Privacy
Status: 07.08.2024
We are very pleased about your interest in our company. Data protection has a particularly high priority for us, soft.fact GmbH. The use of our website is possible for you with the use of technically necessary cookies. However, if you wish to use a special service via our website, for example, the processing of personal data could become necessary. If there is no legal basis for such processing, we will generally obtain your consent.
The processing of your personal data, such as name, address, e-mail address or telephone number, is always in accordance with the regulations prescribed by law and by other sovereign bodies. These include, among others, the General Data Protection Regulation (DS-GVO) and the country-specific data protection regulations applicable to us.
By means of this data protection declaration, we would like to inform the public about the type, scope and purpose of the personal data collected, used and otherwise processed by us. Furthermore, data subjects are informed of their rights by means of this data protection declaration.
As the controller, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data on our website. Nevertheless, the data transmissions taking place on the Internet can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
A. Our data protection at a glance
This privacy policy is intended to give you an overview of whether and to what extent your personal data is collected and processed when you visit our website. The scope depends primarily on the extent to which you allow cookies and use certain services.
How do we collect your data?
Certain data is automatically collected (after a notice) by our IT systems when you visit our website. This is technically necessary data (e.g. internet browser, operating system or time of page view).
Further data is collected after your consent or when you provide it to us. This can be, for example, data that you enter in a contact form or when registering and using our platform.
If you are invited to our platform by a third party, this person can only send us your e-mail address. If you decline this invitation, your e-mail address will be deleted from our system. If you accept the invitation, our normal registration process will start. In addition, the system will store who invited you and, if applicable, which team you were invited to join.
What do we use your data for?
In particular, we need your technical data for the error-free provision of our website. With your consent, we use further data, e.g. to analyze your user behavior.
After registration, we offer you various services around the topic of team design through analyses, development and matchings. As part of these services, we use your data with your consent to create evaluations of your soft facts (personality, values, working methods and motivational structures). The test results will only be disclosed to other persons after your active consent. You can prevent the disclosure at any time by contacting our team.
We use your data in anonymized form for research purposes, to improve the services on our platform and to continuously improve our analyses. A personal reference to you is not possible.
What rights do you have regarding your data?
Your (complete) rights can be found in chapter B II No. 13. Among other things, you have the right to contact us at any time to obtain information about your stored personal data. You are also entitled to demand the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time with us for the future. Under certain circumstances, you have the right to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
You can reach us via
- Phone: +49 (0) 89 925 63 800
- E-mail: info@softfact.works
- Post: soft.fact GmbH ℅ Wayra Germany, Kaufingerstraße 15, 80331 Munich, Germany
We will take care of your request as soon as possible!
You can contact us at any time if you have any further questions on the subject of data protection!
B. Privacy policy
I. Definitions
Our privacy policy uses terms from the General Data Protection Regulation (GDPR) or from its context. For reasons of clarity, we would like to explain some of the terms used.
1. personal data
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject", see 3.). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, see Art. 4 No. 1 GDPR.
2. special categories of personal data
Special category personal data means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data uniquely identifying a natural person, health data or data concerning a natural person's sex life or sexual orientation, cf. Art. 9(1) GDPR.
3. person concerned
The term "data subject" refers to any identified or identifiable natural person whose personal data is processed by the controller, see Art. 4 No. 1 GDPR.
4. person in charge
A "controller" is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law, see Article 4(7) of the GDPR.
5. processing
A "processing" is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, see Art. 4 No. 2 DS-GVO.
6. restriction of processing
"Restriction of processing" means the marking of stored personal data with the aim of limiting their future processing, see Art. 4 No. 3 GDPR.
7. profiling
Profiling" is understood to mean any type of automated processing of personal data which consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location, see Art. 4 No. 4 DS-GVO.
8. pseudonymization
A "pseudonymization" is the processing of personal data in a way in which the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person, see Art. 4 No. 5 DS-GVO.
9. anonymization
Anonymized means information that does not relate to an identified or identifiable natural person or personal data that has been anonymized in such a way that the data subject cannot be identified or can no longer be identified, compare recital 26 of the GDPR.
10. order processor
A "processor" is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller, see Art. 4 No. 8 GDPR.
