DATA PROTECTION
Welcome to our website! We attach great importance to the protection of your data and your privacy. We therefore inform you below about the collection and use of personal data when you use our website.
Notes on data protection
Data protection is particularly important to our company. In the following, we provide information about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.
1 Responsible party for data processing
Jointly responsible pursuant to Art. 4 (7) of the EU General Data Protection Regulation (DSGVO) are
ALLPLAN GmbH
Konrad-Zuse-Platz 1
81829 Munich
Germany
E-mail: info[at]allplan.com
and the affiliated companies listed below:
- ALLPLAN Deutschland GmbH
- ALLPLAN Österreich GmbH
- ALLPLAN Software Engineering GmbH
- Design Data Corp. d/b/a ALLPLAN
- ALLPLAN Software Singapore Pte. Ltd.
- ALLPLAN France S.a.r.l.
- ALLPLAN Italia S.r.l.
- ALLPLAN Schweiz AG
- ALLPLAN SYSTEMS ESPAÑA, S.A.
- ALLPLAN Česko s.r.o.
- ALLPLAN Slovensko s.r.o.
- ALLPLAN UK Ltd.
In the course of business, it is essential that data is also regularly exchanged between ALLPLAN's subsidiaries and business operations in order to promote intra-group cooperation and use resources effectively. For this reason, central processes are not limited to the area of a single group company, but also extend to other group companies and benefit from the processes established and resources available there. The ALLPLAN companies therefore cooperate in many areas and act in the data protection sense as so-called jointly responsible parties for this website as indicated above.
Information on the essential content of the contract due to joint responsibility:
In order to ensure the security of processing and the effective assertion of your rights, and against the above background, the member companies have concluded a contract as joint controllers within the meaning of Art. 26 in conjunction with Art. 4 No. 7 DSGVO. This contract regulates the following points in particular:
- Object, purpose, means and scope as well as the competences and responsibilities regarding data processing.
- Information of the data subjects
- Fulfilment of the other rights of the data subjects
- Security of processing
- Involvement of data processors
- Procedure in the event of a data protection breach
- Other joint and reciprocal obligations
- Cooperation with supervisory authorities
- Liability
2 Contact options for the data protection officer
You can contact our data protection officer at dataprotectionofficer@allplan.com or at our postal address with the addition "the data protection officer".
3 Legal basis of our data processing
The processing of personal data can be based on various legal bases. If we need your data to fulfill a contract with you or to answer your inquiries regarding a contract, the legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b GDPR.
If we obtain your consent for certain data processing, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. We carry out some data processing on the basis of our legitimate interest, whereby a balance is always struck between your interests worthy of protection and our legitimate interests. The legal basis for this is Art. 6 para. lit. f GDPR. Insofar as the processing is necessary to fulfill a legal obligation to which we are subject, the legal basis is Art. 6 para. 1 sentence 1 lit. c GDPR.
Below we explain how we process personal data via our website.
Legal basis of our data storage according to the TDDDG:
According to Section 25 TDDDG, the storage of information in the end user's terminal equipment or access to information that is already stored in the terminal equipment is only permitted if the end user has consented on the basis of clear and comprehensive information, i.e. has agreed to the data processing.
For the storage of information on your device or access to information that is already stored on your device, we therefore obtain your consent in accordance with Section 25 (1) of the German Data Protection Act (TDDDG) and consequently also process purely technical data only after obtaining your consent.
When providing you with information and obtaining your consent, we comply with the provisions of the TDDDG and the design requirements of the GDPR.
According to Section 25 (2) TDDDG, consent is not required in exceptional cases,
- if the sole purpose of storing information in the end-user's terminal equipment or the sole purpose of accessing information already stored in the end-user's terminal equipment is to carry out the transmission of a communication over a public telecommunications network, or
- if the storage of information in the end user's terminal equipment or access to information already stored in the end user's terminal equipment is absolutely necessary for the provider of a telemedia service to provide a telemedia service expressly requested by the user.
4 Collection of personal data when visiting our website
If you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information (e.g. via a contact form), we collect the following technical information (log file data):
Data | Purpose of the processing | Storage duration |
Operating system used | Evaluation by device to ensure optimized display of the website | The data is generally deleted from log files after 30 days for the purpose of operating the website and to protect against misuse in accordance with our security regulations. |
Information about the browser type and version used | Evaluation of the browsers used in order to optimize our websites for this purpose | |
Internet service provider of the user | Evaluation of Internet service providers | |
IP address | Display of the website on the respective device | |
Date and time of the call | Ensuring the proper operation of the website. | |
Manufacturer and type designation of the smartphone, tablet or other end device, if applicable | Evaluation of device manufacturers and types of mobile devices for statistical purposes | |
Name of the page accessed | Ensuring the proper operation of the website | |
Referrer URL (origin URL from which you came to the website) | Ensuring the proper operation of the website |
The collection of this data is technically necessary in order to display our website to you and to ensure stability and security. We (and our hosting service providers) are regularly unaware of who is behind an IP address. We do not merge the data listed above with other data.
The legal basis is the legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, as well as § 25 para. 2 no. 2 TDDDG. As part of the balancing of interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, we have considered and weighed up our interest in the provision and your interest in the processing of your personal data in accordance with data protection regulations. Since the following data is technically necessary for the provision of our service in order to be able to offer you our website and also to ensure stability and security, in particular to offer protection against misuse, we have come to the conclusion that this data - with a state-of-the-art guarantee of data security - must be processed, taking due account of your interest in data protection-compliant processing. If the processing is based on another legal basis (e.g. consent pursuant to Art. 6 para. 1, sentence 1 lit. a GDPR, Section 25 para. 1 TDDDG), this will be indicated accordingly.
5 Cookies
Our website uses cookies. Cookies are files that are stored on your computer by a website you visit and enable your browser to be reassigned. Cookies are used to transmit information to the site that sets the cookie. Cookies can store various information, such as your language setting, the duration of your visit to our website or the entries you make there. This prevents you from having to re-enter required form data each time you use the website, for example. The information stored in cookies can also be used to recognize preferences and target content according to areas of interest.
