Name and address of the person responsible

Ingenious Software GmbH

Melscher Straße 1

D-04299 Leipzig

Germany

Phone: +49341/226210

E-mail: info@ingenious.de

Website: www.ingenious.de

 

Reference person for data protection:

Stephanie Schmidt

Ingenious Software GmbH

Melscher Straße 1

D-04299 Leipzig

Germany

Phone: +49341/226210

E-mail: info@ingenious.de

Website: www.ingenious.de

 

General information on data processing

 

Scope of processing personal data

We only process personal data of our users to the extent it is necessary to provide a functional website as well as our contents and services. The processing of personal user data regularly only takes place after the user’s consent. An exception applies in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

 

Legal basis for processing personal data

Insofar as we obtain the consent of the data subject for processing his/her personal data, Art. 6.1(a) EU General Data Protection Regulation (GDPR) serves as legal basis.

If processing personal data is required for the performance of a contract to which the data subject is a party, art. 6.1(b) GDPR serves as legal basis.

This also applies to processing operations required to carry out pre-contractual measures.

Insofar processing of personal data is required to fulfil a legal obligation to which our company is subject, art. 6.1(c) GDPR serves as legal basis.

In case that vitally important interests of the data subject or another natural person require processing personal data, article 6.1(d) GDPR serves as legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, art. 6.1(f) GDPR serves as legal basis for processing.

 

Data deletion and storage time

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage of data exceeding this is possible, if it has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards expires unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

 

Provision of the website and creation of log files

Description and scope of data processing

Every time a user accesses a page of our website and every time a file is called up, access data about this process is stored in a log file on the server of our provider http://www.1und1.de/.

The following data is collected:

  1. information about the browser type and version used
  2. the user’s operating system
  3. the user’s internet service provider
  4. the IP address of the user
  5. date, time and duration of access
  6. websites from which the user’s system reaches our website
  7. websites accessed by the user’s system via our website

The log files contain IP addresses or other data that enable an assignment to a user. The latter could be the case, for example, if the link to the website from which the user accesses the website or the link to the website to which the user switches contains personal data.

The data is also stored in the log files. This data is not stored together with other personal user data.

The stored data are evaluated exclusively for statistical purposes, and are not passed on to third parties, neither for commercial nor for non-commercial purposes.

 

Legal basis for data processing

The legal basis for the temporary storage of data and log files is art. 6.1 (f) GDPR.

 

Purpose of data processing

The temporary storage of the IP address by the system is necessary to allow for the website to be delivered to the user’s computer. For this reason, the user’s IP address must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Our legitimate interest in data processing also lies in these purposes, pursuant to art. 6.1 (f) GDPR.

 

Duration of storage

The data will be deleted as soon as it is no longer necessary for its collection’s purpose.

In the case of the collection of data for the provision of the website, this is the case when the respective session is completed.

If the data is stored in log files, this is the case latest after seven days. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

 

Possibility of objection and elimination

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

 

Use of cookies

Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser, respectively, by the Internet browser on the user’s computer system. If a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

  1. language settings
  2. log-in information

The user data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data will not be stored together with other personal data of the users.

When you visit our website, an information banner informs you about the use of cookies and refers you to this data protection statement. In this context, there is also an indication of how the storage of cookies can be prevented in the browser settings.

 

Legal basis for data processing

The legal basis for processing of personal data using cookies is art. 6.1(f) GDPR.

 

Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. Therefore, it is necessary that the browser is recognized even after a page change.

We need cookies for the following applications:

  • Acceptance of language settings
  • Play embedded YouTube videos
  • User identification in protected areas

The user data collected by technically necessary cookies are not used to create user profiles.

 

Duration of storage, possibility of objection and elimination

Cookies are stored on the user’s computer and transmitted to our site. Therefore, you as a user have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.

 

Third party cookies

QTRANSLATE COOKIE (QTRANS_FRONT_LANGUAGE)

We use the qTranslate plugin on our websites to display the contents of our pages in different languages and to switch easily between the languages. This technically necessary session cookie stores the language currently used and is purely functional.

 

YOUTUBE COOKIES

YouTube videos of our official YouTube channel can be embedded on our websites.

The embedding always takes place in the extended data protection mode. This ensures that information is only saved when you click on and play the videos.

