I. SOFTWAY Privacy Policy

1. preliminary remark

Thank you for visiting our SOFTWAY AG (in future SOFTWAY) website. Your privacy and the associated protection of personal data are important to us. Therefore, please read the following information carefully. If you have any questions, you can contact SOFTWAY or our data protection officer directly.

To promote the flow of reading, only the masculine form is used below, e.g. employees instead of staff members. In these cases, unless explicitly stated otherwise, all genders are of course meant.

2. definitions

Data protection is a complex topic. We have compiled some basic meanings to make it easier for you to understand this privacy policy.

In simple terms, “order processing” (abbreviated to “AV”) within the meaning of Art. 28 of the General Data Protection Regulation (GDPR) is understood to mean a service in which personal data is processed by a service provider (processor according to the GDPR) on behalf of and in accordance with the instructions of the so-called controller. The service provider processes the personal data exclusively in accordance with our instructions and does not acquire any ownership or interest of its own in your data. Before such an order is placed with a service provider, we conclude a special contract with the service provider and ensure further measures to protect your personal data.

“Cookies” are small text files that are stored on the end device you use (e.g. computer or smartphone) and that store certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the visited website from which the cookie data was sent, information about the age of the cookie and an alphanumeric identifier. Cookies enable the systems to recognize the user’s device and make any default settings immediately available.

“Third party” means any natural or legal person or entity other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorized to process the personal data, see Art. 4 No. 10 GDPR. It is therefore not a third party, for example, if personal data is given to a service provider in the course of commissioned processing in accordance with Art. 28 GDPR.

“IP addresses” are sequences of numbers that can be assigned to individual IT devices or a group. Similar to postal addresses, the IP is used to assign data to the correct recipient.

“Personal data” means any information relating to an identified or identifiable natural person, see Art. 4 No. 1 GDPR.

“Controller” pursuant to Art. 4 No. 7 GDPR is any person or body which alone or jointly with others determines the purposes and means of the processing of personal data (in this case: the website operator).

3. responsible person and general information

SOFTWAY undertakes to collect, process and use personal data responsibly and to comply with the applicable data protection laws of Germany, the European Union or other countries with which SOFTWAY maintains business relations.

SOFTWAY is committed to maintaining the security and confidentiality of personal data by taking necessary and appropriate measures in the course of its business activities.
is the controller of your personal data:

Softway AG
Industriestrasse 17
D-96114 Hirschaid
Phone: +49(0) 9543 8238-0
Fax: +49 (0) 9543 8238-23
E-mail: dsb@softway.de

SOFTWAY is therefore responsible for the processed personal data, regardless of whether the data is processed by SOFTWAY itself and/or SOFTWAY’s processors. If a body other than the aforementioned body is the “controller” within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR), you will be explicitly and separately informed of this, unless this is obvious.

SOFTWAY undertakes to continuously review, supplement and expand its data protection processes in order to strive for maximum compliance with the applicable legal provisions.

4. use of the website

In addition to pure information, we offer you various services on our website that you can use if you are interested. This may also involve the provision of further personal data that we require in order to provide the respective service, which we will inform you about below.

4.1 Log files

Every time this website is accessed, data is automatically logged, which also applies to the retrieval of files (log data). We collect and use the technically necessary data to make the website available to you. The technically necessary data transmitted by your browser to our web server includes, for example

– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Pages accessed
– Access status / HTTP status code
– Amount of data transferred
– Website from which the request originates / referrer URL
– Browser
– Language and version of the browser
– Operating system and its interface

We need this data to ensure the functionality of the website and to make your visit to this website as pleasant as possible. We reserve the right to analyze the logged data on an ad hoc basis for the purpose of data security. We do not create individual profiles that provide information about your personalized usage behavior based on the technically necessary data. We also do not link or merge the data transmitted by you with other data sources.

The legal basis for the processing of the described data – insofar as it is personal – is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to offer you an appealing, user-friendly and technically functional website.

4.2 Consent management with OneTrust

Related web resources: cookielaw.org

To manage consents, we use the consent management platform of the provider OneTrust ((82 St. John St., Farringdon, London EC1M 4Jn, UK)) (“OneTrust”). The purpose of this is to manage your consent or lack of consent for cookie-based, non-cookie-based and external services and to inform you about their use. If you do not consent to the use of a specific service, the consent manager prevents your personal data from being processed in connection with this service.

You can revoke your consent given in the consent manager at any time with effect for the future by changing your settings in the consent manager, which you can access here: Call up cookie settings.

The legal basis for this is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the user-friendly design of our website, the analysis and optimization of the technical functionality of our website and the implementation of data protection requirements.

The transfer of the personal data collected to OneTrust as a recipient in a third country (UK) takes place on the basis of so-called standard contractual clauses, which we have concluded with OneTrust together with an agreement on order processing.

In addition, on June 28, 2021, the EU Commission issued an adequacy decision pursuant to Art. 45 GDPR, according to which the UK is permanently classified as a safe third country.

You can find more information on data protection with the OneTrust consent manager at https://www.onetrust.de/datenschutzerklaerung/.

We also inform you in detail about the type, purpose, duration and recipients of the cookies used on our website in our cookie policy at: https://www.softway.de/cookie-richtlinie

4.3 Consent management with OneTrust

If you subscribe to our newsletter, with which we inform you about our current interesting offers, your personal data (e-mail address, title, first name, surname) will be collected by us as mandatory information. The provision of further, separately marked data is voluntary and is used to address you personally. We use this personal data exclusively for sending the newsletter and for statistical evaluations in order to analyze and optimize our system performance. Your data will not be passed on to third parties or used for other purposes of our own. To ensure that you really want to receive the newsletter and that you have registered, you will receive a confirmation message containing a link to the final registration (so-called double opt-in procedure). If you do not confirm your registration within 48 hours, we will send you a reminder and after 7 days we will block your information and delete your newly transmitted registration information after 4 weeks. In addition, we store the IP addresses you use and the times of your registration and confirmation in order to be able to prove your registration and clarify any possible misuse of your personal data.

The legal basis for processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. If you no longer wish to receive newsletters from us, you can withdraw your consent at any time. You will find an unsubscribe link in every newsletter. Alternatively, an informal message to Datenschutz@softway.com, a fax or letter will suffice.

If you no longer wish to receive newsletters from us, you can object at any time. You will not incur any costs for this other than the transmission costs according to the basic rates. You will find an unsubscribe link in every newsletter. Alternatively, an informal message to marketing@softway.de, a fax or letter will suffice.

4.4 Communication by e-mail, online form, fax, telephone or post

4.4.1 Contacting us by e-mail, fax, telephone or post

If you contact us by e-mail, fax, telephone or post, we will use the information you provide to contact you and to process and respond to your inquiry. Your data will not be passed on to third parties. Your personal data will be deleted if you have asserted a claim for deletion, if the data is no longer required to fulfill the purpose for which it was stored or if its storage is inadmissible for other legal reasons. Provided that there are no other legal provisions to the contrary (e.g. statutory retention periods).

The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in responding to and processing your request appropriately. If your request is made to prepare/initiate the conclusion of a contract with you, Art. 6 para. 1 lit. b GDPR is the alternative legal basis.

4.4.2 Contact via online form

You can contact us by using a form provided on our website. If you use the online form, we collect and store the personal data that you have entered in the input mask according to the purpose of your contact (e.g. title, first name, surname, company name, address, zip code, city, e-mail address, function, comment, telephone number, customer number if applicable). We use your data exclusively for the purpose of processing and responding to your inquiry. Your data will not be passed on to third parties. Your personal data will be deleted if you have asserted a claim for deletion, if the data is no longer required to fulfill the purpose for which it was stored or if its storage is inadmissible for other legal reasons. Provided that there are no other legal provisions to the contrary (e.g. statutory retention periods).

The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the appropriate processing and answering of your request. If your request is made to prepare / initiate the conclusion of a contract with you, Art. 6 para. 1 lit. b GDPR is the alternative legal basis.

5. integration of third-party services and content

5.1 General

If you give us your consent via our consent manager when you visit our website, third-party content (e.g. videos, maps or graphics from other websites) may be integrated within this online offering. This always presupposes that the third-party providers perceive your data (e.g. IP address; browser data; operating system and device; websites visited; date and time of access, etc.) but also other data from cookies or non-cookie-based forms. Without the IP address, for example, they would generally not be able to send the content to your browser. The IP address is therefore required to display this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. However, we have no influence on whether the third-party providers store the IP address, e.g. for statistical purposes. If we are aware of this, we will inform you.

5.2 Social media plugins / social share plugins

Social plugins / social share plugins used: AddThis

With social plugins, we enable you to set bookmarks or share interesting content with other users. With the help of these plugins, you can connect to social networks and other users. This helps us to improve our offer and make it more interesting for our users. However, we have no influence on the data collected and the data processing, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods or the deletion of the data collected.

As a rule, plug-in providers use your data to create cross-device usage profiles for the purposes of advertising, market research and/or the needs-based design of their websites. Such an evaluation is carried out in particular – even if you do not have an account with the plug-in provider or are not logged in there – to display needs-based advertising and to inform other users of the social network about your activities on our website. If you are logged in with the plug-in provider, your data collected by us will be assigned directly to your existing account with the plug-in provider and, if applicable, publicly communicated to your contacts.

When using social plugins, external servers are called up, which may be located in another third country. As a result, it is possible that information about your use (e.g. IP address; data on the browser, operating system and device; websites visited; date and time of access) may be logged and stored outside the EU. As part of our consent manager and also at this point, we expressly point out that a data transfer to a third country could generally be associated with a transfer to a third country that is unsafe from a data protection perspective.

The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by making the appropriate setting in our consent manager.

5.2.1 AddThis bookmarking

Related web resources: addthis.com

On our website we use a social plugin of the social network AddThis of the provider Oracle America, Inc, 500 Oracle Parkway, Redwood Shores, CA 94065, USA (“Oracle”). The plugin transmits your data (e.g. your IP address) to Oracle and, if applicable, to the selected social network or bookmarking service. To the best of our knowledge, Oracle receives information about which of our websites you have currently and previously visited.

If you wish to object to the collection and storage of data by Oracle, you can do so at any time by setting an opt-out cookie with effect for the future: https://datacloudoptout.oracle.com/#optout

Further information on terms of use and data protection can be found at
https://www.addthis.com/privacy/terms-of-service/ and https://www.oracle.com/legal/privacy/addthis-privacy-policy.html.

