SUBJECT AND SCOPE
We take the protection of your personal data very seriously. With this Privacy Policy, we would like to inform you about which personal data we collect and how and for what purposes it is processed.
This Privacy Policy applies to visits to our website and to various other data processing operations, for example also when you visit our social media pages, when you contact us, when we work with you as a customer or as a supplier or when you apply to work for us as an employee.
We always treat your personal data in accordance with the statutory data protection regulations and this Privacy Policy.
CONTROLLER AND DATA PROTECTION OFFICER
The Controller is APARAVI Software Europe GmbH, Lothstraße 5, 80335 Munich, Germany, telephone: +49 (0)89 7406 2578, e-mail: [email protected].
If you have any questions about data protection, you can contact our data protection officer at any time by e-mail at [email protected].
VISITING OUR WEBSITE
Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer. In order for the pages to be displayed in your browser, the IP address of the terminal device you are using must be processed. In addition, there is further information about the browser of your end device.
Ensuring the confidentiality and integrity of the personal data processed with our IT systems is of great importance to us. The data is also used to correct errors on the websites.
For these purposes, the following data is logged:
• IP address of the calling computer
• Operating system of the calling computer
• Browser version of the calling computer
• Name of the retrieved file
• Date and time of the retrieval
• Amount of data transferred
• Referring URL
This data is regularly deleted automatically after a few days.
Our websites are hosted by a data processor on the basis of a data processing agreement pursuant to Art. 28 GDPR.
The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is the operation of this website and the implementation of the protection goals of confidentiality, integrity and availability of the data.
PROSPECTS, CUSTOMERS AND SERVICE PROVIDERS (CRM)
If you contact us to request information or documents, the information you provide will be stored for the purpose of processing the request.
We need the information requested in a contact form or chat function on the website in order to process your enquiry, to address you correctly and to send you a reply.
The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is to communicate with interested parties, visitors and customers.
If the contact or communication is aimed at the conclusion of a contract or takes place within the context of an existing contractual relationship, the legal basis for the processing is Art. 6 (1) lit. b) GDPR.
Enquiries and orders are stored in our CRM system. The CRM system is regularly checked to see whether data can be deleted. If data is no longer required in the context of a customer or interested party relationship or if a conflicting interest of the customer outweighs this, we will delete the data in question, provided that there are no statutory retention obligations to the contrary.
The legal basis for this storage and processing is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is the marketing of our products.
For our contact form and live chat on the website, we use an external service provider as a data processor on the basis of a data processing agreement pursuant to Art. 28 GDPR. This may involve the transfer of personal data to a third country outside the EU without an adequate level of data protection. We provide appropriate safeguards for this data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (Standard Contractual Clauses) upon request.
ACADEMY
In our Academy, you can use extensive resources (webinars, etc.). To use the Academy, you must register as a user and open an account. When you open an account, we ask for the following data about you: Company, salutation, first name, last name, email address and your individual, freely selectable password. After registration, you will receive a verification email from us, which is used to confirm your identity.
We process this data to create your account so that you can access the resources we offer. As part of your use of the account, we record which resources you have used and what topics you are interested in.
Insofar as we need your data to perform the contract with you and provide you with the Academy or to perform pre-contractual measures based on your request, the data processing is based on Art. 6 (1) lit. b) GDPR. As far as you provide voluntary information to complete your profile in the Academy, the data processing is based on your consent according to Art. 6 (1) lit. a) GDPR.
NEWSLETTER
6.1 Registration for Our Newsletter
On our website, you can register to receive a newsletter by e-mail. During registration, the data from the input mask, the IP address of the calling computer and the date and time of registration are transmitted to us. For the processing of the data, your consent is obtained during registration and reference is made to this Privacy Policy.
In order to verify that a registration for the sending of a newsletter is made by the actual owner of an e-mail address, we use the so-called "double opt-in" procedure. In this process, after registration of an e-mail address, a confirmation e-mail is sent to the registered e-mail address. Registration for the newsletter is only completed when a confirmation link contained in the confirmation e-mail is activated. The IP address of the calling computer and the date and time of activation of the confirmation link are also transmitted to us.
