Data Protection

The protection of your personal data is our utmost concern, due to which we only collect, store and use those personal data that are necessary for the specified purposes. Below you will learn more about how your data is handled when using our website.


PRIVACY POLICY

As of: 25th May, 2018

 

Preamble

In the following privacy policy, you will be informed about the collection of personal data when using our website. Personal data is all data related to you personally, such as name, address, e-mail address or user behavior.

 

Responsible party / DSB

Responsible party
for the data processing

Data protection officer
of the responsible party

ALLPLAN GmbH

Konrad-Zuse-Platz 1

81829 Munich

Germany

 

 

Legal representative:

Patrik Heider, Managing Director

Mr. Christoph Schwan

Consultant for data protection and attorney

intersoft consulting services AG

Marsstraße 37

D-80335 Munich

 

Can be reached by e-mail at:

 

General data collection when accessing our website

Data must be collected to provide the website and the data must be stored in log files to operate the website. However, the user has no option to object. Every time ALLPLAN's website is accessed, usage data is determined by the respective Internet browser and stored in server log files. The data sets saved here contain the following data: The date and time of access, name of the site accessed, IP address, referrer URL (origin URL from which you came to the website), the transferred amount of data as well as the product and version information of the browser used.

The user’s IP addresses are deleted or anonymized after the end of usage. During an anonymization, the IP addresses are changed so that the details of personal or professional relationships can no longer be assigned to a certain or identifiable natural person or it cannot be done without a disproportionately large amount of time, money and effort.

ALLPLAN analyzes these log file data sets in anonymized form to improve the website further and make it more user-friendly, to find and correct errors faster and to control server capacities. In addition, analyzing the log files makes it possible to identify and correct errors on the website faster.

As part of the consideration of interests as per article 6 (1) lit. f GDPR, we have taken into consideration and weighed our interest in the provision and your interest in a data protection-compliant processing of your personal data. Since the data below is sometimes technically required to provide our service so that we can offer you our website and also ensure stability and safety, especially in order to offer protection against misuse, we have come to the conclusion that this data (with a state-of-the-art guarantee of data security) can be processed, whereby your interest in a data protection-compliant processing is reasonably taken into consideration.

Data

Purpose of processing

Duration of storage

Operating system used

Evaluation by devices in order to ensure an optimized display of the website

The data is deleted or anonymized (change the IP address so that individual information can no longer be assigned to a certain or identifiable natural person or it cannot be done without a disproportionately large amount of time, money and effort) once the respective session is over.

Information about the type of browser and the version used

Evaluation of the browser used in order to optimize our websites for this purpose

The Internet service provider of the user

Evaluation of the Internet service provider

IP address

Display of the website on the respective device

The data and time of the access

Ensuring the proper operation of the website.

If necessary, the manufacturer and type designation of the smartphone, tablet or other end devices

Evaluation of the device manufacturer and types of mobile end devices for statistical purposes

Name of the site accessed

Ensuring the proper operation of the website

Referrer URL (source URL from which you came to the website)

Ensuring the proper operation of the website

Log files

Ensuring the proper operation of the website

 

Collection, Processing and Use of Your Personal Data

ALLPLAN strictly complies with the statutory provisions, especially the General Data Protection Regulation (GDPR), when collecting, processing and using your personal data. ALLPLAN collects, stores and processes your data to fully complete your registration, application or shop order, including any subsequent warranties, for services, technical administrator and their own marketing purposes.

Your personal data is only disclosed to third parties or otherwise if this is required for the purpose of contract execution or billing or you have consented otherwise. As part of the order processing, the service providers (sales partners) utilized by ALLPLAN, for example, will receive the necessary data for the order processing. The data disclosed in this way may only be used by service providers to fulfill their task. Any other use of the information is not permitted.

For registration, ALLPLAN requires your correct name and address information. Additional payment information is required for your shop order. Your e-mail address is required so that ALLPLAN can confirm the registration or order entry, provide services (e.g. product downloads) and communicate with you. In addition, the e-mail address is required for identification (customer login).