5.3 Google Analytics

Related web resources: google.com, google-analytics.com

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The purpose of using Google Analytics is to be able to analyze and regularly improve the use of our website by using the knowledge gained from the statistics to improve our offer and make it more interesting for website visitors. Google Analytics records, collects and evaluates data about the behavior of visitors to websites. Cookies are stored on your computer for this purpose. The information generated/requested by cookies (such as your IP address, the subpages you have visited, etc.) about your use of this website is generally transmitted to a Google server in the USA and stored there. However, your IP address will first be truncated by Google within the EU/EEA, as we have preset the anonymization of the IP address accordingly. Only in exceptional cases will your full IP address be transmitted to a Google server in the USA and only shortened there. In addition to your IP address, Google processes online identifiers (including cookie identifiers) and device identifiers in connection with Google Analytics.

On our behalf, Google will use the information collected to evaluate the usage behavior of users of our website and to compile reports on their website activities. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. In order to ensure that Google processes the relevant data exclusively in accordance with our instructions and for our purposes, we have concluded a data processing agreement (DPA) with Google.

In addition, the European Commission and the US government agreed on the “EU-U.S. Data Privacy Framework” in March 2023. This is an adequacy decision pursuant to Art. 45 GDPR.

By means of such an adequacy decision in accordance with Art. 45 GDPR, the European Commission can determine that a third country, a territory of a third country or a specific sector of a third country offers an adequate level of data protection. If the Commission has adopted such a decision, companies may transfer personal data to the relevant recipients in the third country without any further requirements.

The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by making the appropriate setting in our consent manager.

In addition, you can prevent the collection of data generated by Google Analytics cookies (including your IP address) and their transmission and processing by Google in principle and beyond this website by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Further information on terms of use and data protection can be found at
https://marketingplatform.google.com/about/analytics/terms/de/
and
https://policies.google.com/technologies/partner-sites.

5.4 Google Tag Manager

Related web resources: google.com, googletagmanager.com

On this website, we use Google Tag Manager from the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), with which website tags can be managed via an interface. Google Tag Manager is a cookie-free domain that does not itself collect or store any personal data. However, Google states that it processes online identifiers (including cookie identifiers) and IP addresses in connection with Google Tag Manager. Google Tag Manager ensures that other tools are used which, for their part and independently of Google Tag Manager, may collect data, which we inform you about separately in this privacy policy. If you have opted out at domain or cookie level, this also applies to tools that are implemented with Google Tag Manager.

As a rule, your IP address will be truncated by Google within the EU/EEA. In exceptional cases, your full IP address may be transmitted to a US server of Google and thus only shortened in the USA. The transfer of the personal data collected to Google as a recipient in a third country (USA) takes place on the basis of so-called standard contractual clauses, which we have concluded with Google together with an agreement on order processing for the use of Google Tag Manager.

In addition, the European Commission and the US government agreed on the “EU-U.S. Data Privacy Framework” in March 2023. This is an adequacy decision pursuant to Art. 45 GDPR.

By means of such an adequacy decision pursuant to Art. 45 GDPR, the European Commission can determine that a third country, a territory of a third country or a specific sector of a third country offers an adequate level of data protection. If the Commission has adopted such a decision, companies may transfer personal data to the relevant recipients in the third country without any further requirements.

The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by making the appropriate setting in our consent manager.

Further information on terms of use and data protection can be found at
https://www.google.com/intl/de/tagmanager/use-policy.html
and at
https://policies.google.com/privacy.

5.5 Google Ads

Related web resources: google.com, ads.google.com

On this website, we use Google Ads from the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), This is an advertising service from Google. This service can be used to display personalized or non-personalized advertising to users.

The purpose of data collection and processing is, in addition to the provision of advertising, analysis, the provision of services and statistics. The technology used by this service to collect data is cookies, which are placed in the browser.

The following data is collected by or through the use of this service:

– Ads viewed
– Cookie ID
– Date and time of visit
– Device information
– Geographic location
– IP address
– Search terms
– Ads displayed
– Customer ID
– Impressions
– Online identifiers
– Browser information

As a rule, your IP address will be truncated by Google within the EU/EEA. In exceptional cases, your full IP address may be transmitted to a US server of Google and thus only shortened in the USA. The transfer of the personal data collected to Google as a recipient in a third country (USA) takes place on the basis of so-called standard contractual clauses, which we have concluded with Google together with an agreement on order processing for the use of Google.

In addition, the European Commission and the US government agreed on the “EU-U.S. Data Privacy Framework” in March 2023. This is an adequacy decision pursuant to Art. 45 GDPR.

By means of such an adequacy decision in accordance with Art. 45 GDPR, the European Commission can determine that a third country, a territory of a third country or a specific sector of a third country offers an adequate level of data protection. If the Commission has adopted such a decision, companies may transfer personal data to the relevant recipients in the third country without any further requirements.

The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by making the appropriate setting in our consent manager.

If you have not requested earlier deletion, your data will be deleted after the retention period. The retention period is the period of time during which the collected data is stored for processing. The data will be deleted as soon as it is no longer required for the purposes of processing.

Log data is anonymized after 9 months and cookie information after 18 months.

Click here to read the data processor’s privacy policy.
https://policies.google.com/privacy?hl=de

Click here to read the data processor’s cookie policy.
https://policies.google.com/technologies/cookies?hl=de

Click here to revoke on all domains of the processing company.
https://safety.google/privacy/privacy-controls/

5.6 Use of YouTube

Information on data protection regarding the use of YouTube can be found here.

5.7 Use of Facebook

Information on data protection regarding the use of Facebook can be found here.

5.8 Use of Instagram

Information on data protection regarding the use of Instagram can be found here.

5.9 Use of Xing

Information on data protection regarding the use of Xing can be found here.

5.10 Use of LinkedIn

Information on data protection regarding the use of Linkedin can be found here.

5.11 Use of reCAPTCHA

Information on data protection regarding the use of reCAPTCHA can be found here.

5.12 Use of Hubspot

Information on data protection regarding the use of Hubspot can be found here.

5.13 Use of the Microsoft Teams video conferencing system

Information on data protection regarding the use of Microsoft Teams can be found here.

5.14 Using the Zoom video conferencing system

Information on data protection regarding the use of Zoom can be found here.

5.15 Use of the SalesViewer® technology

This website uses SalesViewer® technology from SalesViewer® GmbH to collect and store data for marketing, market research and optimization purposes on the basis of the website operator’s legitimate interests (Art. 6 (1) (f) GDPR).

For this purpose, a javascript-based code is used to collect company-related data and use it accordingly. The data collected using this technology is encrypted using a non-reversible one-way function (known as hashing). The data is immediately pseudonymized and is not used to personally identify the visitor to this website.

The data stored by Salesviewer will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. You can object to the collection and storage of data at any time with effect for the future by clicking on this link https://www.salesviewer.com/opt-out to prevent the collection by SalesViewer® within this website in the future. An opt-out cookie for this website will be stored on your device. If you delete your cookies in this browser, you will need to click this link again. You can find more information about SalesViewer’s data protection at https://www.salesviewer.com/de/plattform/datenschutz/.

6. categories of recipients of your data

6.1 Within SOFTWAY

Within our company, access to your personal data is only granted to those departments and employees who need it to fulfill their duties.

6.2 Outside of SOFTWAY

We only share your personal data with third parties outside SOFTWAY to the extent permitted or required by law; we limit the transfer of your personal data to what is necessary for the specific purpose. We share your personal data with the following categories of recipients:

(1) Payment service providers
(2) External service providers for sending invoices by post or email,
(3) Logistics service providers,
(4) Auditors,
(5) Consultants,
(6) Auditors, (7) IT service providers,
(8) Telecommunications service providers,
(9) Collection agencies and legal advisors for the enforcement of our claims and
(10) Service providers for the creation and dispatch of marketing and advertising material.

If we disclose your personal data to third parties outside SOFTWAY, we process your personal data on the basis of the following legal grounds:

1. your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by making the appropriate setting in our consent manager;
2. For the performance of a contract or for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR;
3. For compliance with legal obligations pursuant to Art. 6 para. 1 lit. c GDPR.

6.3 Processors

We may need to use processors and then give them access to your personal data so that they can carry out a transaction or provide other services to you or us on our behalf. We will enter into a data processing agreement (“DPA”) with a carefully selected processor before granting them access to your personal data. In this way, we ensure that the processor processes your personal data in accordance with this Privacy Policy and applicable law, in accordance with our instructions, and that we regularly monitor the processor. We will inform you about the processors we use as part of this privacy policy.

6.4 Links to other websites and applications

The Sites may contain various links to other third-party websites or applications that may provide additional information, goods, services and/or promotional content. These third-party websites or applications are not part of SOFTWAY and are operated independently of SOFTWAY. They may be subject to their own, differing privacy and data collection policies. We are not responsible for the data protection measures of third parties. Therefore, you should review their privacy policies and practices before visiting their websites or applications, using their programs or submitting personal information to them.

7. transfers to third countries

7.1 SOFTWAY International

SOFTWAY operates worldwide. Like many other international companies, SOFTWAY has centralized parts of its customer administration and data management and storage at locations within the EU. In addition, transnational projects may require different SOFTWAY entities in different countries to have access to the personal data collected. Consequently, it is possible that your personal data may leave the country of origin and be transferred to third countries within and also outside the European Economic Area (EEA) and may be accessed by SOFTWAY on a global basis.

SOFTWAY will take all necessary security and legal measures to ensure the integrity of personal data transferred within SOFTWAY’s internal global data exchange and originating in the EEA area in accordance with applicable European and German data protection legislation. Regardless of the place of processing, SOFTWAY will in any case apply the same data protection measures throughout the Group.

Your personal data will also be processed by service providers on behalf of SOFTWAY, which may be located in other jurisdictions. You can find more detailed information on this in the section “Processors”.

7.2 Basis for transmission

Data transfers to third countries – countries outside the European Union (EU) / the European Economic Area (EEA) – are carried out if:
(1) an adequacy decision of the EU Commission exists for them,
(2) this is exceptionally permitted for certain cases in accordance with Art. 49 GDPR,
(3) it is required by law,
(4) you have expressly given your consent to this, which you can revoke in our consent manager, or
(5) we have concluded standard contractual clauses in conjunction with additional security measures.

8. duration of data use / storage

8.1 General

We process your personal data for the duration of the business relationship. This may not only be for the time required to respond to a user inquiry, but may also include the initiation of a contract (pre-contractual legal relationship) and the fulfillment of a contract.

