Inhaltsbereich

PRIVACY STATEMENT

This privacy statements explains how personal data (hereinafter referred to as "data") is collected, used, retained and disclosed within our online offering and associated websites, functions and content as well as external online presences. The terms used here, such as "personal data" and its "processing", are used as defined in Art. 4 of the European General Data Protection Regulation (GDPR)

Responsible in accordance with the GDPR:

Name:Joachim Christ / PROSTEP AG
Address:Dolivostraße 11
Postcode, city, country:64293 Darmstadt, Germany
Commercial register no.:HRB 8383
CEO:Dr. Bernd Pätzold
Telephone number:+49 (0)6151 92870
E-mail address:info@prostep.com

Data protection officer

Name:Nadi Sönmez
Address:Taunusstr. 42
Postcode, city, country:80807 Munich, Germany
Telephone number:+49 (0)89 35020-0
E-mail address:datenschutz@prostep.com

1. Changes and updates to the privacy statement

We ask that you read our privacy statement at regular intervals. We will modify the privacy statement as soon as changes to the processing of data carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
Some PROSTEP AG websites may have their own, possibly different, privacy statement. Please read the privacy statement of each PROSTEP website that you visit.

2. Security measures

2.1 We take appropriate technical and organizational measures to ensure a level of protection commensurate with the risk, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the varying probabilities of occurrence and severity of the risk to the rights and freedoms of natural persons, pursuant to Art. 32 GDPR. These measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, transmission, security of availability and separation of the data. Furthermore, we have established procedures that guarantee that you can exercise your rights, the deletion of data and an appropriate response to data risks. We also take the protection of personal data into consideration during the development and selection of hardware, software and procedures in accordance with the principle of data protection by design and by default (Art. 25 GDPR)

2.2 The security measures include, in particular, the encrypted transmission of data between your browser and our server.

3. Collecting, processing, using and deleting your personal data

PROSTEP collects, exports and uses personal information to provide you with better service and to better consider your needs and interests. This is done on the basis of this privacy statement and your consent.

When you visit our website, we collect your IP address and use cookies and other Internet technologies to collect general information about you and what is of interest to you.

We also collect and process the information and data that you provide to us voluntarily, e.g. when you register for events, subscribe to newsletters, participate in online surveys, discussion groups or forums.

3.1 We use so-called server log files to collect data every time the server on which this service is located is accessed. We do this based on our legitimate interests pursuant to Art. 6 para. 1(f) GDPR. Access data includes the name of the accessed website, file, date and time of access, volume of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

3.2 Log file information is stored for a maximum of seven days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data that needs to be stored for a longer period of time for evidentiary purposes will not be deleted until final clarification of the respective incident.

3.3 The data we process will be deleted or its processing restricted pursuant to Articles 17 and 18 GDPR. Unless expressly stated in this privacy statement, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and its deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is needed for other legally permissible purposes, its processing will be restricted. This means that the data is blocked and will not be processed for any other purposes. This applies, for example, to data that must be retained for business or tax reasons.

3.4 In accordance with statutory requirements, the data will be kept, in particular, for 6 years pursuant to § 257 (1) of the German Commercial Code (HGB) (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years pursuant to § 147 (1) of the German Tax Code (AO) (books, records, management reports, accounting documents, commercial and business letters, documents relevant to taxation, etc.).

4. Newsletters

4.1 The following information is intended to provide you with information about the content of our newsletters, the subscription process, newsletter delivery, statistical analysis and your right to object. By subscribing to our newsletters, you agree to receiving the newsletters and to the described procedures.

4.2 Content of the newsletters: We only send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as "newsletter") with the consent of the recipients or with legal authorization. If, when subscribing to newsletters, the content of the newsletters is described specifically, the content is relevant to your consent. Our newsletters contain information about our products, offers, promotions and our company.

4.3 Double opt-in and logging: a "double opt-in" procedure is used when you subscribe to a newsletter. This means that after subscribing, you will receive an e-mail asking for confirmation. This confirmation is needed to ensure that no one can subscribe to newsletter using someone else's e-mail address. Subscription to a newsletter is logged in order to be able to prove that the subscription process complies with legal requirements. This includes storing the time at which you subscribed to the newsletter and the time at which you confirmed subscription as well as the IP address. Changes to your data that is stored with the delivery service provider are also logged.

4.4 Subscription data: To subscribe to a newsletter, all you have to do is enter your e-mail address. We also give you the option of entering a name in the newsletter so that the newsletter can be personalized.

4.5 Performance measurement: In exceptional cases the newsletters contain a so-called "web-beacon", i.e. a pixel-size file that is retrieved from the delivery service provider's server when a newsletter is opened. Within the scope of this retrieval, technical information such as information about the browser and your system as well as your IP address and the time of retrieval are collected. This information is used to improve the services on the basis of the technical data or the target groups and their reading behavior using their retrieval locations (which can be determined with the help of the IP address) or the time of access. Statistical surveys also include determining whether the newsletters are opened, when they were opened and which links were clicked. Although, for technical reasons, this information can be associated with the individual newsletter recipients, it is not our intention nor that of the delivery service provider to monitor individual users. The surveys enable us to identify the reading habits of our users and to adapt our contents accordingly or to send different content to different users according to what they are interested in.

4.6 Delivery of the newsletters and performance measurement are based on the recipients' consent pursuant to Art. 6 para. 1(a) and Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 of the Unfair Competition Act (UWG), or on the basis of legal authorization pursuant to § 7 para. 3 of the Unfair Competition Act.

4.7 Logging of the subscription process is performed on the basis of our legitimate interests pursuant to Art. 6 para. 1(f) GDPR and serves as proof of consent to receive the newsletter.