There are different types of cookies: Session cookies are data sets that are only temporarily stored in the working memory and are deleted when you close your browser. Permanent or persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. With this type of cookie, the information can also be stored in text files on your computer. However, you can also delete these cookies at any time via your browser settings.
First-party cookies are set by the website you are currently visiting. Only this website may read information from these cookies. Third-party cookies are set by organizations that are not operators of the website you are visiting. These cookies are used by marketing companies, for example.
The legal basis for possible processing of personal data using cookies and their storage duration may vary. If you have given us your consent, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. Insofar as the data processing is based on our overriding legitimate interests, the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. The stated purpose then corresponds to our legitimate interest.
We use cookies to ensure the proper operation of the website, to provide basic functionalities, to measure reach and - with your consent - to tailor our services to your preferred areas of interest.
You can delete cookies already stored on your device at any time. If you want to prevent the storage of cookies, you can do this via the settings in your Internet browser. You can find instructions for common browsers here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile. Alternatively, you can also install so-called ad blockers. Please note that individual functions of our website may not work if you have deactivated the use of cookies.
When accessing our website, all users of our website are also informed by an info banner about our use of cookies and referred to this data protection notice. As a user, you will also be asked for your consent to the use of certain cookies, in particular those relevant for the personalization of services and for marketing measures. Once you have given your consent, you can revoke it at any time with effect for the future by clicking on the icon (fingerprint) in the bottom left-hand corner of each page to access the cookie management and uncheck the box behind the processing to which you had consented. You can also find more information about the cookies we use in the cookie management.
5.1 Usercentrics
We use the Usercentrics service to manage consents on our website. Usercentrics is a software from Usercentrics GmbH, Rosental 4, 80331 Munich, Germany.
Usercentrics determines the language used by your browser. A cookie is set to check whether you have already made a selection in our consent tool during a previous visit to our website. This cookie is necessary because it enables the website to recognize whether you have consented to tracking or not. In addition, a log file is created in order to be able to prove that consent has been given. This file contains the IP address in anonymized form, information on the browser used, data on the scope of consent, as well as the date and time of the visit.
The legal basis for the processing is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
The purpose of data processing is the user-friendly and legally compliant design of our website. We want to make it as easy as possible for you to give or withdraw your consent and increase the transparency of data processing by means of cookies, pixels, tags or similar on our website. Our legitimate interest also lies in the purpose of data processing.
The cookie containing your consent or your refusal to use cookies is stored on your end device for one year. The consent data (consent given and withdrawal of consent) will be stored for three years.
Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings of your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
5.2 Website analysis
We use various services for the purpose of analyzing and optimizing our websites, which are described below. We use these services to analyze how many users visit our site, which information is most in demand or how users find the offer. We also collect data about the website from which a user came to our website (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. This helps us to design our offers in a user-friendly way, to find errors and to improve our offers.
5.2.1 Matomo
On our website we use the open source web analysis software Matomo, a software of "InnoCraft Ltd", a company based at 150 Willis St, 6011 Wellington, New Zealand. As InnoCraft is based outside the EU, InnoCraft has appointed a representative in the EU (privacy[at]innocraft.com). The software is operated exclusively from its own servers.
Cookies are used to analyze the use of the website. For this purpose, the usage information recorded in the cookie (including your shortened IP address) is transmitted to our server and stored for usage analysis purposes. Matomo does not transmit any data to servers that are outside our control. Your IP address is immediately anonymized during this process so that you as a user are not identifiable to us. The information collected about your use of this website is not passed on to third parties. We use the data collected for statistical analysis of user behavior for the purpose of optimizing the functionality and stability of the website and for marketing purposes. Our interest in and purpose of data processing lies in the optimization of our website, the adaptation of content and the improvement of our offer. The interests of users are adequately protected by anonymization.
We only store the analysis data for as long as the purpose of the data processing requires, but for a maximum of 14 months.
The legal basis for the data processing described is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time with effect for the future by changing your selection in the cookie settings (see above, section 5. Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options will then be displayed again.
5.2.2 Google Analytics 4
If you have given your consent, this website also uses Google Analytics 4, a web analytics service provided by Google LLC. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Google Analytics 4 uses cookies to help the website analyze how users use the site. The information collected by the cookies about your use of this website is generally transmitted to a Google server in the USA and stored there.
In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your website visit, your user behavior is recorded in the form of "events". Events can be
- Page views
- First visit to the website
- Start of the session
- Your "click path", interaction with the website
- Scrolls (whenever a user scrolls to the end of the page (90%))
- Clicks on external links
- internal search queries
- Interaction with videos
- Viewed / clicked ads
Also recorded:
- Your approximate location (region)
- Your IP address (in abbreviated form)
- technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- Your Internet provider
- the referrer URL (via which website/advertising medium you came to this website)
On behalf of ALLPLAN, Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.
Recipients of the data are/may be
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be ruled out that US authorities will access the data stored by Google.
Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.
The data sent by us and linked to cookies is automatically deleted after 14 months. Data that has reached the end of its retention period is automatically deleted once a month.
The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time with effect for the future by changing your selection in the tracking settings (see above, under Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options will then be displayed again.
Alternatively, you can prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may limit the functionality of this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by clicking
1. do not give your consent to the setting of the cookie or
2. download and install the browser add-on to deactivate Google Analytics here.
You can find more information on the terms of use of Google Analytics and on data protection at Google at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.
5.2.3 Mouseflow
This website uses Mouseflow, a web analysis tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark. We have concluded an order processing contract with Mouseflow ApS in accordance with Art. 28 GDPR.
The data processing serves the purpose of improving customer communication and the needs-based design of the website. User behavior is analyzed with the help of the cookies used by the tool. The analysis results are then processed graphically, e.g. using so-called live heat maps. In particular, the following data is processed:
- Mouse positions and so-called "hovers" (hovering of the mouse on buttons)
- Number and positioning of clicks on a button
- Time until a click has occurred
- Scroll movement and speed
- Time spent on the homepage
- Viewing time of individual parts of the homepage
- Points at which entries in a contact form are aborted (so-called conversion funnels)
This creates a log of mouse movements and clicks. We evaluate the logs of individual website visits on a random basis in order to derive improvements for the website. From the information in the logs, we can deduce which website areas are preferred by the website visitor.