In addition, we are subject to various retention and documentation obligations which, however, cannot be derived conclusively from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention or documentation periods specified therein are up to (10) ten years after termination of the business relationship or the pre-contractual legal relationship.

In addition, special statutory regulations may require a longer retention period, e.g. the preservation of evidence within the scope of the statutory limitation period or during the course of legal proceedings. According to §§ 195 ff. BGB, the regular limitation period is three years, but limitation periods of up to 30 (thirty) years may also apply.

8.2 Cookies

You also have the option of revoking installed cookies at any time or deleting them yourself by preventing the storage of cookies through a corresponding setting in our consent manager.
You can view the list of cookies used at: https://www.softway.de/cookie-richtlinie

8.3 Deletion of data

If the personal data is no longer required for the fulfillment of contractual or legal obligations and rights, it is regularly deleted, unless its – limited – further processing is necessary for the fulfillment of the aforementioned obligations. In these cases, we may also store and, if necessary, use your data after the end of our business relationship or our pre-contractual legal relationship for a period that is compatible with the purposes.

9. data security / secure data transmission

We would like to inform you that data transmission over the Internet (e.g. via e-mail) may be subject to security breaches. It is therefore not possible for us to provide complete protection against access by third parties. We secure our IT systems (including the website) by means of so-called technical and organizational measures (TOM for short) against unwanted access by third parties: Access, disclosure, input, loss and dissemination as well as destruction and modification by unauthorized persons.

Your personal data is transmitted securely over the Internet using the Secure Socket Layer coding system (256-bit SSL encryption).
Your IP address and the date and time of your visit are also logged for data security purposes.

10. rights of data subjects

You are entitled to the following rights as a data subject under the legal requirements, which you can assert against us:
The contact person for safeguarding your rights as a data subject is our external data protection officer.

Brands Consulting | Data Protection & Consulting
Mr. Bernhard Brands
Auf dem Hahn 11
D-56412 Niedererbach (Westerwald)

Homepage: www.brands-consulting.eu
E-Mail: softway@rlp.brands-consulting.eu

10.1 Right to information

Under the legal requirements of Art. 15 GDPR, you can of course request information at any time as to whether we process your personal data. If we process your personal data, you can also request information about the circumstances and organization of the processing and more detailed information about the processed data.

10.2 Right to rectification

In accordance with Art. 16 GDPR, you can request that incorrect information about you be corrected if you are unable to make a change yourself.

10.3 Right to erasure

Under the legal requirements of Art. 17 GDPR, you are entitled to demand that we erase personal data concerning you without undue delay. The right to erasure does not exist, among other things, if the processing of personal data is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation to which we are subject (e.g. statutory retention obligations) or for the establishment, exercise or defense of legal claims.

10.4 Right to restriction of processing

You can request the restriction of the processing of your personal data in accordance with Art. 18 GDPR.

10.5 Right to data portability

You are entitled, under the conditions of Art. 20 GDPR, to demand that we provide you with the personal data concerning you that is processed by us in a structured, commonly used and machine-readable format.

10.6 Right of withdrawal

You can revoke your consent to the processing of your personal data at any time and with effect for the future in accordance with Art. 7 para. 3 GDPR, without incurring costs that exceed the transmission costs according to the basic tariffs.

10.7 Right of objection

Under the conditions of Art. 21 GDPR, you have the right to object to the processing of your personal data and to demand that we stop processing it. The right to object exists only to the extent provided for by law. Your objection may be opposed by legitimate interests that make further processing necessary.

10.8 Automated decision in individual cases including profiling

We also ensure your rights in accordance with Art. 22 GDPR. Automated decision-making or profiling (automated analysis of your personal circumstances) does not take place.

10.9 Right of appeal/supervisory authority

You have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority or a competent body if you have a reason for complaint, in particular if you believe that the processing of your personal data is not in accordance with the legal requirements and the provisions of this privacy policy.
The address of the supervisory authority responsible for SOFTWAY is:

Bavarian State Office for Data Protection Supervision

House address
Promenade 18
91522 Ansbach
Germany

Postal address
P.O. Box 1349
91504 Ansbach
Germany

Availability
Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
E-mail: poststelle@lda.bayern.de

However, we recommend that you always contact our data protection officer first (see point 14). If possible, your requests to exercise your rights should be sent in writing to our data protection officer.

10.10 Scope of your obligation to transfer data

In principle, you are not obliged to provide us with your personal data. However, if you do not provide this data, we may not be able to make our website or some of its functions available to you, answer your questions or conclude a contract with you.

11. updating your data

SOFTWAY endeavors to ensure the principles of data protection in accordance with Art. 5 GDPR, including the accuracy of your data. SOFTWAY therefore relies on you to inform us of any changes to your contact and personal data. Please get in touch with your personal SOFTWAY contact in this regard. You can also make changes to your personal data directly on our website https://www.softway.de/ at any time via your user account or by contacting our data protection officer (see section 14).

12. storage

Your personal data will only be stored by SOFTWAY for as long as the processing purpose described under “Collected data and processing purposes” requires – provided that this does not conflict with statutory retention obligations – or you have not already asserted a claim for deletion or the storage is inadmissible for other legal reasons.

Under certain circumstances, SOFTWAY is obliged to retain information for longer periods of time, for example if it is used to enforce or defend rights and for legally compliant archiving. Where possible and appropriate, personal data is anonymized by removing, replacing or redacting personal identifiers.

13. transfer of business

SOFTWAY or part of the business, including the Sites, may be sold at a future date. If this occurs, your personal data may be transferred to the successor in interest, co-owner or operator of the business or site. We may also disclose and transfer your personal information in the event of a business combination, consolidation, reorganization, sale of stock or assets, or corporate reorganization, including without limitation in the event of a due diligence review. In all such cases, this Privacy Policy will continue to apply in relation to the use and disclosure of your personal data.

If we pass on your personal data as part of a business transfer, we process your personal data on the basis of the following legal bases:

To protect our legitimate interests in growing our business and deciding how SOFTWAY’s corporate structure supports the needs of our business, in accordance with Art. 6 para. 1 lit. f GDPR.

14. data protection officer

If you wish to make use of your rights as a data subject, please contact our data protection officer:
Brands Consulting | Data Protection & Consulting
Mr. Bernhard Brands
Auf dem Hahn 11
D-56412 Niedererbach (Westerwald)

Homepage: www.brands-consulting.eu
E-Mail: softway@rlp.brands-consulting.eu

15. changes to the privacy policy

Advances in technology, legal requirements or changes to processes may have an impact on this privacy policy, among other things. We therefore reserve the right to amend this privacy policy at any time with effect for the future. The current version of this privacy policy can be found on this website. Please visit this subpage of the website regularly to keep yourself informed about the applicable provisions.

Status: 26.08.2023

II Data protection information of SOFTWAY for Facebook

We use the Facebook fan page of the provider Meta Platforms Ireland Ltd (“Facebook”) at https://www.facebook.com/SoftwayAG to inform you about our offers and to communicate with you. We would like to point out that your data may be processed outside the European Union (EU). The processing of personal data outside the EU entails fundamental risks with regard to the enforcement of the rights of data subjects and the protection of the general data protection objectives.

1. jointly responsible for the processing are:
Meta Platforms Ireland Ltd.
4 Grand Canal Square
Dublin 2
Ireland
impressum@support.instagram.com
Fax: +1 650 543 5340

and

Softway AG
Industriestrasse 17
D-96114 Hirschaid
Phone: +49(0) 9543 8238-0
Fax: +49 (0) 9543 8238-23
E-mail: dsb@softway.de

Facebook assumes primary responsibility for the processing of Insights data to fulfill the obligations arising from the GDPR. This includes the fulfilment of (1) necessary information obligations, (2) data subject rights that can be asserted against Facebook, (3) reporting obligations in the event of data breaches and (4) ensuring appropriate technical and organizational measures for secure processing.

Of course, you can also assert your request for information or other rights against us. In this case, we will be happy to forward your request to Facebook, as Facebook has access to the relevant user data and can take measures in accordance with your user rights.

2. data processing with Facebook

2.1 Operation of a Facebook fan page

We use our Facebook fan page to provide you with news about our offers and to get in touch with you. For example, if you comment on our posts, we process the content of your comment and any other data that you share with us or that is transmitted during your Facebook activity. Depending on the privacy settings of your user profile, we may also have access to further information about your user profile and your Facebook activities (e.g. posts and “likes”).

Every time you visit our Facebook fan page, your personal data (e.g. IP address, browser data, operating system and device, websites visited, date and time of access, etc.) is processed by Facebook and cookies are set. However, we have no influence on the data collected and the data processing, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods or the deletion of the data collected. This enables Facebook to use your data to create cross-device user profiles for the purposes of advertising, market research and/or the needs-based design of its websites. Such use may take place even if you do not have a Facebook account or are not logged in there. If you are logged in to Facebook, your data will be assigned directly to your existing Facebook account and, if applicable, shared publicly with your contacts.

Our legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the external presentation and communication with you.

2.2 Use of Facebook Insights

The processing of personal data in the context of the use of Facebook takes place with Facebook Insights and also includes processing purposes for market research, advertising and the collection of statistical data. For example, usage profiles can be created from your usage behavior and your resulting interests.

The user profiles can in turn be used, for example, to place advertisements inside and outside Facebook that presumably correspond to your interests. Cookies are usually stored on your device to record your user behavior, preferences and interests and to create and store user profiles. The purpose of Facebook is to show you customized advertising inside and outside of Facebook. Furthermore, data can also be stored in the user profiles independently of the devices you use (especially if you are a member of Facebook and are logged in to them). However, even if you do not have a Facebook profile or are not logged into it during your visit to our fan page, Facebook can assign this data to a user profile. Cookies remain on your end device until you delete them.

Data from Facebook Insights is only available to us in anonymized form, so that we can only analyse the general user behaviour of visitors to our fan page. However, this does not allow us to draw conclusions about individual users.

Our legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in analyzing the reach and effectiveness of our Facebook activities in order to optimize our online offering.

