Privacy Policy

Scope and version

This Privacy Policy is to inform you about how we collect and process data with respect to the services available at itdesign.de and its subdomains. This version of the Privacy Policy is effective as of Nov 5th, 2018. The use of the application may be subject to additional provision.

Service Authority and Data Protection Officer

The service that is described herein is provided by:

itdesign GmbH
Friedrichstr. 12
72072 Tübingen
Deutschland

Our external Data Protection Officer is:

Dr. iur. Christian Borchers
Datenschutz Süd GmbH
Wörthstrasse 15
97082 Würzburg
office ( at ) datenschutz-sued.de

Legal Basis for the Processing of Personal Data

This Privacy Policy is based on Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR). The legal basis for the processing of your personal data is: your consent to data processing (Art. 6, Para. 1, Sent. 1(a) GDPR); fulfillment of a contract or pre-contractual measures (Art. 6, Para. 1, Sent. 1(b) GDPR); a legitimate interest on our part (or by third parties), provided your interests, fundamental rights, and fundamental freedoms are not superseded (Art. 6, Para. 1, Sent. 1(f) GDPR).

Cookies

We use cookies on our site. These are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. The cookie stores information about the specific end user device that was used to access the site.  However, the information that is stored in the cookie does not allow us to determine your exact identity.

One of the purposes of using cookies is to make it easier for you to use our service. For example, we use what are called session cookies to recognize when you have already visited individual pages on our website. These are automatically deleted after leaving our website.

We also use temporary cookies that are stored on your device for a specified period of time in order to improve usability. If you re-visit our site in order to use our services, it will automatically be recognized that you have visited us before, as well as which entries and settings you have made to avoid having to re-enter them. Cookies help make the website more user-friendly (e.g. storing login data), control the display of advertisements and can recognize users who have been directed to us by certain partners. Cookies are also used to collect statistical data on website usage and analyze it in order to improve the website.

You have control over how cookies are used on your device. Most browsers have an option that will allow you to restrict or completely prevent the storage of cookies. Please note, however, that without cookies, the usage and in particular the usability can be limited.

Server logs

All requests to our server are stored in server logs. The legal basis for the collection of the following data is a legitimate interest pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR in ensuring a secure and unhindered internet site. It is necessary to maintain our service, provide error diagnoses and prevent attacks.

These logs include the following information:

URL of the website or file accessed, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, user’s operating system, referrer URL, IP address and the requesting provider.

We do not share this information with third parties. The data collected here will be stored for a maximum of 365 days and will then be made anonymous or deleted. This also applies to the unabridged IP addresses.

Applicant Management

Our Privacy Policy for Applicant Management can be found  here (available in German).

Data Processing of Business Partners and Customers

itdesign GmbH processes the contact information of customer representatives, interested parties, service providers and other business partners in order to communicate via email, telephone, fax, post and for other contractual transactions. The legal basis for processing personal data of contacts who are not direct contractual partners is pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. This legitimate interest by itdesign GmbH is based on the intention to conduct or initiate a business relationship with customers, interested parties, service providers and other business partners, and to maintain personal contact with business representatives. The legal basis for the processing of personal data (e.g. invoice data) of direct contractual partners (e.g. sole proprietors) is pursuant to Art. 6, Para. 1, Sent. 1(b) GDPR. The data processed here is exclusively used for the fulfillment of the contract.

We do not transfer your personal data to third parties. Within our company, your personal data will be processed on the intention to conduct or initiate a business relationship. 

Personal data is stored as long as it is needed for business purposes or a legitimate interest to re-establish contact exists.

Analysis by Matomo

We use Matomo (formerly Piwik) for web analytics, a service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, (“Matomo”) using cookie technology. The legal basis for the use of Matomo is the consent you have given in accordance with Art. 6 para. 1 lit. a) GDPR in conjunction with § 25 para. 1 TDDDG. You can revoke this consent at any time with effect for the future. The protection of your data is important to us, which is why we have additionally configured Matomo in such a way that your IP address is only recorded in shortened form. We therefore process your personal usage data anonymously. It is not possible for us to draw conclusions about your person. The data is automatically deleted after 744 days. For more information on the terms of use of Matomo and the data protection regulations, please visit: https://matomo.org/privacy/.