Your personal data is then deleted if not opposed by retention obligations and if you have made a claim for deletion if the data is no longer required for the purpose intended with the data storage or if its storage is not permitted for other legal reasons.

The following personal data is generally collected and stored as part of the provision of services by ALLPLAN: Address data (name and address), email address as well as optionally the telephone number.

Personal data is also used to:

  • provide content requiring registration, including product downloads, webinars, shop orders;
  • conduct market research and provide information about news, offers and promotions, if consent for this was granted;
  • improve services on the website for users, which measure the interest in different services,
  • offer other services described during the collection of data.

Registration

You can register with us and create a customer account. We collect and save the following data from you for the registration:

Data

Purpose of processing

Legal basis for processing

Duration of storage

User name

Creation of the customer account

Execution of a user contract

Until revocation / objection

E-mail address

Creation of the customer account

Execution of a user contract

Until revocation / objection

Password

Creation of the customer account

Execution of a user contract

Until revocation / objection

IP address when logging in

Data transfer when registering on the web server

Execution of a user contract

Until revocation / objection

*Title

Direct approach

Consent

Until revocation / objection

*First name

Direct approach / proper invoicing and proof of collected taxes

Consent / initiation / execution of the contractual relationship

Until revocation / objection

*Last name

Direct approach / proper invoicing and proof of collected taxes

Consent / initiation / execution of the contractual relationship

Until revocation / objection

*Telephone number

Communication with the customer

Consent

Until revocation / objection

*Address

Direct approach / proper invoicing and proof of collected taxes

Consent / initiation / execution of the contractual relationship

Until revocation / objection

*Company address

Direct approach / proper invoicing and proof of collected taxes

Consent / initiation / execution of the contractual relationship

Until revocation / objection

* optional information

Cookies – General Information

Our website uses cookies. Cookies are text files that are stored in the Internet browser or that are stored by the Internet browser on the user's computer system. If a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string that makes it possible to uniquely identify the browser the next time the website is accessed.

 

Cookies – Different Types of Cookies

a) Technically required cookies

We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to be identifiable after switching sites.

(1) Google Tag Manager

We use the following technology of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”):

For reasons of transparency, we would like to note that we use the Google Tag Manager. The Google Tag Manager itself does not collect any personal data. The Tag Manager makes it easier for us to incorporate and manage our tags/cookies. Tags/cookies are small code elements that, among other things, serve to measure traffic and visitor behavior, to record the effectiveness of online advertising and social channels, to set up remarketing aimed at audience targeting and to test and optimize websites. If you have opted out, this opt-out will be taken into consideration by the Google Tag Manager. For additional information about the Google Tag Manager, see: HTTPS://WWW.GOOGLE.COM/INTL/DE/TAGMANAGER/USE-POLICY.HTML.

b) Cookies for reach measurement

Cookies for reach measurement collect information about the way our website is used, such as website accesses or error messages. These cookies cannot save any information that permits the user to be identified. The information collected is only aggregated and thus is evaluated in anonymous form.

(1) Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; “Google”).

Google Analytics uses so-called "cookies", text files which are saved on your computer and allow for an analysis of the use of the website by you. The information about your use of this website created by the cookie is usually transmitted to a server of Google in the USA and saved there. However, your IP address is shortened by Google within member states of the European Union or in other contractual states of the Agreement on the European Economic Area in advance. The complete IP address is transmitted to a server of Google in the USA and shortened there only in exceptional cases. The IP address that is transmitted by your browser within the frame of Google Analytics is not combined with other data of Google. On behalf of the operator of this website, Google will use such information for analyzing your use of the website, for compiling reports about the website activities and for rendering additional services that are related to the website use and Internet use towards the website operator. Our legitimate interest in data processing also lies in these purposes. The data sent by us linked with cookies, user IDs or advertisement IDs will automatically be deleted after 14 months. The data whose retention duration has expired is automatically deleted once per month. You can find more detailed information about terms of use and privacy protection at HTTPS://WWW.GOOGLE.COM/ANALYTICS/TERMS/DE.HTML or HTTPS://POLICIES.GOOGLE.COM/?HL=DE

You can prevent the saving of cookies with the corresponding settings of your browser software. However, we inform you that you might not be able to use all functions of this website to the full extent in such case. You can also prevent the recording of the data generated by the cookies or data relating to your use of the website (including your IP address) by Google from as well as the processing of this data by Google by downloading and installing the browser add-on. Opt-out cookies prevent the future collection of your data when you visit this website.

