Data Protection
Welcome to our website! We attach great importance to the protection of your data and your privacy. We therefore inform you below about the collection and use of personal data when you use our website.
Notes on data protection
Data protection is particularly important to our company. In the following, we provide information about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.
1. Responsible party for data processing
Jointly responsible pursuant to Art. 4 (7) of the EU General Data Protection Regulation (DSGVO) are
ALLPLAN GmbH
Konrad-Zuse-Platz 1
81829 Munich
Germany
E-mail: info[at]allplan.com
2. Contact options for the data protection officer
You can contact our data protection officer at dataprotectionofficer@allplan.com or at our postal address with the addition "the data protection officer".
3. Legal basis of our data processing
The processing of personal data can be based on various legal bases. If we need your data to fulfill a contract with you or to answer your inquiries regarding a contract, the legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b GDPR.
If we obtain your consent for certain data processing, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. We carry out some data processing on the basis of our legitimate interest, whereby a balance is always struck between your interests worthy of protection and our legitimate interests. The legal basis for this is Art. 6 para. lit. f GDPR. Insofar as the processing is necessary to fulfill a legal obligation to which we are subject, the legal basis is Art. 6 para. 1 sentence 1 lit. c GDPR.
Below we explain how we process personal data via our website.
Legal basis of our data storage according to the TDDDG:
According to Section 25 TDDDG, the storage of information in the end user's terminal equipment or access to information that is already stored in the terminal equipment is only permitted if the end user has consented on the basis of clear and comprehensive information, i.e. has agreed to the data processing.
For the storage of information on your device or access to information that is already stored on your device, we therefore obtain your consent in accordance with Section 25 (1) of the German Data Protection Act (TDDDG) and consequently also process purely technical data only after obtaining your consent.
When providing you with information and obtaining your consent, we comply with the provisions of the TDDDG and the design requirements of the GDPR.
According to Section 25 (2) TDDDG, consent is not required in exceptional cases,
- if the sole purpose of storing information in the end-user's terminal equipment or the sole purpose of accessing information already stored in the end-user's terminal equipment is to carry out the transmission of a communication over a public telecommunications network, or
- if the storage of information in the end user's terminal equipment or access to information already stored in the end user's terminal equipment is absolutely necessary for the provider of a telemedia service to provide a telemedia service expressly requested by the user.
4. Collection of personal data when visiting our website
If you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information (e.g. via a contact form), we collect the following technical information (log file data):
Data |
Purpose of the processing |
Storage duration |
Operating system used |
Evaluation by device to ensure optimized display of the website |
The data is generally deleted from log files after 30 days for the purpose of operating the website and to protect against misuse in accordance with our security regulations. |
Information about the browser type and version used |
Evaluation of the browsers used in order to optimize our websites for this purpose |
|
Internet service provider of the user |
Evaluation of Internet service providers |
|
IP address |
Display of the website on the respective device |
|
Date and time of the call |
Ensuring the proper operation of the website. |
|
Manufacturer and type designation of the smartphone, tablet or other end device, if applicable |
Evaluation of device manufacturers and types of mobile devices for statistical purposes |
|
Name of the page accessed |
Ensuring the proper operation of the website |
|
Referrer URL (origin URL from which you came to the website) |
Ensuring the proper operation of the website |
The collection of this data is technically necessary in order to display our website to you and to ensure stability and security. We (and our hosting service providers) are regularly unaware of who is behind an IP address. We do not merge the data listed above with other data.
The legal basis is the legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, as well as § 25 para. 2 no. 2 TDDDG. As part of the balancing of interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, we have considered and weighed up our interest in the provision and your interest in the processing of your personal data in accordance with data protection regulations. Since the following data is technically necessary for the provision of our service in order to be able to offer you our website and also to ensure stability and security, in particular to offer protection against misuse, we have come to the conclusion that this data - with a state-of-the-art guarantee of data security - must be processed, taking due account of your interest in data protection-compliant processing. If the processing is based on another legal basis (e.g. consent pursuant to Art. 6 para. 1, sentence 1 lit. a GDPR, Section 25 para. 1 TDDDG), this will be indicated accordingly.