To change your current cookie preferences and allow or disallow analysis by Matomo you can open the cookie settings here.

Google Fonts

Some pages of our website include fonts (“Google Fonts”) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google does not collect any data because these fonts are downloaded from an internal company server.

Google Analytics and Fingerprint

The web analysis (also known as “range measurement”) is used to evaluate visitor flows from itdesign.de and the subdomains and can include behavior, interests or demographic information about the visitors, such as age or gender, as pseudonymous values. With the help of the range analysis, we can, for example, recognize at which time our online service or its functions or content are used most often or invite you to reuse these services. We can also understand which areas need optimization. Furthermore, through the use of so-called fingerprinting, we can with high probability achieve device identification to better protect our website against malicious activities.

In addition to web analysis, we can also use test procedures, for example, to test and optimize different versions of our online service or its components.

For these purposes, so-called user profiles can be created and stored in a file (so-called “cookie”) or similar processes can be used for the same purpose. This information can include, for example, content viewed, websites visited and elements and technical information used there, such as the browser used, the computer system used and information on times of use, and data that is automatically transmitted during a server request, such as screen, OS, device name (so-called basic identification input signals). If users have consented to their location data being collected, this can also be processed, depending on the provider.

We use the data to maintain, improve, and protect our website, to evaluate user interaction with the website and to evaluate our marketing strategies. The data that we receive via Google Analytics or fingerprinting can be merged with other data, e.g., data that you voluntarily provide to us via the website or that is automatically transmitted during your visit to our website. See section “Merging Data”.

The IP addresses of the users are also saved. However, we use an IP masking process (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) are stored in the context of web analysis, A/B testing and optimization; only pseudonyms are stored. This means that we and the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economical and recipient-friendly services). In this context, we would like to draw your attention to the information on the use of cookies in this Data protection policy.

  • Processed data types: usage data (e.g., websites visited, interest in content, search terms, access times), meta/communication data (e.g., device information, IP addresses).
  • Affected persons: users (e.g., website visitors, users of the free trial).
  • Purposes of processing: Range measurement (e.g., access statistics, recognition of returning visitors), tracking (e.g., interest/behavior-related profiling, use of cookies), conversion measurement (measurement of the effectiveness of marketing activities), creation of user profiles, interest-based and behavior-related marketing, click tracking, A/B tests, feedback (e.g., collecting feedback via an online form), heat maps (mouse movements by the user, which are summarized into an overall picture.), surveys and questionnaires (e.g., surveys with input options, multiple-choice questions).
  • Security measures: IP masking (pseudonymization of the IP address), Masking of all individual user input (e.g. data entered in forms or project names in the free trial).
  • Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
  • Storage period: The user and event data collected by Google Analytics will be deleted within a period of 26 months. All data at Microsoft Clarity is automatically deleted after 365 days.

Used services and service providers:

Contracts for order processing under Article 28 GDPR were concluded with Google, Microsoft, Fingerprint and Swifteq.

You can find more information about the cookies used by itdesign in our cookie statement: https://itdesign.de/en/privacy-policy/cookie-policy/

For Google and Microsoft, the information generated in the cookie is transferred to a server in the USA (third country) and stored there. It is possible that Google and Microsoft use this data for any of its own purposes and links it to other data records, e.g., your search history or your personal accounts known to Google or Microsoft. We have no influence on this data processing. The data processing is mainly done by Google and Microsoft. An adequate level of data protection for data transfers to the USA is guaranteed by the certifications of Google and Microsoft under the adequacy decision (EU-U.S. Data Privacy Framework).

Online Marketing and Online Advertising

We process personal data for online marketing purposes, which can include, in particular, the marketing of advertising space or the presentation of advertising and other content (collectively referred to as “content”) based on the potential interests of users and the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (called a “cookie”) or similar processes are used, by means of which the user information relevant to the presentation of the aforementioned content is saved. This information can include content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times. If users have consented to their location data being collected, this can also be processed.

The IP addresses of the users are also saved. However, we use available IP masking procedures (ie, using a pseudonym by shortening the IP address) to protect users. In general, no clear user data (such as email addresses or names) are stored in the online marketing process, but only pseudonyms. This means that we and the providers of online marketing processes do not know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in the cookies or by means of similar processes. These cookies can later generally also be read out on other websites that use the same online marketing process, analyzed for the purpose of displaying content and supplemented with additional data and stored on the server of the online marketing process provider.