The registration for the newsletter can be terminated at any time by using the unsubscribe link contained in each newsletter or by contacting us at the above contact details.
The legal basis for the processing of data after registration for the newsletter is your consent pursuant to Art. 6 (1) lit. a) GDPR.
6.2 Email Newsletter in the Context of an Existing Customer Relationship
If you register as a user of our app and provide your e-mail address, this may subsequently be used by us to send you an e-mail newsletter if you have not objected to such use. In such a case, the email newsletter will only be used to send direct advertising for our own similar goods or services. You can object to the use of your e-mail address at any time, without incurring any costs other than the transmission costs according to the basic rates, by using the unsubscribe link contained in every newsletter or by contacting us at the above-mentioned contact details.
The legal basis for sending the newsletter as a result of the sale of goods or services is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR.
6.3 Newsletter Analysis
A statistical analysis of usage data may be carried out for our newsletters. For this purpose, we may record both the openings of the e-mail and the internal clicks. This information serves the purpose of measuring and optimizing the success of our newsletter campaigns by making the newsletter content more relevant to our target group.
The legal basis for this analysis is your consent pursuant to Art. 6 (1) lit. a) GDPR.
6.4 Newsletter Service Provider
We use an external service provider as a data processor for sending and analyzing our newsletter on the basis of a data processing agreement pursuant to Art. 28 GDPR.
This may involve the transfer of personal data to a third country outside the EU without an adequate level of data protection. We provide appropriate safeguards for this data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (Standard Contractual Clauses) upon request.
7.1 Essential and Non-Essential Cookies
When visiting our website, cookies are set that are absolutely necessary for the operation of the website. These essential cookies may be, for example, cookies that are required for the display of the website with a content management system, which are used to recognize language settings, or which are used to document whether you have consented to the setting of further (non-essential) cookies or whether you have rejected them.
The technically necessary cookies, including their purpose and storage period or deletion period, are explained to you in our cookie banner, which is displayed when you access the website.
The legal basis for the processing of personal data using essential cookies is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our overriding legitimate interest are the operation and provision of our website.
We also use non-essential cookies, for example to collect additional information about the interests of visitors to our websites or about their usage behavior, in order to analyze and optimize our website and generally our customer interactions on this basis.
Non-essential cookies, including their purpose and storage period or deletion period, are also explained to you in our cookie banner, which is displayed when you access the website.
Non-essential cookies are only set if you have expressly consented to the setting of non-essential cookies. You can also select different categories of non-essential cookies that you wish to allow in the cookie banner.
When using non-essential cookies, the legal basis for the storage and reading of information is § 25 (1) TTDSG (or in Austria § 96 (3) TKG) and, with regard to the processing of personal data, Art. 6 (1) lit. a) GDPR.
7.2 Description of the Cookies
7.2.1 Consent Management
On our website we use the service ConsentManager from consentmanager AB in Sweden. We use ConsentManager to inform you about the cookies used on our website and to obtain your consent to use non-essential cookies. To store the consent, a permanent cookie is stored in your browser.
In this process, the following data is automatically logged: IP address in anonymized form (the last three digits are set to '0'), date and time of consent, user agent (information about the terminal device), URL on which the consent was collected, status of consent (which cookies were consented to).
The data collected and processed in the context of the use of ConsentManager is processed by the provider as a data processor on the basis of a data processing agreement pursuant to Art. 28 GDPR in the European Union.
The legal basis for this data processing is initially Art. 6 (1) lit. f) GDPR, the provision of our website and ensuring the possibility to obtain consent for non-essential cookies. If you give consent, the legal basis for the processing of the data relating to your consent is Art. 7 (1) and 6 (1) lit c) GDPR.