5. Registration
In order to be able to use ALLPLAN Bimplus, a one-time prior registration as an authorized user is required. Your registration takes place in our customer service portal "ALLPLAN Connect". We process your personal data as part of the registration for individual user access and to process orders and payments as well as to process contact and service requests.
We use the so-called double opt-in procedure for registration. This means that after you have entered your e-mail address, we will send you a confirmation e-mail to the e-mail address you have provided, in which we ask you to confirm your registration. If you do not confirm this within 24 hours, your registration will be automatically deleted from the database. Upon confirmation, we will store your data for the storage period specified in the table. The data is also stored for participation in the ALLPLAN Community, which also gives you the opportunity to use our services (Allplan Share, Allplan Exchange, Allplan Connect, Allplan Campus, Allplan LEARN NOW) with an account. Once you have registered, you will receive personal, password-protected access and can view and manage the data you have stored.
When you register, we also save the time of registration. The purpose of this procedure is to be able to prove your registration as part of our accountability obligations and, if necessary, to clarify any possible misuse of your personal data. Due to the fulfillment of the accountability obligation, we have a legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in the processing of the data of the double opt-in procedure.
We collect and store the following personal data from you for registration purposes:
Data |
Purpose of processing |
Legal basis of processing |
Duration of storage |
Email address and username |
Creation of the customer account |
Legitimate interest: Article 6(1)(1)(f) GDPR; contract execution: Article 6(1)(1)(b) GDPR |
Until the termination of the customer account term |
Password |
Creation of the customer account |
Legitimate interest: Article 6(1)(1)(f) GDPR; contract execution: Article 6(1)(1)(b) GDPR |
Until the termination of the customer account term |
IP address at registration |
Proof of double opt-in |
Legitimate interest; Article 6(1)(1)(f) GDPR, § 25 (2) Nr. 2 TDDDG – technical necessity |
3 years after termination of customer relationship |
Date of registration |
Proof of double opt-in |
Legitimate interest; Article 6(1)(1)(f) GDPR, § 25 (2) Nr. 2 TDDDG – technical necessity |
3 years after termination of customer relationship |
IP address at double opt-in |
Proof of double opt-in |
Legitimate interest; Article 6(1)(1)(f) GDPR, § 25 (2) Nr. 2 TDDDG – technical necessity |
3 years after termination of customer relationship |
Time of double opt-in verification |
Proof of double opt-in |
Legitimate interest; Article 6(1)(1)(f) GDPR, § 25 (2) Nr. 2 TDDDG – technical necessity |
3 years after termination of customer relationship |
Customer number |
Assignment in case of already existing contractual relationship |
Legitimate interest: Article 6(1)(1)(f) GDPR; contract execution: Article 6(1)(1)(b) GDPR |
Until the end of the tax statutory limitation periods (10 years after the end of the contractual relationship) |
Salutation |
Direct approach within the scope of the contractual relationship |
Legitimate interest: Article 6(1)(1)(f) GDPR; contract execution: Article 6(1)(1)(b) GDPR |
Until the end of the tax statutory limitation periods (10 years after the end of the contractual relationship) |
First name |
Direct approach within the scope of the contractual relationship/invoicing |
Legitimate interest: Article 6(1)(1)(f) GDPR; contract execution: Article 6(1)(1)(b) GDPR |
Until the end of the tax statutory limitation periods (10 years after the end of the contractual relationship) |
Family name |
Direct approach within the scope of the contractual relationship/invoicing |
Legitimate interest: Article 6(1)(1)(f) GDPR; contract execution: Article 6(1)(1)(b) GDPR |
Until the end of the tax statutory limitation periods (10 years after the end of the contractual relationship) |
Company |
Invoicing |
Legitimate interest; Article 6(1)(1)(f) GDPR |
Until the end of the tax statutory limitation periods (10 years after the end of the contractual relationship) |
Telephone |
Contract execution |
Legitimate interest: Article 6(1)(1)(f) GDPR; contract execution: Article 6(1)(1)(b) GDPR |
After the end of the contractual relationship |
Language |
Control of language settings |
Legitimate interest: Article 6(1)(1)(f) GDPR; contract execution: Article 6(1)(1)(b) GDPR |
after the end of the contractual relationship) |
Country |
Contract conclusion and execution |
Legitimate interest: Article 6(1)(1)(f) GDPR; contract execution: Article 6(1)(1)(b) GDPR |
Until the end of the tax statutory limitation periods (10 years after the end of the contractual relationship) |
Address |
Invoicing |
Legitimate interest: Article 6(1)(1)(f) GDPR; contract execution: Article 6(1)(1)(b) GDPR |
Until the end of the tax statutory limitation periods (10 years after the end of the contractual relationship) |
Required personal data is marked as a mandatory field in the respective registration form; any additional information is voluntary.
