Privacy Policy

Scope and version

This Privacy Policy is to inform you about how we collect and process data with respect to the services available at itdesign.de and its subdomains. This version of the Privacy Policy is effective as of Nov 5th, 2018. The use of the application may be subject to additional provision.

Service Authority and Data Protection Officer

The service that is described herein is provided by:

itdesign GmbH
Friedrichstr. 12
72072 Tübingen
Deutschland

Our external Data Protection Officer is:

Dr. iur. Christian Borchers
Datenschutz Süd GmbH
Wörthstrasse 15
97082 Würzburg
office ( at ) datenschutz-sued.de

Cookies

We use cookies on our site. These are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. The cookie stores information about the specific end user device that was used to access the site.  However, the information that is stored in the cookie does not allow us to determine your exact identity.

One of the purposes of using cookies is to make it easier for you to use our service. For example, we use what are called session cookies to recognize when you have already visited individual pages on our website. These are automatically deleted after leaving our website.

We also use temporary cookies that are stored on your device for a specified period of time in order to improve usability. If you re-visit our site in order to use our services, it will automatically be recognized that you have visited us before, as well as which entries and settings you have made to avoid having to re-enter them. Cookies help make the website more user-friendly (e.g. storing login data), control the display of advertisements and can recognize users who have been directed to us by certain partners. Cookies are also used to collect statistical data on website usage and analyze it in order to improve the website.

You have control over how cookies are used on your device. Most browsers have an option that will allow you to restrict or completely prevent the storage of cookies. Please note, however, that without cookies, the usage and in particular the usability can be limited.

Server logs

All requests to our server are stored in server logs. The legal basis for the collection of the following data is a legitimate interest pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR in ensuring a secure and unhindered internet site. It is necessary to maintain our service, provide error diagnoses and prevent attacks.

These logs include the following information:

URL of the website or file accessed, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, user’s operating system, referrer URL, IP address and the requesting provider.

We do not share this information with third parties. The data collected here will be stored for a maximum of 365 days and will then be made anonymous or deleted. This also applies to the unabridged IP addresses.

Applicant Management

Our Privacy Policy for Applicant Management can be found  here (available in German).

Data Processing of Business Partners and Customers

itdesign GmbH processes the contact information of customer representatives, interested parties, service providers and other business partners in order to communicate via email, telephone, fax, post and for other contractual transactions. The legal basis for processing personal data of contacts who are not direct contractual partners is pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. This legitimate interest by itdesign GmbH is based on the intention to conduct or initiate a business relationship with customers, interested parties, service providers and other business partners, and to maintain personal contact with business representatives. The legal basis for the processing of personal data (e.g. invoice data) of direct contractual partners (e.g. sole proprietors) is pursuant to Art. 6, Para. 1, Sent. 1(b) GDPR. The data processed here is exclusively used for the fulfillment of the contract.

We do not transfer your personal data to third parties. Within our company, your personal data will be processed on the intention to conduct or initiate a business relationship. 

Personal data is stored as long as it is needed for business purposes or a legitimate interest to re-establish contact exists.

Analysis by Matomo

We use Matomo (formerly Piwik) for web analytics, a service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769, (“Matomo”) using cookie technology. Our interest is based on Art. 6 (1) lit. (f) DSGVO. The protection of your data is important to us, which is why we have additionally configured Matomo in such a way that your IP address is only recorded in shortened form. We therefore process your personal usage data anonymously. It is not possible for us to draw conclusions about your person. The data is automatically deleted after 744 days. For more information on the terms of use of Matomo and the data protection regulations, please visit: https://matomo.org/privacy/.

To change your current cookie preferences and allow or disallow analysis by Matomo you can open the cookie settings here.

Cookie Settings

Google Fonts

Some pages of our website include fonts (“Google Fonts”) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google does not collect any data because these fonts are downloaded from an internal company server.

Plug-Ins from Other Platforms

We use plug-ins from various other platforms, e.g. social media, on our website. The purpose is to increase the level of awareness of our services or to access content. Your data will not be transferred solely by accessing our website because we rely on the Easy Social Share solution when using social media plug-ins. This gives you the opportunity to share our content. However, a data transfer takes place once you click on the corresponding button. The legal basis for this is Art. 6, Para. 1, Sent. 1(f) GDPR.

Our legitimate interest lies in presenting our content to a wide audience and providing you the opportunity to express your opinion.