11. receiver
A "recipient" is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law are not considered recipients, see Art. 4 No. 9 GDPR.
12. third
A "third party" is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor, see Art. 4 No. 10 GDPR.
13. consent
Consent" means any freely given indication of the data subject's wishes in an informed and unambiguous manner, in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her, see Art. 4 No. 11 GDPR.
II. Mandatory information and general information
We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the regulations prescribed by law and by other sovereign bodies as well as this data protection declaration.
When you use our website, various personal data is collected. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
1. responsible party ("responsible party") within the meaning of data protection law
soft.fact GmbH
℅ Wayra Germany
Kaufingerstrasse 15
80331 Munich
Germany
Tel.: +49 (0) 89 925 63 800
E-mail: info@softfact.works
Website: https://softfact.works/
2. contact details of the data protection officer
Attorney at Law Hans Georg Bauer
E-mail: bauer@hgb-rechtsanwalt.de
Tel.: +49 (0) 40 5530 -2233
3. purposes and legal bases of the processing
We process your personal data in accordance with the regulations stipulated by the legislator and other sovereign bodies.
If you give us express consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent in accordance with Art. 6 (1) lit. a DS-GVO. If this involves personal data of special categories, Art. 9 (2) lit. a DS-GVO is relevant. In the case of explicit consent to the transfer of personal data to third countries, the data processing is based on Art. 49 (1) lit. a DS-GVO. If you have consented to the storage of cookies or to the access to information in your terminal device (e.g. via device fingerprinting), the data processing is also based on Section 25 (1) TTDSG. Consent given can be revoked at any time with effect for the future via the contact details provided in section A.
If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) lit. b DS-GVO.
Furthermore, we may process personal data of you pursuant to Art. 6 para. 1 lit. c DS-GVO, provided that this is necessary for the fulfillment of legal obligations.
Data processing may also be carried out on the basis of safeguarding our legitimate interests or those of a third party in accordance with Art. 6 (1) lit. f DS-GVO. Information about the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.
4. sources of data and data collection
As described at the beginning, we obtain different data in different ways, which we will discuss in more detail below:
a) Data collection through the visit of our website
aa) Cookies
Our website uses so-called "cookies". Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the login to our platform). Other cookies are used to evaluate the behavior of users or to display advertising.
Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which websites and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables visited websites and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific internet browser can be recognized and identified via the unique cookie ID.
Through the use of cookies, we can provide more user-friendly services on our website, which would not be possible without the cookie setting.
The purpose of recognition is to make it easier for users to use our website. For example, users of a website that uses cookies do not have to re-enter their access data each time they visit the website, because this is handled by the website and the cookies stored on the user's computer system.
Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the login function) or to save the selected language (necessary cookies) are stored on the basis of Art. 6 (1) lit. f DS-GVO, unless another legal basis is specified. As website operator, we have a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of our services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a DS-GVO and § 25 para. 1 TTDSG). Among other things, the consent can be revoked at any time with effect for the future, via the Privacy Button (blue fingerprint at the bottom left of the screen).
You can also set your browser so that you are informed about the setting of cookies and cookies are only allowed in individual cases, the acceptance of cookies for certain cases or generally excluded and activate the automatic deletion of cookies when closing the browser. If you disable cookies, the functionality of this website may be limited.
If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the scope of this privacy policy and request your consent.
bb) Consent with usercentrics
Our website uses the consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, website: https://usercentrics.com/de/ (hereinafter "Usercentrics").
When you enter our website, the following personal data is transferred to Usercentrics:
- Your consent(s) or the revocation of your consent(s)
- Your IP address
- Information about your browser
- Information about your device
- Time of your visit to the website
Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consent given or its revocation to you. The data collected in this way will be stored until you request us to delete it, until you delete the Usercentrics cookie yourself or until the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.
Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c DS-GVO.
Order processing: We have concluded an order processing agreement (AVV) with Usercentrics GmbH. This is a contract required by data protection law, which ensures that Usercentrics only processes the personal data of our website users in accordance with our instructions and in compliance with the GDPR.
cc) Server log files
When you visit our website, we automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and version
- Operating system used
- Referrer URL (the website from which an accessing system arrives at our website)
- Host name of the accessing computer
- Date and time of the server request
- IP address
This data is not merged with other data sources.