For more information, visit YouTube’s video embedding information page

http://support.google.com/youtube/bin/answer.py?hl=en&hlrm=en-GB&answer=171780

 

MANTIS COOKIES

We offer a multilingual bug tracking tool, through which users of our Ingenious Software products can report bugs and enhancement requests. Access to the bug tracking tool is reserved for customers with a software maintenance contract and is protected by a personal login name and password.

Cookies are stored to identify the user when switching between pages and are deleted at the end of the browser session.

 

Contact form and e-mail contact

Description and scope of data processing

There is a contact form available on our website, which can be used to contact us electronically. If a user takes advantage of this possibility, the data entered in the input mask will be transmitted to us and stored. This data is:

  • Name (optional)
  • Company (optional)
  • Street (optional)
  • Postcode (optional)
  • Location (optional)
  • E-mail address (required)
  • Subject (optional)
  • Message (required)

For processing the data, your consent is obtained during sending and it is referred to this privacy policy.

Alternatively, you can contact us via the e-mail address provided. In this case, the user’s personal data transmitted by e-mail will be stored.

In this framework, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

 

Legal basis for data processing

The legal basis for the data processing in this case is art. 6.1 (a) GDPR if the user has given his consent.

The legal basis for processing the data transmitted in the course of sending an e-mail is art. 6.1(f) GDPR. If the e-mail contact aims to conclude a contract, then the additional legal basis for the processing is art. 6.1(b) GDPR.

 

Purpose of data processing

The processing of the personal data from the input mask serves us only to process the contact. In the case of contact via e-mail, this also constitutes our required legitimate interest in processing the data.

Other personal data processed during sending serve to prevent any misuse of the contact form and to ensure the security of our information technology systems.

 

Duration of storage

The data will be deleted as soon as they are no longer necessary for its collection’s purpose. For personal data from the input mask of the contact form and those sent by e-mail, this is the case, when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that all relevant facts have been finally clarified.The additional personal data collected during the sending process will be deleted latest after a period of seven days.

 

Possibility of objection and elimination

The user can revoke his consent to the processing of his/her personal data at any time. If the user contacts us by e-mail, he/she can object to the storage of his personal data at any time. In this case, the conversation cannot be continued.

The revocation of the consent and the objection to the storage must be addressed by writing a letter to:

Ingenious Software GmbH

Melscher Straße 1

D-04299 Leipzig

Germany

A revocation or objection is also possible in electronic form by email. The user can send an e-mail to info@ingenious.de for this purpose.

In the event of an oral revocation or objection, we reserve the right to have this confirmed in writing by the user.

All personal data stored while contacting us will be deleted in this case.

 

Rights of the data subject

If your personal data are processed, you are affected within the meaning of the GDPR and have the following rights vis-à-vis the person responsible:

 

Right to information

You may ask the person in charge to confirm whether your personal data are processed by us.

If this is the case, you have the right to request the following information from the person responsible:

  1. the purposes for which the personal data are processed
  2. the categories of personal data processed
  3. the recipients or categories of recipients to whom personal data relating to you have been disclosed or are still being disclosed
  4. the planned duration of the storage your personal data or, if specific information on this is not available, the criteria for determining the storage period
  5. the existence of a right to rectification or deletion of your personal data, a right to restrict the processing by the controller or a right to object to such processing
  6. the existence of a right of appeal to a regulatory authority
  7. any available information on the origin of the data, if the personal data are not collected from the data subject
  8. the existence of automated decision-making, including profiling, in accordance with art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether your personal data is transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate guarantees in accordance with art. 46 GDPR in connection with the transmission.

 

Right to correction

You have a right of rectification and/or completion vis-à-vis the data controller if your personal data processed are incorrect or incomplete. The person responsible must perform the correction without delay.

 

Right to restriction of processing

Under the following conditions, you may request that the processing of your personal data will be restricted:

  1. if you dispute the accuracy of your personal data for a period that enables the person responsible to verify the accuracy of your personal data
  2. the processing is unlawful, and you refuse to delete your personal data and instead request that the use of the personal data will be restricted
  3. the person responsible no longer needs your personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
  4. if you have filed an objection to the processing pursuant to art. 21(1) GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of your personal data has been restricted, such data may only be used – apart from being stored – with your consent for asserting, exercising or defending your legal claims, for protecting the rights of another natural or legal person or for reasons of important public interest of the EU or a member state.If the restriction on processing has been limited in accordance with the above conditions, you will be notified by the person responsible before the restriction is lifted.