You can find more information about the cookies used by itdesign in our cookie statement: https://itdesign.de/en/privacy-policy/cookie-policy/

As an exception, clear data can be assigned to the profiles. This is the case if the users are, for example, members of a social network whose online marketing process we use and the network connects the profiles of the users with the aforementioned information. We ask you to note that users can make additional agreements with the providers, e.g., by giving their consent during registration.

Unless otherwise stated, we ask you to assume that the cookies used will be stored for a period of two years.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for processing data is consent. Otherwise, user data will be processed on the basis of our legitimate interests (i.e., interest in efficient, economical and recipient-friendly services). In this context, we would like to draw your attention to the information on the use of cookies in this data protection policy.

Target group formation with Google Analytics: We use Google Analytics in order to display the advertisements placed by Google and its partners’ advertising services only to users who have also shown an interest in our online service or who have certain characteristics (e.g., interests in certain topics or products which are determined on the basis of the websites visited) which we transmit to Google (so-called “remarketing” or “Google Analytics audiences”). With the help of remarketing audiences, we would also like to ensure that our ads correspond to the potential interest of the users.

In the case of Google, the information generated in the cookie is transferred to a Google server in the USA (third country) and stored there. It is possible that Google uses this data for any of its own purposes and links it to other data records, e.g., your search history or your personal accounts known to Google. We have no influence on this data processing. The data processing is mainly done by Google. An adequate level of data protection for data transfers to the USA is guaranteed by the certification of Google under the adequacy decision (EU-U.S. Data Privacy Framework).

Conversion tracking: In principle, we only have access to summarized information about the success of our advertisements. However, we can use conversion measurements to check which of our online marketing processes have led to a conversion, i.e., for example, to a contract with us. The conversion measurement is used solely to analyze the success of our marketing measures. If you reach our website via advertisements from certain providers, the respective provider places a cookie on your computer, which is used to generate statistics on the effectiveness of advertisements based on your behavior.

This currently affects the following advertising platforms that are tracked in Google Tag Manager for a day:

  • Google Analytics Universal Analytics Tag
  • Bing Ads or Microsoft Advertising Universal Event Tracking
  • LinkedIn Insight Tag
  • X Pixel
  • Capterra Conversion Tracking

Meta Pixel and target group formation (custom audiences): With the help of Meta Pixel (or comparable functions, for the conversion of event data or contact information via interfaces in apps), Meta is on the one hand able to identify the visitors of our online service as a target group. To determine the presentation of advertisements (called “Facebook Ads”). Accordingly, we use Meta Pixel only to send Facebook ads to users on Facebook and within the services of the partners cooperating with Meta (called “Audience Network”) https://www.facebook.com/audicencenetwork/) who have also shown an interest in our online service or who have certain characteristics (e.g., interest in certain topics or products that can be seen from the websites visited) that we transmit to Meta as what is called “Custom Audiences” of Meta Pixel. We also want to ensure that our Facebook ads correspond to the potential interest of the user and are not annoying. With the help of Meta Pixel, we can also understand the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook advertisement (so-called “conversion measurement”).

We are jointly responsible, together with Meta Platforms Ireland Ltd., for the collection or receipt of “event data” through Meta Pixel and similar functions (e.g., interfaces) that are executed or obtained as part of a transmission for the following purposes as part of a transfer: a) display of content advertising information that corresponds to the presumed interests of users; b) delivery of commercial and transactional messages (e.g., addressing users via Facebook Messenger); c) Improving the delivery of ads and personalization of functions and content (e.g., improving the recognition of which content or advertising information is presumed to be in the interests of users). We have concluded a special agreement with Meta (“Additional For Persons Responsible”, https://www.facebook.com/legal/controller_addendum) which regulates in particular which security measures Meta must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Meta has agreed to comply with the affected rights (i.e., users can, for example, send information or deletion requests directly to Meta). Note: If Meta provides us with metrics, analyses and reports (which are aggregated, i.e., do not receive information about individual users and are anonymous to us), then such processing does not take place within the scope of joint responsibility, but on the basis of an order processing contract (“Data Processing Conditions “, https://www.facebook.com/legal/terms/dataprocessing) , “Data Security Conditions” (https://www.facebook.com/legal/terms/data_security_terms) and with regard to processing in the USA on the basis of standard contractual clauses (“Meta-EU data transfer https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (in particular to information, deletion, opposition and complaint to the competent supervisory authority) are not restricted by the agreements with Meta.