The collection of this data is based on Art. 6 para. 1 lit. f DS-GVO. As website operator, we have a legitimate interest in the technically error-free presentation and optimization of our website - for this purpose, the server log files must be collected.
When using these general data and information, we do not draw any conclusions about the data subject. This information is rather required in order to
- to deliver the contents of our website correctly,
- to optimize the content of our website and the advertising for it,
- to ensure the long-term functionality of our information technology systems and the technology of our website, and
- to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.
Therefore, the collected data and information will be evaluated by us on one hand statistically and on the other hand with the aim to increase the data protection and data security of our enterprise, in order to ensure an optimal level of protection for the personal data we process. The data of the server log files are stored separately from any personal data provided by a data subject.
b) Data collection based on registration
aa) Registration on our platform
If you want to use the full functionality of our platform, you must register. We use the so-called double opt-in procedure for registration, i.e. your registration is only completed once you have confirmed your registration via a confirmation e-mail sent to you for this purpose by clicking on the link contained therein. If your confirmation is not received within 30 days, your registration will be deleted from our database.
The registration under voluntary indication of personal data serves us to offer you contents or services, which can be offered due to the nature of the thing only registered users. The mandatory information requested during registration must be provided in full. Otherwise, registration is not possible.
We use the data entered in the input mask during registration only for the purpose of using the respective offer or service for which you have registered. For important changes, for example in the scope of the offer or in the case of technically necessary changes, we use the e-mail address provided during registration to inform you in this way. Furthermore, you will be informed about activities on the platform (e.g. invitation to a team, availability of new modules, etc.). In order to be able to offer you the best possible added value on our platform, we will also inform you at regular intervals about activities still to be completed in your booked products, so-called reminder e-mails.
The data entered during registration is processed for the purpose of implementing the user relationship established by the registration and, if necessary, for initiating further contracts (Art. 6 para. 1 lit. b DS-GVO).
In addition, we may arrange for the transfer of data to one or more processors, such as an e-mail or payment service provider. These will also use the personal data exclusively for an internal use that is attributable to us as the controller.
The data collected during registration will be stored by us as long as you are registered on this website and will then be deleted. Registered persons are free to change the personal data provided during registration at any time or to request the deletion or blocking of their data under the circumstances described in Chapter B. II. No. 13.
By registering on our website, your IP address assigned by the Internet service provider (ISP), the date and time of registration are also stored. This data is also stored for each subsequent login. This data is stored because it is the only way to prevent misuse of our services and, if necessary, to enable us to investigate crimes that have been committed. In this respect, the storage of this data is necessary for our protection. As a matter of principle, this data is not passed on to third parties unless there is a legal obligation to pass it on or the passing on serves the purpose of criminal prosecution.
c) Subscription to our newsletter
On our website and during registration, we offer our users the option of subscribing to our newsletter. The personal data transmitted to us when subscribing to the newsletter is determined by the input mask used for this purpose. This includes
- First name
- Last name
- E-mail address
Via our newsletter you can inform yourself about our offers at regular intervals. The newsletter can only be received if (1) you have a valid e-mail address and (2) we have received a registration for newsletter delivery. For legal reasons, a confirmation e-mail will be sent to an e-mail address registered for newsletter delivery for the first time using the double opt-in procedure. This confirmation e-mail serves to verify whether the owner of the e-mail address has authorized the receipt of the newsletter.
When registering for the newsletter, we also store the IP address of the computer system used by the data subject at the time of registration, as assigned by the Internet service provider (ISP), as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of the e-mail address of a data subject at a later date and therefore serves as our legal safeguard.
The personal data collected in the context of a registration for the newsletter will be used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or a related registration, as could be the case in the event of changes to the newsletter offer or changes in the technical circumstances. No personal data collected as part of the newsletter service will be passed on to third parties. The subscription to our newsletter can be cancelled by the user at any time.
The data processing is based on your consent given for the newsletter dispatch (Art. 6 para. 1 lit. a DS-GVO). You can revoke your consent to the storage of your personal data at any time. For the purpose of revoking consent, you will find a corresponding link in each newsletter. Furthermore, it is possible to unsubscribe from the newsletter at any time directly on our website or to inform us of this in another way (e.g. using the contact details provided in section A.).
d) Newsletter tracking
Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in such emails that are sent in HTML format to enable log file recording and log file analysis. This enables a statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, we can see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by the data subject.
