Data Protection
The protection of your personal data is our utmost concern, due to which we only collect, store and use those personal data that are necessary for the specified purposes. Below you will learn more about how your data is handled when using our website.
PRIVACY POLICY
As of: 25th May, 2018
Preamble
In the following privacy policy, you will be informed about the collection of personal data when using our website. Personal data is all data related to you personally, such as name, address, e-mail address or user behavior.
Responsible party / DSB
Responsible party |
Data protection officer |
ALLPLAN GmbH Konrad-Zuse-Platz 1 81829 Munich Germany
Legal representative: Dr. Detlef Schneider, Managing Director |
Consultant for data protection and attorney intersoft consulting services AG Marsstraße 37 D-80335 Munich
Can be reached by e-mail at: |
General data collection when accessing our website
Data must be collected to provide the website and the data must be stored in log files to operate the website. However, the user has no option to object. Every time ALLPLAN's website is accessed, usage data is determined by the respective Internet browser and stored in server log files. The data sets saved here contain the following data: The date and time of access, name of the site accessed, IP address, referrer URL (origin URL from which you came to the website), the transferred amount of data as well as the product and version information of the browser used.
The user’s IP addresses are deleted or anonymized after the end of usage. During an anonymization, the IP addresses are changed so that the details of personal or professional relationships can no longer be assigned to a certain or identifiable natural person or it cannot be done without a disproportionately large amount of time, money and effort.
ALLPLAN analyzes these log file data sets in anonymized form to improve the website further and make it more user-friendly, to find and correct errors faster and to control server capacities. In addition, analyzing the log files makes it possible to identify and correct errors on the website faster.
As part of the consideration of interests as per article 6 (1) lit. f GDPR, we have taken into consideration and weighed our interest in the provision and your interest in a data protection-compliant processing of your personal data. Since the data below is sometimes technically required to provide our service so that we can offer you our website and also ensure stability and safety, especially in order to offer protection against misuse, we have come to the conclusion that this data (with a state-of-the-art guarantee of data security) can be processed, whereby your interest in a data protection-compliant processing is reasonably taken into consideration.
Data |
Purpose of processing |
Duration of storage |
Operating system used |
Evaluation by devices in order to ensure an optimized display of the website |
The data is deleted or anonymized (change the IP address so that individual information can no longer be assigned to a certain or identifiable natural person or it cannot be done without a disproportionately large amount of time, money and effort) once the respective session is over. |
Information about the type of browser and the version used |
Evaluation of the browser used in order to optimize our websites for this purpose |
|
The Internet service provider of the user |
Evaluation of the Internet service provider |
|
IP address |
Display of the website on the respective device |
|
The data and time of the access |
Ensuring the proper operation of the website. |
|
If necessary, the manufacturer and type designation of the smartphone, tablet or other end devices |
Evaluation of the device manufacturer and types of mobile end devices for statistical purposes |
|
Name of the site accessed |
Ensuring the proper operation of the website |
|
Referrer URL (source URL from which you came to the website) |
Ensuring the proper operation of the website |
|
Log files |
Ensuring the proper operation of the website |
Collection, Processing and Use of Your Personal Data
ALLPLAN strictly complies with the statutory provisions, especially the General Data Protection Regulation (GDPR), when collecting, processing and using your personal data. ALLPLAN collects, stores and processes your data to fully complete your registration, application or shop order, including any subsequent warranties, for services, technical administrator and their own marketing purposes.
Your personal data is only disclosed to third parties or otherwise if this is required for the purpose of contract execution or billing or you have consented otherwise. As part of the order processing, the service providers (sales partners) utilized by ALLPLAN, for example, will receive the necessary data for the order processing. The data disclosed in this way may only be used by service providers to fulfill their task. Any other use of the information is not permitted.
For registration, ALLPLAN requires your correct name and address information. Additional payment information is required for your shop order. Your e-mail address is required so that ALLPLAN can confirm the registration or order entry, provide services (e.g. product downloads) and communicate with you. In addition, the e-mail address is required for identification (customer login).
Your personal data is then deleted if not opposed by retention obligations and if you have made a claim for deletion if the data is no longer required for the purpose intended with the data storage or if its storage is not permitted for other legal reasons.
