Privacy Policy

Scope and version

This Privacy Policy is to inform you about how we collect and process data with respect to the services available at itdesign.de and its subdomains. This version of the Privacy Policy is effective as of Nov 5th, 2018. The use of the application may be subject to additional provision.

Service Authority and Data Protection Officer

The service that is described herein is provided by:

itdesign GmbH
Friedrichstr. 12
72072 Tübingen
Deutschland

Our external Data Protection Officer is:

Dr. iur. Christian Borchers
Datenschutz Süd GmbH
Wörthstrasse 15
97082 Würzburg
office ( at ) datenschutz-sued.de

Cookies

We use cookies on our site. These are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. The cookie stores information about the specific end user device that was used to access the site.  However, the information that is stored in the cookie does not allow us to determine your exact identity.

One of the purposes of using cookies is to make it easier for you to use our service. For example, we use what are called session cookies to recognize when you have already visited individual pages on our website. These are automatically deleted after leaving our website.

We also use temporary cookies that are stored on your device for a specified period of time in order to improve usability. If you re-visit our site in order to use our services, it will automatically be recognized that you have visited us before, as well as which entries and settings you have made to avoid having to re-enter them. Cookies help make the website more user-friendly (e.g. storing login data), control the display of advertisements and can recognize users who have been directed to us by certain partners. Cookies are also used to collect statistical data on website usage and analyze it in order to improve the website.

You have control over how cookies are used on your device. Most browsers have an option that will allow you to restrict or completely prevent the storage of cookies. Please note, however, that without cookies, the usage and in particular the usability can be limited.

Server logs

All requests to our server are stored in server logs. The legal basis for the collection of the following data is a legitimate interest pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR in ensuring a secure and unhindered internet site. It is necessary to maintain our service, provide error diagnoses and prevent attacks.

These logs include the following information:

URL of the website or file accessed, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, user’s operating system, referrer URL, IP address and the requesting provider.

We do not share this information with third parties. The data collected here will be stored for a maximum of 365 days and will then be made anonymous or deleted. This also applies to the unabridged IP addresses.

Applicant Management

Our Privacy Policy for Applicant Management can be found  here (available in German).

Data Processing of Business Partners and Customers

itdesign GmbH processes the contact information of customer representatives, interested parties, service providers and other business partners in order to communicate via email, telephone, fax, post and for other contractual transactions. The legal basis for processing personal data of contacts who are not direct contractual partners is pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. This legitimate interest by itdesign GmbH is based on the intention to conduct or initiate a business relationship with customers, interested parties, service providers and other business partners, and to maintain personal contact with business representatives. The legal basis for the processing of personal data (e.g. invoice data) of direct contractual partners (e.g. sole proprietors) is pursuant to Art. 6, Para. 1, Sent. 1(b) GDPR. The data processed here is exclusively used for the fulfillment of the contract.

We do not transfer your personal data to third parties. Within our company, your personal data will be processed on the intention to conduct or initiate a business relationship. Your personal data will not be processed outside the EU or EEA.

Personal data is stored as long as it is needed for business purposes or a legitimate interest to re-establish contact exists.

Analysis by Google Analytics

We use Google Analytics, a web analysis service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for the purpose of customizing the design and continuous optimization of our website and sub-pages (Help Center). For this purpose, we create anonymous user profiles and use cookies. The legal basis for this data collection is our legitimate interest pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. The data processing is used to analyze user behavior in order to improve our marketing strategies and website offerings. Our legitimate interest lies in improving our services and acquiring new customers. Google Analytics collects information, including:

Browser type and version, browser language, operating system used, geographic origin, page views, time stamps, previously visited pages, interaction with page elements such as forms, search queries, service providers, and data submitted by search engines or advertising platforms.

These are generally transferred to and stored on a Google server in the USA. Google’s participation in the US Privacy Shield ensures a consistent level of data protection. We have entered into a data processing agreement with Google pursuant to Art. 28 of the GDPR. Google Analytics is integrated with the Google Tag Manager service. IP addresses can be anonymized using their settings, but complete anonymization of the collected data will not take place.