Mouseflow assigns a so-called session ID, which tracks the page views and actions of a website visit. The session ID is stored in the user's browser in the form of a cookie, which can be used to interpret user behavior in a coherent manner. This cookie is automatically deleted after leaving the website. A user ID is also assigned, which is used to recognize returning users on the website. The user's behavior is then linked to data from previous visits. We store this analysis data for 30 days.
The legal basis for accessing the information is your consent in accordance with Section 25 (1) TDDDG. The legal basis for the data processing described is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. Once you have given your consent, you can withdraw it at any time with effect for the future by changing your selection in the cookie settings (see above, section 5. Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options will then be displayed again.
You also have the option of deactivating recording on all websites that use Mouseflow globally for the browser you are currently using via the following link: https://mouseflow.com/opt-out/. You can find more information on data protection at Mouseflow online at: https://mouseflow.com/legal/gdpr/.
5.3 Advertising
We use cookies for marketing purposes in order to target our users with interest-based advertising. In addition, we use cookies to limit the likelihood of an advertisement being displayed and to measure the effectiveness of our advertising measures. This information may also be shared with third parties, such as ad networks. The legal basis for this is Art. 6 para. 1 sentence 1 lit. a GDPR.
5.3.1 Hubspot
This website uses HubSpot for online marketing activities. HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.
This is an integrated software solution that covers various aspects of online marketing. These include email marketing, social media publishing & reporting, contact management, landing pages and contact forms. Cookies are also stored on the end device you are using.
Our registration service allows visitors to our website to learn more about our company, download content and provide their contact information and other demographic information. This information and the content of our website is stored on the servers of our software partner HubSpot. It can be used by us to contact visitors to our website and to determine which of our company's services are of interest to them. All information we collect is subject to this privacy policy. We use all information collected exclusively to optimize our marketing measures. You can find HubSpot's privacy policy at: https://legal.hubspot.com/privacy-policy.
Insofar as data is processed outside the EU/EEA, we have concluded the standard data protection clauses adopted by the EU Commission in accordance with Art. 46 GDPR with the service provider to establish a secure level of data protection, which allow personal data to be transferred to a third country in individual cases.
Further information from HubSpot regarding EU data protection regulations can be found at https://legal.hubspot.com/data-privacy
You can find more information about the cookies used by HubSpot here and here.
The legal basis for the data processing described is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time with effect for the future by changing your selection in the cookie settings (see above, section 5. Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options will then be displayed again.
You can unsubscribe from emails sent by HubSpot via a link in the respective email.
5.3.2 Bing Ads Conversion Tracking
To draw attention to our services, we place Bing Ads ads (a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). These ads are displayed in the Bing, Yahoo! and MSN search engines following search queries via the Yahoo! network. We also have the option of combining our ads with specific search terms and are therefore present on all major search engines.
Bing Ads also uses cookies to analyze user behavior. When clicking on an ad or visiting our website, Bing Ads places a cookie on the user's computer, provided the user's consent has been documented. This information is used to target the visitor in a subsequent search query. Further information can be found in Microsoft's privacy policy and in the guidelines on data security and privacy policy.
In addition, we use Bing Ads Conversion Tracking as part of Bing Ads to show you interest-based advertising. This requires an analysis of user behavior. We only receive information from Bing that a user has clicked on an ad and has been redirected to our website. We only use the information obtained in this way for statistical analysis to optimize our ads. We are not able to identify the visitor from the data collected. The statistics provided to us by Bing include the total number of users who have clicked on one of our ads. We also receive information as to whether these visitors were redirected to a page on our website with a conversion tag. Based on these statistics, we can see which search terms were clicked on our ad particularly often and which ads lead to users contacting us via the contact form. The purpose of Bing Ads Conversion Tracking is to show you interest-based advertising, to make our website more interesting for you and to achieve a more economical assessment of our advertising costs.
Information on the duration of storage can be found at https://privacy.microsoft.com/de-de/privacystatement.
Insofar as data is processed outside the EU/EEA, we have concluded the standard data protection clauses adopted by the EU Commission in accordance with Art. 46 GDPR with the service provider to establish a secure level of data protection, which allow personal data to be transferred to a third country in individual cases.
The legal basis for the data processing described is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time with effect for the future by changing your selection in the cookie settings (see above, section 5. Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options will then be displayed again.
You also have the option of deactivating interest-based ads on Bing via the ad settings.
5.3.3 Google Ads, remarketing and conversion tracking
We use the Google Ads service. Google Ads is an online advertising program from Google LLC, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
This means that we place Google Ads ads and also use Google Remarketing and conversion tracking as part of this. The ads are displayed after search queries on websites in the Google advertising network. We also use Ads remarketing lists for search ads. This allows us to customize search ad campaigns for users who have already visited our website. The services allow us to combine our ads with certain search terms or to place ads for previous visitors that advertise, for example, services that visitors have viewed on our website. We can therefore display interest-based advertising to users of our website on other websites within the Google advertising network (as a "Google ad" in Google Search or on other websites).
An analysis of online user behavior is necessary for interest-related offers. Google uses cookies to carry out this analysis. When you click on an advertisement or visit our website, Google places a cookie on the user's computer. These cookies have a duration of 90 days. The information collected by the respective cookie is used to target the visitor in a subsequent search query. Further information on the cookie technology used can also be found in Google's notes on website statistics and in the privacy policy. With the help of this technology, Google and we as a customer receive information that a user has clicked on an advertisement and has been forwarded to our websites. The information obtained in this way is used exclusively for statistical analysis to optimize advertising. We do not receive any information with which visitors can be personally identified. Your IP address is transmitted to Google, but as we use Google's IP masking on this website as part of the use of Google Analytics, your IP address is anonymized.
The log data is anonymized after 9 months, and the cookie information is anonymized after 18 months.