7.2.2 Google Tag Manager
On our website we use the tool Google Tag Manager. Google Tag Manager is provided by Google Ireland Limited in Ireland. Through this tool, website tags can be managed via an interface. Google Tag Manager only implements tags, but no cookies are used, and no personal data is collected. Google Tag Manager triggers other tags, which in turn may collect data, but Google Tag Manager does not access this data.
7.2.3 Web Analytics and Marketing
We use web analytics services to understand how our website and our Platform are used by their visitors or users and to optimize the website and the Platform in terms of content and technology.
Google Analytics
We use the web analytics service Google Analytics with IP anonymization. Google Analytics is a web analytics service provided by Google Ireland Limited ("Google").
JavaScript tags allow us to collect information about your use of the website and the Platform. Google Analytics also regularly uses cookies to collect information about a user's interactions with the website or Platform.
Within the scope of the use of Google Analytics, your IP address and information about the use of the website or Platform, browser type and version, operating system used, the previously visited page and the time of the server request are transferred to Google servers and processed there.
Within the scope of IP anonymization, the collected IP addresses of users within the European Economic Area are shortened before being transmitted to the USA. Only in exceptional cases, in the event of technical malfunctions in Europe, will the unabbreviated IP address be transmitted to Google in the USA and shortened there. The transmitted IP addresses are not merged with other data from Google.
Google will act for us as a processor on the basis of a data processing agreement pursuant to Art. 28 GDPR.
As explained, this may involve the transfer of personal data to a third country without an adequate level of data protection. In this case, we ensure that appropriate safeguards are provided for the transfer in accordance with Art. 46 GDPR. We will provide you with proof of the appropriate safeguards (Standard Contractual Clauses) at any time upon request.
The legal basis for this data processing is your express consent pursuant to Art. 6 (1) lit. a) GDPR.
Tracking Pixel
Tracking pixels from various providers are used on our website to track website usage and the actions of website visitors for the purpose of conversion tracking. Tracking pixels from the following providers may be used: LinkedIn, Bing, Meta, Google Ads, Outbrain, Pinterest, Snapchat, Taboola, TikTok, Twitter, Yahoo Native (Gemini).
Tracking pixels are a code snippet that allows us to track the actions of website visitors, which further allows us to personalize and improve our advertisements and measure their success. This allows us to evaluate our website for statistical and market research purposes and optimize advertising campaigns.
The data collected via the tracking pixels may be used by the providers of the respective pixels for their own tracking and advertising purposes. For further details, please refer to the privacy statements of the providers of the respective pixels.
If you are a member of a social media platform of one of the providers of the tracking pixels and have allowed the respective provider to do so via the settings of your user account with the social media network, the provider of the social media network or the tracking pixel may link the information collected about your visit to our website to your user account with the respective social media network and use it for the targeted placement of advertisements.
We can also measure the effectiveness of advertisements on the respective social media networks and see whether a user was redirected to our website via such ads (conversion measurement).
The integration of such tracking pixels may result in the transfer of personal data to a third country without an adequate level of data protection. In this case, we ensure that appropriate safeguards are provided for the transfer in accordance with Art. 46 DSGVO. We will gladly provide you with proof of the appropriate guarantees (standard contractual clauses) at any time upon request.
The legal basis for this data processing is your express consent pursuant to Art. 6 (1) a) DSGVO.
7.2.4 Videos
Videos are embedded on our website and in particular in the Academy. These videos are provided, via a plugin, by Google Ireland Ltd. in Ireland ("YouTube") and/or by Vimeo, LLC, in the USA ("Vimeo") on the basis of a data processing agreement.
When you access a website that is provided with such a plugin, a connection to the provider (YouTube or Vimeo) is established and your IP address is transmitted to the provider. Even if you start a video by clicking on it, this information is transmitted to the provider. If you are logged in to the respective provider, the transmitted information may be linked to your account with the respective provider.