You can delete your user account at any time. When the account is deleted, all personal data that is not subject to a statutory retention obligation or Article 17 (3) GDPR will be anonymized.
6. ALLPLAN Login Service: Single Sign-On (SSO)
Single Sign-On (SSO) is an authentication mechanism that allows users to authenticate to multiple applications or services or systems with just one login. With SSO, users do not have to enter separate credentials for each application, but can use their credentials once to access different resources.
The basic concept of SSO is that there is a central authentication server that acts as an intermediary between the user and the various applications. When a user logs into SSO for the first time, their identity is verified and a token or ticket is issued that contains their authentication information. This token is then accepted by connected applications to authenticate the user without the need to log in again.
When a user wants to access a protected resource, the application directs him to the central authentication server. This verifies the token and ensures that it is valid. If the token is accepted, the user is considered authenticated and is granted access to the resource without having to enter additional credentials.
Before you can use SSO, the user must first register with the ALLPLAN Connect platform, where the user accounts created are stored securely in the central user management. Once registered, you can use SSO to log in with your username and password and access all applications. On the Allplan Connect platform, you also have the option of resetting your password if you have forgotten it or want to assign a new password for other reasons. For this purpose, corresponding functions are available to you to initiate the recovery process. After confirming your identity, you can set a new password that meets your security requirements. This ensures the protection of your data and allows you to access the platform securely.
7. Cookies
Our website uses cookies. Cookies are files that are stored on your computer by a website you visit and enable your browser to be reassigned. Cookies are used to transmit information to the site that sets the cookie. Cookies can store various information, such as your language setting, the duration of your visit to our website or the entries you make there. This prevents you from having to re-enter required form data each time you use the website, for example. The information stored in cookies can also be used to recognize preferences and target content according to areas of interest.
There are different types of cookies: Session cookies are data sets that are only temporarily stored in the working memory and are deleted when you close your browser. Permanent or persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. With this type of cookie, the information can also be stored in text files on your computer. However, you can also delete these cookies at any time via your browser settings.
First-party cookies are set by the website you are currently visiting. Only this website may read information from these cookies. Third-party cookies are set by organizations that are not operators of the website you are visiting. These cookies are used by marketing companies, for example.
The legal basis for possible processing of personal data using cookies and their storage duration may vary. If you have given us your consent, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. Insofar as the data processing is based on our overriding legitimate interests, the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. The stated purpose then corresponds to our legitimate interest.
We use cookies to ensure the proper operation of the website, to provide basic functionalities, to measure reach and - with your consent - to tailor our services to your preferred areas of interest.
You can delete cookies already stored on your device at any time. If you want to prevent the storage of cookies, you can do this via the settings in your Internet browser. You can find instructions for common browsers here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile. Alternatively, you can also install so-called ad blockers. Please note that individual functions of our website may not work if you have deactivated the use of cookies.