Such personal data collected via the tracking pixels contained in the newsletters are stored and analyzed by us in order to optimize the newsletter dispatch and to better adapt the content of future newsletters to the interests of our users.
The data processing is based on your consent given when sending the newsletter (Art. 6 para. 1 lit. a DS-GVO).
Your consent can only be revoked in connection with the consent to the newsletter subscription. It is not technically possible for us to revoke consent for the tracking pixel alone.
e) Data collection through the use of our contact form
If you send us an inquiry via the contact form, your data from the inquiry form, including the contact data provided by you there, e.g. address or e-mail address, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent. Please note that the processed data may also be personal data of special categories, if you inform us of this in your message.
The processing of this data is based on Art. 6 (1) lit. b DS-GVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 (1) (f) DS-GVO) or on your consent (Art. 6 (1) (a) DS-GVO or Art. 9 (2) (a) DS-GVO). You can revoke your consent at any time using the contact details provided in section A.
f) Data collection in case of an inquiry by e-mail or telephone
If you contact us by e-mail or phone, your request including all resulting personal data (name, request) will be stored and processed for the purpose of processing your request. We will not pass on this data without your consent. Please note that the processed data may also be personal data of special categories if you inform us of this in your message.
The processing of this data is based on Art. 6 (1) lit. b DS-GVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 (1) (f) DS-GVO) or on your consent (Art. 6 (1) (a) DS-GVO or Art. 9 (2) (a) DS-GVO). You can revoke your consent at any time using the contact details provided in section A.
g) Data collection through the use of the HubSpot appointment scheduler
You can make appointments with us on our website. We use the "HubSpot" tool to book appointments. The provider is HubSpot, Inc, 25 First Street, Cambridge, MA 02141 USA (hereinafter referred to as "HubSpot").
To book an appointment, enter the requested data (such as name and e-mail address) and the desired date in the form provided. The data entered will be used for the planning, execution and, if necessary, follow-up of the appointment. The appointment data is stored for us on HubSpot's servers.
The data you enter will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Mandatory legal provisions - in particular retention periods - remain unaffected.
HubSpot is only used with your consent on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG insofar as the consent includes the storage of cookies and access to information in the user's end device within the meaning of the TTDSG. Consent can be revoked at any time using the contact details provided in section A.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://legal.hubspot.com/dpa. Further information on data protection at HubSpot can be found at: https://legal.hubspot.com/de/privacy-policy.
Order processing: We have concluded an order processing contract (AVV) with HubSpot, Inc. This is a contract required by data protection law, which ensures that HubSpot only processes the personal data of our website users in accordance with our instructions.
Please note that your data may be transferred to the USA by the company HubSpot. You can find out what this means for your data in Section B II No. 12 b).
5. web analysis tools and advertising
We also use the personal data we receive from you through our website to better understand your interests in order to assess which other products, services and information may be of most interest to you. In this way, we want to tailor our services to better meet your needs. This practice is known as profiling.
a) Google tools
Please note that a transfer of your data to the USA via the Google tools mentioned below would not be excluded. Regarding the data transfer, we refer to our chapter B II No. 12 b).
aa) Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to embed tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create profiles of users, does not store cookies and does not perform any independent analyses. It is only used for the administration and playout of the tools integrated via it. However, the Google Tag Manager collects your IP address, which may also be transferred to Google's parent company in the United States.
The Google Tag Manager is used with your consent on the basis of Art. 6 para. 1 lit. a DS-GVO and § 25 para. 1 TTDSG insofar as the consent includes the storage of cookies and access to information in the user's terminal device as defined by the TTDSG. The consent can be revoked at any time via the privacy button (bottom left of the screen).
bb) Google Analytics
Our website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables us as website operators to analyze the behavior of our website visitors. In doing so, we receive various usage data, such as page views, length of stay, operating systems used and the origin of our users. This data is assigned to the respective end device of the user. An assignment to a device ID does not take place.
Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modeling approaches to supplement the collected data sets and uses machine learning technologies in the data analysis.