  • Processed data types: usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses), location data (information on the geographical position of a device or a person), social data (data subject to social secrecy and processed, e.g., by social security institutions, social assistance institutions or pension authorities), event data (Facebook) (“event data” is data sent to us, for example, via Meta Pixel (via apps or in other ways) and can relate to people or their actions. The data includes e.g., information about website visits, interactions with content, functions, installations of apps, purchases of products, etc. The event data is used for the purpose of creation of target groups for content and advertising information (custom audiences) processed; event data does not contain the actual content (such as written comments), no login information and no contact information (i.e., no names, email addresses and phone numbers). Event data is deleted by Meta after a maximum of two years, the target groups formed from them are deleted with the deletion of our Meta account).
  • Affected persons: users (e.g., website visitors, users of online services), interested parties, customers, employees (e.g., employees, applicants, former employees), communication partners.
  • Purposes of processing: Tracking (e.g., interest/behavior-related profiling, use of cookies), remarketing, conversion measurement (measurement of the effectiveness of marketing measures), interest-based and behavior-related marketing, profiling (creation of user profiles), range measurement (e.g., access statistics, recognition of returning visitors), Target group formation (determination of target groups relevant for marketing purposes or other output of content), cross-device tracking (cross-device processing of user data for marketing purposes).
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
  • Opt-out): We refer to the data protection information of the respective provider and the options for objection given to the provider (called “opt-out”). If no explicit opt-out option has been specified, you have the option of switching off cookies in your browser settings. However, this can restrict the functions of our online service. We therefore also recommend the following opt-out options, which are offered in summary for the respective areas:
    a) Europe: https://youronlinechoices.eu.
    b) Canada: https://www.youradchoices.ca/choices.
    c) USA: https://www.aboutads.info/choices.
    d) Cross-regional: https://optout.aboutads.info
  • Storage period: The user and event data collected by Google Tag Manager will be deleted within a period of 26 months. We have no influence on the storage period of your data, which is stored by the operators of the advertising platforms for their own purposes. For details, please contact the operators of the tools directly.

Used services and service providers:

  • Google Tag Manager
    Google Tag Manager is a solution with which we manage website tags via an interface and thus integrate other services into our online service (please refer to further information in this data protection policy). With the Tag Manager itself (which implements the tags) no user profiles are created or cookies are stored. Google only learns the user’s IP address, which is necessary to run Google Tag Manager.
    Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
    Website: https://marketingplatform.google.com
    Data protection policy: https://policies.google.com/privacy
  • Google Analytics:
    Online Marketing and Web Analysis.
    Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
    Website: https://marketingplatform.google.com/about/analytics/
    Data protection policy: https://policies.google.com/privacy
    Opt-out:
    Opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=en
    Settings for the display of advertisements: https://adssettings.google.com/authenticated
    Another way to object to web analysis by Google Analytics is to not allow cookies from Google Analytics. You can use the following “Borlabs” switch to specify whether you want to allow analysis by Google Analytics (On) or not (Off).
  • Google Signals
    We use the “Google Signals” service within Google Analytics. This extends existing Google Analytics functions to merge cross-device data. This only affects users who have agreed to personalized ads in their Google account.
    Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Mother Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
    Website: https://marketingplatform.google.com
    Privacy Policy: https://policies.google.com/privacy.
  • Google Ads and conversion measurement
    We use the online marketing process “Google Ads” to place advertisements in the Google advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who are suspected of being interested in the ads. We also measure the conversion of the ads. However, we only learn the anonymous total number of users who clicked on our ad and were forwarded to a page with a so-called “conversion tracking tag”. However, we do not receive any information that could be used to identify users.
    Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
    Website: https://marketingplatform.google.com
    Data protection policy: https://policies.google.com/privacy
  • Meta Pixel and Target Group Formation (Custom Audiences) (integrated via Google Tag Manager)
    Service provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, parent company: Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA
    website: https://about.meta.com/de/
    Privacy Policy: https://www.facebook.com/about/privacy
    Opt-out: https://www.facebook.com/settings?tab=ads
  • LinkedIn (integrated via Google Tag Manager)
    Insights Tag/Conversion Measurement.
    Service provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
    Website: https://www.linkedin.com
    Security measures: IP masking (pseudonymization of the IP address)
    Data protection policy: https://www.linkedin.com/legal/privacy-policy
    Cookie Policy: https://www.linkedin.com/legal/cookie-policy
    Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
  • Microsoft Advertising (integrated via Google Tag Manager)
    Temarketing/Conversion Measurement.
    Service Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
    Website: https://about.ads.microsoft.com/
    Privacy Policy: https://privacy.microsoft.com/privacystatement/
    Opt-out: https://choice.microsoft.com/opt-out.
  • X (integrated via Google Tag Manager)
    X Marketing and Advertisements
    Service provider: Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
    Website: https://x.com/
    Data protection policy: https://x.com/de/privacy
    Opt-out: https://x.com/settings/account/personalization
  • Capterra (integrated via Google Tag Manager)
    Capterra Conversion Tracking.
    Service Provider: Capterra Inc., 1201 Wilson Blvd, 9th Floor, Arlington, VA 22209
    Website: https://www.capterra.com/
    Privacy Policy: https://www.capterra.com/legal/privacy-policy