Provider name

Service provider type

Data transfer to third country

Third country

Guarantees as per article 44ff GDPR

Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;

Order processor

YES

United States of America

Privacy Shield

Data category concerned

Purpose of processing

Legal basis for processing

Duration of storage

Objection

IP address (stored anonymized)

Creation and change of cookie information

Legitimate interest

Until revocation / objection

If you do not agree with the processing for the purposes mentioned, you can always object to this by sending and e-mail to the following e-mail address

 

 

You can prevent Google from processing your data by downloading and installing the browser plug-in available at the following link: HTTPS://TOOLS.GOOGLE.COM/DLPAGE/GAOPTOUT?HL=DE 

Device-related data, such as device type, operating system model, browser type and version

Optimization of the website, adaptation of the content as well as aggregated usage analysis

Legitimate interest

Until revocation / objection

Use-related information, such as time and duration of use as well as point of origin

Optimization of the website, adaptation of the content as well as aggregated usage analysis

Legitimate interest

Until revocation / objection

Newsletter

The newsletter informs you about ALLPLAN and its associated offers. If you would like to receive the newsletter, ALLPLAN will need a valid e-mail address from you as well as information that allows them to verify that you are the owner of said e-mail address or its owner agrees to receive the newsletter.

By signing up for the newsletter, your IP address and the date of registration will be saved. This information is only saved as proof in the case that a third party misuses your e-mail address and signs you up to receive the newsletter without the knowledge of the entitled person.

You can always revoke your consent to store data, the e-mail address as well as its use to send the newsletter. You can revoke your consent through the unsubscribe link in the newsletters themselves or by sending an e-mail to .

Name of the newsletter provider

Service provider type

Data transfer to third country

Third country

Guarantees as per article 44ff GDPR

HubSpot, Inc., Cambridge, MA 02141, USA

Order processor

YES

United States of America

EU standard contractual clauses / Privacy Shield

Data

Purpose of processing

Legal basis for processing

Duration of storage

IP address when logging in

Evidence of double opt-in (DOI)

Consent

Until revocation / objection

Time of registration

Evidence of double opt-in

Consent

Until revocation / objection

IP address during DOI

Evidence of double opt-in

Consent

Until revocation / objection

Time of the DOI verification

Evidence of double opt-in

Consent

Until revocation / objection

E-mail address

Sending the newsletter

Consent

Until revocation / objection

Title

Direct approach

Consent

Until revocation / objection

First name

Direct approach

Consent

Until revocation / objection

Last name

Direct approach

Consent

Until revocation / objection


Customized newsletter

We evaluate your clicks in newsletters using tracking pixels, i.e. invisible image files, as well as personalized links. They are assigned to your e-mail address and are linked with your own ID to unambiguously assign clicks in the newsletter to you. The usage profile is used to optimize the newsletter offer with respect to content and frequency.

Data

Purpose of processing

Legal basis for processing

Duration of storage

IP address

Connection establishment with e-mail evaluation tool

Consent

Until revocation / objection

Personalized link

Measurement of click behavior

Consent

Until revocation / objection

Opening pixel

Measurement of opening behavior

Consent

 

Until revocation / objection

 

Direct mail advertising permission as per 7 para. 3 UWG

We use the e-mail address collected when a good or service is purchased from ALLPLAN for direct mail advertising for our own or similar products and/or services, such as current product versions and useful additional options. If you no longer want to receive direct mail advertising, you can object to the use of your e-mail address at any time. You will find a corresponding link for this purpose in every newsletter.