2.3 Further information

For a detailed description of the respective processing, opt-out options and legal bases, please refer to the following links to Facebook’s privacy policy:

– Information on Facebook Insights: https://www.facebook.com/business/pages/manage#page_insights
– Agreement on joint responsibility with Facebook: https://www.facebook.com/legal/terms/page_controller_addendum
– Privacy policy: https://www.facebook.com/about/privacy
– Opt-out option: https://www.facebook.com/help/568137493302217/

Legal basis for processing: https://www.facebook.com/about/privacy/legal_bases and https://de-de.facebook.com/policy.php

3. rights of data subjects

We draw your attention to your rights as a data subject within the meaning of Art. 13 et seq. GDPR. In particular, you have a right of access (Art. 15 GDPR), a right to rectification (Art. 16 GDPR), a right to erasure (Art. 17 GDPR), a right to restriction of processing (Art. 18 GDPR), a right to data portability (Art. 20 GDPR) and a right to object to processing (Art. 21 GDPR). We also ensure your rights in accordance with Art. 22 GDPR. You or your data in our area of responsibility are therefore not subject to decisions based solely on automated processing – including profiling. You also have the right to lodge a complaint with a supervisory authority at any time (Art. 77 GDPR). Furthermore, you have the right to withdraw your consent with effect for the future (Art. 7 para. 3 GDPR).

4. data protection officer

If you would like information about the processing of your personal data in connection with Facebook or wish to assert your rights as a data subject in this context, we would like to point out that the most effective way to do this is to address your request directly to Facebook. You can contact Facebook’s data protection officer via the link https://www.facebook.com/help/contact/540977946302970.

If you wish to make use of your rights as a data subject, please contact our data protection officer at the email address softway@brands-consulting.eu and provide us with as much detail as possible about your specific request. We will be happy to forward your request to Facebook, as Facebook has access to the relevant user data and can take measures in accordance with your user rights.

Further information on data protection can be found in the privacy policy of the SOFTWAY website.

Status: 26.08.2023

III Data protection information of SOFTWAY for Instagram

We use the Instagram company profile of the provider Meta Platforms Ireland Ltd (“Facebook”) under softway_ag to inform you about our offers with photos and videos. We would like to point out that your data may be processed outside the European Union (EU). The processing of personal data outside the EU entails fundamental risks with regard to the enforcement of data subjects’ rights and the protection of general data protection objectives

1. responsible person

1.1 Instagram

Responsible for the processing of your data, insofar as these are processed exclusively by Instagram, is

Meta Platforms Ireland Ltd.
4 Grand Canal Square
Dublin 2
Ireland
impressum@support.instagram.com
Fax: +1 650 543 5340

1.2 SOFTWAY

Responsible for the processing of your data, insofar as these are processed exclusively by SOFTWAY, is

Softway AG
Industriestrasse 17
D-96114 Hirschaid
Phone: +49(0) 9543 8238-0
Fax: +49 (0) 9543 8238-23
E-mail: dsb@softway.de

1.3 Jointly responsible for processing

Insofar as your transmitted data is processed jointly by Facebook and SOFTWAY and both decide on the purposes and means of processing, Facebook and SOFTWAY are jointly responsible within the meaning of Art. 26 GDPR. By operating our Instagram company profile, we enable Facebook to process your data, which is made available to us in the form of statistics via the Instagram Insights analysis service. For this reason – in connection with the ruling of the European Court of Justice of June 5, 2018 (Ref.: C-210/16) on the existence of joint responsibility for the operation of a Facebook fan page and the use of Facebook’s own analysis service – we also assume joint responsibility for our Instagram company profile and the use of Instagram Insights. However, Facebook does not currently provide an agreement on joint responsibility in accordance with Art. 26 GDPR, in which the data protection obligations of each controller can be defined and delimited from each other.

(https://www.facebook.com/legal/terms/page_controller_addendum).

2. data processing with Instagram

2.1 Operation of an Instagram company profile

We use our Instagram company profile to provide you with news about our offers and to get in touch with you. For example, if you comment on our posts, we process the content of your comment and any other data that you share with us or that is transmitted during your Instagram activity. Depending on the privacy settings of your user profile, we may also have access to further information about your user profile and your Instagram activities (e.g. “likes”).

Every time you access our Instagram company profile, your personal data (e.g. IP address; browser data; operating system and device; websites visited; date and time of access, etc.) is processed by Facebook and cookies are set. However, we have no influence on the data collected and the data processing, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods or the deletion of the data collected. This enables Facebook to use your data to create cross-device user profiles for the purposes of advertising, market research and/or the needs-based design of its websites. Such use may take place even if you do not have an Instagram account or are not logged in there. If you are logged in to Instagram, your data will be assigned directly to your existing Instagram profile and, if applicable, shared publicly with your contacts.

Our legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the external presentation and communication with you.

2.2 Use of Instagram Insights

The processing of personal data in the context of the use of Instagram takes place with Instagram Insights and also includes processing purposes for market research, advertising and the collection of statistical data. The usage profiles can in turn be used, for example, to place advertisements inside and outside Instagram or Facebook that presumably correspond to your interests. Cookies are usually stored on your device to record your user behavior and to create and store user profiles. For example, usage profiles can be created from your usage behavior for certain posts, stories, IGTV videos, reels, live videos and your resulting interests. Furthermore, data can also be stored in the user profiles regardless of the devices you use (especially if you are a member of Instagram or Facebook and are logged in to these platforms). However, even if you do not have an Instagram profile or are not logged into it during your visit to our company profile, Facebook can assign this data to a user profile. Cookies remain on your end device until you delete them.

Data from Instagram Insights is only available to us in anonymized form, so that we can only analyze the general user behavior of visitors to our Instagram profile. However, this does not allow us to draw conclusions about individual users.

Our legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in analyzing the reach and effectiveness of our Instagram activities in order to optimize our online offering.

3. further information

For a detailed description of the respective processing, the possibilities of objection (opt-out) and legal bases, we refer to the following linked information on data protection from Instagram and Facebook:

• Information about Instagram Insights: https://www.facebook.com/help/instagram/788388387972460
• Privacy policy: https://www.facebook.com/about/privacy and https://help.instagram.com/519522125107875/?helpref=hc_fnav&bc[0]=Instagram help section&bc[1]=Guidelines%20and%20messages
• Opt-out and customization options: https://www.facebook.com/help/instagram/2885653514995517?locale=de and https://help.instagram.com/615366948510230
• Legal basis for processing: https://www.facebook.com/about/privacy/legal_bases and https://de-de.facebook.com/policy.php

4. rights of data subjects

We draw your attention to your rights as a data subject within the meaning of Art. 13 et seq. GDPR. In particular, you have a right of access (Art. 15 GDPR), a right to rectification (Art. 16 GDPR), a right to erasure (Art. 17 GDPR), a right to restriction of processing (Art. 18 GDPR), a right to data portability (Art. 20 GDPR) and a right to object to processing (Art. 21 GDPR). We also ensure your rights in accordance with Art. 22 GDPR. You or your data in our area of responsibility are therefore not subject to decisions based solely on automated processing – including profiling. You also have the right to lodge a complaint with a supervisory authority at any time (Art. 77 GDPR). Furthermore, you have the right to withdraw your consent with effect for the future (Art. 7 para. 3 GDPR).

5. data protection officer

If you would like information about the processing of your personal data in connection with Instagram or Facebook or wish to assert your rights as a data subject in this context, we would like to point out that the most effective way to do this is to address your request directly to Facebook. You can contact Facebook’s data protection officer via the link https://www.facebook.com/help/contact/540977946302970.

If you wish to make use of your rights as a data subject, please contact our data protection officer at the email address softway@brands-consulting.eu and provide us with as much detail as possible about your specific request. We will be happy to forward your request to Facebook, as Facebook has access to the relevant user data and can take measures in accordance with your user rights.

Status: 26.08.2023

IV. SOFTWAY’s data protection information for YouTube

We use the YouTube channel of the provider Google Ireland Limited (“Google”) at https://www.youtube.com/@softwayag and would like to point out that your data may be processed outside the European Union (EU). The processing of personal data outside the EU entails fundamental risks with regard to the enforcement of data subjects’ rights and the safeguarding of the general data protection objectives.

1. responsible person

1.1 Google

This privacy policy applies in addition to our existing privacy policy, in which you will find all specific information on how we process your personal data in principle and in the context of your website visit.

Responsible for the processing of your data, insofar as these are processed exclusively by Google, is:

Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland

Phone: +353 1 543 1000
Fax: +353 1 686 5660
E-mail: support-deutschland@google.com

1.2 SOFTWAY

Responsible for the processing of your data, insofar as these are processed exclusively by SOFTWAY, is

Softway AG
Industriestrasse 17
D-96114 Hirschaid
Phone: +49(0) 9543 8238-0
Fax: +49 (0) 9543 8238-23
E-mail: dsb@softway.de

1.3 Jointly responsible for processing

Insofar as your transmitted data is processed jointly by Google and SOFTWAY and both decide on the purposes and means of processing, Google and SOFTWAY are jointly responsible within the meaning of Art. 26 GDPR. By operating our YouTube channel, we enable Google to process your data, which is made available to us in the form of statistics via the YouTube Analytics analysis service. For this reason – in connection with the ruling of the European Court of Justice of June 5, 2018 (Ref.: C-210/16) on the existence of joint responsibility for the operation of a Facebook fan page and the use of Facebook’s own analytics service – we also assume joint responsibility for our YouTube channel and the use of YouTube Analytics. However, Google does not currently provide an agreement on joint controllership in accordance with Art. 26 GDPR, in which the data protection obligations of each controller can be defined and delimited from each other.

2. data processing with YouTube

2.1 Operation of a YouTube channel

We use our YouTube channel to inform you with videos about our offers and to get in touch with you. For example, if you comment on our posts, we process the content of your comment and any other data that you share with us or that is transmitted during your YouTube activity. Depending on the privacy settings of your user profile, we may also have access to further information about your user profile and your YouTube activities (e.g. posts and “liked videos”).

Every time you access our YouTube channel, your personal data (e.g. IP address; browser data; operating system and device; websites visited; date and time of access, etc.) is processed by Google and cookies are set. However, we have no influence on the data collected and the data processing, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods or the deletion of the data collected. This enables Google to use your data to create cross-device usage profiles for the purposes of advertising, market research and/or the needs-based design of its websites. Such use may also take place if you do not have a YouTube or Google account or are not logged in there. If you are logged in to YouTube or Google, your data will be assigned directly to your existing YouTube or Google account and, if applicable, shared publicly with your contacts.

Our legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the external presentation and communication with you.