The statistics provided to us by Google include the total number of users who clicked on one of our ads and, if applicable, whether they were redirected to a page on our website with a conversion tag. Based on these statistics, we can see which search terms were clicked on our ad particularly often and which ads lead to the user contacting us via the contact form.
You can find more information on data protection in the context of Google Ads at: https://policies.google.com/technologies/ads?hl=de.
Insofar as data is processed outside the EU/EEA, we have concluded the standard data protection clauses adopted by the EU Commission in accordance with Art. 46 GDPR with the service provider to establish a secure level of data protection, which allow personal data to be transferred to a third country in individual cases.
The legal basis for the data processing described is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time with effect for the future by changing your selection in the cookie settings (see above, section 5. Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options will then be displayed again.
You also have the option of selecting the types of Google ads or deactivating interest-based ads on Google via the ad settings (https://adssettings.google.com/authenticated?hl=de).
5.3.4 DoubleClick by Google
We use the online marketing tool DoubleClick by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, on our website. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
DoubleClick uses cookies to display ads that are relevant to users, to improve campaign performance reports or to prevent users from seeing the same ads more than once. Google uses a cookie ID to record which ads are shown in which browser. This prevents the same ad from being shown more than once. In addition, DoubleClick can use cookie IDs to record so-called conversions with reference to ads. This is the case, for example, when a user sees a DoubleClick ad and later visits the advertiser's website with the same browser and makes a purchase there.
When you access a page that uses DoubleClick and where the DoubleClick script is permitted by express consent, your browser automatically establishes a direct connection with the Google server. As the website operator, we have no influence on the scope and further use of the data collected by Google through the use of this tool. We inform you according to our level of knowledge: Through the integration of DoubleClick, Google receives the information that you have accessed the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out your IP address and store it.
Insofar as data is processed outside the EU/EEA, we have concluded the standard data protection clauses adopted by the EU Commission in accordance with Art. 46 GDPR with the service provider to establish a secure level of data protection, which allow personal data to be transferred to a third country in individual cases.
The legal basis for the data processing described is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time with effect for the future by changing your selection in the cookie settings (see above, section 5. Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options will then be displayed again.
Further information on DoubleClick by Google can be found at https://www.google.de/doubleclick and on data protection at Google in general: https://www.google.de/intl/de/policies/privacy. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at https://www.networkadvertising.org.
5.3.5 Facebook Custom Audiences / Conversion Tracking Pixel
We use the Custom Audiences service of Meta Platforms Inc (1601 S. California Avenue, Palo Alto, CA 94304, USA) for usage-based online advertising. Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland, is also the processor for us (as a company from the EU).
As part of usage-based online advertising via Custom Audiences, we use the Facebook Ads Manager to define target groups of users based on certain characteristics who are subsequently shown ads within the Facebook network. The users are selected by Facebook based on the profile information they provide and other data provided through the use of Facebook. If a user clicks on an advertisement and subsequently reaches our website, Facebook receives the information that the user has clicked on the advertising banner via the Facebook pixel integrated on our website.
Basically, a non-reversible and non-personal checksum (hash value) is generated from your usage data, which is transmitted to Meta for analysis and marketing purposes. A Facebook cookie is set in the process. This collects information about your activities on our website (e.g. surfing behavior, subpages visited, etc.). Your IP address is also stored and used for the geographical targeting of advertising.
We do not use Facebook Custom Audiences via the customer list or the "advanced matching" function.
Further information about the purpose and scope of data collection and the further processing and use of the data by Meta, as well as your setting options for protecting your privacy, can be found in Facebook's privacy policy. You can make settings regarding which advertisements are displayed to you on Facebook under this link and in the Facebook account settings.
The legal basis for the data processing described is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time with effect for the future by changing your selection in the cookie settings (see above, section 5. Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options will then be displayed again.
If you consent to the data processing described above, Meta will of course also have access to your data. In particular, it is possible that Meta Platforms Inc, 1601 Willow Road, Menlo Park, California 94025, USA, in addition to Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland) may have access to your data. Meta Platforms Inc. is located in an insecure third country where the level of data protection is lower.
Meta has provided a "Meta-EU Data Transfer Addendum" online since August 31, 2020, which is intended to incorporate the Standard Contractual Clauses in cases where Meta Ireland Limited processes data from the EU/EEA as a processor and transfers it to Meta Inc. as a sub-processor.
You can find more information about Meta's Custom Audiences service at: https://de-de.facebook.com/business/help/449542958510885.
The "Facebook Custom Audiences" function can be deactivated for logged-in users at https://www.facebook.com/settings/?tab=ads#_.
5.3.6 LinkedIn Ads / Conversion Tracking (Pixel)
We use the LinkedIn Conversion Tracking service of LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA, 94085-2810 USA as part of the evaluation of our online advertising. The responsible body for users in the EU/EEA and Switzerland is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
For this purpose, we use the LinkedIn Campaign Manager to define target groups of users based on certain characteristics, who are subsequently shown advertisements within the LinkedIn network. The users are selected by LinkedIn based on the profile information they provide and other data provided when using LinkedIn. If a user clicks on an advertisement and subsequently reaches our website, LinkedIn receives the information that the user has clicked on the advertising banner via the conversion tag integrated on our website.
The LinkedIn tag enables the collection of the following data:
- Website visited, including the URL,
- Referrers
- IP address
- Device and browser properties (user agent)
- and time stamp.
The IP addresses are shortened by LinkedIn or (in the case of cross-device use) hashed. The direct identification features of the members are removed within 7 days to pseudonymize the data. The remaining pseudonymized data is then deleted within 180 days.
LinkedIn does not share the personal data with us, as the website operator, but only provides us with reports and notifications (which do not identify the user) about website visits and ad performance. LinkedIn also offers so-called retargeting, which allows us, as the website operator, to use this data to show personalized ads outside our website without identifying individual members. Data that does not identify you is also used to improve ad relevance and reach LinkedIn members across different devices. LinkedIn members can control the use of their personal data for advertising purposes via their account settings. LinkedIn refers to the following link to customize advertising preferences: https://www.linkedin.com/psettings/advertising/actions-that-showed-interest.