For more information on data protection related to Google Analytics, please refer to Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en).

You may deny the installation of cookies by setting the browser software accordingly; however, please note that in this case not all functions of this website will be fully available.

You can also prohibit the collection of data generated by cookies and concerning your use of the website (including your IP address) as well as Google’s processing of this data by downloading and installing a browser add-on at (https://tools.google.com/dlpage/gaoptout?hl=en).

Another way to opt out of web analysis by Google Analytics is to set an opt-out cookie instructing Google not to store or use your data for web analysis purposes. Please note that with this solution, the web analysis will not take place for only as long as the opt-out cookie is stored by the browser. If you would like to set the opt-out cookie now, please click here:

Opt-out of Google Analytics

We use this data to maintain and improve our website, evaluate user interaction with the website and evaluate our marketing strategies. The data received via Google Analytics may be combined with other data, e.g. data that you voluntarily provide us through the website. See section entitled “Combining Data”.

The user and activity data that we receive from Google Analytics are deleted within 36 months.

Analysis by wiredminds

Our website uses a counting pixel technology provided by wiredminds GmbH (www.wiredminds.de) to analyze visitor behavior. If necessary, data is collected, processed and stored, from which user profiles are created under a pseudonym. Wherever possible and reasonable, these usage profiles are completely anonymized. Cookies can be used for this purpose. Cookies are small text files that are stored in the visitor’s internet browser and serve to recognize the internet browser. The collected data, which may also contain personal data, will be transmitted to wiredminds or collected directly by wiredminds. wiredminds may use information that is left by visiting the websites to create anonymized usage profiles. The data obtained without explicit consent of the affected person will not be used to personally identify the visitor of this website and will not be merged with personal data of the bearer of the pseudonym. Whenever IP addresses are recorded, their immediate anonymization takes place by deleting the last number block.

Permission for data collection, processing and storage can be revoked at any time with effect for the future under the following link:

Exclude from tracking.

Google Fonts

Some pages of our website include fonts (“Google Fonts”) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google does not collect any data because these fonts are downloaded from an internal company server.

Plug-Ins from Other Platforms

We use plug-ins from various other platforms, e.g. social media, on our website. The purpose is to increase the level of awareness of our services or to access content. Your data will not be transferred solely by accessing our website because we rely on the Easy Social Share solution when using social media plug-ins. This gives you the opportunity to share our content. However, a data transfer takes place once you click on the corresponding button. The legal basis for this is Art. 6, Para. 1, Sent. 1(f) GDPR.

Our legitimate interest lies in presenting our content to a wide audience and providing you the opportunity to express your opinion.

Please note that clicking a share icon or an embedded YouTube video will result in certain data being transferred to the respective social media service provider, for example:

  • the address of the website where the activated social plug-in is located,
  • date and time the website was accessed or the social plug-in was activated,
  • information about the browser and operating system used,
  • your current IP address.

If you are already logged in to the corresponding social media service at the time the social plug-in is activated, the social media service provider is also able to determine your user name and possibly even your real name from the above data.

This data can also be processed by the social media service provider in countries outside the European Union. We have no influence on the scope, type and purpose of data processing by the social media service provider. Please note that the social media service provider is able to create anonymous and even individualized user profiles with the above mentioned data.

Sending of Marketing Emails and Newsletters

Our website offers you several ways to subscribe to marketing emails:

  • When you request various content (such as a white paper), it is necessary to provide an email address. Once you have registered for the content, you will be able to access the download and will receive an email with the opportunity to opt-in to the newsletter.
  • There are several pages on the website where you can complete a form to opt-in to the newsletter.

To ensure data protection-compliant consent, the newsletter subscription uses a double opt-in procedure. After entering your email address, you will receive a confirmation email with a corresponding link. This will confirm your subscription to the newsletters. With this we verify that you are the owner of the email address provided, and that you agree to receive the newsletter. Additional data is only collected on a voluntary basis.