2.2 Use of YouTube on the SOFTWAY website

The SOFTWAY website integrates YouTube videos from the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), which can be played directly from our website. These YouTube videos are all integrated in “extended data protection mode”, i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos will your data be transmitted.

2.3 Use of YouTube Analytics

The processing of personal data as part of the operation of our YouTube channel takes place with YouTube Analytics and also includes processing purposes for market research, advertising and the collection of statistical data. The usage profiles can in turn be used, for example, to place advertisements within and outside the Google advertising network that presumably correspond to your interests. Cookies are usually stored on your device to record your user behavior and to create and store user profiles. For example, usage profiles can be created from your usage behavior for certain videos and comments and your resulting interests. Furthermore, data can also be stored in the usage profiles independently of the devices you use (especially if you have a YouTube or Google account and are logged in to these platforms). However, even if you do not have a YouTube or Google account or are not logged into it during your visit to our YouTube channel, Google can assign this data to a user profile. Cookies remain on your end device until you delete them.

Data from YouTube Analytics is only available to us in anonymized form, so that we can only analyze the general user behavior of visitors to our YouTube channel. However, this does not allow us to draw conclusions about individual users.

Our legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in analyzing the reach and effectiveness of our YouTube activities in order to optimize our online offering.

2.4 Further information

For a detailed description of the respective processing, we refer to the following linked information on data protection from YouTube and Google:

– Information on YouTube analytics: https://developers.google.com/youtube/analytics and https://support.google.com/youtube/topic/9257532?hl=en&ref_topic=9257610
– Terms of use: https://www.youtube.com/static?gl=DE&template=terms&hl=de
– Privacy policy: https://policies.google.com/privacy and https://kids.youtube.com/t/privacynotice
– Use of cookies: https://policies.google.com/technologies/cookies?hl=en&gl=en
– Opt-out and customization options: https: //support.google.com/youtube/answer/9487666?hl=de and https://www.youtube.com/intl/de_be/howyoutubeworks/user-settings/ad-settings/
– Privacy tools / privacy settings for YouTube: https://support.google.com/youtube/answer/9315727?hl=de&ref_topic=9386940 and https://support.google.com/policies/answer/9581826?p=privpol_privts&hl=de&visit_id=637217551183067910-377434558&rd=1

3. rights of data subjects

We draw your attention to your rights as a data subject within the meaning of Art. 13 et seq. GDPR. In particular, you have a right of access (Art. 15 GDPR), a right to rectification (Art. 16 GDPR), a right to erasure (Art. 17 GDPR), a right to restriction of processing (Art. 18 GDPR), a right to data portability (Art. 20 GDPR) and a right to object to processing (Art. 21 GDPR). We also ensure your rights in accordance with Art. 22 GDPR. You or your data in our area of responsibility are therefore not subject to decisions based solely on automated processing – including profiling. You also have the right to lodge a complaint with a supervisory authority at any time (Art. 77 GDPR). Furthermore, you have the right to withdraw your consent with effect for the future (Art. 7 para. 3 GDPR).

4. data protection officer

If you would like information about the processing of your personal data in connection with YouTube or Google or wish to assert your rights as a data subject in this context, we would like to point out that the most effective way to do this is to address your request directly to Google. You can contact Google’s data protection officer via the link https://support.google.com/policies/contact/general_privacy_form.

If you wish to make use of your rights as a data subject, please contact our data protection officer at the e-mail address softway@brands-consulting.eu and provide us with as much detail as possible about your specific request. We will be happy to forward your request to Google, as Google has access to the relevant user data and can take measures in accordance with your user rights.

Further information on data protection can be found in the privacy policy of the SOFTWAY website.

Status: 28.07.2023

V. SOFTWAY’s data protection information for Xing

This privacy policy applies in addition to our existing privacy policy, in which you will find all specific information on how we process your personal data in principle and in the context of your website visit.

We use a Xing company profile of the provider New Work SE (“New Work”) at https://www.xing.com/pages/softwayag and would like to point out that your data may be processed outside the European Union (EU). The processing of personal data outside the EU entails fundamental risks with regard to the enforcement of the rights of data subjects and the protection of the general data protection objectives.

1. responsible person

1.1 New Work

Responsible for the processing of your data, insofar as these are processed exclusively by New Work, is

New Work SE
Dammtorstraße 30
20354 Hamburg
Germany

Phone: +49 40 419 131-0
Fax: +49 40 419 131-11
E-mail: info@xing.com

1.2 SOFTWAY

Responsible for the processing of your data, insofar as these are processed exclusively by SOFTWAY, is

Softway AG
Industriestrasse 17
D-96114 Hirschaid
Phone: +49(0) 9543 8238-0
Fax: +49 (0) 9543 8238-23
E-mail: dsb@softway.de

1.3 Jointly responsible for processing

Insofar as your transmitted data is processed jointly by New Work and SOFTWAY and both decide on the purposes and means of processing, New Work and SOFTWAY are jointly responsible within the meaning of Art. 26 GDPR. By operating our Xing company profile, we enable New Work to process your data, which is made available to us via analysis functions (e.g. click path) in the form of statistics. For this reason – in connection with the ruling of the European Court of Justice of June 5, 2018 (Ref.: C-210/16) on the existence of joint responsibility for the operation of a Facebook fan page and the use of Facebook’s own analysis service – we also assume joint responsibility for our Xing company profile and the use of analysis functions. However, New Work does not currently provide an agreement on joint responsibility in accordance with Art. 26 GDPR, in which the data protection obligations of each controller can be defined and delimited from each other.

2. data processing with Xing

2.1. Operation of a Xing company profile

We use our Xing company profile to provide you with news about our offers and to get in touch with you. For example, if you comment on our posts, we process the content of your comment and any other data that you share with us or that is transmitted during your Xing activity. Depending on the privacy settings of your user profile, we may also have access to further information about your user profile and your Xing activities (e.g. posts).

Every time you access our Xing company profile, your personal data (e.g. IP address; browser data; operating system and device; websites visited; date and time of access, etc.) is processed by New Work and cookies are set. However, we have no influence on the data collected and the data processing, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods or the deletion of the data collected. This enables New Work to use your data to create cross-device usage profiles for the purposes of advertising, market research and/or the needs-based design of its websites. Such use may also take place if you do not have an account with Xing or are not logged in there. If you are logged in to Xing, your data will be assigned directly to your existing Xing account and, if applicable, shared publicly with your contacts.

Our legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the external presentation and communication with you.

2.2 Use of Xing analysis functions

The processing of personal data as part of the operation of our Xing company profile takes place with analysis functions (e.g. click path) and also includes processing purposes for market research and the collection of statistical data. This data can in turn be used, for example, to identify valuable business contacts or potential employees. Cookies are usually stored on your device to record your user behavior and to create and store usage profiles. For example, usage profiles can be created from your usage behavior for certain comments and your resulting interests. Furthermore, data can also be stored in the user profiles independently of the devices you use (especially if you have a Xing account and are logged in to this platform). However, even if you do not have a Xing profile or are not logged into it during your visit to our company profile, Xing can assign this data to a user profile. Cookies remain on your end device until you delete them.

Data from Xing analysis functions is only available to us in anonymized form, so that we can only analyze the general user behavior of visitors to our Xing company profile. However, this does not allow us to draw conclusions about individual users.

Our legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in analyzing the reach and effectiveness of our Xing activities in order to optimize our online offering.

2.3 Further information

For a detailed description of the respective processing, we refer to the following linked information on data protection at New Work:

– Terms of use: https://www.xing.com/terms
– Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung and https://privacy.xing.com/de/datenschutzerklaerung/druckversion
– Use of cookies: https://faq.xing.com/de/sicherheit/was-sind-cookies-und-warum-brauche-ich-sie-beim-einloggen

3. rights of data subjects

We draw your attention to your rights as a data subject within the meaning of Art. 13 et seq. GDPR. In particular, you have a right of access (Art. 15 GDPR), a right to rectification (Art. 16 GDPR), a right to erasure (Art. 17 GDPR), a right to restriction of processing (Art. 18 GDPR), a right to data portability (Art. 20 GDPR) and a right to object to processing (Art. 21 GDPR). We also ensure your rights in accordance with Art. 22 GDPR. You or your data in our area of responsibility are therefore not subject to decisions based solely on automated processing – including profiling. You also have the right to lodge a complaint with a supervisory authority at any time (Art. 77 GDPR). Furthermore, you have the right to withdraw your consent with effect for the future (Art. 7 para. 3 GDPR).

4. data protection officer

If you would like information about the processing of your personal data in connection with Xing or wish to assert your rights as a data subject in this context, we would like to point out that the most effective way to do this is to address your request directly to New Work. You can contact New Work’s data protection officer at the e-mail address Datenschutzbeauftragter@xing.com.

If you wish to make use of your rights as a data subject, please contact our data protection officer at the e-mail address softway@brands-consulting.eu and provide us with as much detail as possible about your specific request. We will be happy to forward your request to New Work, as New Work has access to the relevant user data and can take measures in accordance with your user rights.

Further information on data protection can be found in the privacy policy of the SOFTWAY website.

Status: 26.08.2023

VI Data protection information of SOFTWAY for LinkedIn

This privacy policy applies in addition to our existing privacy policy, in which you will find all specific information on how we process your personal data in principle and in the context of your website visit.

We use a LinkedIn company profile of the provider LinkedIn Ireland Unlimited Company (“LinkedIn”) at https://www.linkedin.com/company/softway/ and would like to point out that your data may be processed outside the European Union (EU). The processing of personal data outside the EU entails fundamental risks with regard to the enforcement of data subjects’ rights and compliance with the general data protection objectives.

1. are jointly responsible for the processing

LinkedIn Ireland Unlimited Company
Wilton Place,
Dublin 2, Ireland

and

Softway AG
Industriestrasse 17
D-96114 Hirschaid
Phone: +49(0) 9543 8238-0
Fax: +49 (0) 9543 8238-23
E-mail: dsb@softway.de

LinkedIn assumes responsibility for the processing of Page Insights data to fulfill the obligations arising from the GDPR. These include the fulfillment of (1) necessary information obligations, (2) data subject rights that can be asserted against LinkedIn, (3) reporting obligations in the event of data breaches and (4) ensuring appropriate technical and organizational measures for secure processing.

Of course, you can also assert your request for information or other rights against us. In this case, we will be happy to forward your request to LinkedIn, as LinkedIn has access to the relevant user data and can take measures in accordance with your user rights.