Google Analytics uses technologies that enable the recognition of users for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
This analysis tool is used with your consent on the basis of Art. 6 Para. 1 lit. a DS-GVO and § 25 Para. 1 TTDSG. The consent can be revoked at any time via the privacy button (bottom left of the screen).
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
For more information on how Google Analytics handles user data, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
cc) Google Ads
We use Google Ads. Google Ads is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played to the user (e.g. location data and interests) based on the data available at Google (target group targeting). As a website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our ads and how many ads led to corresponding clicks.
The use of Google Ads is based on your consent and therefore on Art. 6 para. 1 lit. a DS-GVO. The consent can be revoked at any time via the privacy button (bottom left of the screen).
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
dd) Google Remarketing
Our website uses the functions of Google Analytics Remarketing. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Remarketing analyzes your user behavior on our website (e.g. clicking on certain products) in order to classify you in certain advertising target groups and subsequently play suitable advertising messages to you when you visit other online offers (remarketing or retargeting).
Furthermore, the advertising target groups created with Google Remarketing can be linked with Google's cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. cell phone) can also be displayed on another of your end devices (e.g. tablet or PC).
If you have a Google account, you can object to personalized advertising at the following link: https://www.google.com/settings/ads/onweb/.
The use of Google Remarketing is based on your consent and therefore on Art. 6 para. 1 lit. a DS-GVO and § 25 para. 1 TTDSG insofar as the consent includes the storage of cookies and access to information in the end device of the users in terms of the TTDSG. The consent can be revoked at any time via the privacy button (bottom left of the screen).
For more information and the privacy policy, please see Google's privacy policy at: https://policies.google.com/technologies/ads?hl=de.
Target group formation with customer matching: To form target groups, we use, among other things, the matching of Google Remarketing users. In this process, we transfer certain data about our users (e.g. email addresses) from our customer lists to Google. If the users in question are Google users and logged into their Google account, they are shown suitable advertising messages within the Google network (e.g. on YouTube, Gmail or in the search engine).
ee) Google Conversion Tracking
Our website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google conversion tracking, Google and we can recognize whether users have performed certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who have clicked on our ads and what actions they have taken. We do not receive any information with which we can personally identify users. Google itself uses cookies or comparable recognition technologies for identification.
The use of Google Conversion Tracking is based on your consent and therefore on Art. 6 para. 1 lit. a DS-GVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies and access to information in the end device of the users* in the sense of the TTDSG. Consent can be revoked at any time via the privacy button (bottom left of the screen). More information about Google conversion tracking can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de.
ff) Google DoubleClick
Our website uses functions of Google DoubleClick. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter "DoubleClick").
DoubleClick is used to display interest-based advertisements throughout the Google advertising network. The ads can be targeted to the interests of the respective user with the help of DoubleClick. For example, our ads can be displayed in Google search results or in banner ads associated with DoubleClick.
In order to be able to display interest-based advertising to our users, DoubleClick must be able to recognize the respective user and associate him/her with the websites visited, clicks and other information on user behavior. For this purpose, DoubleClick uses cookies or comparable recognition technologies (e.g. device fingerprinting). The information collected is combined into a pseudonymous user profile in order to display interest-based advertising to the users concerned.
Google DoubleClick is used with your consent on the basis of Art. 6 (1) (a) of the German Data Protection Act (DS-GVO) and Section 25 (1) of the German Teleservices Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies and access to information on the user's terminal device within the meaning of the TTDSG. Consent can be revoked at any time via the privacy button (bottom left of the screen).
For further information on how to object to the advertisements displayed by Google, please refer to the following links: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated.
gg) Order processing
We have concluded an order processing agreement (AVV) with Google. This is a contract required by data protection law, which guarantees that Google only processes the personal data of our website users in accordance with our instructions. The potential transfer of data to US authorities is excluded from this guarantee, see Chapter B II No. 12 b).
b) Facebook Pixel
We use the visitor action pixel from Facebook for conversion measurement. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the USA and other third countries. Therefore, please also note our explanations made in Chapter B II No. 12 b) here.
The Facebook Pixel tool can be used to track the behavior of website users after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
The collected data is anonymous for us as the operator of this website, we can not draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective profile of the user is possible and Facebook can use the data for its own advertising purposes, according to the Facebook data use policy. This enables Facebook to display advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.