When embedding and using the videos, personal data is transmitted to a third country without an adequate level of data protection. We ensure that appropriate safeguards are provided for the transfer in accordance with Art. 46 GDPR. We will provide you with proof of the appropriate safeguards (Standard Contractual Clauses) at any time upon request.
The legal basis for this data processing when embedding the videos is our legitimate interest according to Art. 6 (1) lit. f) GDPR. Our overriding legitimate interest is the integration of videos and the associated optimization of the interactivity of our website and our customer interactions.
7.2.5 Hubspot
On our website, we use HubSpot for various functionalities. HubSpot is provided by HubSpot Germany GmbH in Germany as a data processor on the basis of a data processing agreement. We use HubSpot in the areas of email marketing, social media publishing, reporting, CRM or contact management, live chat, ticketing system, user segmentation, analytics and tracking for landing pages and contact forms.
The legal basis for this data processing is basically set out in the context of the individual functionalities described in this Privacy Policy. The legal basis is either our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR in contacting and communicating with visitors to our website and our customers, or your express consent pursuant to Art. 6 (1) lit. a) GDPR.
If the contact or communication is aimed at the conclusion of a contract or takes place within the context of an existing contractual relationship, the legal basis for the processing is Art. 6 (1) lit. b) GDPR.
Within the scope of processing by HubSpot, personal data may be transferred to the USA. We provide appropriate safeguards for this data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (Standard Contractual Clauses) upon request.
8.2 Social Media Pages
We maintain a publicly accessible profile on various social media networks (e.g. Linkedin, Instagram, Twitter and Facebook).
If you visit our social media pages and are logged in to the respective social media network, the provider of the respective social media network can analyze your usage behavior and assign the information collected to your account with the social media network and enrich it there. Even if you are not logged in or if you do not have an account with the respective social media network, personal data may be collected by the provider of the respective social media network, for example your IP address or data collected via a cookie.
The operators of the social media networks can use this data to create user profiles. Based on your user profile, you can then be shown interest-based advertisements both on the websites of the social media network and on other websites.
If you visit one of our social media pages, we are jointly responsible with the provider of the social media network for the collection and processing of your personal data that takes place there. For information on the collection and processing of your personal data that takes place there, we refer you to the privacy policy of the respective social media network.
You can assert your data subject rights in accordance with Chapter III. of the GDPR (right to information, correction, deletion, restriction of processing, data portability, etc.) both against us and against the provider of the respective social media network. In this context, we would like to point out that we can only influence the processing of personal data and the implementation of data subject rights within the framework of our social media pages within the scope of the possibilities made available to us by the respective provider.
The legal basis for our use of social media pages is Art. 6 (1) lit. f) GDPR. Our overriding legitimate interest is the presence and marketing of our products and services on the Internet.
9.2 Application Process
We collect and process personal data of applicants for the purpose of performing the application process.
If we conclude an employment contract with an applicant, the data transmitted will be processed in order to carry out the employment relationship in compliance with the statutory provisions.
If no employment contract is concluded with the applicant, the application documents will be deleted immediately after completion of the application procedure, provided that deletion does not conflict with any overriding legitimate interest, such as the defence of claims or a preservation of evidence function according to the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz - AGG).
The legal basis for this storage and processing is the performance of the contract or the implementation of pre-contractual measures pursuant to Art. 6 (1) lit. b) GDPR, in Germany § 26 BDSG.
9.3 Talent Pool
If the applicant has consented to a longer storage of his/her data, we will store the data submitted as part of the application in our talent pool for a further 2 years after the end of the application process in order to identify future positions of potential interest to the applicant and, if necessary, contact the applicant in this regard. After this period, the data will be deleted.
Such consent to the storage of application data in our talent pool can be withdrawn at any time for the future. To do so, please send us an email to the contact details provided above.
The legal basis for the storage of application documents in our talent pool is, if applicable, the applicant's consent pursuant to Art. 6 (1) lit. a) GDPR.
9.4 Compliance/Sanctions Screening
Applicants who are shortlisted during the application process may be subject to an initial compliance check. The compliance check involves a comparison of the applicant's name and address with relevant sanctions lists, in particular based on the EU anti-terrorism regulations.