2. data processing with LinkedIn

2.1. Operation of a LinkedIn company profile

We use our LinkedIn company profile to provide you with news about our offers and to get in touch with you. For example, if you comment on our posts, we process the content of your comment and any other data that you share with us or that is transmitted during your LinkedIn activity. Depending on the privacy settings of your user profile, we may also have access to further information about your user profile and your LinkedIn activities (e.g. posts).

Each time you access our LinkedIn company profile, your personal data (e.g. IP address; browser data; operating system and device; websites visited; date and time of access, etc.) is processed by LinkedIn and cookies are set. However, we have no influence on the data collected and the data processing, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods or the deletion of the data collected. This enables LinkedIn to use your data to create cross-device user profiles for the purposes of advertising, market research and/or the needs-based design of its websites. Such use may take place even if you do not have a LinkedIn account or are not logged in there. If you are logged in to LinkedIn, your data will be assigned directly to your existing LinkedIn profile and, if applicable, shared publicly with your contacts.

Our legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the external presentation and communication with you.

2.2. Use of Page Insights

The processing of personal data as part of the operation of our LinkedIn company profile takes place with the Page Insights analysis service and also includes processing purposes for market research, advertising and the collection of statistical data. This data can in turn be used, for example, to identify valuable business contacts or potential employees. Cookies are usually stored on your device to record your user behavior and to create and store user profiles. For example, usage profiles can be created from your usage behavior for certain posts and your resulting interests. Furthermore, data can also be stored in the user profiles independently of the devices you use (especially if you are a member of LinkedIn and are logged in to these platforms). However, even if you do not have a LinkedIn profile or are not logged into it during your visit to our company profile, LinkedIn can assign this data to a user profile. Cookies remain on your device until you delete them.

Data from Page Insights is only available to us in anonymized form, so that we can only analyze the general user behavior of visitors to our LinkedIn company profile. However, this does not allow us to draw conclusions about individual users.

Our legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in analyzing the reach and effectiveness of our LinkedIn activities in order to optimize our online offering.

2.3 Further information

For a detailed description of the respective processing, please refer to the LinkedIn privacy policy linked below:

– Agreement on joint responsibility with LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum
– Terms of use: https://legal.linkedin.com/linkedin-pages-terms
– Privacy policy: https://de.linkedin.com/legal/privacy-policy?
– Use of cookies: https://www.linkedin.com/legal/cookie-policy
– Opt-out options: https://www.linkedin.com/psettings/guest-controls
– Safety Center: https://safety.linkedin.com/
– Help Center “Data and Privacy “: https://www.linkedin.com/help/linkedin/topic/104742?trk=hc-hp-recommendedTopics

3. rights of data subjects

We draw your attention to your rights as a data subject within the meaning of Art. 13 et seq. GDPR. In particular, you have a right of access (Art. 15 GDPR), a right to rectification (Art. 16 GDPR), a right to erasure (Art. 17 GDPR), a right to restriction of processing (Art. 18 GDPR), a right to data portability (Art. 20 GDPR) and a right to object to processing (Art. 21 GDPR). We also ensure your rights in accordance with Art. 22 GDPR. You or your data in our area of responsibility are therefore not subject to decisions based solely on automated processing – including profiling. You also have the right to lodge a complaint with a supervisory authority at any time (Art. 77 GDPR). Furthermore, you have the right to withdraw your consent with effect for the future (Art. 7 para. 3 GDPR).

4. data protection officer

If you would like information about the processing of your personal data in connection with LinkedIn or wish to assert your rights as a data subject in this context, we would like to point out that the most effective way to do this is to address your request directly to LinkedIn. You can contact LinkedIn’s data protection officer at https://www.linkedin.com/help/linkedin/ask/TSO-DPO.

If you wish to make use of your rights as a data subject, please contact our data protection officer at the e-mail address softway@brands-consulting.eu and describe your specific request in as much detail as possible. We will be happy to forward your request to LinkedIn, as LinkedIn has access to the relevant user data and can take measures in accordance with your user rights.

Further information on data protection can be found in the privacy policy of the SOFTWAY website.

Status: 26.08.2023

This privacy policy applies in addition to our existing privacy policy, in which you will find all specific information on how we process your personal data in principle and in the context of your website visit.

SOFTWAY would like to protect you and your own homepage. To make this possible, SOFTWAY uses reCAPTCHA from Google Inc.

With reCAPTCHA, SOFTWAY can determine whether our homepage is actually being used by a robot or malware. reCAPTCHA from Google is a captcha service designed to protect websites from spam software and misuse by non-human visitors. When reCAPTCHA is used, data is transmitted to Google. This is used to determine whether the user is really a human being.

In doing so, reCAPTCHA collects personal data from users in order to check whether the use actually originates from users.

In Europe, Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland, is responsible for Google services.

The IP address and other data that Google requires for the use of the reCAPTCHA service will be sent to Google. It is standard practice that IP addresses within the EU or other signatory states to the Agreement on the European Economic Area are almost always truncated before this data is forwarded to the servers in the USA.

The IP address will not be associated with any other data held by Google unless you sign in with an existing Google account while using reCAPTCHA.

reCAPTCHA first checks whether Google cookies from other Google services are already present. Then reCAPTCHA places an additional cookie in the browser and determines an inventory of the respective browser window.

The following are examples of data that, to the best of our knowledge, are processed by Google. It should be noted that this list of data is not exhaustive:

– IP address
– Cookies
– Information about the operating system
– Mouse and keyboard usage
– Date
– Language settings
– Screen resolution
– All Javascript objects

The following cookies are used by reCAPTCHA:

Name	Purpose	Deletion	Value
ANID	Advertising	270 days	U7j1v3dZa3316859514920xgZFmiqWppRWKOr
1P_JAR	This cookie collects statistics on website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to display relevant advertisements to users. The cookie can also be used to prevent a user from receiving the same ad more than once.	30 days	2019-5-14-12
CONSENT	The cookie stores the status of a user’s consent to various Google services. CONSENT is also used for security purposes to check users, prevent fraudulent login information and protect user data from unauthorized attacks.	Not clearly defined	YES+AT.de+20150628-20-0
DP	The cookie is used by Google Analytics for personalized advertising. Information is collected in anonymized form and user distinctions are made.	10 minutes	gEAABBCjJMXcI0dSAAAANbqc331685951492-4
NID	NID is used to customize advertisements.	80 days	0WmuWqy331685951492zILzqV_nmt3sDXwPeM5Q
IDE	This cookie is used to recognize and forward the actions of a user on the homepage in connection with advertising. IDE is stored under the domain doubleclick.net and is provided by the company DoubleClick,	12 months	WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-331685951492-8

This list is based on the reCAPTCHA demo version from Google at https://www.google.com/recaptcha/api2/demo.

The cookies listed require a unique identifier for tracking purposes.

This list does not claim to be exhaustive.

If no data is to be transmitted to Google, the user must log out of Google completely and delete all Google cookies before visiting our website or using the reCAPTCHA software.

The data is automatically transmitted to Google as soon as our site is accessed. To delete this data again, you must contact Google support at https://support.google.com/?hl=de&tid=331685951492.

When using our website, the user agrees that Google LLC and its representatives automatically collect, process and use data.

When using this tool, data may also be stored and processed outside the EU. Most third countries are not considered secure under current European data protection law. Data may not simply be transferred to insecure third countries, stored and processed there unless there are suitable guarantees (such as EU standard contractual clauses).

If consent has been given for Google reCAPTCHA to be used, the legal basis for the corresponding data processing is this consent. According to Art. 6 para. 1 lit. a GDPR (consent), this consent constitutes the legal basis for the processing of personal data, as may occur when Google reCAPTCHA is used.

SOFTWAY also has a legitimate interest in using Google reCAPTCHA to improve our online service and make it more secure. The legal basis is Art. 6 para. 1 lit. f GDPR.

Google also processes your data in the USA, among other places.

The information generated by the cookies may be transferred to a server in the USA and stored there. From a data protection perspective, the USA is a third country for which the EU Commission has issued an adequacy decision, as explained above. This certifies that the USA has a level of data protection comparable to that of the EU/EEA.

Further information on reCAPTCHA can be found at https://developers.google.com/recaptcha/. and https://www.google.com/intl/de/policies/privacy/.

 

VIII. SOFTWAY’s data protection information for Hubspot

On this website, we use the service HubSpot, a software company from the USA with a branch in Ireland, for various purposes. The contact details of Hubspot are:

– HubSpot (Headquarters Europe), 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500
– HubSpot, Inc., 25 First Street, 2nd Floor Cambridge, MA 02141 USA, Phone: +1 888 482 7768

Our website https://www.softway.de/ and our landing pages under the subdomain https://formulare.softway.de/ use tracking tools from HubSpot, Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141 USA. We use Hubspot to evaluate the use of the website, to compile reports on the activities within this website and to provide other related services and improve user-friendliness. Primarily, HubSpot is used to record and evaluate the actions (e.g. click behavior) of website visitors using cookies.

The legal basis for the processing of the described data – insofar as it is personal – is your consent, Art. 6 para. 1 lit. a GDPR.
You can revoke your consent at any time with effect for the future in accordance with Art. 7 para. 3 GDPR by adjusting the settings in our cookie consent tool or deleting your cookies in your browser and blocking them from then on. If you have any difficulties with the implementation, you are welcome to contact us or our appointed data protection officer.

If you register in a Hubspot form on our website https://www.softway.de/ or under the subdomain https://formulare.softway.de/ and

1. the creation of a customer account or
2. the receipt of advertising,

this results in the use of HubSpot and data is transmitted to our service provider HubSpot in the USA. The branch of HubSpot Inc. responsible for Europe is the one listed above and based in Ireland. An appropriate level of protection is guaranteed by the conclusion of an EU standard contract and Data Processing Agreement (DPA) with the service provider. Further information on data protection at HubSpot, Inc. can be found at: https://legal.hubspot.com/de/privacy-policy.

IX. SOFTWAY’s data protection information for the use of the Microsoft Teams video conferencing system

We would like to inform you about how we process your personal data when you use the video conferencing tool “Microsoft Teams” (hereinafter referred to as “Teams”). The application offers various functions, including chats, audio and video calls, the sharing of files and the joint editing of documents.

“Teams” is usually part of Microsoft Office 365 or is now known under the product name Microsoft 365, but can also be used in the web-based version via the browser. Some functions may not be available in the browser version. If you take part in an online meeting as an external participant, you will receive a link by email from the meeting host that you can use to log in. You must then enter your name or a pseudonym and, if applicable, your e-mail address in order to register for the online meeting.