We process this data in order to evaluate our advertising campaigns. The legal basis for the processing is your voluntary consent within the meaning of Art. 6 para. 1 lit. a) GDPR. Without your consent via our consent tool, no data will be processed for LinkedIn Conversion Tracking. Once you have given your consent, you can revoke it at any time with effect for the future by changing your selection in the cookie settings (see above, section 5. Cookies).
As part of LinkedIn conversion tracking, LinkedIn naturally has access to the listed data. In particular, it is possible that in addition to LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA, 94085-2810 USA also has access to your data.
Insofar as data is processed outside the EU/EEA, we have concluded the standard data protection clauses adopted by the EU Commission in accordance with Art. 46 GDPR with the service provider to establish a secure level of data protection, which allow personal data to be transferred to a third country in individual cases.
Further information about the purpose and scope of data collection and the further processing and use of the data by LinkedIn, as well as your setting options for protecting your privacy, can also be found in LinkedIn's privacy policy.
Further information on LinkedIn conversion tracking can be found at: https://business.linkedin.com/de-de/marketing-solutions/conversion-tracking#get-started.
Further information on data processing and storage duration can be found at https://www.linkedin.com/help/linkedin/answer/65521?lang=de.
5.3.7 X (formerly TWITTER) Advertising
We use the services of X Corp, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, on our website. The controller responsible for handling data subject rights within the EU/EEA is X International Unlimited Company, Attn: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland.
X Ads allows us to collect data from users who visit our website. Cookies and code are used to connect the website to another third-party platform such as X. A checksum (hash value) is generated from your usage data and transmitted to Twitter for analysis and marketing purposes. In addition, we use a so-called "X pixel", which can be used to track the actions of users after they have seen or clicked on a Twitter ad.
User behavior is recorded, e.g. websites visited, content accessed, time of visit, etc., but also device-related data such as applications and operating systems used. The user's IP address is stored and used for the geographical targeting of advertising. With "cross-device personalization", Twitter also attempts to identify and link all of a user's devices. As the data is stored and processed by X, a connection to the respective user profile on x.com is also possible.
The legal basis for the data processing described is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time with effect for the future by changing your selection in the cookie settings (see above, section 5. Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options will then be displayed again.
The data may be transferred to an X Corp. server in the USA in the course of processing. Insofar as data is processed outside the EU/EEA, we have concluded the standard data protection clauses adopted by the EU Commission in accordance with Art. 46 GDPR with the service provider in order to establish a secure level of data protection, which allow personal data to be transferred to a third country in individual cases.
The data collected in this way is deleted within 6 months. Data that makes it possible to identify a specific user on X will be deleted within 90 days. You can find more information on the duration of storage on Twitter or at https://legal.twitter.com/ads-terms/international.html.
Further information on the purpose and scope of data collection and the further processing and use of the data, as well as possible privacy settings on Twitter, can be found in X's privacy policy: https://twitter.com/de/privacy.
5.3.8 LinkedIn Advertising Lead Forms
We use so-called "Advertising Lead Forms" on LinkedIn to offer interested parties the opportunity to contact us directly and voluntarily via a contact form displayed there. Alternatively, you can of course always contact us directly using the contact forms on our website or by email.
You can use the advertising lead forms to register for events and download white papers and e-books. We then process the data to answer your questions and process your requests and to enable you to participate in our webinars as requested. This is also our legitimate interest in processing within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR.
Your name and address will be processed not only for the purpose of processing your request but also for advertising purposes in order to provide you with information about our products and events by e-mail, post and telephone, provided that you have expressly consented to this via the LinkedIn form (Art. 6 para. 1 sentence 1 lit. a GDPR).
Your data that we have received in the course of contacting you will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, your request has been fully processed and no further communication with you is necessary or desired by you.
If you have also consented to the use of your personal data for advertising purposes, this will be deleted regularly after 2 years if your consent has not been used by us by then.
If you object to the processing or revoke your consent, your data will no longer be used by us to contact you for advertising purposes. You can declare your revocation by clicking on the link provided in every newsletter e-mail or by sending an e-mail to datenschutzbeauftragter[at]allplan.com. Your data will be stored for a further three years for verification purposes and then deleted.
We use the so-called double opt-in procedure to verify your data when you contact us via "Advertising Lead Forms". This means that after you have entered your e-mail address, we will send you a confirmation e-mail to the e-mail address you have provided, in which we ask you to confirm your registration. If you do not confirm this within 24 hours, your registration will be automatically deleted from the database.
Furthermore, we store your IP addresses and the times of registration and confirmation when you register and confirm. The purpose of the procedure is to be able to prove your registration as part of our accountability obligations and, if necessary, to clarify any possible misuse of your personal data. Due to the fulfillment of the accountability obligation, we have a legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in the processing of the data of the double opt-in procedure.
The provision of your personal data is neither legally nor contractually required. Automated decision-making, including profiling, is not carried out by us.
Various recipients within and outside the EU/EEA receive the aforementioned personal data.
In detail, these are the following recipients:
Recipients within the group of companies
- ALLPLAN Germany GmbH
You will only be contacted by the company responsible for you. Jurisdiction is determined by the registered office of your company/place of business.
External service providers as part of order processing in accordance with Art. 28 GDPR:
- LinkedIn Ireland Unlimited Company
Wilton Place,
Dublin 2, Ireland
We have also concluded an order processing agreement and standard contractual clauses with LinkedIn.
6 YouTube (extended data protection mode)
We use services from YouTube, LLC 901 Cherry Ave, 94066 San Bruno, CA, USA, a company of Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website.
When you access a page in which a YouTube video is embedded, a connection to the YouTube servers is normally established and the content is displayed on the website by notifying your browser. This is prevented by the use of our consent management tool (Usercentrics) if you have not consented to data processing with regard to YouTube. Due to the integration of YouTube, no data will be transmitted without your consent.