A contract for order processing under Article 28 GDPR was concluded with Google.

For Google, the information generated in the cookie is transferred to a Google server in the USA (third country) and stored there. It is possible that Google uses this data for any of its own purposes and links it to other data records, e.g., your search history or your personal accounts known to Google. We have no influence on this data processing. The data processing is mainly done by Google. An adequate level of data protection for data transfers to the USA is guaranteed by the certification of Google under the adequacy decision (EU-U.S. Data Privacy Framework).

Plug-Ins from Other Platforms

We use plug-ins from various other platforms, e.g. social media, on our website. The purpose is to increase the level of awareness of our services or to access content. Your data will not be transferred solely by accessing our website because we rely on the Easy Social Share solution when using social media plug-ins. This gives you the opportunity to share our content. However, a data transfer takes place once you click on the corresponding button. The legal basis for this is Art. 6, Para. 1, Sent. 1(f) GDPR.

Our legitimate interest lies in presenting our content to a wide audience and providing you the opportunity to express your opinion.

Please note that clicking a share icon or an embedded YouTube video will result in certain data being transferred to the respective social media service provider, for example:

  • the address of the website where the activated social plug-in is located,
  • date and time the website was accessed or the social plug-in was activated,
  • information about the browser and operating system used,
  • your current IP address.

If you are already logged in to the corresponding social media service at the time the social plug-in is activated, the social media service provider is also able to determine your user name and possibly even your real name from the above data.

This data can also be processed by the social media service provider in countries outside the European Union. We have no influence on the scope, type and purpose of data processing by the social media service provider. Please note that the social media service provider is able to create anonymous and even individualized user profiles with the above mentioned data.

ReCaptcha

We incorporate the “reCaptcha” function to detect bots, for example, when entering online forms and when registering for trials. We use reCaptcha V2. The behavior data of the users (e.g., mouse movements or queries) are evaluated in order to be able to differentiate between people and bots.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Website: https://www.google.com/recaptcha/
Data protection policy: https://policies.google.com/privacy
Opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=en

Youtube

On some subpages of our website, we embed YouTube videos that are not stored on our servers.

Accessing these subpages does not directly result in content from YouTube being loaded. Only if you give us your consent in accordance with Art. 6 para. 1 lit. a) GDPR in conjunction with § 25 para. 1 TDDDG will the corresponding content be reloaded. In this context, YouTube receives your IP address, which is technically required to retrieve the content. In principle, we have no influence on further data processing by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94943, USA. However, when embedding the videos, we have taken care to activate the extended data protection mode offered by YouTube.

With regard to Google in the USA, an appropriate level of data protection is guaranteed on the basis of the adequacy decision (EU-U.S. Data Privacy Framework). Further information on the handling of user data can be found in YouTube’s privacy policy at: https://policies.google.com/privacy

Please note: If you play a YouTube video on our site, this will be considered consent in the sense described above, even if you have not previously given your consent in the Consent Management Tool. You can revoke your consent at any time in the cookie settings.