We ask you to black out or otherwise make unrecognizable any personal data that you do not wish to exchange via “Teams” beforehand. This applies in particular to cases in which you may share your screen or provide data or documents via the service.

Further information on the processing of your data when using “Teams” can be found at: https://privacy.microsoft.com/de-de/privacystatement and https://news.microsoft.com/de-de/datenschutz-und-sicherheit-in-microsoft-teams-nutzer.

1. responsible person

The controller for the processing of personal data directly related to the conduct of Teams video conferences is

Softway AG
Industriestrasse 17
D-96114 Hirschaid | Germany |
Phone: +49 9543 8238-0 | Fax: +49 9543 8238-23 |
www.softway.de | E-Mail: dsb@softway.de

Please note that the provider “Microsoft Corporation – One Microsoft Way, Redmond, WA 98052 – 6399, USA” (hereinafter: “Microsoft”) is responsible for data processing on its website. “Teams” can be used in the following ways:

– Installation and use of the desktop application or
– use via your web browser, but which requires you to log in to your own Microsoft account, or
– mobile app or as
– part of other Microsoft products (e.g. Outlook, SharePoint)

2. purposes of the processing

We use the “Teams” tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: “online meetings”) with customers, business partners and employees.

3. what data is processed?

Microsoft Teams is a cloud-based service. Various types of personal data are processed as part of the provision of the service.

The following personal data is processed:

– Contents of your meetings, chats, voicemails, shared files, recordings and transcripts.
– Profile data Data that is shared about you within your company. This data includes, for example, your e-mail address, your profile picture (optional) and your telephone number.
– A detailed history of the calls you have made, allowing you to search for your own call recordings at a later date.
– Call quality data: Call details and call data are available to your system administrators. This data enables your administrators to diagnose issues related to poor call quality and service usage.
– Support/feedback data: Information related to troubleshooting tickets or feedback sent to Microsoft.
– Diagnostic data related to service usage: this personal data enables Microsoft to provide the service (fix issues, secure and update the product, and monitor performance) and perform a range of internal business operations, such as determining revenue, developing metrics, determining usage of the service, performing product and capacity planning.

4 To what extent do we process your data?

We will inform you in advance and ask for your consent if we wish to record an “online meeting”. If necessary, we will record the content of the chat to document the results of the meeting. As a rule, however, this is not necessary.

Occasionally, questions asked by participants during a webinar are recorded for viewing at a later date.

“Teams” stores personal data for as long as is necessary to provide the service. All copies of the data will be deleted within 30 days if the user stops using “Teams” or deletes the personal data. The personal data will be deleted 90 to 180 days after the user stops using “Teams”. The retention of telephone records for billing purposes may in some cases be required for a certain period of time due to laws in the respective region or country. If we request “Microsoft” to retain user data in order to comply with a legal obligation, “Microsoft” will comply with our request and abide by the laws of the respective country.

We do not make any decisions without human intervention, i.e. automated decision-making within the meaning of Art. 22 GDPR does not take place.

5. legal basis for data processing

The legal basis for data processing is Section 26 of the German Federal Data Protection Act (BDSG) if and insofar as personal data of Softway AG employees is processed. If personal data in connection with the use of “Teams” is not necessary for the establishment, implementation or termination of the employment relationship, but is nevertheless indispensable for the use of Teams, Art. 6 para. 1 lit. f) GDPR is the legal basis. Our legitimate interest lies in ensuring the effective conduct of “online meetings”.
Insofar as “online meetings” are held in the context of contractual relationships, Art. 6 para. 1 lit. b) GDPR is the legal basis for data processing. If there is no contractual relationship, Art. 6 para. 1 lit. f) GDPR is the legal basis, whereby our interest here is also to effectively conduct “online meetings” or “webinars”.

6. recipients / categories of recipients of personal data

In order to enable efficient communication and collaboration, participation in “online meetings” requires the processing of personal data. We respect our users’ right to data protection and will not pass on personal data to third parties unless we are legally obliged to do so or the user has explicitly consented. However, we would like to point out that “online meetings” are often a means of exchanging information with customers, interested parties or third parties. In such cases, limited disclosure of personal data may be necessary to ensure effective cooperation.

We obtain the video conferencing tool “Teams” from the company “Microsoft”, which necessarily obtains knowledge of the above-mentioned data. We have concluded an order processing contract (AV contract for short) with Microsoft. This is therefore not considered a “third party”. We also remain responsible for the protection of your data.

To the extent that “Teams” processes personal data in connection with the legitimate business activities of “Microsoft”, “Microsoft” is an independent data controller for such use and as such is responsible for compliance with all applicable laws and obligations of a data controller.

7. data processing outside the EEA states

Microsoft provides its service from the USA. However, the company offers customers the option of storing their data in the region in which they are based. We specified the desired storage location within the EU when we set up our team account. In principle, therefore, no data processing takes place outside the European Union (EU). We would like to point out that the availability of certain functions and services of “Teams” may depend on the region in which we are located. Some functions may not be available in all regions.

Please note that Microsoft has taken strict data protection and security precautions to ensure the confidentiality and security of customer data. This applies regardless of where the data is stored.

Microsoft points out that to ensure the security and confidentiality of data when using “Teams”, various types of data traffic are encrypted to protect them from unauthorized access by third parties. Data traffic from server to server and from client to server, such as chat, is encrypted with TLS. Media streams such as audio and video media sharing are also encrypted with TLS. The extended encryption from client to client, such as calls for end-to-end encryption, is carried out with SRTP/DTLS.

We would like to point out that, despite all the settings and configurations we have made, we cannot rule out the possibility that data will be transmitted to Internet servers outside the EU. The European Commission adopted an adequacy decision for the EU-U.S. Data Privacy Framework (DPF) on 10.07.2023 in accordance with Art. 45 para. 3 GDPR. Since then, the adequacy decision can be used for the transfer of personal data to certain organizations in the USA. This requires that the data recipients have acceded to the DPF. This is the case for Microsoft Corporation. You can see for yourself at https://www.dataprivacyframework.gov/list.

8. data protection officer

We have appointed a data protection officer:

Brands Consulting | Datenschutz & Beratung
Inh. Bernhard Brands
Auf dem Hahn 11
D-56412 Niedererbach

E-mail: softway@rlp.brands-consulting.eu

9. your rights as a data subject

If you would like to exercise your rights as a data subject, please let us know. In connection with data processing, you have the following rights pursuant to Art. 12 et seq. GDPR:
Right to information, rectification, objection, erasure, blocking (restriction of processing) and the right to data portability. In addition, we guarantee your rights in accordance with Art. 22 GDPR. Accordingly, you or your data may not be the subject of decisions based solely on automated processing, including profiling.
You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is not lawful (the data protection supervisory authority responsible for us is the Bavarian State Commissioner for Data Protection (BayLfD); Wagmüllerstraße 18, 80538 Munich; email: poststelle@datenschutz-bayern.de).

10. data deletion

Personal data for which there is no need for further storage will generally be deleted by us. A necessity may be given in particular if the data is still required for the fulfillment of contractual services, for the examination, granting or defense of warranty and, if applicable, guarantee claims and other civil law claims. Insofar as statutory retention obligations exist, your data will be deleted when the respective retention obligation ends (usually 6 to 10 years according to HGB and AO).

11. amendment of this data protection notice

These data protection provisions are subject to changes in data processing procedures or other developments (e.g. case law). The current version can be found on this website.

Status: January 2024

X. SOFTWAY’s data protection information for the use of the Zoom video conferencing system

We would like to inform you about how we process your personal data when you use the “Zoom” video conferencing tool. The application offers various functions, including chats, audio and video calls, the sharing of files and the joint editing of documents.

1. responsible person

The controller for the processing of personal data directly related to the conduct of Zoom video conferences is

Softway AG
Industriestrasse 17
D-96114 Hirschaid | Germany |
Phone: +49 9543 8238-0 | Fax: +49 9543 8238-23 |
www.softway.de | E-Mail: dsb@softway.de

Please note that the provider “Zoom Video Communication, Inc.”, based in the USA, is responsible for data processing on its website. To use Zoom, all you need to do is download the software. To do this, it may be necessary to access the Zoom website. You can also use the “Zoom” app directly with the respective meeting ID and any other access data. If you do not want to use the app, you can also use the basic functions of “Zoom” in the browser.

2. purposes of the processing

We use “Zoom” to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: “online meetings”) with customers, business partners and employees.

3. what data is processed?

When you use “Zoom”, various types of data are processed. The type and scope of the data also depends on the information you provide before or during participation in an online conference.

The following personal data is processed:

– User information:
First name, last name, telephone (optional), e-mail address, password if applicable, profile picture (optional), department (optional)

– Session metadata, which refers to information collected during a Zoom meeting:
Including Host, meeting ID, meeting title, hash code of the meeting password, meeting settings, actual start time, actual end time, scheduled time, scheduled duration, settings for recurring meetings (type and duration), host time zone, actual meeting duration, number of participants, list of participants, email addresses of participants (if registered participants), dial-in numbers, IP addresses of participants, chat data, names of participants, content of chat messages sent during the meeting, device/hardware information

– For recordings (optional):
MP4 file, which contains all video, audio and presentation recordings, and M4A file, which only contains audio recordings. The online meeting chat is saved as a text file.

– When you dial in via the phone:
Information such as the incoming and outgoing phone number, the name of the country and the start and end time of the connection is saved. It is also possible to save additional connection data such as the IP address of the device.

– Text, audio and video data:
Text, audio and video data can be processed during an online meeting. This allows functions such as chat, questions or surveys to be displayed and, if necessary, recorded. The display of video and playback of audio during the meeting is made possible by processing the data from the microphone and video camera of your end device. You have the option of switching off or muting the camera and microphone at any time via the “Zoom” application. You must at least enter your name in order to participate in an “online meeting” or enter the “meeting room”.

4 To what extent do we process your data?

We use the “Zoom” application for our “online meetings” and “webinars”. We will inform you in advance and ask for your consent if we wish to record a Zoom session. We will also inform you within the Zoom application if we record a session. If necessary, we will log the content of the chat to document the results of the session. As a rule, however, this is not necessary.

Occasionally, questions asked by participants during a session or webinar are recorded so that they can be viewed at a later date.

Zoom will store personal data for as long as is necessary for the purposes described in this Privacy Policy, unless longer retention periods are required by applicable law.