The legal basis for data processing for the purpose of sending marketing emails is your consent in accordance with Art. 6 para. 1 sent. 1(a) GDPR. The objective of data processing when ordering marketing emails is to inform our interested parties of new offers and relevant topics concerning our software applications.

The legal basis for data processing on the marketing platform Evalanche is your consent in accordance with Art. 6 para. 1 sent. 1(a) GDPR.

Subscriptions to marketing emails are logged so that the process can be verified in accordance with legal requirements. This includes the storage of both time of registration and time of confirmation. Changes to your stored data are also logged. Your data will be deleted immediately if you request this (e.g. by sending an email to info@itdesign.de).

For marketing emails, we use Evalanche, a service of SC-Networks GmbH (Enzianstr. 2, 82319 Starnberg). For this purpose, a data processing agreement has been concluded with this provider.

Evalanche uses cookies. These are small files that are automatically created by your browser and stored on your device. The cookie stores information about your specific use of the newsletter. The generated information, including your IP address, will be transfered to a German server.

The newsletters contain tracking pixels. This is a miniature graphic which shows us whether the newsletter was opened by you or not. Within the scope of this tracking, technical information such as information on the browser and your system, the terminal device and the mail client used, as well as your IP address and time of retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined by means of the IP address) or the access times.

The statistical analysis also include determining whether the newsletters are opened, when they are opened, which links are clicked and whether the delivery of the emails was successful. In addition, the reading duration is recorded, although this is only done on a target group basis.

You can revoke your consent to receive future marketing emails at any time. You can unsubscribe to this service by clicking the unsubscribe link included in every newsletter, in your personal mailing profile or by sending an email to info@itdesign.de. This does not affect our right to previously processed data.

We do not transfer your data to third parties.

Data Collection from Mail/Email Messages and Registration/Contact Forms

We may collect additional data voluntarily provided by you in various ways, such as through a contact request using the contact form, an inquiry via email, telephone or mail, or when requesting and activating a trial version. The basis for collecting and processing your data is pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR. Our legitimate interest lies in answering customer requests, providing uncomplicated and secure communication channels for data protection as well as the non-binding provision of our trial software. The data required for this can be found in the mandatory fields of the corresponding forms. Any other data provided will be determined by you. The data collected here will only be used to answer your inquiry or to provide you with the corresponding demonstration software.

Non-Obligatory Provision of Personal Data

The provision of personal data is not required by law or contract nor is it necessary for the conclusion of a contract, unless otherwise stated in the above list. There is no obligation to provide personal data unless otherwise stated. Failure to provide personal information may result in us not being able to respond to your contact requests, provide you with all the features of our website or allow you to use our software free of charge.

Rights with Regards to Our Data Processing

You have the following rights with regards to our processing your personal data:

  • Withdrawal of consent: If your data is processed on the basis of consent, e.g. within the scope of Art. 6, Para. 1, Sent. 1(a) GDPR, you can withdraw your consent to the processing of your data at any time. The lawfulness of any previous processing remains unaffected.
  • Objection (Art. 21 GDPR): Provided that data is processed based on a legitimate interest pursuant to Art. 6, Para. 1, Sent. 1(f) GDPR, you nevertheless have the right to object to the processing of your personal data. The corresponding processing would therefore be discontinued, provided that our compelling interest does not surpass your interests.
  • Data access (Art. 15, Para. 1 GDPR): You have the right to obtain information on your personal data free of charge.
  • Rectification (Art. 16 GDPR): You have the right to rectify inaccurate data and to have incomplete data completed, taking into account the purposes of the processing.
  • Erasure (Art. 17 GDPR): You have the right to the deletion of your personal data or to the Restriction (Art. 18 GDPR) of its processing if deletion is not legally possible.
  • Data portability (Art. 20 GDPR): You have the right to receive your personal data in a commonly used and machine-readable format.
  • Right of appeal: You have the right to appeal to a regulatory agency. The data protection supervisory authority responsible is that of the federal state in which you live or in which the person responsible is based.

Please contact our Data Protection Officer if you have any questions.