Facebook Pixel is only used with your consent on the basis of Art. 6 Para. 1 lit. a DS-GVO and § 25 Para. 1 TTDSG insofar as the consent includes the storage of cookies and access to information in the user's terminal device as defined by the TTDSG. The consent can be revoked at any time via the privacy button (bottom left of the screen).
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DS-GVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert your rights as a data subject (e.g. request for information) regarding the data processed by Facebook directly with Facebook. If you assert your rights as a data subject with us, we are obliged to forward them to Facebook.
You can find more information about protecting your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/.
You can also disable the Custom Audiences remarketing feature in the Ads Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged in to Facebook to do this.
If you do not have a Facebook account, you can opt out of Facebook's usage-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.
c) LinkedIn Insight Tag
Our website uses the Insight tag from LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. However, the data collected may also be transferred to the USA and other third countries. Therefore, please also note our explanations made in Chapter B II No. 12 b) here.
Data processing by LinkedIn Insight Tag
With the help of the LinkedIn Insight Tag, we receive information about the users of our website. If a user is registered with LinkedIn, we can, among other things, analyze the key professional data (e.g. career level, company size, country, location, industry and job title) and thus better tailor our site to the respective target groups. Furthermore, we can use LinkedIn Insight Tags to measure whether users of our website make a purchase or take another action (conversion measurement). Conversion measurement can also take place across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function, with the help of which we can display targeted advertising outside the website to the users of our website, whereby, according to LinkedIn, no identification of the advertising addressee takes place.
LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days.
The data collected by LinkedIn cannot be assigned by us to specific individuals. LinkedIn will store the collected personal data of the users on its servers in the USA and use it in the context of its own advertising measures. Details can be found in LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.
LinkedIn Insight Tag is only used with your consent and therefore on the basis of Art. 6 para. 1 lit. a DS-GVO and § 25 para. 1 TTDSG insofar as the consent includes the storage of cookies and access to information in the user's terminal device as defined by the TTDSG. Consent can be revoked at any time via the privacy button (bottom left of the screen).
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
Objection to the use of LinkedIn Insight Tag
You can object to the analysis of user behavior and targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in the account settings.
6. emails, newsletter and customer management
a) Spotler (formerly Flowmailer)
For the technical implementation of sending system emails and newsletters or for email communication on our platform (e.g. for sending notifications or implementing the password reset function), we use the service of the Spotler Group ("Spotler"), formerly Flowmailer BV, Van Nelleweg 1, 3044BC, Rotterdam, The Netherlands, which processes the data provided for us as a contractor within the meaning of Art. 28 GDPR, in compliance with the necessary data security measures. The contractual relationship has been agreed. The data is used by Spotler exclusively for sending our system emails. The processing takes place exclusively on servers within the European Union.
You can find more information about Spotler on the website: https://spotlergroup.com/. You can find more information about Spotler's handling of personal data at: https://spotler.com/de-de/datenschutzerklaerung.
The processing of personal data by us and our service provider Spotler is solely for the purpose of processing and sending our system emails. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b GDPR.
We store your personal data as long as this is necessary to achieve the respective storage purpose or your consent to storage is available. Afterwards, your data will be deleted by us, unless we are obliged to store it for a longer period of time according to Art. 6 para. 1 p. 1 lit. c DS-GVO due to tax, commercial or other legal storage or documentation obligations or if you have consented to a storage beyond that according to Art. 6 para. 1 p. 1 lit. a DS-GVO in case the storage purpose is no longer applicable or if the processing is still necessary according to Art. 17 para. 3 DS-GVO.
Possibility of objection and removal: The processing of data is mandatory for the processing of orders. There is no possibility of objection on the part of the users.
Order processing: We have concluded an order processing contract (AVV) with the Spotler Group. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website users only in accordance with our instructions and in compliance with the GDPR.
b) HubSpot CRM
We use HubSpot as our central customer relationship management (CRM) system. The provider is HubSpot, Inc, 25 First Street, Cambridge, MA 02141 USA.
The processing of personal data takes place in the context of storing and managing contact data, communication history and other relevant information. HubSpot is also used for email communication, including sending newsletters and processing inquiries. In addition, we use HubSpot to create reports and analyses based on customer data in order to improve our services.