However, if you no longer want to receive direct mail advertising, you can always object to the corresponding use of your e-mail address by sending an e-mail to the following address: 

Data

Purpose of processing

Legal basis for processing

Duration of storage

E-mail address

Address for direct mail advertising

Possibility of direct mail advertising according to UWG [Act Against Unfair Competition]

Until objection to / elimination of the legal requirements

Title

Address for direct mail advertising

Possibility of direct mail advertising according to UWG [Act Against Unfair Competition]

Until objection to / elimination of the legal requirements

First name

Address for direct mail advertising

Possibility of direct mail advertising according to UWG [Act Against Unfair Competition]

Until objection to / elimination of the legal requirements

Last name

Address for direct mail advertising

Possibility of direct mail advertising according to UWG [Act Against Unfair Competition]

Until objection to / elimination of the legal requirements

Secure data transmission

Your personal data is securely transmitted at ALLPLAN through encryption. This applies to all form processes (including registration, application, ordering). ALLPLAN uses the coding system SSL (Secure Socket Layer). However, no one can guarantee absolute protection. ALLPLAN uses technical and organizational measures to protect its website and other systems from loss, destruction, access, modification or dissemination of your data by unauthorized persons.

Disclosure of Data

Your personal data is not sent to third parties for purposes other than those listed.

We only disclose your personal data to third parties if:

  • you have given your express consent to do so,
  • the disclosure is required to assert, exercise or defend legal claims and there is no reason to assume that you have a predominant legitimate interest in the non-disclosure of your data,
  • in the event that there is a legal obligation to disclose, as well as
  • this is legally permissible and is required to implement contractual relationships with you.

The high European level of data protection generally does not exist for data transmission outside of the European Union. During data transmission, it may occur that there is currently no adequacy decision of the EU Commission in the sense of article 45 (1) (3) GDPR. In other words, the EU Commission has so far not positively determined that the country-specific data protection level corresponds to the data protection level of the European Union based on the GDPR, which is why we have created the aforementioned appropriate guarantees.

Possible risks that cannot be completely ruled out in connection with the data transfer in particular are:

  • Your personal data could possibly be processed beyond its intended purpose.
  • In addition, it is possible that you may not be able to sustainably assert or enforce your data protection rights, such as your right to information, correction, deletion or data transferability.
  • There may also be a greater likelihood that there can be an incorrect data processing and the protection of the personal data does not fully quantitatively and qualitatively correspond to the requirements of the GDPR.

 

Briefing on the rights of the party concerned

Each party concerned has the right to information as per article 15 GDPR, the right to correction as per article 16 GDPR, the right to deletion as per article 17 GDPR, the right to restriction of processing as per article 18 GDPR, the right to object as per article 21 GDPR as well as the right to data transferability as per article 20 GDPR. The restrictions as per §§ 34 and 35 BDSG [Federal Data Protection Act] apply for the right to information and the right to deletion.

 

Briefing on the option to complain

You also have the right to complain to the competent data supervisory authority about our processing of your personal data.

 

Briefing on the revocation of consent

You can always revoke your consent given to us to process personal data. This also applies to the revocation of declarations of consent, which have been given to us before the General Data Protection Regulation came into effect, i.e. before May 25, 2018. Please note that this revocation only be effective for the future. It does not affect processing that has occurred prior to the revocation.

 

Rights in the event of data processing for direct mail advertising

As per article 21 (2) GDPR, you have the right to object to the processing of personal data concerning you at any time. If you do object to the processing for the purposes of direct mail advertising, we will no longer process your personal data for these purposes. Please note that this objection only be effective for the future. It does not affect processing that has occurred prior to the objection.

 

Note on the right to object in the case of a consideration of interests

If we base the processing of your personal data on a consideration of interests, you can object to the processing. If such an objection is exercised, we ask you to explain the reasons why we should not process your personal data as we have described it. In the case of your justified objection, we will check the situation and either stop or adjust the data processing or explain to you our compelling legitimate reasons.

 

Links to other websites

Our websites may contain links to websites of other providers. Please note that this privacy policy only applies to the websites of ALLPLAN Deutschland GmbH. We have no influence over this and do not control whether other providers comply with the applicable data protection regulations.

 

Changes to the privacy policy

We reserve the right to modify or adjust this privacy policy at any time while observing the applicable data protection regulations.