4.8 Unsubscribe/Revocation: You can unsubscribe to newsletters at any time, i.e. revoke your consent. You will find a link that you can use to unsubscribe to a newsletter at the end of the respective newsletter. If you have subscribed only to the newsletter and subsequently unsubscribe, your personal data will be deleted.

5. Collaboration with processors and third parties

5.1 If we disclose data to other persons or companies (processors or third parties) during our processing operation, transmit the data to them or otherwise grant them access to the data, this will only be done on the basis of a legal authorization (e.g. if transmission of the data to third parties, such as payment service providers, is required for the fulfillment of a contract pursuant to Art. 6 Para. 1(b) GDPR ), if you have provided your consent, if a legal obligation provides for this, or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

5.2 If we commission third parties with the processing of data within the framework of a so-called "order processing contract", this will be done on the basis of Art. 28 GDPR.

6. Transfer to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs with the framework of utilizing third-party services or disclosing or transferring data to third parties, this is only done in order to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our legitimate interests. Subject to legal authorization or contractual permission, we only process the data or have the data processed in a third country if the special requirements pursuant to Art. 44 ff. GDPR apply. This means that processing is carried out, for example, on the basis of special guarantees, such as official recognition a similar level of protection of your personal data to what is required in the EU (e.g. the Privacy Shield scheme in the USA) or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").

7. Provision of contractual services

7.1 We process inventory data (e.g. names and addresses and users' contact data), contract data (e.g., services used, names of contact persons, payment information) in order to fulfill our contractual obligations and provide services pursuant to Art. 6 para. 1(b) GDPR. The entries marked as mandatory on online forms are required for conclusion of the contract.

7.2 When registering or re-registering and when using our online services, we will store the IP address and the time of the respective user action. The data is stored on the basis of our legitimate interests and to protect users against misuse or other unauthorized use. This data is not normally passed on to third parties unless it is required to pursue our claims or there is a legal obligation to do so pursuant to Art. 6 para. 1(c) GDPR.

7.3 The data will be deleted once statutory warranty or comparable obligations expire. The need to store the data is reviewed every three years. If statutory archiving obligations apply, the data will be deleted once these obligations expire (end of commercial retention obligation (6 years) and end of fiscal retention obligation (10 years)). Details in the customer account will remain until the account is deleted.

8. Cookies and reach measurement

8.1 Cookies are pieces of information that are transferred from our web server or third-party web servers to your web browser and stored for later retrieval. Cookies can be small files or other types of stored information.

8.2 We use so-called session cookies, which are only stored on our website for the duration of your visit (e.g. to allow your login status to be stored or to enable the shopping basket function and thus the use of our website). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted once you have finished using our website and log out or close your browser, for example.

8.3 In accordance with this privacy statement, you will be notified of the use of other cookies in the context of pseudonymous reach measurement.

8.4 If you do not want cookies to be saved on your computers, disable the relevant option in the system settings of your browser. Stored cookies can be deleted in the system settings of the browser. If cookies are disabled, you may not be able to use the full functionality of this website.

8.5 You may opt-out of the use of cookies for reach measurement and promotional purposes via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

9. Range analysis with Matomo (formerly PIWIK)

9.1 Matomo collects and stores the following data: the browser type and version you are using, the operating system are using, your country of origin, date and time of the server request, the number of visits, the time you spent on the website and the external links you click. Your IP address will be anonymized before it is stored.

9.2 Matomo uses cookies that are stored on your computer and enable an analysis of your use of our website. Pseudonymous user profiles can be created from the processed data. The cookies are stored for one week. The information generated by the cookie about your use of the website is only stored on our server and will not be passed on to third parties.

9.3 You can object to the anonymized data collection by the Matomo program at any time with future effect by clicking on the link below. In this case, a so-called opt-out cookie will be stored on your browser and Matomo will no longer collect any session data. If, however, you delete your cookies, the opt-out cookie will also be deleted and you will have to reactivate it again.

10. Contact

10.1 When contacting us (using the contact form or via e-mail), you details will be processed in the context of your contact request and its execution pursuant to Art. 6 para. 1(b) GDPR.

10.2 Your information may be stored in our customer relationship management (CRM) system or comparable request set-up.

10.3 We delete requests once they are no longer needed. We review the need to store the data every two years. Requests from customers who have a customer account are stored permanently and will not be deleted until the customer account is deleted. If statutory archiving obligations apply, the data will be deleted once these obligations expire (end of commercial retention obligation (6 years) and end of fiscal retention obligation (10 years)).

11.  Rights of data subjects

11.1 You have the right to request confirmation as to whether the relevant data is being processed and to request information about this data as well as further information and a copy of the data pursuant to Art. 15 GDPR.

11.2 You have the right to request that incomplete personal data be completed and rectification of inaccurate data concerning you pursuant to Art. 16 GDPR,.

11.3 You have the right to demand that relevant data be deleted immediately pursuant to Art. 17 GDPR or, alternatively, to demand a restriction of the processing of the data pursuant to Art. 18 GDPR.

11.4 You have the right to receive the personal data that you have provided to us pursuant to Art. 20 GDPR and to request its transmission to another controller.

11.5 You also have the right to file a complaint with the relevant supervisory authority pursuant to Art. 77 GDPR.

Data protection officer in Hesse

Prof. Dr. Michael Ronellenfitsch
Gustav-Stresemann-Ring 1
65189 Wiesbaden, Germany

11.6 Right to revoke consent: You have the right to revoke consent at any time with future effect pursuant to Art. 7 para. 3 GDPR.

11.7 Right to object: You have the right to object to the future processing of your personal data at any time pursuant to Art. 21 GDPR. You may object in particular to the processing of your personal data for direct marketing purposes.

Unternavigation
Rechter Inhaltsbereich

On this page