Company: Equitania Software GmbH, Weiherstraße 13, 75173 Pforzheim, Deutschland
Phone: +49 7231 166 040
Fax: +49 7231 166 04 200
Data protection officer: Laura Zerwas, firstname.lastname@example.org
1. Basic information on data processing and legal bases
1.1 This data protection declaration informs you about the type, scope and purpose of the processing of personal data within our online offer and the websites, functions and contents connected with it (hereinafter jointly referred to as "online offer" or "website"). The data protection declaration applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) on which the online offer is executed.
1.2 For the terms used, such as "personal data" or their "processing", we refer to the definitions in Article 4 of the Basic Data Protection Regulation (DSGVO).
1.3 The personal data of users processed within the scope of this online offer includes inventory data (e.g., names and addresses of customers), contract data (e.g., services used, names of clerks, payment information), usage data (e.g., the web pages of our online offer visited, interest in our products) and content data (e.g., entries in the contact form).
1.4 The term 'users' covers all categories of data subjects. These include our business partners, customers, interested parties and other visitors to our online offer. The terms used, e.g. "user", are to be understood in a gender-neutral way.
1.5 We process personal data of users only in compliance with the relevant data protection regulations. This means that user data will only be processed if a legal permission is available. This means, in particular, if the data processing is necessary for the provision of our contractual services (e.g. processing of orders) as well as online services, or is required by law, the consent of the users is present, as well as on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online offer in the sense of Art. 6 para. 1 lit. f. DSGVO, in particular in the measurement of reach, the creation of profiles for advertising and marketing purposes as well as the collection of access data and the use of third-party services.
1.6 We would like to point out that the legal basis of the consents is Art. 6 para. 1 lit. a. and Art. 7 DSGVO, the legal basis for processing for the purpose of fulfilling our services and implementing contractual measures is Art. 6 para. 1 lit. b. DSGVO, the legal basis for processing for the fulfilment of our legal obligations Art. 6 para. 1 lit. c. DSGVO, and the legal basis for processing to safeguard our legitimate interests Art. 6 para. 1 lit. f. DSGVO is.
2. Security measures
2.1 We take organisational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of the data protection laws are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons.
2.2 Security measures include in particular the encrypted transmission of data between your browser and our server.
Our website uses SSL encryption when transmitting confidential or personal content of our users. This encryption is activated, for example, during the processing of payment transactions as well as for inquiries that you make to us via our website. Please make sure that SSL encryption is activated for corresponding activities from your side. The use of encryption is easy to recognize: The display in your browser line changes from "http://" to "https://". Data encrypted via SSL cannot be read by third parties. Please transmit your confidential information only if SSL encryption is activated and contact us if in doubt.
3. Transfer of data to third parties and third party providers
3.1 Your data will only be used by us within Equitania Software GmbH and its affiliated companies within the CMC Gruppe. To other third parties we will only pass on your data to the extent described below.
3.2 Data will only be passed on to third parties within the framework of the legal requirements. We will only pass on user data to third parties if this is necessary for contractual purposes, e.g. on the basis of Art. 6 Para. 1 lit. b) DSGVO, or on the basis of justified interests in accordance with Art. 6 Para. 1 lit. f. DSGVO in the economic and effective operation of our business operations.
3.3 If we use subcontractors to provide our services, we take appropriate legal precautions as well as appropriate technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal provisions.
4. provision of contractual services
4.1 We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 lit b. DSGVO.
4.2 If you wish to use the paid services offered on our website, we may need to collect further data from you for billing purposes and for security reasons. This regularly involves your name, a valid e-mail address and, if necessary, your address and telephone number, as well as further information depending on the individual case. This may also involve content that allows us to check the data provided, such as your ownership of the e-mail address provided. For legal reasons, we must ensure that you actually wish to receive the services offered and that we are able to invoice you for the services properly. We use the SSL encryption standard, recognizable by the browser line "https://", to secure your data in payment transactions.
4.3 Users can optionally create a user account, in particular by viewing their orders. During the registration process, the required mandatory data will be provided to the users. The user accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data will be deleted with regard to the user account, subject to their safekeeping is necessary for reasons of commercial or tax law in accordance with Art. 6 para. 1 lit. c DSGVO. It is the users' responsibility to back up their data before the end of the contract if they have terminated it. We are entitled to irretrievably delete all user data stored during the term of the contract.
4.4 Within the scope of registration and renewed logins and use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. As a matter of principle, this data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c DSGVO.