Please note that clicking a share icon or an embedded YouTube video will result in certain data being transferred to the respective social media service provider, for example:

  • the address of the website where the activated social plug-in is located,
  • date and time the website was accessed or the social plug-in was activated,
  • information about the browser and operating system used,
  • your current IP address.

If you are already logged in to the corresponding social media service at the time the social plug-in is activated, the social media service provider is also able to determine your user name and possibly even your real name from the above data.

This data can also be processed by the social media service provider in countries outside the European Union. We have no influence on the scope, type and purpose of data processing by the social media service provider. Please note that the social media service provider is able to create anonymous and even individualized user profiles with the above mentioned data.

ReCaptcha

We incorporate the “reCaptcha” function to detect bots, for example, when entering online forms and when registering for trials. We use reCaptcha V2. The behavior data of the users (e.g., mouse movements or queries) are evaluated in order to be able to differentiate between people and bots.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Website: https://www.google.com/recaptcha/
Data protection policy: https://policies.google.com/privacy
Opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=en

Sending of Marketing Emails and Newsletters

Our website offers you several ways to subscribe to marketing emails:

  • When you request various content (such as a white paper), it is necessary to provide an email address. Once you have registered for the content, you will be able to access the download and will receive an email with the opportunity to opt-in to the newsletter.
  • There are several pages on the website where you can complete a form to opt-in to the newsletter.

To ensure data protection-compliant consent, the newsletter subscription uses a double opt-in procedure. After entering your email address, you will receive a confirmation email with a corresponding link. This will confirm your subscription to the newsletters. With this we verify that you are the owner of the email address provided, and that you agree to receive the newsletter. Additional data is only collected on a voluntary basis.

The legal basis for data processing for the purpose of sending marketing emails is your consent in accordance with Art. 6 para. 1 sent. 1(a) GDPR. The objective of data processing when ordering marketing emails is to inform our interested parties of new offers and relevant topics concerning our software applications.

The legal basis for data processing on the marketing platforms is your consent in accordance with Art. 6 para. 1 sent. 1(a) GDPR.

Subscriptions to marketing emails are logged so that the process can be verified in accordance with legal requirements. This includes the storage of both time of registration and time of confirmation. Changes to your stored data are also logged. Your data will be deleted immediately if you request this (e.g. by sending an email to info@itdesign.de).

For marketing emails, we use marketing service providers. For this purpose, data processing agreements have been concluded with these providers.

Our service providers use cookies. These are small files that are automatically created by your browser and stored on your device. The cookie stores information about your specific use of the newsletter. The generated information, including your IP address, will be transfered to a German server.

The newsletters contain tracking pixels. This is a miniature graphic which shows us whether the newsletter was opened by you or not. Within the scope of this tracking, technical information such as information on the browser and your system, the terminal device and the mail client used, as well as your IP address and time of retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined by means of the IP address) or the access times.

The statistical analysis also include determining whether the newsletters are opened, when they are opened, which links are clicked and whether the delivery of the emails was successful. In addition, the reading duration is recorded, although this is only done on a target group basis.

You can revoke your consent to receive future marketing emails at any time. You can unsubscribe to this service by clicking the unsubscribe link included in every newsletter, in your personal mailing profile or by sending an email to info@itdesign.de. This does not affect our right to previously processed data.

We do not transfer your data to third parties.

Data Collection from Mail/Email Messages and Registration/Contact Forms

We may collect additional data voluntarily provided by you in various ways, such as through a contact request using the contact form, an inquiry via email, telephone or mail, or when requesting and activating a trial version. The basis for collecting and processing your data is pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. Our legitimate interest lies in answering customer requests, providing uncomplicated and secure communication channels for data protection as well as the non-binding provision of our trial software. The data required for this can be found in the mandatory fields of the corresponding forms. Any other data provided will be determined by you. The data collected here will only be used to answer your inquiry or to provide you with the corresponding demonstration software.

When responding to requests, we use carefully selected data processors. These contractors process the data on our behalf and are subject to the provisions laid out in Art 28 GDPR. We erase the data when it is no longer required for the aforementioned processing purposes and no statutory retention obligations prevent erasure. In the case of requests from countries outside the EU or EEA (so-called third countries), your data may be transferred to one of our partners outside the EU or EEA.

