Privacy Policy Statement of SOFiSTiK AG

The protection of your personal data is of particular concern to us. We therefore process your personal data (in short "data") exclusively on the basis of the statutory provisions. With this privacy policy we want to inform you about the processing of your data in our company and the data protection claims and rights to which you are entitled comprehensively in the sense of Art. 13 of the European Data Protection Regulation (EU GDPR).

 

1. Who is responsible for data processing and who can you contact?

Responsible is

SOFiSTiK AG

Flataustr. 14

90411 Nuremberg

Phone: + 49 911 399010

E-Mail: info@sofistik.com

The company data protection officer is

Richard Söldner, Projekt 29 GmbH & Co. KG

Ostengasse 14

93047 Regensburg

Phone: 0941-2986930

E-Mail: rs@projekt29.de

2. Which data are processed and from which sources do these data originate?

We process the data that we have received from you as part of the contract initiation or processing, on the basis of consent or as part of your application to us or as part of your employment with us.

 

Personal data includes:

Your master/contact data, for customers this includes e.g. first and last name, address, contact data (e-mail address, telephone number, fax), bank data.

In the case of applicants and employees, this includes, for example, first and last name, address, contact data (e-mail address, telephone number, fax), date of birth, data from curriculum vitae and references, bank data, religious affiliation, photographs.

In the case of business partners, this includes, for example, the designation of their legal representatives, company, commercial register number, VAT number, company number, address, contact person contact data (e-mail address, telephone number, fax), bank data.

 

For visitors to our company, this includes name and signature.

For journalists, this includes first and last name, e-mail address, fax number.

For raffle participants, this includes first and last name, e-mail address.

 

In addition, we also process the following other personal data:

  • Information about the nature and content of contract data, order data, sales and document data, customer and supplier history, and consulting records,
  • Advertising and sales data,
  • Information from your electronic traffic with us (e.g. IP address, log-in data),
  • Other data that we have received from you in the course of our business relationship (e.g. in customer meetings),
  • Data that we generate ourselves from master / contact data and other data, such as by means of customer demand and customer potential analyses,
  • Documenting your consent to receive newsletters, for example.
  • Photo shoots in the context of events.

 

 

Server log files:

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

Date and time of the request, name of the requested file

Page from which the file was requested

Access status (file transferred, file not found, etc.)

Web browser and operating system used, complete IP address of the requesting computer, data volume transferred

 

This data is not merged with other data sources. The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short period of time. It is not possible for us to draw conclusions about individual persons on the basis of this data. After seven days at the latest, the data is anonymized by shortening the IP address at domain level, so that it is no longer possible to establish a link to the individual user. The data is also processed anonymously for statistical purposes; it is not compared with other data or passed on to third parties, even in part.

3. For what purposes and on what legal basis are the data processed?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018, as amended:

 

  • For the fulfillment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR):

The processing of your data is necessary for the performance of a contract to which you are party or in order to take steps at the request prior to entering into a contract.

  • For the fulfillment of legal obligations (Art. 6 para. 1 lit. c GDPR):

Processing of your data is necessary for compliance with a legal obligation to which we are subject, e.g. from the German Commercial Code or the German Fiscal Code.

  • For the protection of legitimate interests (Art. 6 para. 1 lit. f GDPR):

Based on the purposes of the legitimate interests pursued by us or by a third party, data processing is necessary, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where you are a child. Data processing for the protection of legitimate interests occurs, for example, in the following cases:

 

  • Advertising or marketing (see No. 4),
  • Measures for business management and further development of services and products;
  • Maintaining a group-wide customer database to improve customer service
  • In the context of legal prosecution
  • Sending non-promotional information and press releases.

 

  • Within the scope of your consent (Art 6 para. 1 lit. a GDPR):

If you have given us consent to processing of your personal data for one or more specific purposes, e.g. to send you our newsletter, publish photos, competitions, etc., we will not use your data for any other purpose.

4. Processing of personal data for advertising purposes

You may object to the use of your personal data for advertising purposes at any time, either in whole or in respect of individual measures, without incurring any costs other than the transmission costs in accordance with the basic rates.

We are entitled under the legal conditions of § 7 Abs. 3 UWG (Act against Unfair Competition) to use the e-mail address that you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.

If you do not wish to receive such recommendations from us by e-mail, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the prime rates. A message in text form is sufficient for this purpose. Of course, an unsubscribe link is always included in every e-mail.

5. Am I obliged to provide data?

The processing of your data is necessary for the conclusion or fulfillment of your contract with us. If you do not provide us with this data, we will usually have to refuse to conclude the contract or will no longer be able to perform an existing contract and consequently have to terminate it. However, you are not obliged to give your consent to data processing to data that is not relevant for the fulfillment of the contract or that is not required by law.

