Scope and version
Legal Basis for the Processing of Personal Data
All requests to our server are stored in server logs. The legal basis for the collection of the following data is a legitimate interest pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR in ensuring a secure and unhindered internet site. It is necessary to maintain our service, provide error diagnoses and prevent attacks.
These logs include the following information:
URL of the website or file accessed, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, user’s operating system, referrer URL, IP address and the requesting provider.
We do not share this information with third parties. The data collected here will be stored for a maximum of 365 days and will then be made anonymous or deleted. This also applies to the unabridged IP addresses.
Data Processing of Business Partners and Customers
itdesign GmbH processes the contact information of customer representatives, interested parties, service providers and other business partners in order to communicate via email, telephone, fax, post and for other contractual transactions. The legal basis for processing personal data of contacts who are not direct contractual partners is pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. This legitimate interest by itdesign GmbH is based on the intention to conduct or initiate a business relationship with customers, interested parties, service providers and other business partners, and to maintain personal contact with business representatives. The legal basis for the processing of personal data (e.g. invoice data) of direct contractual partners (e.g. sole proprietors) is pursuant to Art. 6, Para. 1, Sent. 1(b) GDPR. The data processed here is exclusively used for the fulfillment of the contract.
We do not transfer your personal data to third parties. Within our company, your personal data will be processed on the intention to conduct or initiate a business relationship. Your personal data will not be processed outside the EU or EEA.
Personal data is stored as long as it is needed for business purposes or a legitimate interest to re-establish contact exists.
Analysis by Google Analytics
Browser type and version, browser language, operating system used, geographic origin, page views, time stamps, previously visited pages, interaction with page elements such as forms, search queries, service providers, and data submitted by search engines or advertising platforms.
These are generally transferred to and stored on a Google server in the USA. Google’s participation in the US Privacy Shield ensures a consistent level of data protection. We have entered into a data processing agreement with Google pursuant to Art. 28 of the GDPR. Google Analytics is integrated with the Google Tag Manager service. IP addresses can be anonymized using their settings, but complete anonymization of the collected data will not take place.
For more information on data protection related to Google Analytics, please refer to Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en).
You may deny the installation of cookies by setting the browser software accordingly; however, please note that in this case not all functions of this website will be fully available.
You can also prohibit the collection of data generated by cookies and concerning your use of the website (including your IP address) as well as Google’s processing of this data by downloading and installing a browser add-on at (https://tools.google.com/dlpage/gaoptout?hl=en).
Another way to opt out of web analysis by Google Analytics is to set an opt-out cookie instructing Google not to store or use your data for web analysis purposes. Please note that with this solution, the web analysis will not take place for only as long as the opt-out cookie is stored by the browser. If you would like to set the opt-out cookie now, please click here:
The user and activity data that we receive from Google Analytics are deleted within 36 months.
Analysis by wiredminds
Our website uses a counting pixel technology provided by wiredminds GmbH (www.wiredminds.de) to analyze visitor behavior. If necessary, data is collected, processed and stored, from which user profiles are created under a pseudonym. Wherever possible and reasonable, these usage profiles are completely anonymized. Cookies can be used for this purpose. Cookies are small text files that are stored in the visitor’s internet browser and serve to recognize the internet browser. The collected data, which may also contain personal data, will be transmitted to wiredminds or collected directly by wiredminds. wiredminds may use information that is left by visiting the websites to create anonymized usage profiles. The data obtained without explicit consent of the affected person will not be used to personally identify the visitor of this website and will not be merged with personal data of the bearer of the pseudonym. Whenever IP addresses are recorded, their immediate anonymization takes place by deleting the last number block.
Permission for data collection, processing and storage can be revoked at any time with effect for the future under the following link:
Some pages of our website include fonts (“Google Fonts”) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google does not collect any data because these fonts are downloaded from an internal company server.
Plug-Ins from Other Platforms
We use plug-ins from various other platforms, e.g. social media, on our website. The purpose is to increase the level of awareness of our services or to access content. Your data will not be transferred solely by accessing our website because we rely on the Easy Social Share solution when using social media plug-ins. This gives you the opportunity to share our content. However, a data transfer takes place once you click on the corresponding button. The legal basis for this is Art. 6, Para. 1, Sent. 1(f) GDPR.