To protect your personal data, we also use the extended data protection option provided by YouTube. According to YouTube, however, in "extended data protection mode" data is only transmitted to the YouTube server when you actively start the video. If you are logged in to YouTube at this time, the information about the videos you have watched will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website. Further information on data protection from YouTube is provided by Google at the following link: https://www.google.de/intl/de/policies/privacy/
By activating this in the cookie settings, you agree that YouTube receives data through your use, which can also be used to analyze your usage behavior for market research and marketing purposes.
The legal basis for the described data processing is therefore your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time with effect for the future by changing your selection in the cookie settings (see above, section 5. Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options will then be displayed again. If you do not agree or revoke your consent, you will not be able to use cookies.
7 Google Tag Manager
For reasons of transparency, we would like to point out that we use the Google Tag Manager of the provider Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager itself does not collect any personal data. Google Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements that are used, among other things, to measure traffic and visitor behaviour, to record the impact of online advertising and social channels, to set up remarketing and targeting and to test and optimize websites. We use the Tag Manager for the Google Analytics service. If you have made a deactivation, this deactivation will be taken into account by Google Tag Manager. For more information on Google Tag Manager, see: https://www.google.com/intl/de/tagmanager/use-policy.html.
8 Social bookmarks
Social bookmarks from the following providers are integrated on our website:
- Facebook (Operator: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland)
- LinkedIn (Operator: LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA, 94085-2810 USA)
- Instagram (Operator: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland)
- YouTube (operator: Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043)
Social bookmarks are Internet bookmarks with which the users of such a service can collect links and news reports. These are only integrated on our website as links to the corresponding services. After clicking on the embedded graphic, you will be redirected to the page of the respective provider, i.e. only then will user information be transmitted to the respective provider. For information on the handling of your personal data when using these websites, please refer to the respective privacy policies of the providers.
9 Registration and participation in our webinars
You have the option of registering for our webinars.
Personal data that must be provided is marked as a mandatory field in the respective registration form; any additional information is voluntary.
If we do not yet know your e-mail address, i.e. you have not yet verified your e-mail address with us and we cannot identify you sufficiently when you register, we use the so-called double opt-in procedure for registration. This means that your registration is not complete until you have confirmed a confirmation e-mail sent to you for this purpose by clicking on the link contained therein. If you do not confirm this promptly, your registration will be deleted from our database. Once you have registered, you will receive personal access to the webinar.
Furthermore, we store your IP addresses and the times of registration and confirmation when you register and confirm. The purpose of the procedure is to be able to prove your registration as part of our accountability obligations and, if necessary, to clarify any possible misuse of your personal data. Due to the fulfillment of the accountability obligation, we have a legitimate interest in the processing of the data of the double opt-in procedure in accordance with Art. 6 para. 1 lit. f GDPR.
We regularly collect, store and process the following personal data for registration purposes:
Data | Purpose of the processing | Legal basis of the processing | Storage duration |
IP address at login | Proof of double opt-in (DOI) | Legitimate interest | 3 years or in the event of a later objection |
Time of registration | Proof of double opt-in | Legitimate interest | 3 years or in the event of a later objection |
IP address at DOI | Proof of double opt-in | Legitimate interest | 3 years or in the event of a later objection |
Time of DOI verification | Proof of double opt-in | Legitimate interest | 3 years or in the event of a later objection |
E-mail address | Sending the participation link, answering questions | Legitimate interest | 3 years or in the event of a later objection |
Salutation | Direct approach | Legitimate interest | 3 years or in the event of a later objection |
First name | Direct contact, attendance control | Legitimate interest | 3 years or in the event of a later objection |
Surname | Direct contact, attendance control | Legitimate interest | 3 years or in the event of a later objection |
Zip code | Possibility of direct advertising | Legitimate interest | 3 years or in the event of a later objection |
Address | Possibility of direct advertising | Legitimate interest | 3 years or in the event of a later objection |
Phone number | Possibility of direct advertising | Legitimate interest | 3 years or in the event of a later objection |
Company | Possibility of direct advertising | Legitimate interest | 3 years or in the event of a later objection |
Country | Possibility of direct advertising | Legitimate interest | 3 years or in the event of a later objection |
Personal data that must be provided is marked as a mandatory field in the respective registration form; any additional information is voluntary.
We use the GoToWebinar software solution from the provider LogMeIn Ireland Limited (Bloodstone Building Block C70 Sir John Rogerson's Quay Dublin 2, Ireland) to conduct our webinars over the Internet. As part of the registration process, personal data is also transmitted to the service provider, who, as our processor, may only use your data for the purpose of conducting the webinar.
Unless you have expressly given us your consent to use your data for further advertising purposes, we will only use your data for the purposes described for conducting the webinar; the legal basis for this is Art. 6 para. 1 sentence 1 lit. b) GDPR. A transport-encrypted connection is established between you and GoToWebinar. Anonymous statistical data is collected during and after the webinar. If you participate in a webinar, in addition to your registration data, we receive information about the duration of participation, time of joining and leaving, questions asked and answers given for the purpose of further customer support.
Further information and LogMeIn's privacy policy can be found here.
10 Surveys
We use the software "SurveyMonkey" from the provider SurveyMonkey Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland, to conduct surveys. This uses so-called "cookies", which are stored on the end device of the data subject. The purpose of these cookies is to ensure that the survey service can be used without restriction and that the surveys run as intended and optimally.
Further information on data processing by the provider can be found at https://de.surveymonkey.com/mp/legal/privacy-policy/.
Various data is transmitted to the service provider (IP address, operating system, device type, browser type). If you participate in the survey via a mobile device, SurveyMonkey also collects the UUID of the device. SurveyMonkey also uses third-party tracking services to collect usage data and user statistics. We have no influence on the scope of the data collected by SurveyMonkey. You can find more information on the cookies used by the provider at: https://help.surveymonkey.com/articles/de/kb/About-the-cookies-we-use.
SurveyMonkey Europe UC is a subsidiary of SurveyMonkey Inc. based in the USA. In this respect, it cannot be ruled out that the information generated by the cookie will be transferred to a server of the provider in the USA and stored there in order to carry out the analysis. Insofar as data is processed outside the EU/EEA, we have concluded the standard data protection clauses adopted by the EU Commission in accordance with Art. 46 GDPR with the service provider in order to establish a secure level of data protection, which allow personal data to be transferred to a third country in individual cases.