To perform the compliance/sanctions list screening, we use an external service provider as a data processor based on a data processing agreement pursuant to Art. 28 GDPR.
The legal basis for this storage and processing, if there is a legal obligation to perform compliance/sanctions list screening, is Art. 6 (1) lit. c) GDPR. In individual cases, depending on a balancing of interests, a compliance/sanctions list screening may also take place if there is no mandatory legal obligation. In this case, the legal basis is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR in avoiding potential sanctions by foreign authorities.
VIDEO CONFERENCES AND WEBINARS
If you participate in a video conference, webinar or online meeting etc. organized by us. (hereinafter "video conferences") organized by us, we process your personal data in the course of your participation.
When you participate in a video conference, various categories of data are processed. The scope of the data also depends on the data you provide before or during participation in a video conference.
If you participate in a video conference organized by us, you usually have to provide at least a name when registering. However, you can also use a pseudonym. Your IP address will also be processed to enable your participation and login information and device/hardware information will be stored. Your email address and profile picture will also be processed, if provided. If you dial in by phone, your phone number and IP address, if any, will be processed.
To enable participation in the video conference, data from your terminal's microphone and any terminal video camera and, if you share your screen, information from this "screenshare" is processed. You can switch off or mute the camera or microphone yourself at any time. You always decide yourself whether and which parts of your screen are shared.
Audio and video recordings of the video conference can be made. In this case, MP4 files of all video, audio and presentation recordings are processed. There will always be an indication of the recording if one is made and, if necessary, the explicit consent of the participants to the recording will always be obtained.
You may have the opportunity to use the chat, question or survey functions in a video conference. In this respect, the text entries you make are processed in order to display them in the video conference and, if necessary, to record them.
Insofar as personal data of our employees is processed, § 26 BDSG (German Federal Data Protection Act) is the legal basis for data processing, insofar as German law is applicable to the processing of employee data.
If German law is not applicable to the processing of employee data or if, in connection with participation in video conferences, the processing of personal data is not necessary for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of participation in a video conference, our overriding legitimate interest pursuant to Art. 6 (1) lit. f) GDPR is the legal basis for the data processing. In these cases, our legitimate interest is in the effective implementation of video conferences.
Furthermore, the legal basis for data processing when conducting video conferences is Art. 6 (1) lit. b) GDPR, insofar as the meetings are conducted in the context of contractual relationships or with a view to initiating a contractual relationship (for example, in the case of video conferences with our clients in the context of the implementation of a project or participation in a webinar).
Furthermore, the legal basis for data processing in the context of your participation in a video conference organized by us is our legitimate interest pursuant to Art. 6 (1) f) GDPR. Our legitimate interest in these cases is the effective implementation of video conferences.
We use one or more service providers as processors for the implementation of video conferences on the basis of a data processing agreement pursuant to Art. 28 GDPR.
This may involve the transfer of personal data to a third country outside the EU without an adequate level of data protection. In this case, we provide appropriate safeguards for this data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (Standard Contractual Clauses) upon request.
MERGERS AND ACQUISITIONS (M&A)
If we are involved in a restructuring, acquisition, asset sale, merger, financing, transfer of services to another provider, due diligence, insolvency or receivership, your personal data may be transferred to third parties to the extent legally permitted in connection with and as part of the relevant legal process, subject to the basic principles of data protection law.
AGE RESTRICTION
This website is not intended or designed for use by children under the age of 16. We do not knowingly collect personal information from or about anyone under the age of 16.
RECIPIENTS OF DATA
Within our company, your data will be received by those internal departments or organizational units that need it to fulfil their tasks, where applicable to fulfil contracts with you, to process data with your consent or to protect our (overriding) legitimate interests.