4.5 We process usage data (e.g., the visited web pages of our online offer, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile, in order to show the user e.g., product information based on their previously used services.
5.1 When contacting us (via contact form or e-mail), the user's details will be processed for the purpose of handling the contact request and its processing in accordance with Art. 6 para. 1 lit. b) DSGVO.
5.2 Users' details may be stored in our Customer Relationship Management System ("CRM System") or comparable enquiry organisation.
6. Collection of access data and log files
6.1 On the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f DSGVO data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited site), IP address and the requesting provider.
6.2 For security reasons (e.g. for the investigation of abuse or fraud) log file information is stored for a maximum of seven days and then deleted. Data whose further storage is required for evidential purposes is excluded from deletion until final clarification of the respective incident.
7. Cookies & range measurement
7.1 Cookies are information that is transferred from our web server or web servers of third parties to the web browsers of the users and stored there for later retrieval. Cookies can be small files or other types of information storage.
7.2 We use "session cookies", which are only stored for the duration of the current visit to our online presence (e.g. to enable the storage of your login status or the shopping basket function and thus the use of our online offer at all). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. In addition, a cookie contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our website and, for example, log out or close the browser.
7.4 If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional limitations of this online offer.
8. integration of third-party services and content
8.1 Within our online offer, we set the following priorities on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO), we use content or service offers from third parties in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always presupposes that the third-party providers of such content are aware of the IP address of the users, as without the IP address they would not be able to send the content to their browsers. The IP address is therefore required to display this content. We make every effort to use only such content whose respective providers use the IP address only to deliver the content. Third party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information on the browser and operating system, referring web pages, visiting time and other details on the use of our online offer, as well as being able to be linked to such information from other sources.
8.2 The following lists offer an overview of third party providers and their contents, as well as links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, possibilities for objection (so-called opt-out):
9. Google Analytics with anonymisation function
9.2 Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
9.3 Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services associated with the use of this online offer and the use of the Internet. The processed data can be used to create pseudonymous user profiles of the users.
9.4 We use Google Analytics in order to display the advertisements placed within the advertising services of Google and its partners only to those users who have also shown an interest in our online offer or who show certain characteristics (e.g. interests in certain topics or products determined by the websites visited) which we transmit to Google (so-called "remarketing" or "Google Analytics Audiences"). With the help of remarketing audiences, we also want to ensure that our advertisements correspond to the potential interest of the users and do not appear annoying.
9.5 We only use Google Analytics with activated IP anonymisation. This means that the IP address of users is shortened by Google within member states of the European Union or in other states which are parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.
9.6. Die von dem Browser des Nutzers übermittelte IP-Adresse wird nicht mit anderen Daten von Google zusammengeführt. Die Nutzer können die Speicherung der Cookies durch eine entsprechende Einstellung ihrer Browser-Software verhindern; die Nutzer können darüber hinaus die Erfassung der durch das Cookie erzeugten und auf ihre Nutzung des Onlineangebotes bezogenen Daten an Google sowie die Verarbeitung dieser Daten durch Google verhindern, indem sie das unter folgendem Link verfügbare Browser-Plugin herunterladen und installieren: http://tools.google.com/dlpage/gaoptout?hl=de.
9.7 Further information on the use of data by Google, setting and opposition possibilities, you can find on the websites of Google: https://www.google.com/intl/de/policies/privacy/partners ("Data use by Google when you use websites or apps of our partners"), http://www.google.com/policies/technologies/ads ("Data use for advertising purposes"), http://www.google.de/settings/ads ("Manage information that Google uses to serve ads to you").
10. Google-Re/Marketing services
10.1 On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) the marketing and remarketing services (in short "Google Marketing Services") of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").
10.2 Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
10.3 Google's marketing services allow us to display ads for and on our website in a more targeted manner so that we only show users ads that potentially match their interests. For example, if a user is shown ads for products that he or she has been interested in on other websites, this is called "remarketing". For these purposes, when you visit our website and other websites where Google marketing services are active, Google will execute code directly from Google and (re)marketing tags (invisible graphics or code, also known as "web beacons") will be embedded in the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, what content he is interested in and which offers he has clicked on, as well as technical information on the browser and operating system, referring websites, visiting time and other information on the use of the online offer. The IP address of the user is also recorded, whereby we inform within the framework of Google Analytics that the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases is it transferred in full to a Google server in the USA and shortened there. The IP address will not be merged with data of the user within other offers of Google. Google may also combine the above-mentioned information with information from other sources. If the user subsequently visits other websites, advertisements tailored to the user's interests may be displayed.