The legal bases for processing are consent (Art. 6 para. 1 lit. a GDPR) if you register for our newsletter or submit an inquiry via our contact form, the performance of a contract (Art. 6 para. 1 lit. b GDPR) if the data processing is necessary for the performance of a contract, and our legitimate interest (Art. 6 para. 1 lit. f GDPR) in the management and optimization of our customer relationships.
Data is stored on HubSpot servers in the USA. Data is transferred to the USA on the basis of the EU Commission's standard contractual clauses. The data is only stored for as long as is necessary for the purposes of processing. It will then be deleted unless there are legal obligations to retain it.
We have concluded a data processing agreement (DPA) with HubSpot. This guarantees that HubSpot will only process the personal data of our website users in accordance with our instructions and in compliance with the GDPR.
You can revoke your consent to data processing at any time using the contact details provided in section A. You have the right to receive information about your data stored by us and to request its deletion. Further information on data protection at HubSpot can be found at: https://legal.hubspot.com/de/privacy-policy. Details on the standard contractual clauses can be found here: https://legal.hubspot.com/dpa.
7. hosting
We host our website with Hetzner. The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter Hetzner).
Details can be found in Hetzner's privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz.
The use of Hetzner is based on Art. 6 (1) lit. f DS-GVO. We have a legitimate interest in the most reliable presentation of our website. If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a DS-GVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time via our contact details provided in section A.
Order processing: We have concluded an order processing agreement (AVV) with Hetzner Online GmbH. This is a contract required by data protection law, which ensures that this company only processes the personal data of our website users in accordance with our instructions and in compliance with the GDPR.
8. plugins and tools
This site uses so-called web fonts (Google Web Fonts [local hosting]), which are provided by Google, for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google servers does not take place.
For more information about Google Web Fonts, please visit https://developers.google.com/fonts/faq and read Google's privacy policy: https://policies.google.com/privacy?hl=de.
9. provision of contractual services
a) Processing of data (customer and contract data)
We collect, process and use personal data only with your consent in accordance with Art. 6 (1) a DS-GVO or insofar as they are necessary for the establishment, content or amendment of the legal relationship (inventory data). This is done on the basis of Art. 6 (1) lit. b DS-GVO, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable users to use the service or to bill them.
Please note that the processed data may also be personal data of special categories if you provide us with them in connection with the performance of the contract. This data will only be processed with your consent pursuant to Art. 9 (2) lit. a DS-GVO.
b) Data transfer upon conclusion of contract for services and digital content
We transmit personal data to third parties only if this is necessary for the processing of the contract, for example, to the credit institution entrusted with the processing of payments.
The basis for data processing is Art. 6 (1) lit. b DS-GVO, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
A further transmission of the data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
aa) Payment processing by Stripe
Our website uses functions of Stripe. The provider for customers within the EU is Stripe Payments Europe, Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter referred to as "Stripe").
Stripe is used to offer secure and simple payment processing services for our users. Payment processing can be carried out via various payment methods such as credit card, direct debit or PayPal. In order to be able to offer these services, Stripe collects, processes and stores personal data such as name, e-mail address, address and payment information.
The transmission of your data to Stripe is based on Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract). All data required for payment processing will be used exclusively for the execution of payments and transmitted via the "SSL" procedure. Stripe is certified according to PCI DSS. Stripe may transfer, process and store personal data outside the EU. Stripe is subject to the EU-U.S. Data Privacy Framework.
During processing by Stripe, the following data is transmitted by us:
- First and last name
- E-mail address and physical address (including postal code)
- Transaction data: Product, price, date and time of transaction and other technical information needed to identify and track transactions
The following data is then processed by Stripe:
- Technical information: IP address, device information, location data, cookies
- Financial information: This includes credit or debit card information, account numbers and other bank-related information necessary for payment processing.
Further information on data protection and your rights in relation to the processing of personal data by Stripe can be found in Stripe's privacy policy at: https://stripe.com/de/privacy.
c) Profiling through the use of our services
When using our services, (further) personal data beyond the registration will be processed. Whether and to what extent, you decide.
As part of our service, we process data that is related to your participation in our software (Soft Facts analysis tools). This may include general personal data (name, address, contact details, etc.), information on your professional qualifications and school education, information on further professional training, and possibly other data that you provide to us in connection with your participation.