Google Maps

On some subpages, we embed maps from the Google Maps service that are not stored on our servers.

Accessing these subpages does not yet result in content from Google Maps being loaded. Only if you give us your consent in accordance with Art. 6 para. 1 lit. a) GDPR in conjunction with § 25 para. 1 TDDDG will the corresponding content be reloaded. In this context, Google receives the information that you have accessed our site as well as the usage data technically required in this context. In principle, we have no influence on further data processing by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94943, USA.

With regard to Google in the USA, an appropriate level of data protection is guaranteed on the basis of the adequacy decision (EU-U.S. Data Privacy Framework). Further information on the handling of user data can be found in Google’s privacy policy at: https://policies.google.com/privacy

Please note: If you click on a Google Maps map on our website, this will be considered consent in the sense described above, even if you have not previously given your consent in the Consent Management Tool. You can revoke your consent at any time in the cookie settings.

Sending of Marketing Emails and Newsletters

Our website offers you several ways to subscribe to marketing emails:

  • When you request various content (such as a white paper), it is necessary to provide an email address. Once you have registered for the content, you will be able to access the download and will receive an email with the opportunity to opt-in to the newsletter.
  • There are several pages on the website where you can complete a form to opt-in to the newsletter.

To ensure data protection-compliant consent, the newsletter subscription uses a double opt-in procedure. After entering your email address, you will receive a confirmation email with a corresponding link. This will confirm your subscription to the newsletters. With this we verify that you are the owner of the email address provided, and that you agree to receive the newsletter. Additional data is only collected on a voluntary basis.

The legal basis for data processing for the purpose of sending marketing emails is your consent in accordance with Art. 6 para. 1 sent. 1(a) GDPR. The objective of data processing when ordering marketing emails is to inform our interested parties of new offers and relevant topics concerning our software applications.

The legal basis for data processing on the marketing platforms is your consent in accordance with Art. 6 para. 1 sent. 1(a) GDPR.

Subscriptions to marketing emails are logged so that the process can be verified in accordance with legal requirements. This includes the storage of both time of registration and time of confirmation. Changes to your stored data are also logged. Your data will be deleted immediately if you request this (e.g. by sending an email to info@itdesign.de).

For marketing emails, we use marketing service providers. For this purpose, data processing agreements have been concluded with these providers.

Our service providers use cookies. These are small files that are automatically created by your browser and stored on your device. The cookie stores information about your specific use of the newsletter. The generated information, including your IP address, will be transfered to a German server.

The newsletters contain tracking pixels. This is a miniature graphic which shows us whether the newsletter was opened by you or not. Within the scope of this tracking, technical information such as information on the browser and your system, the terminal device and the mail client used, as well as your IP address and time of retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined by means of the IP address) or the access times.

The statistical analysis also include determining whether the newsletters are opened, when they are opened, which links are clicked and whether the delivery of the emails was successful. In addition, the reading duration is recorded, although this is only done on a target group basis.

You can revoke your consent to receive future marketing emails at any time. You can unsubscribe to this service by clicking the unsubscribe link included in every newsletter, in your personal mailing profile or by sending an email to info@itdesign.de. This does not affect our right to previously processed data.

We do not transfer your data to third parties.

Data Collection from Mail/Email Messages and Registration/Contact Forms

We may collect additional data voluntarily provided by you in various ways, such as through a contact request using the contact form, an inquiry via email, telephone or mail, or when requesting and activating a trial version. The basis for collecting and processing your data is pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. Our legitimate interest lies in answering customer requests, providing uncomplicated and secure communication channels for data protection as well as the non-binding provision of our trial software. The data required for this can be found in the mandatory fields of the corresponding forms. Any other data provided will be determined by you. The data collected here will only be used to answer your inquiry or to provide you with the corresponding demonstration software.

When responding to requests, we use carefully selected data processors. These contractors process the data on our behalf and are subject to the provisions laid out in Art 28 GDPR. We erase the data when it is no longer required for the aforementioned processing purposes and no statutory retention obligations prevent erasure. In the case of requests from countries outside the EU or EEA (so-called third countries), your data may be transferred to one of our partners outside the EU or EEA.

