), location data (information on the geographical position of a device or a person), inventory data (e.g., names, addresses), Contact details (e.g., email, phone numbers), content data (e.g., entries in online forms).
  • Affected persons: users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of our online service and user-friendliness, provision of contractual services and customer service, security measures, administration and answering inquiries.
  • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR) for reCaptcha, consent (Art. 6 Para. 1 S. 1 lit. a. GDPR) for Google Maps, YouTube and Social Sharing.

Used services and service providers:

  • Google Maps
    We integrate the maps from the “Google Maps” service provided by Google. The processed data may include, in particular, the users’ IP addresses and location data, which, however, are not collected without their consent (usually as part of the settings of their mobile devices).
    Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
    Website: https://cloud.google.com/maps-platform
    Data protection policy: https://policies.google.com/privacy
    Opt-out:
    Opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=en
    Settings for the display of advertisements: https://adssettings.google.com/authenticated
  • ReCaptcha
    We incorporate the “reCaptcha” function to detect bots, for example, when entering online forms and when registering for trials. We use reCaptcha V2. The behavior data of the users (e.g., mouse movements or queries) are evaluated in order to be able to differentiate between people and bots.
    Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
    Website: https://www.google.com/recaptcha/
    Data protection policy: https://policies.google.com/privacy
    Opt-out:
    Opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=en
  • YouTube videos
    Video Content
    Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
    Website: https://www.youtube.com
    Data protection policy: https://policies.google.com/privacy
    Opt-out:
    Opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=en
  • Social sharing
    On our website, we offer users the option to share our blog posts on social media. The purpose is to increase the awareness of our service or to make content available. Your data will not be forwarded by accessing our website. Data transfer takes place only after you click the corresponding button. Please note that clicking a share icon for Facebook, Twitter, Xing or LinkedIn means that certain data may be transferred to the respective provider of the social media service.
    If you are already logged in to the corresponding social media service at the time of activation of the social plug-in, the provider of the social media service is also able to determine your username and possibly even your real name from the above data. The processed data may be transferred to a server of Facebook, Twitter or LinkedIn in the USA (third country) and stored there. For the USA, there is no adequacy decision by the European Commission and therefore no data protection level comparable to that of the European Union, so that, in particular, the exercise of data subject rights is more difficult and access to the data by state authorities cannot be ruled out. We have no influence on the scope, nature and purpose of data processing by the provider of the social media service. Please note that the provider of the social media service with the above data is quite capable of creating pseudonymized and even individualized usage profiles.

 

24 Making Online Appointments

We use software from other providers (hereinafter referred to as “third-party providers”) for the purpose of organizing meetings. When selecting third-party providers and their services, we observe the legal requirements.

In this context, personal data can be processed and stored on the servers of third-party providers. The data entered by the user (name, email address, desired date) to schedule an appointment as well as the IP address are transmitted when the appointment is made. If users are referred to the third-party providers or their software or platforms in the course of communication, business or other relationships with us, the third-party providers can process usage data and metadata for security purposes, for service optimization or for marketing purposes. We, therefore, ask you to review the data protection information of the respective third-party provider.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Furthermore, their use can be part of our (pre)contractual services, provided that the use of third-party providers has been agreed in this context. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economical and recipient-friendly services). In this context, we would like to draw your attention to the information on the use of cookies in this data protection policy.

  • Processed data types: inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., entries in online forms), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device Information, IP addresses).
  • Affected persons: communication partners, users (e.g., website visitors, users of online services).
  • Purposes of processing: office and organizational procedures.
  • Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), contract fulfillment and precontractual inquiries (Art. 6 Para. 1 S. 1 lit. b.GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit.f.GDPR).

Used services and service providers:

A contract for order processing under Article 28 GDPR was concluded with Calendly.

The processed data is transferred to and stored in a Calendly server in the USA (third country). For the USA, there is no adequacy decision by the European Commission and therefore no data protection level comparable to that of the European Union, so that, in particular, the exercise of data subject rights is more difficult and access to the data by state authorities cannot be ruled out. We have concluded standard contractual clauses with Calendly, by means of which Calendly is obliged to comply with European data protection standards. Please contact our data protection officer if you would like more information or copies.

The consent to the use of personal data can be revoked at any time by emailing team@calendly.com.

 

25 Online Surveys

We use software from other providers (hereafter referred to as “third-party providers”) for the purpose of conducting surveys. When selecting third-party providers and their services, we ensure their compliance with legal requirements.

Our employment of such providers means personal data can be processed and stored on the servers of third-party providers in some cases. The data entered by the user (e.g. name or NPS score) are transmitted when the user completes a survey. If users are referred to the third-party providers or their software or platforms in the course of communication, business or other activities with us, the third-party providers can process usage data and metadata for security purposes, for service optimization or for marketing purposes. Therefore, we ask you to review the data protection information of the relevant third-party provider.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economical and recipient-friendly services). In this context, we would like to draw your attention to the information on the use of cookies in this data protection policy.

  • Processed data types: content data (e.g., entries in online survey such as NPS score)
  • Affected persons: users (e.g., website visitors, users of free trial).
  • Purposes of processing: conducting surveys to improve our services
  • Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), contract fulfillment and precontractual inquiries (Art. 6 Para. 1 S. 1 lit. b.GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit.f.GDPR).

Used services and service providers:

A contract for order processing under Article 28 GDPR was concluded with Survicate.

 

26 Use of a Trial Account

You can register for a free trial account for our Meisterplan system. In addition to the data needed to register (email address and system name), we also process the data you entered during the trial period. Further information can be found in the terms and conditions (https://meisterplan.com/trust-center/terms-of-service-us/).