Our legitimate interest lies in presenting our content to a wide audience and providing you the opportunity to express your opinion.
Please note that clicking a share icon or an embedded YouTube video will result in certain data being transferred to the respective social media service provider, for example:
- the address of the website where the activated social plug-in is located,
- date and time the website was accessed or the social plug-in was activated,
- information about the browser and operating system used,
- your current IP address.
If you are already logged in to the corresponding social media service at the time the social plug-in is activated, the social media service provider is also able to determine your user name and possibly even your real name from the above data.
This data can also be processed by the social media service provider in countries outside the European Union. We have no influence on the scope, type and purpose of data processing by the social media service provider. Please note that the social media service provider is able to create anonymous and even individualized user profiles with the above mentioned data.
Analysis Using Visual Website Optimizer
We use Visual Website Optimizer, a web analytics service from Wingify (Wingify, Inc., Delhi, India), hereinafter referred to as “VWO”. VWO is used to test and optimize the user-friendliness of our website. VWO collects anonymous statistics on user behavior. We have no way of associating these anonymous measurements with a person, for example through an IP address. In order to obtain meaningful test results, cookies are used: VWO stores user activities, device and browser information as well as a unique user ID (_vwo_uuid) in a cookie, but anonymizes both the IP address and personal content. The data is automatically deleted after 60 days. The legal basis for the storage of cookies is our legitimate interest pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. Our legitimate interest lies in the ability to provide a customer-friendly and optimized web service. You can delete cookies from your browser at any time. In addition, you can opt out of participating in the tests altogether by clicking on the following link: https://vwo.com/opt-out/.
The PIMS and ISMS certifications ensure a uniform level of data protection. A Data Processing Agreement has been concluded and signed with the service provider.
Additional information on data protection and GDPR compliance at VWO can be found here: https://vwo.com/platform/security-compliance/gdpr/.
Data Collection from Mail/Email Messages and Registration/Contact Forms
We may collect additional data voluntarily provided by you in various ways, such as through a contact request using the contact form, an inquiry via email, telephone or mail, or when requesting and activating a trial version. The basis for collecting and processing your data is pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. Our legitimate interest lies in answering customer requests, providing uncomplicated and secure communication channels for data protection as well as the non-binding provision of our trial software. The data required for this can be found in the mandatory fields of the corresponding forms. Any other data provided will be determined by you. The data collected here will only be used to answer your inquiry or to provide you with the corresponding demonstration software.
Non-Obligatory Provision of Personal Data
The provision of personal data is not required by law or contract nor is it necessary for the conclusion of a contract, unless otherwise stated in the above list. There is no obligation to provide personal data unless otherwise stated. Failure to provide personal information may result in us not being able to respond to your contact requests, provide you with all the features of our website or allow you to use our software free of charge.
Rights with Regards to Our Data Processing
You have the following rights with regards to our processing your personal data:
- Withdrawal of consent: If your data is processed on the basis of consent, e.g. within the scope of Art. 6, Para. 1, Sent. 1(a) GDPR, you can withdraw your consent to the processing of your data at any time. The lawfulness of any previous processing remains unaffected.
- Objection (Art. 21 GDPR): Provided that data is processed based on a legitimate interest pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR, you nevertheless have the right to object to the processing of your personal data. The corresponding processing would therefore be discontinued, provided that our compelling interest does not surpass your interests.
- Data access (Art. 15, Para. 1 GDPR): You have the right to obtain information on your personal data free of charge.
- Rectification (Art. 16 GDPR): You have the right to rectify inaccurate data and to have incomplete data completed, taking into account the purposes of the processing.
- Erasure (Art. 17 GDPR): You have the right to the deletion of your personal data or to the Restriction (Art. 18 GDPR) of its processing if deletion is not legally possible.
- Data portability (Art. 20 GDPR): You have the right to receive your personal data in a commonly used and machine-readable format.
- Right of appeal: You have the right to appeal to a regulatory agency. The data protection supervisory authority responsible is that of the federal state in which you live or in which the person responsible is based.
Please contact our Data Protection Officer if you have any questions.