When accessing our website, all users of our website are also informed by an info banner about our use of cookies and referred to this data protection notice. As a user, you will also be asked for your consent to the use of certain cookies, in particular those relevant for the personalization of services and for marketing measures. Once you have given your consent, you can revoke it at any time with effect for the future by clicking on the icon (fingerprint) in the bottom left-hand corner of each page to access the cookie management and uncheck the box behind the processing to which you had consented. You can also find more information about the cookies we use in the cookie management.
7.1 Usercentrics
We use the Usercentrics service to manage consents on our website. Usercentrics is a software from Usercentrics GmbH, Rosental 4, 80331 Munich, Germany.
Usercentrics determines the language used by your browser. A cookie is set to check whether you have already made a selection in our consent tool during a previous visit to our website. This cookie is necessary because it enables the website to recognize whether you have consented to tracking or not. In addition, a log file is created in order to be able to prove that consent has been given. This file contains the IP address in anonymized form, information on the browser used, data on the scope of consent, as well as the date and time of the visit.
The legal basis for the processing is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
The purpose of data processing is the user-friendly and legally compliant design of our website. We want to make it as easy as possible for you to give or withdraw your consent and increase the transparency of data processing by means of cookies, pixels, tags or similar on our website. Our legitimate interest also lies in the purpose of data processing.
The cookie containing your consent or your refusal to use cookies is stored on your end device for one year. The consent data (consent given and withdrawal of consent) will be stored for three years.
Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings of your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
7.2 Website analysis
We use various services for the purpose of analyzing and optimizing our websites, which are described below. We use these services to analyze how many users visit our site, which information is most in demand or how users find the offer. We also collect data about the website from which a user came to our website (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. This helps us to design our offers in a user-friendly way, to find errors and to improve our offers.
7.2.1 Matomo
On our website we use the open source web analysis software Matomo, a software of "InnoCraft Ltd", a company based at 150 Willis St, 6011 Wellington, New Zealand. As InnoCraft is based outside the EU, InnoCraft has appointed a representative in the EU (privacy[at]innocraft.com). The software is operated exclusively from its own servers.
Cookies are used to analyze the use of the website. For this purpose, the usage information recorded in the cookie (including your shortened IP address) is transmitted to our server and stored for usage analysis purposes. Matomo does not transmit any data to servers that are outside our control. Your IP address is immediately anonymized during this process so that you as a user are not identifiable to us. The information collected about your use of this website is not passed on to third parties. We use the data collected for statistical analysis of user behavior for the purpose of optimizing the functionality and stability of the website and for marketing purposes. Our interest in and purpose of data processing lies in the optimization of our website, the adaptation of content and the improvement of our offer. The interests of users are adequately protected by anonymization.
We only store the analysis data for as long as the purpose of the data processing requires, but for a maximum of 14 months.
The legal basis for the data processing described is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time with effect for the future by changing your selection in the cookie settings (see above, section 5. Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options will then be displayed again.
7.2.2 Google Analytics 4
If you have given your consent, this website also uses Google Analytics 4, a web analytics service provided by Google LLC. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Google Analytics 4 uses cookies to help the website analyze how users use the site. The information collected by the cookies about your use of this website is generally transmitted to a Google server in the USA and stored there.
In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your website visit, your user behavior is recorded in the form of "events". Events can be
- Page views
- First visit to the website
- Start of the session
- Your "click path", interaction with the website
- Scrolls (whenever a user scrolls to the end of the page (90%))
- Clicks on external links
- internal search queries
- Interaction with videos
- Viewed / clicked ads
Also recorded:
- Your approximate location (region)
- Your IP address (in abbreviated form)
- technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- Your Internet provider
- the referrer URL (via which website/advertising medium you came to this website)
On behalf of Allplan, Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.
Recipients of the data are/may be
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be ruled out that US authorities will access the data stored by Google.
Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.
The data sent by us and linked to cookies is automatically deleted after 14 months. Data that has reached the end of its retention period is automatically deleted once a month.
The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time with effect for the future by changing your selection in the tracking settings (see above, under Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options will then be displayed again.
Alternatively, you can prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may limit the functionality of this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by clicking
1. do not give your consent to the setting of the cookie or
-
2. download and install the browser add-on to deactivate Google Analytics here.