  • Processed data types: time of interaction with the registrations forms, ID of the Google Analytics cookie, internal ID of the trial instance generated, phone number (voluntary information).
  • Affected persons: users (trial version).
  • Purpose of processing: Our legitimate interest lies in making our software application available in order to give the potential customer the best possible and unrestricted insight into the application using real data. Furthermore, information entered into the software during the trial will remain available after purchase.
  • Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), contract fulfillment and precontractual inquiries (Art. 6 Para. 1 S. 1 lit. b.GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit.f.GDPR).

Used services and service providers:

A current and complete list of subprocessors  used can be found at https://meisterplan.com/trust-center/subprocessors/.

 

The data entered for a trial system will be hosted in Frankfurt/Main (Germany) or Oregon (USA) according to your selection. A transfer to third parties takes place within the EU on the basis of order processing contracts concluded with service providers from Germany. Your data will only be transferred to a third country if you should decide to do so.

With the application for the trial version, you agree to the terms and conditions (https://meisterplan.com/trust-center/terms-of-service-us/) and automatically receive a contract for order processing with itdesign GmbH as the contractor. Further information can be found in this contract.

 

27 Merging Data

The data evaluated by Google Analytics can be combined with the user data also collected on our website if you decide to activate a trial of Meisterplan. This serves to improve the online service and the application. The following data sets are merged into a common data collection with the named content:

  • Record (a), your details in the trial form
    (first name, last name, email address, company name, desired system name, phone number (optional))
  • Data record (b), your activities on the website
    (browser type and browser version, browser language, operating system used, geographical origin, page views, time stamp, mouse movements, previously visited page, interaction with page elements such as scrollbar, forms, search queries, service providers and search engines or advertising platforms transmitted data)
  • Data record (c), your activities in the application
    (server logs (e.g., IP address, time stamp), statistical data on the use of the application (e.g., web browser, triggered actions) and application data (data that the customer receives during use of the application.))
  • Record (d), your activities with marketing emails
    (opening emails, clicking on URLs)

The merging of the data collected here is based on the legitimate interest of itdesign GmbH in accordance with Art. 6 Para. 1 S. 1 lit.f GDPR. The legitimate interest arises from the improvement of our end-to-end service for customer acquisition. The data records are stored for as long as they are required for the purpose of conducting business relationships or for as long as there is a legitimate interest in establishing contact again.

 

28 Deletion of Data

The data processed by us will be deleted in accordance with the legal requirements as soon as the consent allowed for processing is revoked or other permissions are no longer applicable (e.g., if the purpose of processing this data is no longer applicable or is not required).

If the data is not deleted because it is required for other legally permissible purposes, the processing of the data will be limited to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax law reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

Deletion periods for the data collected in connection with the use of the SaaS application and listed in Section 9 (Part 1) of the Software as a Service conditions.

Data categoryPurpose of processingDeletion periods
Personal data of the marketing contactsGaining new customers through marketing measures.The deletion periods are based on the legal requirements for deletion and storage:

The address data set stored in the CRM system will be stored for 2 years after it has been created and then deleted if the processing purpose no longer applies. If the purpose and legality of the data storage continue to exist when the deletion date is reached, the deletion date will be extended by a further 2 years.

Personal data of the contact person at the customerExecution of the contract, especially in the context of license accounting.The deletion periods are based on the legal requirements for deletion and storage: Data used for license accounting will be deleted 10 years after the system has expired.

The data stored in the CRM system address record is stored on the system for 6 years and then deleted, unless the purpose of the processing is omitted. If the purpose and legality of the data storage continue to exist when the deletion date is reached, the deletion date will be extended by a further 6 years.

Server logsFinding and correcting errors, averting dangers and maintaining the technical operation of the application.The data is automatically deleted after 365 days.
Statistical data on the use of the applicationPermanent provision of the offer, the adaptation to the evolving needs of the users, the improvement of the user experience in the application and the optimization of the internal processes of the provider.The data will be deleted or aggregated after 5 years.

The deletion periods for other data/providers/purposes can be found in the respective sections in this data protection policy.

 

29 Rights with Regard to Our Data Processing

With regard to our processing of your personal data, you have the following rights:

  • Revocation of consent: If your data is processed on the basis of consent, e.g., within the meaning of Art. 6 Para. 1 S. 1 lit. a GDPR, you can revoke your consent to the processing of your data at any time. The legality of the previous processing remains unaffected.
  • Objection (Art. 21 GDPR): If the data processing takes place out of a legitimate interest on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR, you have the right to object to the processing of your personal data. The corresponding processing would therefore be omitted if our compelling interest does not outweigh your interests.
  • Right to information (Art. 15 (1) GDPR): You have the right to request information about your personal data free of charge.
  • Correction (Art. 16 GDPR): You have the right to correct incorrect data and to have incomplete data completed, taking into account the purposes of processing.
  • Deletion (Art. 17 GDPR): You have the right to have your personal data deleted or to restrict their processing (Art. 18 GDPR) if deletion is not legally possible.
  • Data portability (Art. 20 GDPR): You have the right to receive your personal data in a commonly used machine-readable format.
  • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. The data protection supervisory authority of the federal state in which you reside or in which the responsible party is based maintains responsibility.

If you have any questions, please contact our data protection officer specified above.

 

30 No Obligation to Provide Personal Data

The provision of personal data is not required by law or contract or required for the conclusion of a contract, unless otherwise stated in the sub-items above. There is no obligation to provide personal data, unless otherwise stated. Failure to provide personal data may mean that we cannot answer your contact inquiries, cannot provide you with all the functions of our website or we cannot enable you to use our software free of charge.

close
Your battery is almost empty.