Personal data will be deleted as soon as the data is no longer required for the purpose for which it was collected, which is the case at the latest 3 months after the end of the survey. The legal basis for data processing within the scope of the survey is your consent within the meaning of Art. 6 para. 1, sentence 1 lit. a GDPR.
You can prevent the storage of cookies by setting your browser software accordingly. It is also possible to delete existing cookies. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.
11 Newsletter
11.1 General information
You can subscribe to various newsletters on our website with which we inform you about the activities of our company, current information about our services, special offers, promotions, events and competitions and invite you to take part in surveys. The content of the individual newsletters is briefly described during the registration process. The legal basis for sending the respective newsletter is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with § Section 7 para. 2 no. 3 UWG or the legal permission according to Section 7 para. 3 UWG.
We use the so-called double opt-in procedure to subscribe to our newsletters. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm this promptly, your registration will be deleted from our database.
The only mandatory information for sending the newsletter is your e-mail address. The provision of further data is voluntary: this data is used to address you personally. After your confirmation, we store your e-mail address for the purpose of sending you the newsletter and until you cancel your subscription. We also store your current IP address at the time of registration, the time of registration and the confirmation for up to three years after registration (limitation period). The purpose of this procedure is to be able to prove your registration in case of doubt and, if necessary, to clarify any misuse of your personal data. The legal basis for logging the registration is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in providing evidence of consent previously given, see also Art. 7 para. 1 GDPR.
You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail.
Naming the newsletter provider | Service provider type | Data transfer to third countries | Third country | Guarantees pursuant to Art. 44 ff GDPR |
HubSpot, Inc, Cambridge, MA 02141, USA | Processor | YES | USA | EU standard contractual clauses |
Data | Purpose of the processing | Legal basis of the processing | Storage duration |
IP address at login | Proof of double opt-in (DOI) | Legitimate interest | Up to 3 years after revocation/objection |
Time of registration | Proof of double opt-in | Legitimate interest | Up to 3 years after revocation/objection |
IP address at DOI | Proof of double opt-in | Legitimate interest | Up to 3 years after revocation/objection |
Time of DOI verification | Proof of double opt-in | Legitimate interest | Up to 3 years after revocation/objection |
E-mail address | Sending the newsletter | Consent | Until revocation/objection |
Salutation* | Direct approach | Consent | Until revocation/objection |
First name* | Direct approach | Consent | Until revocation/objection |
Surname* | Direct approach | Consent | Until revocation/objection |
* voluntary information
11.2 Newsletter tracking
We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels that are stored on our website. Technical information such as browser type, time of opening and IP address are transmitted. For analysis purposes, we link the aforementioned data and the web beacons with your email address and an individual ID. Links received in the newsletter also contain this ID and enable us to analyze your click behavior.
We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click on in them and deduce your personal interests from this. We link this data to actions you have taken on our website. The legal basis for this data processing is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future by clicking on the separate link provided in every email.
You can revoke your consent at any time with effect for the future. In this case, the revocation includes the entire newsletter, as a separate revocation of tracking is unfortunately not technically possible. To do so, simply click the unsubscribe link provided in every e-mail.
Tracking the opening of the newsletter is also not possible if you have deactivated the display of images in your e-mail program by default. In this case, the newsletter will not be displayed in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place. However, if you click on links from the newsletter, your click behavior will continue to be analyzed, even if the display of images is deactivated.
The information from the tracking is stored for as long as you have subscribed to the newsletter. After you unsubscribe, the data is anonymized and used purely for statistical purposes.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.
Data | Purpose of the processing | Legal basis of the processing | Storage duration |
IP address | Connection setup with e-mail evaluation tool | Consent | Until revoked |
Personalized link | Measurement of click behavior | Consent | Until revoked |
Opening pixel | Measurement of the opening behavior | Consent | Until revoked |
12 Direct advertising license pursuant to 7 para. 3 UWG
We use the e-mail address collected when you purchase a product or service from ALLPLAN for direct advertising for our own and similar products and/or services, such as current product versions and helpful additional options. If you no longer wish to receive direct advertising, you can object to the use of your e-mail address at any time. There is a corresponding link for this purpose in every newsletter.
Data | Purpose of the processing | Legal basis of the processing | Storage duration |
E-mail address | Approach for direct advertising | Possibility of direct advertising in accordance with the UWG | Until objection / elimination of the legal requirements |
Salutation | Approach for direct advertising | Possibility of direct advertising in accordance with the UWG | Until objection / elimination of the legal requirements |
First name | Approach for direct advertising | Possibility of direct advertising in accordance with the UWG | Until objection / elimination of the legal requirements |
Last name | Approach for direct advertising | Possibility of direct advertising in accordance with the UWG | Until objection / elimination of the legal requirements |
13 Postal advertising/print mailing
In the course of postal advertising (print mailings), we use personal data of our existing customers and interested parties (first and last name, title if applicable, function in the company, address) for the purpose of direct advertising in order to inform them about our products and/or services.
The legal basis for processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR, if you have given it. If we are legally entitled to use your personal data for the aforementioned advertising purposes, the legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f) GDPR, our so-called legitimate interest in using the data for advertising purposes. From our point of view, our interest in advertising use prevails if this is permissible within the narrow legal limits, in particular the Unfair Competition Act (UWG).
In the course of the organization and execution of the print mailings, your personal data will be disclosed to internal departments and the following external service providers: Projektil GbR, Flyeralarm GmbH, straight. GmbH, Göbel+Lenze Direktmarketing GmbH. If you have any further questions about the individual recipients, please contact us at fieldmarketing.de[at]allplan.com.
Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, usually after 2 years from the last use by us, unless its further processing is necessary to fulfill commercial and tax retention obligations (e.g. retention periods from the German Commercial Code (HGB) or the German Fiscal Code (AO)), to preserve evidence within the framework of the statutory limitation periods (e.g. the German Civil Code (BGB)).