You can find more information on the terms of use of Google Analytics and on data protection at Google at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.
7.3 Advertising
We use cookies for marketing purposes in order to target our users with interest-based advertising. In addition, we use cookies to limit the likelihood of an advertisement being displayed and to measure the effectiveness of our advertising measures. This information may also be shared with third parties, such as ad networks. The legal basis for this is Art. 6 para. 1 sentence 1 lit. a GDPR.
7.3.1 HubSpot
This website uses HubSpot for online marketing activities. HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.
This is an integrated software solution that covers various aspects of online marketing. These include email marketing, social media publishing & reporting, contact management, landing pages and contact forms. Cookies are also stored on the end device you are using.
Our registration service allows visitors to our website to learn more about our company, download content and provide their contact information and other demographic information. This information and the content of our website is stored on the servers of our software partner HubSpot. It can be used by us to contact visitors to our website and to determine which of our company's services are of interest to them. All information we collect is subject to this privacy policy. We use all information collected exclusively to optimize our marketing measures. You can find HubSpot's privacy policy at https://legal.hubspot.com/privacy-policy.
Insofar as data is processed outside the EU/EEA, we have concluded the standard data protection clauses adopted by the EU Commission in accordance with Art. 46 GDPR with the service provider to establish a secure level of data protection, which allow personal data to be transferred to a third country in individual cases.
Further information from HubSpot regarding EU data protection regulations can be found at https://legal.hubspot.com/data-privacy
You can find more information about the cookies used by HubSpot here and here.
The legal basis for the data processing described is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time with effect for the future by changing your selection in the cookie settings (see above, section 5. Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options will then be displayed again.
You can unsubscribe from emails sent by HubSpot via a link in the respective email.
8. YouTube (extended data protection mode)
We use services from YouTube, LLC 901 Cherry Ave, 94066 San Bruno, CA, USA, a company of Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website.
When you access a page in which a YouTube video is embedded, a connection to the YouTube servers is normally established and the content is displayed on the website by notifying your browser. This is prevented by the use of our consent management tool (Usercentrics) if you have not consented to data processing with regard to YouTube. Due to the integration of YouTube, no data will be transmitted without your consent.
To protect your personal data, we also use the extended data protection option provided by YouTube. According to YouTube, however, in "extended data protection mode" data is only transmitted to the YouTube server when you actively start the video. If you are logged in to YouTube at this time, the information about the videos you have watched will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website. Further information on data protection from YouTube is provided by Google at the following link https://www.google.de/intl/de/policies/privacy/
By activating this in the cookie settings, you agree that YouTube receives data through your use, which can also be used to analyze your usage behavior for market research and marketing purposes.
The legal basis for the described data processing is therefore your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time with effect for the future by changing your selection in the cookie settings (see above, section 5. Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options will then be displayed again. If you do not agree or revoke your consent, you will not be able to use cookies.
9. Google Tag Manager
For reasons of transparency, we would like to point out that we use the Google Tag Manager of the provider Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager itself does not collect any personal data. Google Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements that are used, among other things, to measure traffic and visitor behaviour, to record the impact of online advertising and social channels, to set up remarketing and targeting and to test and optimize websites. We use the Tag Manager for the Google Analytics service. If you have made a deactivation, this deactivation will be taken into account by Google Tag Manager. For more information on Google Tag Manager, see https://www.google.com/intl/de/tagmanager/use-policy.html.
10. Social bookmarks
Social bookmarks from the following providers are integrated on our website:
- Facebook (Operator: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland)
- LinkedIn (Operator: LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA, 94085-2810 USA)
- Instagram (Operator: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland)
- YouTube (operator: Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043)
Social bookmarks are Internet bookmarks with which the users of such a service can collect links and news reports. These are only integrated on our website as links to the corresponding services. After clicking on the embedded graphic, you will be redirected to the page of the respective provider, i.e. only then will user information be transmitted to the respective provider. For information on the handling of your personal data when using these websites, please refer to the respective privacy policies of the providers.