Data will only be passed on to third parties within the framework of legal requirements. We only pass on your data to third parties if this is necessary, e.g., on the basis of Art. 6 (1) lit. b) GDPR for contractual purposes or to protect our legitimate interest in accordance with Art. 6 (1) lit. f) GDPR in the effective performance of our business operations.
Insofar as we use service providers or third-party providers in the context of providing the website and/or providing our services, we take appropriate legal precautions as well as corresponding technical and organizational measures to ensure the protection of your personal data.
If, in the course of providing the website and/or our services, we use content or tools from service providers or third-party providers whose registered office is in a third country, data is regularly transferred to a third country. Third countries are countries in which the GDPR is not directly applicable law, i.e., countries outside the EU or the European Economic Area. The transfer of data to third countries only takes place if either an adequate level of data protection, consent or other legal permission, in particular appropriate safeguards in accordance with Art. 46 GDPR, exists.
YOUR RIGHTS
You have the rights explained below with regard to the personal data processed by us concerning you:
14.1 Right of Access
You can request information in accordance with Art. 15 GDPR about your personal data that we process.
14.2 Right to Rectification
If the information concerning you is not (or no longer) accurate, you may request a correction in accordance with Art. 16 GDPR. If your data is incomplete, you may request that it be completed.
14.3 Right to Erasure
You may request the erasure of your personal data in accordance with Art. 17 GDPR.
14.4 Right to Restriction of Processing
In accordance with Art. 18 GDPR you have the right to request restriction of processing of your personal data.
14.5 Right to Object to Processing.
You have the right to object at any time on grounds relating to your particular situation to the processing of your personal data which is carried out on the basis of Art. 6 (1) lit. e) or lit. f) GDPR in accordance with Art. 21 (1) GDPR. In this case, we will not further process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves to assert and exercise or defend against legal claims (Art. 21 (1) GDPR).
In addition, according to Art. 21 (2) GDPR, you have the right to object at any time to the processing of personal data concerning you for the purposes of direct marketing; this also applies to any profiling, insofar as it is related to such direct marketing.
14.6 Right to Withdraw Consent
Insofar as you have given your consent for processing, you have a right to withdraw your consent pursuant to Art. 7 (3) GDPR.
14.7 Right to Data Portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format ("data portability") as well as the right to have this data transferred to another controller if the conditions of Art. 20 (1) lit. (a) and (b) GDPR are met.
14.8 Exercise of Rights
You can exercise your rights by notifying the above contact details for the data controller or the data protection officer.
14.9 Right to Complain to the Data Protection Authorities
If you believe that our processing of your personal data violates data protection law, you also have the right to complain to a data protection supervisory authority of your choice pursuant to Article 77 of the GDPR.
COMPULSORY DATA AND PROFILING
The provision of personal data is neither required by law nor by contract, and you are not obliged to provide personal data, although the provision of personal information is required for the conclusion of a contract to the extent that certain details are required in order to conclude (and perform) a contract.
We do not perform automated decision making, including profiling.
RETENTION AND DELETION
We adhere to the principles of data avoidance and data economy and only store your personal data for as long as is necessary to achieve the respective purpose of the data processing purposes or as stipulated by the storage periods provided by law.
If the purpose of storage no longer applies or if a storage period provided for by law expires, the personal data will be routinely anonymized or deleted in accordance with the statutory provisions.
INFORMATION SECURITY
We take appropriate technical and organizational measures in accordance with the state of the art to ensure a level of protection for the personal data we process that is appropriate to the risk of the respective processing and to protect the data we process against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders, inquiries or payment data that you send to us.
Our employees receive regular training on data protection and information security and are committed to confidentiality and data protection.
A restrictive rights and roles concept on a "need to know" basis ensures that employees only have access to the personal data they absolutely need to perform their duties.
AMENDMENT OF THIS PRIVACY POLICY
We reserve the right to amend this Privacy Policy from time to time so that it always complies with current legal requirements and/or in order to implement changes to our services in the Privacy Policy, e.g. when introducing new services. When visiting the website or using our services, the current privacy policy always applies.