The following personal data is generally collected and stored as part of the provision of services by ALLPLAN: Address data (name and address), email address as well as optionally the telephone number.
Personal data is also used to:
- provide content requiring registration, including product downloads, webinars, shop orders;
- conduct market research and provide information about news, offers and promotions, if consent for this was granted;
- improve services on the website for users, which measure the interest in different services,
- offer other services described during the collection of data.
Registration
You can register with us and create a customer account. We collect and save the following data from you for the registration:
Data |
Purpose of processing |
Legal basis for processing |
Duration of storage |
User name |
Creation of the customer account |
Execution of a user contract |
Until revocation / objection |
E-mail address |
Creation of the customer account |
Execution of a user contract |
Until revocation / objection |
Password |
Creation of the customer account |
Execution of a user contract |
Until revocation / objection |
IP address when logging in |
Data transfer when registering on the web server |
Execution of a user contract |
Until revocation / objection |
*Title |
Direct approach |
Consent |
Until revocation / objection |
*First name |
Direct approach / proper invoicing and proof of collected taxes |
Consent / initiation / execution of the contractual relationship |
Until revocation / objection |
*Last name |
Direct approach / proper invoicing and proof of collected taxes |
Consent / initiation / execution of the contractual relationship |
Until revocation / objection |
*Telephone number |
Communication with the customer |
Consent |
Until revocation / objection |
*Address |
Direct approach / proper invoicing and proof of collected taxes |
Consent / initiation / execution of the contractual relationship |
Until revocation / objection |
*Company address |
Direct approach / proper invoicing and proof of collected taxes |
Consent / initiation / execution of the contractual relationship |
Until revocation / objection |
* optional information
Cookies – General Information
Our website uses cookies. Cookies are text files that are stored in the Internet browser or that are stored by the Internet browser on the user's computer system. If a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string that makes it possible to uniquely identify the browser the next time the website is accessed.
Cookies – Different Types of Cookies
a) Technically required cookies
We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to be identifiable after switching sites.
(1) Google Tag Manager
We use the following technology of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”):
For reasons of transparency, we would like to note that we use the Google Tag Manager. The Google Tag Manager itself does not collect any personal data. The Tag Manager makes it easier for us to incorporate and manage our tags/cookies. Tags/cookies are small code elements that, among other things, serve to measure traffic and visitor behavior, to record the effectiveness of online advertising and social channels, to set up remarketing aimed at audience targeting and to test and optimize websites. If you have opted out, this opt-out will be taken into consideration by the Google Tag Manager. For additional information about the Google Tag Manager, see: HTTPS://WWW.GOOGLE.COM/INTL/DE/TAGMANAGER/USE-POLICY.HTML.
b) Cookies for reach measurement
Cookies for reach measurement collect information about the way our website is used, such as website accesses or error messages. These cookies cannot save any information that permits the user to be identified. The information collected is only aggregated and thus is evaluated in anonymous form.
(1) Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; “Google”).
Google Analytics uses so-called "cookies", text files which are saved on your computer and allow for an analysis of the use of the website by you. The information about your use of this website created by the cookie is usually transmitted to a server of Google in the USA and saved there. However, your IP address is shortened by Google within member states of the European Union or in other contractual states of the Agreement on the European Economic Area in advance. The complete IP address is transmitted to a server of Google in the USA and shortened there only in exceptional cases. The IP address that is transmitted by your browser within the frame of Google Analytics is not combined with other data of Google. On behalf of the operator of this website, Google will use such information for analyzing your use of the website, for compiling reports about the website activities and for rendering additional services that are related to the website use and Internet use towards the website operator. Our legitimate interest in data processing also lies in these purposes. The data sent by us linked with cookies, user IDs or advertisement IDs will automatically be deleted after 14 months. The data whose retention duration has expired is automatically deleted once per month. You can find more detailed information about terms of use and privacy protection at HTTPS://WWW.GOOGLE.COM/ANALYTICS/TERMS/DE.HTML or HTTPS://POLICIES.GOOGLE.COM/?HL=DE.
You can prevent the saving of cookies with the corresponding settings of your browser software. However, we inform you that you might not be able to use all functions of this website to the full extent in such case. You can also prevent the recording of the data generated by the cookies or data relating to your use of the website (including your IP address) by Google from as well as the processing of this data by Google by downloading and installing the browser add-on. Opt-out cookies prevent the future collection of your data when you visit this website.