Video Conferencing, Online Meetings, Webinars and Screen Sharing

We use platforms and applications from other providers (hereinafter referred to as “third-party providers”) for the purpose of holding video and audio conferences, webinars and other types of video and audio meetings. When selecting third-party providers and their services, we observe the legal requirements.

If you communicate with us via video or audio conference via the Internet, GoToMeeting or Microsoft Teams, or if you receive an invitation to use Microsoft 365 (e.g., Microsoft Teams, Microsoft SharePoint online), your personal data will be processed by us and by the provider of the respective conference tools.

In this context, data of the participants are processed and stored on the servers of the third-party providers, insofar as they are part of communication processes with us. This data can include, in particular, registration and contact data, visual and vocal contributions as well as entries in chats and the content of shared screens.

If users are referred to third-party providers or to their software or platforms in the context of communication, business or other relationships with us, the third-party providers can process usage data and metadata for security purposes, service optimization or marketing purposes. We therefore ask you to observe the data protection information of the respective third-party provider.

Notes on legal bases: If we ask users for their consent to the use of third-party providers or certain functions (e.g., consent to the recording of conversations), the legal basis for processing is consent. Furthermore, their use can be part of our (pre)contractual services, provided that the use of third-party providers has been agreed on in this context. Otherwise, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners.

  • Processed data types: inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., entries in online forms), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
    Furthermore, the provider of the tool processes all technical data required to handle online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker as well as the type of connection.
  • Affected persons: communication partners, users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of contractual services and customer service, contact requests and communication, office and organizational procedures.
  • Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), contract fulfillment and precontractual inquiries (Art. 6 Para. 1 S. 1 lit. b.GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit.f.GDPR).
  • Storage period: The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete them, revoke your consent to storage or the purpose for data storage no longer applies. Saved cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.
    We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Used services and service providers:

Contracts for order processing under Article 28 GDPR were concluded with the service providers GoToMeeting and Microsoft.

With GoToMeeting and GoToWebinar, data is transferred to contractual partners from the EU. With this processing of your data, it may be transferred to countries outside the EU or EEA (so-called third countries). As far as necessary, standard contractual clauses have been concluded with the respective service providers.

In the case of Microsoft Teams, the processed data is transferred to a Microsoft server in the USA (third country) and stored there. For the USA, there is no adequacy decision by the European Commission and therefore no data protection level comparable to that of the European Union, so that, in particular, the exercise of data subject rights is more difficult and access to the data by state authorities cannot be ruled out. We have concluded standard contractual clauses with Microsoft, by means of which Microsoft is obliged to comply with European data protection standards. Please contact our data protection officer if you would like more information or copies.

Non-Obligatory Provision of Personal Data

The provision of personal data is not required by law or contract nor is it necessary for the conclusion of a contract, unless otherwise stated in the above list. There is no obligation to provide personal data unless otherwise stated. Failure to provide personal information may result in us not being able to respond to your contact requests, provide you with all the features of our website or allow you to use our software free of charge.

Rights with Regards to Our Data Processing

You have the following rights with regards to our processing your personal data:

  • Withdrawal of consent: If your data is processed on the basis of consent, e.g. within the scope of Art. 6, Para. 1, Sent. 1(a) GDPR, you can withdraw your consent to the processing of your data at any time. The lawfulness of any previous processing remains unaffected.
  • Objection (Art. 21 GDPR): Provided that data is processed based on a legitimate interest pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR, you nevertheless have the right to object to the processing of your personal data. The corresponding processing would therefore be discontinued, provided that our compelling interest does not surpass your interests.
  • Data access (Art. 15, Para. 1 GDPR): You have the right to obtain information on your personal data free of charge.
  • Rectification (Art. 16 GDPR): You have the right to rectify inaccurate data and to have incomplete data completed, taking into account the purposes of the processing.
  • Erasure (Art. 17 GDPR): You have the right to the deletion of your personal data or to the Restriction (Art. 18 GDPR) of its processing if deletion is not legally possible.
  • Data portability (Art. 20 GDPR): You have the right to receive your personal data in a commonly used and machine-readable format.
  • Right of appeal: You have the right to appeal to a regulatory agency. The data protection supervisory authority responsible is that of the federal state in which you live or in which the person responsible is based.

Please contact our Data Protection Officer if you have any questions.

Your battery is almost empty.