 

Right to deletion

DELETION DUTY

You may request the person responsible to delete your personal data without delay and the controller is obliged to do so, if one of the following reasons applies:

  1. your personal data are no longer necessary for the purposes they were collected for or otherwise processed;
  2. you revoke your consent, on which the processing was based pursuant to art. 6.1 (a) or art. 9.2(a) GDPR, and there is no other legal basis for the processing;
  3. you file an objection against the processing pursuant to art. 21.1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing pursuant to art. 21.2 GDPR;
  4. your personal data have been processed unlawfully;
  5. the deletion of your personal data is necessary to fulfil a legal obligation under EU law or the law of its member states to which the person responsible is subject;
  6. your personal data have been collected in relation to offered information society services, pursuant to art. 8.1 GDPR.

 

INFORMATION TO THIRD PARTIES

If the responsible person has made your personal data public and is obliged to delete it pursuant to art. 17.1 GDPR, he/she must inform third parties who process your personal data that you as the data subject have requested the deletion of all links to your personal data as well as of copies or replications of it. For this purpose, he/she must employ the appropriate, including technical, measures for this purpose, considering the available technology and the implementation costs.

 

EXCEPTIONS

The right to deletion does not exist insofar as the processing is necessary

  1. to exercise freedom of expression and information;
  2. to fulfil a legal obligation required for processing under the law of the EU or of the member states, to which the person responsible is subject, or for the performance of a task in the public interest or in the exercise of official authority conferred on the person responsible;
  3. for reasons of public interest in the field of public health pursuant to art. 9.2(h) and (i) and art. 9.3 GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to art. 89.1 GDPR, insofar as the law referred to under a) is likely to render impossible or seriously impair the attainment of the objectives of such processing, or
  5. to assert, exercise or defend legal claims.

 

Right to information

If you have asserted your right to correction, deletion or restriction of the processing to the person responsible, he/she is obliged to inform all recipients to whom your personal data have been disclosed of this correction, deletion or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have a right to be informed about these recipients by the person responsible.

 

Right to data transferability

You have the right to receive personally identifiable information you provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to transfer this data on to another person in charge without hindrance by the person responsible to whom the personal data was provided in the first place, provided that

  1. processing is based on consent pursuant to art. 6.1(a) GDPR or art. 9.2 (a) GDPR or on a contract pursuant to art. 6.1(b) GDPR and
  2. the processing is carried out using automated procedures.

In exercising this right, you also have the right to request your personal data to be transferred directly from one to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons may not be affected.

The right to transferability does not apply to the processing of personal data which is necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the person responsible.

 

Right to objection

For reasons arising from your situation, you have the right to object the processing of your personal data, legitimised through art. 6(1)(e) or (f) of the GDPR, at any time; this also applies to profiling based on these provisions.

The person responsible will no longer processes your personal data, unless he/she can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for enforcing, exercising or defending legal claims.

If your personal data are processed for direct marketing purposes, you have the right to object processing your personal data for such advertising at any time; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for this objective.

Regardless of Directive 2002/58 / EC, in connection to the use of Information Society Services, you have the option to exercise your right to objection through automated procedures that use technical specifications.

 

Right to revoke the data protection declaration of consent

You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the legality of processing carried out based on your consent until the revocation.

 

Automated decision in individual cases, including profiling

You have the right not to be subjected to a decision based solely on automated processing- including profiling – that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the automated decision

  1. is necessary for the conclusion or performance of a contract between you and the person responsible;
  2. is admissible by law of the EU or its member states to which the person responsible is subject and and where such legislation contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or
  3. with your expressed consent.

However, these decisions may not be based on special categories of personal data pursuant to art. 9.1 GDPR, unless art. 9.2(a) or (g) GDPR applies and appropriate measures have been taken to protect your rights, freedoms and legitimate interests.

In the cases referred to in (1) and (3), the person responsible must take reasonable measures to safeguard your rights, freedoms and legitimate interests. This includes at least the right to obtain the intervention of a person from the side the person responsible, the right to state your own position and the right to object to the automated decision.

 

Right of appeal to a regulatory authority

Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a regulatory authority, in particular in the member state where you reside, work or in the place of the alleged infringement, if you believe that processing your personal is not in accordance with the GDPR.

The regulatory authority to which the complaint has been submitted informs the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to art. 78 GDPR.