Provider name |
Service provider type |
Data transfer to third country |
Third country |
Guarantees as per article 44ff GDPR |
|
Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; |
Order processor |
YES |
United States of America |
Privacy Shield |
|
Data category concerned |
Purpose of processing |
Legal basis for processing |
Duration of storage |
Objection |
|
IP address (stored anonymized) |
Creation and change of cookie information |
Legitimate interest |
Until revocation / objection |
If you do not agree with the processing for the purposes mentioned, you can always object to this by sending and e-mail to the following e-mail address
DATENSCHUTZBEAUFTRAGTER[AT]ALLPLAN.COM
You can prevent Google from processing your data by downloading and installing the browser plug-in available at the following link: HTTPS://TOOLS.GOOGLE.COM/DLPAGE/GAOPTOUT?HL=DE |
|
Device-related data, such as device type, operating system model, browser type and version |
Optimization of the website, adaptation of the content as well as aggregated usage analysis |
Legitimate interest |
Until revocation / objection |
||
Use-related information, such as time and duration of use as well as point of origin |
Optimization of the website, adaptation of the content as well as aggregated usage analysis |
Legitimate interest |
Until revocation / objection |
Newsletter
The newsletter informs you about ALLPLAN and its associated offers. If you would like to receive the newsletter, ALLPLAN will need a valid e-mail address from you as well as information that allows them to verify that you are the owner of said e-mail address or its owner agrees to receive the newsletter.
By signing up for the newsletter, your IP address and the date of registration will be saved. This information is only saved as proof in the case that a third party misuses your e-mail address and signs you up to receive the newsletter without the knowledge of the entitled person.
You can always revoke your consent to store data, the e-mail address as well as its use to send the newsletter. You can revoke your consent through the unsubscribe link in the newsletters themselves or by sending an e-mail to DATENSCHUTZBEAUFTRAGTER[AT]ALLPLAN.COM.
Name of the newsletter provider |
Service provider type |
Data transfer to third country |
Third country |
Guarantees as per article 44ff GDPR |
|||
HubSpot, Inc., Cambridge, MA 02141, USA |
Order processor |
YES |
United States of America |
EU standard contractual clauses / Privacy Shield |
|||
Data |
Purpose of processing |
Legal basis for processing |
Duration of storage |
||||
IP address when logging in |
Evidence of double opt-in (DOI) |
Consent |
Until revocation / objection |
||||
Time of registration |
Evidence of double opt-in |
Consent |
Until revocation / objection |
||||
IP address during DOI |
Evidence of double opt-in |
Consent |
Until revocation / objection |
||||
Time of the DOI verification |
Evidence of double opt-in |
Consent |
Until revocation / objection |
||||
E-mail address |
Sending the newsletter |
Consent |
Until revocation / objection |
||||
Title |
Direct approach |
Consent |
Until revocation / objection |
||||
First name |
Direct approach |
Consent |
Until revocation / objection |
||||
Last name |
Direct approach |
Consent |
Until revocation / objection |
Customized newsletter
We evaluate your clicks in newsletters using tracking pixels, i.e. invisible image files, as well as personalized links. They are assigned to your e-mail address and are linked with your own ID to unambiguously assign clicks in the newsletter to you. The usage profile is used to optimize the newsletter offer with respect to content and frequency.
Data |
Purpose of processing |
Legal basis for processing |
Duration of storage |
IP address |
Connection establishment with e-mail evaluation tool |
Consent |
Until revocation / objection |
Personalized link |
Measurement of click behavior |
Consent |
Until revocation / objection |
Opening pixel |
Measurement of opening behavior |
Consent
|
Until revocation / objection |
Direct mail advertising permission as per 7 para. 3 UWG
We use the e-mail address collected when a good or service is purchased from ALLPLAN for direct mail advertising for our own or similar products and/or services, such as current product versions and useful additional options. If you no longer want to receive direct mail advertising, you can object to the use of your e-mail address at any time. You will find a corresponding link for this purpose in every newsletter.