10.4 The data of the users are processed pseudonymously within the framework of the Google marketing services. This means that Google does not store and process, for example, the name or e-mail address of the user, but processes the relevant data in a cookie-based manner within pseudonymous user profiles. This means that from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who that cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected by Google marketing services about users is transmitted to Google and stored on Google's servers in the USA.
10.5 We may also use the "Google Tag Manager" to integrate and manage Google's analysis and marketing services into our website.
10.6 Further information on Google's use of data for marketing purposes can be found on the overview page: https://www.google.com/policies/technologies/ads, die Datenschutzerklärung von Google ist unter https://www.google.com/policies/privacy retrievable.
10.7 If you wish to opt-out of interest-based advertising through Google marketing services, you may use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences.
11. Use of PayPal as payment method
If you decide to pay with the online payment service PayPal during the order process, your contact details will be transmitted to PayPal in the course of the order process. PayPal is an offer from PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. PayPal assumes the function of an online payment service provider and a trustee and offers buyer protection services.
Personal information submitted to PayPal is usually first name, last name, address, phone number, IP address, email address, or other information needed to process the order, as well as information related to the order, such as the number of items, item number, invoice amount and taxes in percent, billing information, etc.
This transmission is necessary to process your order with the payment method you have chosen, in particular to confirm your identity, to administer your payment and the customer relationship.
However, please note: PayPal may also disclose personal data to service providers, subcontractors or other associated companies if this is necessary to fulfil the contractual obligations arising from your order or if the personal data is to be processed on behalf of PayPal.
12. Use of Google Maps
We use the component "Google Maps" of the company Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter "Google", on our site.
Each time the "Google Maps" component is called up, Google sets a cookie in order to process user settings and data when displaying the page on which the "Google Maps" component is integrated. This cookie is usually not deleted when the browser is closed, but expires after a certain time, unless you delete it manually beforehand.
If you do not agree with this processing of your data, there is the possibility to deactivate the service of "Google Maps" and thus prevent the transmission of data to Google. To do this, you must deactivate the Java-Script function in your browser. We would like to point out, however, that in this case you will not be able to use "Google Maps", or only to a limited extent.
http://www.google.de/intl/de/policies/terms/regional.html and the additional terms and conditions for "Google Maps
13. Use of reCAPTCHA
In order to protect input forms on our site, we use the service "reCAPTCHA" of the company Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter "Google". The use of this service makes it possible to distinguish whether the corresponding input is of human origin or whether it is misused by automated machine processing.
To our knowledge, the referrer URL, the IP address, the behaviour of website visitors, information on the operating system, browser and length of stay, cookies, display instructions and scripts, the user's input behaviour and mouse movements in the "reCAPTCHA" checkbox area are transmitted to "Google".
Google uses the information obtained in this way to digitise books and other printed matter and to optimise services such as Google Street View and Google Maps (e.g. house number and street name recognition).
The IP address transmitted in the context of "reCAPTCHA" is not merged with other data from Google, unless you are logged in to your Google account at the time of using the "reCAPTCHA" plug-in. If you wish to prevent this transmission and storage of data about you and your behaviour on our website by "Google", you must log out of "Google" before you visit our site or use the reCAPTCHA plug-in.
14. Use of YouTube components with enhanced privacy mode
On our website we use components (videos) from YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA.
Here we use the option " - advanced privacy mode - " provided by YouTube.
When you visit a page that has embedded video, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser.
According to YouTube, in " - extended data protection mode -" only data is transmitted to the YouTube server, in particular which of our websites you have visited when you watch the video. If you are logged in to YouTube at the same time, this information is associated with your YouTube account. You can prevent this by logging out of your member account before visiting our website.
15. Use of Twitter
17. Users' rights
17.1 Users have the right, upon request and free of charge, to receive information about the personal data we have stored about them.
17.2 In addition, users have the right to rectify inaccurate data, limit the processing and delete their personal data, if applicable, to assert their rights to data portability and, in case of suspected unlawful data processing, to lodge a complaint with the competent supervisory authority.
17.3 Users may also revoke their consent, generally with effect for the future.
18. Deletion of data
18.1 The data stored with us will be deleted as soon as they are no longer required for their intended purpose and no legal obligations to retain data conflict with the deletion. If the user data is not deleted because it is required for other and legally permissible purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons.
18.2 According to legal requirements, the storage is for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
19. Right of objection
Users can object to the future processing of their personal data in accordance with the legal requirements at any time. The objection may in particular be made against processing for the purposes of direct advertising.