11. Duration of storage
We store your personal data as long as it is necessary for the fulfillment of our legal and contractual obligations in connection with the ALLPLAN Login Services, unless their further processing is required for the following purposes:
After the end of the term of a contract, we usually delete your data after 10 years due to the fulfillment of commercial and tax law retention obligations (in particular retention periods from the German Commercial Code (HGB) or the German Fiscal Code (AO). For the preservation of evidence within the framework of the statute of limitations of the German Civil Code (BGB), a retention period of up to 30 years may be necessary in individual cases.
12. Forwarding of data
Your personal data will not be transferred to third parties for purposes other than those listed.
We only pass on your personal data to third parties if:
- you have given your express consent,
- the disclosure is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
- there is a legal obligation for the disclosure, and
- this is legally permissible and necessary for the processing of contractual relationships with you.
External service providers and partner companies will only receive your data if this is necessary to process your order. In these cases, however, the scope of the transmitted data is limited to the necessary minimum. Insofar as our service providers come into contact with your personal data, we ensure that they comply with the provisions of the data protection laws in the same way as part of order processing in accordance with Art. 28 GDPR. Please also note the respective data protection notices of the providers. The respective service provider is responsible for the content of external services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness.
13. Data transfer to third countries
We attach great importance to processing your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In these cases, we ensure that an adequate level of data protection is established at the recipient before your personal data is transferred. This means that a level of data protection comparable to the standards within the EU is achieved via EU standard contracts or an adequacy decision by the European Commission.
If data is transferred outside the European Union, the high European level of data protection does not generally apply. In the case of a transfer, it is possible that there is currently no adequacy decision by the EU Commission within the meaning of Art. 45 para. 1, 3 GDPR. This means that the EU Commission has not yet positively determined that the country-specific level of data protection corresponds to the level of data protection in the European Union on the basis of the GDPR, which is why we have created the aforementioned suitable guarantees.
Possible risks that cannot be completely ruled out in connection with the transfer of data include in particular
- Your personal data could possibly be processed beyond the actual purpose.
- There is also the possibility that you will not be able to assert and enforce your rights under data protection law, such as your right to information, rectification, erasure or data portability.
- There may also be a higher probability that incorrect data processing may occur and that the protection of personal data does not fully meet the requirements of the GDPR in terms of quantity and quality.
14. Data security
At ALLPLAN, your personal data is transmitted securely using encryption. This applies to all form processes (e.g. registration, login, ordering). ALLPLAN uses the SSL/TLS (Secure Socket Layer/Transport Layer Security) coding system. Nobody can guarantee absolute protection. However, ALLPLAN secures its website and other systems through technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.
15. Your rights
You have the following rights vis-à-vis us with regard to your personal data:
15.1 General rights
You have the right to information, rectification, erasure, restriction of processing, objection to processing and data portability. If processing is based on your consent, you have the right to withdraw this consent with effect for the future.
To exercise your rights, please send an e-mail to dataprotectionofficer@allplan.com or write to ALLPLAN GmbH, Konrad-Zuse-Platz 1, 81829 Munich, Germany. The exercise of your rights described in this section is free of charge for you.
15.2 Rights in data processing according to the legitimate interest
In accordance with Art. 21 para. 1 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 e GDPR (data processing in the public interest) or on Art. 6 para. 1 f GDPR (data processing to protect a legitimate interest); this also applies to profiling based on this provision. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
15.3 Right to lodge a complaint with a supervisory authority
Without prejudice to these rights and the possibility of seeking any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority at any time, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes data protection regulations (Art. 77 GDPR).
16. Links to other websites
Our websites may contain links to websites of other providers. We would like to point out that this information on data protection applies exclusively to the website www.allplan.com. We have no influence on and do not check that other providers comply with the applicable data protection regulations.
17. Changes to the privacy policy
We reserve the right to change or adapt this privacy policy at any time in compliance with the applicable data protection regulations.
Status: 12.03.2024