Video Conferencing, Online Meetings, Webinars and Screen Sharing

We use platforms and applications from other providers (hereinafter referred to as “third-party providers”) for the purpose of holding video and audio conferences, webinars and other types of video and audio meetings. When selecting third-party providers and their services, we observe the legal requirements.

If you communicate with us via video or audio conference via the Internet, GoToMeeting or Microsoft Teams, or if you receive an invitation to use Microsoft 365 (e.g., Microsoft Teams, Microsoft SharePoint online), your personal data will be processed by us and by the provider of the respective conference tools.

In this context, data of the participants are processed and stored on the servers of the third-party providers, insofar as they are part of communication processes with us. This data can include, in particular, registration and contact data, visual and vocal contributions as well as entries in chats and the content of shared screens.

If users are referred to third-party providers or to their software or platforms in the context of communication, business or other relationships with us, the third-party providers can process usage data and metadata for security purposes, service optimization or marketing purposes. We therefore ask you to observe the data protection information of the respective third-party provider.

Notes on legal bases: If we ask users for their consent to the use of third-party providers or certain functions (e.g., consent to the recording of conversations), the legal basis for processing is consent. Furthermore, their use can be part of our (pre)contractual services, provided that the use of third-party providers has been agreed on in this context. Otherwise, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners.

  • Processed data types: inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., entries in online forms), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
    Furthermore, the provider of the tool processes all technical data required to handle online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker as well as the type of connection.
  • Affected persons: communication partners, users (e.g., website visitors, users of online services).
  • Purposes of processing: Provision of contractual services and customer service, contact requests and communication, office and organizational procedures.
  • Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), contract fulfillment and precontractual inquiries (Art. 6 Para. 1 S. 1 lit. b.GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit.f.GDPR).
  • Storage period: The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete them, revoke your consent to storage or the purpose for data storage no longer applies. Saved cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.
    We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Used services and service providers:

Contracts for order processing under Article 28 GDPR were concluded with the service providers GoToMeeting and Microsoft.

With GoToMeeting and GoToWebinar, data is transferred to contractual partners from the EU. With this processing of your data, it may be transferred to countries outside the EU or EEA (so-called third countries). As far as necessary, standard contractual clauses have been concluded with the respective service providers.

In the case of Microsoft Teams, the processed data is transferred to a Microsoft server in the USA (third country) and stored there. For the USA, there is no adequacy decision by the European Commission and therefore no data protection level comparable to that of the European Union, so that, in particular, the exercise of data subject rights is more difficult and access to the data by state authorities cannot be ruled out. We have concluded standard contractual clauses with Microsoft, by means of which Microsoft is obliged to comply with European data protection standards. Please contact our data protection officer if you would like more information or copies.

Non-Obligatory Provision of Personal Data

The provision of personal data is not required by law or contract nor is it necessary for the conclusion of a contract, unless otherwise stated in the above list. There is no obligation to provide personal data unless otherwise stated. Failure to provide personal information may result in us not being able to respond to your contact requests, provide you with all the features of our website or allow you to use our software free of charge.

Rights with Regards to Our Data Processing

You have the following rights with regards to our processing your personal data:

  • Withdrawal of consent: If your data is processed on the basis of consent, e.g. within the scope of Art. 6, Para. 1, Sent. 1(a) GDPR, you can withdraw your consent to the processing of your data at any time. The lawfulness of any previous processing remains unaffected.
  • Objection (Art. 21 GDPR): Provided that data is processed based on a legitimate interest pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR, you nevertheless have the right to object to the processing of your personal data. The corresponding processing would therefore be discontinued, provided that our compelling interest does not surpass your interests.
  • Data access (Art. 15, Para. 1 GDPR): You have the right to obtain information on your personal data free of charge.
  • Rectification (Art. 16 GDPR): You have the right to rectify inaccurate data and to have incomplete data completed, taking into account the purposes of the processing.
  • Erasure (Art. 17 GDPR): You have the right to the deletion of your personal data or to the Restriction (Art. 18 GDPR) of its processing if deletion is not legally possible.
  • Data portability (Art. 20 GDPR): You have the right to receive your personal data in a commonly used and machine-readable format.
  • Right of appeal: You have the right to appeal to a regulatory agency. The data protection supervisory authority responsible is that of the federal state in which you live or in which the person responsible is based.

Please contact our Data Protection Officer if you have any questions.