The personal data we process is data that we have received from our customers, service providers and suppliers. In addition, data also comes from publicly accessible sources (Internet), such as membership registers and directories on websites of chambers of engineers and industry associations.
14 Contacting us by e-mail or contact form
When you contact us by e-mail or via various contact forms, the data you provide (your e-mail address, your name and telephone number if applicable) will be stored by us in order to answer your questions and process your requests. The legal basis in this respect is Art. 6 para. 1 sentence 1 lit. f GDPR. If we request information via our contact form that is not required for contacting you, we have always marked this as optional. We use this information to specify your request and to improve the processing of your request. This information is provided expressly on a voluntary basis and with your consent, Art. 6 para. 1 lit. a GDPR. If this involves information on communication channels (e.g. email address, telephone number), you also consent to us contacting you via this communication channel in order to respond to your request. You can of course revoke this consent at any time for the future.
Your data that we have received in the course of contacting you will be deleted as soon as it is no longer required to achieve the purpose for which it was collected, your request has been fully processed and no further communication with you is necessary or desired by you.
As the data controller, our company has implemented numerous technical and organizational measures to ensure that the personal data processed via this website is protected as completely as possible. Nevertheless, internet-based data transmissions can generally have security gaps. Absolute protection cannot be guaranteed; in any case, sending unencrypted e-mails is not secure. We therefore ask you not to send sensitive data by unencrypted e-mail, but to use either encrypted communication channels (e.g. our contact form) or the postal service.
15 Applications
You can apply to our company electronically via e-mail. Please note that unencrypted e-mails are not transmitted with access protection.
Your data will be used to process your application and to decide on the establishment of an employment relationship. The legal basis is § 26 para. 1 i.V.m. para. 8 sentence 2 BDSG. Furthermore, your personal data may be processed if this is necessary to defend against legal claims asserted against us in the application process. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. The legitimate interest in the processing also lies in the stated purposes.
If there is an employment relationship between you and us, we may process the personal data already received from you for the purposes of the employment relationship in accordance with Section 26 (1) BDSG if this is necessary for the performance or termination of the employment relationship or for the exercise or fulfillment of the rights and obligations of the representation of employees' interests arising from a law or a collective agreement, a works or service agreement (collective agreement).
Your application data will not be processed beyond the use described above.
Your personal data will be deleted after completion of the application process after 6 months at the latest, unless deletion conflicts with any other legitimate interests on our part or you have not given us your consent for longer storage. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
For further information on the handling of your personal data, please refer to our applicant information.
16 Forwarding of data
Your personal data will not be transferred to third parties for purposes other than those listed.
We only pass on your personal data to third parties if:
- you have given your express consent,
- the disclosure is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
- there is a legal obligation for the disclosure, and
- this is legally permissible and necessary for the processing of contractual relationships with you.
External service providers and partner companies will only receive your data if this is necessary to process your order. In these cases, however, the scope of the transmitted data is limited to the necessary minimum. Insofar as our service providers come into contact with your personal data, we ensure that they comply with the provisions of the data protection laws in the same way as part of order processing in accordance with Art. 28 GDPR. Please also note the respective data protection notices of the providers. The respective service provider is responsible for the content of external services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness.
We attach great importance to processing your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In these cases, we ensure that an adequate level of data protection is established at the recipient before your personal data is transferred. This means that a level of data protection comparable to the standards within the EU is achieved via EU standard contracts or an adequacy decision by the European Commission.
If data is transferred outside the European Union, the high European level of data protection does not generally apply. In the case of a transfer, it is possible that there is currently no adequacy decision by the EU Commission within the meaning of Art. 45 para. 1, 3 GDPR. This means that the EU Commission has not yet positively determined that the country-specific level of data protection corresponds to the level of data protection in the European Union on the basis of the GDPR, which is why we have created the aforementioned suitable guarantees.
Possible risks that cannot be completely ruled out in connection with the transfer of data include in particular
- Your personal data could possibly be processed beyond the actual purpose.
- There is also the possibility that you will not be able to assert and enforce your rights under data protection law, such as your right to information, rectification, erasure or data portability.
- There may also be a higher probability that incorrect data processing may occur and that the protection of personal data does not fully meet the requirements of the GDPR in terms of quantity and quality.
17 Data security
At ALLPLAN, your personal data is transmitted securely using encryption. This applies to all form processes (e.g. registration, login, ordering). ALLPLAN uses the SSL/TLS (Secure Socket Layer/Transport Layer Security) coding system. Nobody can guarantee absolute protection. However, ALLPLAN secures its website and other systems through technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.
18 Your rights
You have the following rights vis-à-vis us with regard to your personal data:
18.1 General rights
You have the right to information, rectification, erasure, restriction of processing, objection to processing and data portability. If processing is based on your consent, you have the right to withdraw this consent with effect for the future.
To exercise your rights, please send an e-mail to dataprotectionofficer@allplan.com or write to ALLPLAN Deutschland GmbH, Konrad-Zuse-Platz 1, 81829 Munich, Germany. The exercise of your rights described in this section is free of charge for you.
18.2 Rights in data processing according to the legitimate interest
In accordance with Art. 21 para. 1 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 e GDPR (data processing in the public interest) or on Art. 6 para. 1 f GDPR (data processing to protect a legitimate interest); this also applies to profiling based on this provision. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
18.3 Rights in the case of direct advertising
If we process your personal data for direct marketing purposes, you have the right under Art. 21 (2) GDPR to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for the purposes of direct marketing, we will no longer process your personal data for these purposes.
18.4 Right to lodge a complaint with a supervisory authority
Without prejudice to these rights and the possibility of seeking any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority at any time, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes data protection regulations (Art. 77 GDPR).
19 Links to other websites
Our websites may contain links to websites of other providers. We would like to point out that this information on data protection applies exclusively to the website www.allplan.com. We have no influence on and do not check that other providers comply with the applicable data protection regulations.
20 Changes to the privacy policy
We reserve the right to change or adapt this privacy policy at any time in compliance with the applicable data protection regulations.
Status: 12.03.2024