6. Who receives my data?

If we use a service provider in the sense of commissioned processing, we nevertheless remain responsible for the protection of your data. All commissioned processors are contractually obligated to treat your data confidentially and to process it only in the context of providing the service. The processors we commission receive your data insofar as they require the data to fulfill their respective service. These are, for example, IT service providers that we require for the operation and security of our IT system as well as advertising and address publishers for our own advertising campaigns.

Your data is processed in our customer database. The customer database supports the enhancement of the data quality of the existing customer data (duplicate cleansing, moved/deceased indicators, address correction), and enables the enrichment with data from public sources.

This data is made available to the Group companies to the extent necessary for contract processing. Customer data is stored separately on a company-by-company basis, with our parent company acting as a service provider for the individual participating companies.

In the event of a legal obligation and in the context of legal prosecution, authorities and courts as well as external auditors may be recipients of your data.

In addition, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of initiating and fulfilling contracts.

7. How long will my data be stored?

We process your data until the termination of the business relationship or until the expiry of the applicable statutory retention periods (such as from the German Commercial Code, the German Fiscal Code, or the German Working Hours Act); furthermore, until the termination of any legal disputes in which the data is required as evidence.

8. Are personal data transferred to a third country?

In principle, we do not transfer any data to a third country. A transfer takes place in individual cases only on the basis of an adequacy decision of the European Commission, standard contractual clauses, appropriate guarantees or your express consent.

9. Safety

We have taken technical and administrative security measures to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees and service providers working for us are bound by the applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security measures are subject to a continuous improvement process and our data protection statements are constantly being revised. Please make sure that you have the latest version.

10. Contact form/ e-mail contact

If you send us inquiries via contact form or e-mail, your data from the inquiry form including the contact data you provided there will be stored by us for the purpose of processing the inquiry and in case of follow-up inquiries. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this was requested.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.

11. Application/job advertisement

We collect various personal data through the application process. Personal data is any information from which conclusions can be drawn about your personal or factual circumstances or which makes you identifiable. The following data is collected and processed for the automated processing of your application:

  • First name, last name, address, e-mail, date of birth, title, telephone number, country of residence and citizenship
  • Additional questions depending on the respective tender (e.g. driver's license)
  • Curriculum vitae, in particular information on professional experience and education
  • Competencies and knowledge for the advertised position
  • Application photo
  • Qualifications, awards and language skills
  • Letter of motivation
  • Files and documents that you would like to send or upload in connection with your application

When submitting the applicant data, you as the applicant give your consent to the processing of the personal data for the purpose set out in this privacy policy.

No information that may not be processed under the General Equal Treatment Act (this includes, but is not limited to, race, ethnic origin, gender, disability, religion and belief, or age) will be required to process your application. We ask you not to provide any information that is irrelevant to the processing of your application due to the Equal Treatment Act (including illnesses, pregnancy, membership of a trade union and sex life).

Please do not transmit any content that could, for example, violate copyrights or the press law of third parties.

The legal basis for processing your personal data in this context is Art. 6 para. 1 lit. f GDPR, our legitimate interest in conducting applications, as well as Art. 6 para. 1 lit. b, Art. 88 para. 1 GDPR in conjunction with Section 26 para. 1 BDSG (Federal Data Protection Act) (new).

Your application e-mail and the application documents sent will be stored by us for 6 months (AGG = Employers Law). After this period, your documents will be deleted in accordance with data protection law, unless you give us your consent to store them for our applicant pool. Then they will be stored for 1 year.

12. Newsletter

For sending the newsletter, we use the so-called double opt-in procedure, i.e. we will only send you a newsletter by e-mail if you have previously expressly confirmed that you want us to activate the newsletter service. We will then send you a notification e-mail and ask you to confirm that you would like to receive our newsletter by clicking on a link contained in this e-mail. When you subscribe to our newsletter, we store your IP address and the date of subscription. This storage is solely for the purpose of providing evidence when a third party misuses your email address to sign you up to receive the newsletter without your knowledge or authorization. The legal basis is thus your consent within the meaning of Art. 6 para. 1 lit a GDPR. If you unsubscribe from the newsletter and there is no business relationship with us, your data will be deleted immediately.
Should you later no longer wish to receive newsletters from us, you can object to this at any time without incurring any transmission costs other than those according to the prime rate, e.g. via the unsubscribe link that you will find in every email.

13. Cookies

When you visit our website, we may store information on your computer in the form of cookies. Cookies are small files that are transferred from an Internet server to your browser and stored on its hard drive. Only the Internet protocol address is stored here - no other personal data. This information, which is stored in the cookies, allows us to automatically recognize you the next time you visit our website, making it easier for you to use.