However, if you no longer want to receive direct mail advertising, you can always object to the corresponding use of your e-mail address by sending an e-mail to the following address: DATENSCHUTZBEAUFTRAGTER[AT]ALLPLAN.COM
Data |
Purpose of processing |
Legal basis for processing |
Duration of storage |
E-mail address |
Address for direct mail advertising |
Possibility of direct mail advertising according to UWG [Act Against Unfair Competition] |
Until objection to / elimination of the legal requirements |
Title |
Address for direct mail advertising |
Possibility of direct mail advertising according to UWG [Act Against Unfair Competition] |
Until objection to / elimination of the legal requirements |
First name |
Address for direct mail advertising |
Possibility of direct mail advertising according to UWG [Act Against Unfair Competition] |
Until objection to / elimination of the legal requirements |
Last name |
Address for direct mail advertising |
Possibility of direct mail advertising according to UWG [Act Against Unfair Competition] |
Until objection to / elimination of the legal requirements |
Secure data transmission
Your personal data is securely transmitted at ALLPLAN through encryption. This applies to all form processes (including registration, application, ordering). ALLPLAN uses the coding system SSL (Secure Socket Layer). However, no one can guarantee absolute protection. ALLPLAN uses technical and organizational measures to protect its website and other systems from loss, destruction, access, modification or dissemination of your data by unauthorized persons.
Disclosure of Data
Your personal data is not sent to third parties for purposes other than those listed.
We only disclose your personal data to third parties if:
- you have given your express consent to do so,
- the disclosure is required to assert, exercise or defend legal claims and there is no reason to assume that you have a predominant legitimate interest in the non-disclosure of your data,
- in the event that there is a legal obligation to disclose, as well as
- this is legally permissible and is required to implement contractual relationships with you.
The high European level of data protection generally does not exist for data transmission outside of the European Union. During data transmission, it may occur that there is currently no adequacy decision of the EU Commission in the sense of article 45 (1) (3) GDPR. In other words, the EU Commission has so far not positively determined that the country-specific data protection level corresponds to the data protection level of the European Union based on the GDPR, which is why we have created the aforementioned appropriate guarantees.
Possible risks that cannot be completely ruled out in connection with the data transfer in particular are:
- Your personal data could possibly be processed beyond its intended purpose.
- In addition, it is possible that you may not be able to sustainably assert or enforce your data protection rights, such as your right to information, correction, deletion or data transferability.
- There may also be a greater likelihood that there can be an incorrect data processing and the protection of the personal data does not fully quantitatively and qualitatively correspond to the requirements of the GDPR.
Briefing on the rights of the party concerned
Each party concerned has the right to information as per article 15 GDPR, the right to correction as per article 16 GDPR, the right to deletion as per article 17 GDPR, the right to restriction of processing as per article 18 GDPR, the right to object as per article 21 GDPR as well as the right to data transferability as per article 20 GDPR. The restrictions as per §§ 34 and 35 BDSG [Federal Data Protection Act] apply for the right to information and the right to deletion.
Briefing on the option to complain
You also have the right to complain to the competent data supervisory authority about our processing of your personal data.
Briefing on the revocation of consent
You can always revoke your consent given to us to process personal data. This also applies to the revocation of declarations of consent, which have been given to us before the General Data Protection Regulation came into effect, i.e. before May 25, 2018. Please note that this revocation only be effective for the future. It does not affect processing that has occurred prior to the revocation.
Rights in the event of data processing for direct mail advertising
As per article 21 (2) GDPR, you have the right to object to the processing of personal data concerning you at any time. If you do object to the processing for the purposes of direct mail advertising, we will no longer process your personal data for these purposes. Please note that this objection only be effective for the future. It does not affect processing that has occurred prior to the objection.
Note on the right to object in the case of a consideration of interests
If we base the processing of your personal data on a consideration of interests, you can object to the processing. If such an objection is exercised, we ask you to explain the reasons why we should not process your personal data as we have described it. In the case of your justified objection, we will check the situation and either stop or adjust the data processing or explain to you our compelling legitimate reasons.
Links to other websites
Our websites may contain links to websites of other providers. Please note that this privacy policy only applies to the websites of ALLPLAN Deutschland GmbH. We have no influence over this and do not control whether other providers comply with the applicable data protection regulations.
Changes to the privacy policy
We reserve the right to modify or adjust this privacy policy at any time while observing the applicable data protection regulations.