The criteria for determining the retention period include the following:

– The length of time that Zoom is in business with you and providing products and services to you (for example, as long as you have a Zoom account or use Zoom products);
– The modification of information by account holders or the deletion of information by users about their accounts;
– Whether retention is required by law (e.g., certain laws require Zoom to retain records of your transactions for a certain period of time before Zoom may delete them) or
– If storage is advisable with regard to Zoom’s legal position (e.g. with regard to contract fulfillment, dispute resolution and applicable limitation periods, legal proceedings or official investigations).

We do not make any decisions without human intervention, i.e. automated decision-making within the meaning of Art. 22 GDPR does not take place.

5. legal basis for data processing

The legal basis for data processing is Section 26 of the German Federal Data Protection Act (BDSG) if and insofar as personal data of employees of Softway AG is processed. If personal data in connection with the use of “Zoom” is not necessary for the establishment, implementation or termination of the employment relationship, but is nevertheless indispensable for the use of Zoom, Art. 6 para. 1 lit. f) GDPR is the legal basis. Our legitimate interest is to ensure the effective conduct of “online meetings” or “webinars”.
Insofar as “online meetings” or “webinars” are conducted within the framework of contractual relationships, Art. 6 para. 1 lit. b) GDPR is the legal basis for data processing. If there is no contractual relationship, Art. 6 para. 1 lit. f) GDPR is the legal basis, whereby our interest here is also to effectively conduct “online meetings” or “webinars”.

6. recipients / categories of recipients / disclosure of data

In order to enable efficient communication and collaboration, participation in “online meetings” requires the processing of personal data. We respect our users’ right to data protection and will not pass on personal data to third parties unless we are legally obliged to do so or the user has explicitly consented. However, we would like to point out that “online meetings” are often a means of exchanging information with customers, interested parties or other third parties. In such cases, limited disclosure of personal data may be necessary to ensure effective collaboration.

We obtain the video conferencing tool “Zoom” from the company “Zoom”, which necessarily obtains knowledge of the above-mentioned data. We have concluded an order processing contract (AV contract for short) with Zoom and have chosen the EEA (European Economic Area) as the physical server location. Zoom is therefore not considered a “third party”. We also remain responsible for the protection of your data.

To the extent that “Zoom” processes personal data in connection with the legitimate business activities of “Zoom”, “Zoom” is an independent data controller for such use and as such is responsible for compliance with all applicable laws and obligations of a data controller.

We have integrated the use of Zoom into the “HubSpot” tool. We therefore cannot rule out the possibility that the data processed via Zoom will also be sent to the “HubSpot” service. Further information on data processing via HubSpot can be found in the corresponding section of the privacy policy. You can conveniently click here .

7. data processing outside the EEA states

The video conferencing system provider “Zoom” provides its service from the USA. It cannot be ruled out that personal data may therefore also be processed in the USA as a third country within the meaning of the GDPR. Our processor “Connect4Video” has concluded a sub-processing agreement with the provider Zoom. Furthermore, as an additional protective measure, “Zoom” has been configured in such a way that only data centers in the EEA (European Economic Area) are used to conduct the “online meetings”.

We would like to point out that despite all the settings and configurations we have made, we cannot rule out the possibility of data being transferred to Internet servers outside the EEA. The European Commission adopted an adequacy decision for the EU-U.S. Data Privacy Framework (DPF) on 10.07.2023 in accordance with Art. 45 para. 3 GDPR. Since then, the adequacy decision can be used for the transfer of personal data to certain organizations in the USA. This requires that the data recipients have joined the DPF. This is the case with Zoom. You can see for yourself at https://www.dataprivacyframework.gov/list.

8. data protection officer

We have appointed a data protection officer:

Brands Consulting | Datenschutz & Beratung
Inh. Bernhard Brands
Auf dem Hahn 11
D-56412 Niedererbach

E-mail: softway@rlp.brands-consulting.eu

9. your rights as a data subject

If you would like to exercise your rights as a data subject, please let us know. In connection with data processing, you have the following rights pursuant to Art. 12 et seq. GDPR:
Right to information, rectification, objection, erasure, blocking (restriction of processing) and the right to data portability. In addition, we guarantee your rights in accordance with Art. 22 GDPR. Accordingly, you or your data may not be the subject of decisions based solely on automated processing, including profiling.
You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is not lawful (the data protection supervisory authority responsible for us is the Bavarian State Commissioner for Data Protection (BayLfD); Wagmüllerstraße 18, 80538 Munich; email: poststelle@datenschutz-bayern.de).

10. data deletion

Personal data that no longer needs to be stored will generally be deleted by us. A necessity may be given in particular if the data is still required for the fulfillment of contractual services, for the examination and granting or defense of warranty and, if applicable, guarantee claims and other civil law claims. Insofar as statutory retention obligations exist, your data will be deleted when the respective retention obligation ends (usually 6 to 10 years according to HGB and AO).

11. amendment of this data protection notice

This data protection notice is subject to changes in data processing or other changes (e.g. case law). You can always find the current version here.

Status: January 2024

 

 

 

XI. Privacy policy for applications to SOFTWAY

This privacy notice for job applicants informs you about how Softway processes your personal data when you apply for a job advertised by us. It also informs you of your data protection rights, including the right to object to some of the processing that Softway carries out. For more information about your rights and how you can exercise them, please see the “Your rights” section.

This data protection declaration applies in addition to our existing data protection declaration, in which you will find all specific information on how we process your personal data in principle and in the context of your visit to the website or for non-application-specific topics.

1. responsible person

The controller for the processing of personal data within the meaning of Article 4(7) of the General Data Protection Regulation (GDPR) is

Softway AG
Industriestrasse 17
D-96114 Hirschaid
Phone: +49(0) 9543 8238-0
Fax: +49 (0) 9543 8238-23
E-mail: dsb@softway.de

2. data collection

We collect and process the following categories of personal data as part of the selection process:

– Contact details in your application profile (e.g. first and last name, country, e-mail, telephone number).
– Information from the application form (including, for example, desired salary, your motivation, information on disability if applicable (only if relevant for the advertised position).
– Application documents (including e.g. CV, cover letter, data on professional development, qualifications and language skills).
– Results of test procedures (e.g. personality tests, cognitive performance tests).
– Any references you provide us with.

We may also include the above data about you from other sources, including external business partners, e.g. recruitment agencies. In addition, we may also use data that you have made public in professionally oriented social networks or that you have transmitted to us via other websites or obtained from other publicly accessible sources (only if the data is relevant to your professional life). The reason for this is to verify the accuracy of the information you have provided in your application documents.

3. nature and purposes of the processing of personal data

Your personal data will be processed exclusively for the following purposes:
– Initiation and establishment of the employment relationship.
– To contact you should you be considered for an alternative position.
– To contact you on the basis of your unsolicited application.

4. legal bases

We collect and process your personal data in order to offer advertised positions and to be able to carry out the selection process. For certain positions, this includes your participation in a cognitive performance test or personality test.

The legal basis for the cognitive performance test is Section 26 para. 1 in conjunction with para. para. 8 sentence 2 of the Federal Data Protection Act (BDSG) and § 22 para. 1 b) BDSG. The provision of your personal data as part of the application process is voluntary. However, the provision of personal data is necessary for the processing of your application or the conclusion of an employment contract with us. The legal basis for the personality test is your consent in accordance with Section 26 (2) BDSG. Participation in the personality test is voluntary.

If we obtain information from your public profile on professional social networks, we base the processing on our legitimate interest in forming a basis for a decision to establish an employment relationship with you. The legal basis is Art. 6 para. 1 f) GDPR in conjunction with Art. 9 para. 2 e) GDPR.

Furthermore, we may process personal data about you if this is necessary to defend against legal claims asserted against us in the application process. The legal basis for this is Art. 6 para. 1 b) and f) GDPR. The legitimate interest is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

5. recipient of the data

We may transfer your personal data to companies affiliated with us insofar as this is permitted within the scope of the purposes and legal bases set out above. Softway has jointly determined the purposes and means of data processing for the data processing in our online application for job applications. You can request the deletion of your profile. This procedure is described in more detail in the section “Retention period”.

In addition, personal data may be processed on our behalf on the basis of contracts in accordance with Art. 28 GDPR, in particular by providers of systems for applicant management and applicant selection procedures. There is no transfer of personal data to third parties if there is no connection to applicant management and applicant selection procedures or in addition to the purposes described in the section “Nature and purposes of the processing of personal data”.

The transfers may involve the transfer of personal data to recipients outside the European Union / European Economic Area. Standard contractual clauses have been concluded with these external service providers, unless they are based in countries with an adequacy decision pursuant to Art. 45 GDPR.

Further recipients can be found in the section on general recipients.

In the event of a legal obligation, we reserve the right to disclose information about you if we are required to do so by lawful authorities or law enforcement agencies. The legal basis is Art. 6 (c) GDPR.

6. your rights

6.1. Right to information

You have the right to information about the personal data stored about you in our company. To do so, please contact the person responsible named above or our data protection officer.

6.2. Right to rectification or erasure

You can correct your personal data by sending an email to bewerbung@softway.de. You can also request the deletion of your data under certain conditions.

6.3. Right to restriction of processing

Under certain circumstances, you can request the restriction of the processing of your data, e.g. if the accuracy of your data is disputed and needs to be verified by us. You can adjust the visibility of your application profile at any time and switch off your settings for SMS notifications.

6.4. Right to data portability

Under certain conditions, the data will be made available to you in a structured, commonly used and machine-readable format.

6.5. Right to object to the processing

You can object to the processing of your data on the basis of our legitimate interests. You also have the right to lodge a complaint with a supervisory authority at any time.

7. retention period

We store your personal data for a period of 6 months after the final rejection of your application. This is necessary for the burden of proof in proceedings under the General Equal Treatment Act (AGG). You can request the deletion of your application or the withdrawal of your application by contacting us at bewerbung@softway.de.

If your application is successful, we will store your personal data for the entire duration of your employment in accordance with the privacy policy for employees, which we will send you when you accept employment.

8. objection or revocation of your consent to the processing of your data

If you have given your consent to the processing of your data, you can revoke this at any time. This revocation only affects the permissibility of the processing of your personal data from the time of receipt.

Insofar as we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case if, in particular, the processing is not necessary for the performance of a contract with you. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or point out to you our compelling reasons worthy of protection on the basis of which we will continue the processing.