Of course, you can also visit our Internet pages without accepting cookies. If you do not want your computer to be recognized on your next visit, you can also refuse the use of cookies by changing the settings in your browser to "refuse cookies". The respective procedure can be found in the operating instructions of your respective browser. If you reject the use of cookies, however, there may be restrictions in the use of some areas of our Internet pages.

14. Third party services

 

Cookiebot

A web service of the company Cybot A/S, Havnegade 39, 1058 Copenhagen (hereinafter: cookiebot.com) is reloaded on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to cookiebot.com. The legal basis for the data processing is Art. 6 para. 1 lit. f GDPR. The legitimate interest consists in an error-free function of the website. The data is deleted as soon as the purpose of its collection has been fulfilled. Further information on the handling of the transferred data can be found in the privacy policy of cookiebot.com: https://www.cookiebot.com/de/privacy-policy/

 

Educational Service

If you send us an inquiry about the Educational Service via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We do not pass on this data to third parties.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this was requested.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after sending the requested material). Mandatory legal provisions - in particular retention periods - remain unaffected.

After a manual and internal review of your request, the materials will be provided to you via a link in a separate email.

 

Use of Google services

We use the technologies of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), as described below. The information automatically collected by Google technologies about your use of our website is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. For the USA, there is no adequacy decision of the European Commission. Our cooperation is based on standard data protection clauses of the European Commission.

If your IP address is collected via Google technologies, it is shortened before being stored on Google servers by activating IP anonymization. Only in exceptional cases will the full IP address be transferred to a Google server and shortened there. Unless otherwise specified for the individual technologies, the data processing is based on an agreement concluded for the respective technology between jointly responsible parties in accordance with Art. 26 GDPR. Further information about data processing by Google can be found in the privacy policy of Google policies.google.com/privacy.

 

Google Analytics

For the purpose of website analysis, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information, and information about your use of our website), from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. As a matter of principle, your IP address will not be merged with other data from Google. The data processing is carried out on the basis of a joint responsibility agreement by Google.

For the purpose of optimized marketing of our website, we have activated the data sharing settings for "Google products and services". This allows Google to access the data collected and processed by Google Analytics and subsequently use it to improve Google services. Data sharing with Google under these data sharing settings is based on an additional agreement between responsible parties. We have no influence on the subsequent data processing by Google.

For web analysis, the Google Analytics Google Signals extension function enables so-called "cross-device tracking". Insofar as your internet-enabled devices are linked to your Google account and you have activated the "personalized advertising" setting in your Google account, Google can create reports about your usage behavior (in particular the cross-device user figures), even if you change your terminal device. A processing of personal data by us does not take place in this respect, we only receive statistics generated on the basis of Google Signals.

For web analysis and advertising purposes, the extension function of Google Analytics the so-called DoubleClick cookie enables recognition of your browser when visiting other websites. Google will use this information to compile reports on website activity and to provide other services related to website usage.

 

Google Maps

For the visual presentation of geographical information, Google Maps collects data about your use of the Maps functions, in particular the IP address and location data, transmits this data to Google and subsequently processes it. We have no influence on this subsequent data processing.

 

Google Web Fonts

For the uniform presentation of the content on our website, data (IP address, time of visit, device and browser information) is collected by the script code "Google Fonts", transmitted to Google and then processed by Google. Therefore, we have embedded the fonts on our own server in a privacy-compliant manner so that no data is transmitted to Google.

 

HubSpot

For the creation of our website we use HubSpot, a software of HubSpot Inc., 25 First Street, 2nd Floor Cambridge, MA 02141, USA. Within the framework of the use of this software, so-called inbound marketing is operated. Among other things, the software helps us to optimize our marketing strategy by means of statistical analyses and evaluation of logged user behavior. HubSpot uses cookies for this purpose. You can, of course, prevent the storage of cookies by making the appropriate settings in your browser or delete the cookies already stored. Please note that in this case you may not be able to fully use the services provided on our website. For further information on HubSpot, please refer to the Terms of Use and Privacy Policy of HubSpot Inc. at http://www.hubspot.com/terms-of-service and respectively at www.hubspot.com/privacy-policy. Our cooperation is based on standard data protection clauses of the European Commission.

Furthermore, there is a synchronization between HubSpot and the online conference system Go-To-Webinar. People interested in a webinar fill out the HubSpot contact form on our website and are automatically registered with Go-To-Webinar. Go-To-Webinar creates an individual link for participation and automatically sends it to the participants. In addition, Go-To-Webinar collects information about actual participation and forwards it to HubSpot. The data is stored in both tools. Queried are: Salutation, First Name, Last Name, Email, Phone Number, Job Description, Company, Zip Code, Country. In HubSpot, the data is stored for further marketing measures. There is an order processing agreement between HubSpot and Go-To-Webinar.

 

Mailjet

The newsletter is sent using "Mailjet", a newsletter distribution platform of the provider Mailjet GmbH.

The email addresses of our newsletter recipients, as well as their other data described in the context of this notice, are stored on Mailjet's servers in the USA. Mailjet uses this information to send and evaluate the newsletter on our behalf. Furthermore, Mailjet may, according to its own information, use this data to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletters or for economic purposes to determine from which countries the recipients come. However, Mailjet is not allowed to use this data of our newsletter recipients to write to them itself, nor is it allowed to pass this data on to third parties. The data transfer to Mailjet is based on the standard contractual clauses of the European Commission.

The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file that is retrieved from the Mailjet server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include the determination of whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of Mailjet to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

 

YouTube

To integrate third-party content, data (IP address, time of visit, device and browser information) is collected via the YouTube video plugin in the extended data protection mode used by us, transmitted to Google and subsequently processed by Google only when you play a video.

 

Vimeo Video

To integrate third-party content, data (IP address, time of visit, device and browser information) is collected via the video plugin from Vimeo [https://vimeo.com/de/about] LLC, 555 West 18th Street, New York 10011, USA ("Vimeo"), transmitted to Vimeo and subsequently processed by Vimeo. The data processing takes place on the basis of an agreement between jointly responsible parties pursuant to Art. 26 GDPR. Google Analytics is automatically integrated in the Vimeo video plugin. For the purpose of website analysis, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information, and information about your use of our website), from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. Google Analytics is a service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google about your use of our website is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. Your IP address is shortened before being stored on Google's servers by activating IP anonymization. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. We have no influence and access to the data processing by Vimeo including the settings and results of Google Analytics. For the USA, there is no adequacy decision of the European Commission. Our cooperation is based on standard data protection clauses of the European Commission.

 

WICE (SOFiSTiK Online)

For the purpose of storing customer data, WICE technologies are used to collect and store personal data, which are transferred to our CRM system after being sent.

These are the following types of personal data:

  • First name
  • Last name
  • Phone number
  • E-mail address
  • Company
  • Academic title
  • Position within the company
  • Associated department within the company

The data processing is based on Art. 6 para. 1 lit. a GDPR, the consent.

This can be revoked at any time with effect for the future.

The data is only passed on internally for the specified purpose. A contract for order processing in accordance with Art. 26 GDPR has been concluded with the service provider.

The applicable WICE privacy policy can be found at wice.de/datenschutz/.

You can find more information under point 10 (contact).

15. What data protection rights do I have?

You have a right of access, to rectification, to erasure or restriction of processing of your stored data at any time, a right to object to the processing as well as a right to data transfer and to lodge a complaint in accordance with the requirements of data protection law.

 

Right of request:

You can request information from us as to whether and to what extent we process your data.

Right to rectification:

If we process your data that is incomplete or incorrect, you have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you.

Right to erasure (‘right to be forgotten’):

You can obtain the erasure of your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate interests of protection. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of legally regulated retention obligations.

Irrespective of the exercise of your right to erasure, we will erase your data without undue delay and completely, insofar as there is no legal or statutory retention obligation to the contrary.

 

Right to restriction of processing:

You may request us to restrict the processing of your data if

  • You contest the accuracy of the personal data for a period enabling us to verify the accuracy of the personal data.
  • the processing is unlawful, but you oppose the erasure of the personal data and request restriction of data use instead,
  • we no longer need the personal data for the intended purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims , or

You have objected to the processing pursuant to Art. 21 para. 1 pending the verification whether the legitimate grounds of us override those of you.

 

Right to object:

If we process your data on the basis of legitimate interest, you can revoke this at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims. You have the right to object at any time without giving reasons to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

 

Right to data portability:

You have the right to receive the personal data concerning you, which you have provided to us in a structured, commonly used and machine-readable format and that you have the right to transmit those data to another controller without hindrance from us, where:

  • we process such data on the basis of consent given by you, which may be revoked, or for the performance of a contract between us, and
  • the processing is carried out by automated means.

If technically feasible, you may request that we transmit your data directly to another data controller.

 

Right to lodge a complaint with a supervisory authority:

If you are of the opinion that we are violating German or European data protection law in the processing of your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.

If you wish to exercise any of the aforementioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

 

Right to withdraw consent

If we process your data on the basis of consent, you have the right to withdraw consent at any time, without affecting the lawfulness of the processing based on consent before its withdrawal.

 

Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. Exceptions to this only apply under the conditions of Article 22 para. 2 of the GDPR.

 

Privacy Policy

When you download and use our software, personal data shall be processed by us as the controller and stored for the duration necessary to fulfil the stated purposes and legal obligations. Read more ...