In addition, we receive data through the completion of questionnaires, which may contain personal data. If you provide us with personal data of special categories when answering a question, these will also be processed.
The data collected from you in the questionnaires will be used by us for the service ordered (e.g. personality analysis, team analysis). The personality analysis is performed as follows:
The participants fill out questionnaires within the tool provided by us, which form the basis of the analysis. In order to ensure the accuracy of an analysis, it is therefore assumed that the participants fill out the questionnaires truthfully. No other data is included in the analysis.
The questionnaires consist of questions, so-called items. The items are assigned to a scale, which makes the answers measurable and calculable.
It should be noted that people are complex and situational circumstances influence how people feel and behave.
To determine a particular characteristic of a person, mean values are calculated from the scale and compared with the theoretical model, then assigned.
Based on this, we help our participants to understand the results by providing interpretation texts and to integrate them into everyday life by providing recommendations for action.
The tool and the questions it contains and the resulting analyses are constantly based on the current state of research.
(Further) information on the evaluation analysis can be found in our Team Design Manual: https://softfact.works/downloads/soft-fact-team-design-manual-en.pdf.
10. data protection for Google Meet meetings
We use the "Google Meet" tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: "online meetings").
The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The basis for data processing is Art. 6 (1) lit. b DS-GVO, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
If Google Meet is used beyond the purpose of the contract or in connection with the initiation of a contract or if you provide us with personal data of special categories via this tool, this will only be done with your consent (Art. 6 para. 1 lit. a GDPR, or Art. 9 para. 2 lit. a GDPR). You can withdraw your consent at any time using the contact details provided in section A.
We do not record these online meetings. During the online meetings, we may make a note of the following personal data:
- Your first and last name
- Your employer
- Your contact details (email or phone)
We conduct our Google Meet meetings in private mode. This means that our meetings are not made public, but are created and forwarded with an individual meeting link. Guests are only admitted to this meeting if we, as the host, consciously and actively allow access and, above all, with your consent.
To protect your personal data in the best possible way, we have configured Google Meet in all functional areas so that only a minimum of data is processed.
We ask you not to exchange any content via this service that requires a high level of protection and belongs to the special categories of personal data. If you nevertheless wish to share such data with us, this will be done with your consent.
In particular, you are free to turn off your camera or leave it turned off during our online meetings.
We have concluded a data processing agreement (DPA) with Google Ireland Limited. This is a contract prescribed by data protection law, which guarantees that it will only process the personal data of our website users in accordance with our instructions and in compliance with the GDPR. The potential transfer of data to US authorities is excluded from the guarantee. Because Google is headquartered in the USA, please note our explanations in section B II 12 b).
You can find out which of your data is processed by Google, the details of this processing and how to assert your rights against Google at https://policies.google.com/privacy.
If the use of Google Meet is not possible for you or not possible under the conditions specified here, please contact us directly using the contact details given in Section A.
11. deletion and blocking of personal data
We process and store the personal data of our users only for the period of time necessary to achieve the purpose of storage or as long as consent for (further) storage is given. Subsequently, the data will be deleted, unless otherwise provided by the European Directive and Regulation or other legislator in laws or regulations to which we are subject. For further information on data deletion, please refer to subsection 13.
a) Storage period
If the purpose of storage no longer applies or if a storage period prescribed by the European Directive and Regulation or another competent legislator expires, the personal data will be blocked or deleted in accordance with the statutory provisions.
Non-anonymous server logs (with IP address) are deleted by us when the purpose ceases to exist (usually after 7 days at the latest).
b) Extinguisher search
If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted after these reasons no longer apply. For further details, please refer to subsection 13.
c) Anonymized data
For the purpose of subsequent processing (e.g., statistical evaluations, industry comparisons, benchmarking, product improvements, new product developments, and university research purposes), the personal reference of some personal data (e.g., responses to questionnaires) is removed by anonymization as defined in recital 26 p. 5 of the GDPR.
The anonymization of personal data is carried out according to the specifications of an anonymization concept developed by us. Personal data (first name, surname, date of birth, etc.), address data (street, house number, postal code, city, etc.) are anonymized, new IDs are generalized, application users are renamed or blocked, organizational units are anonymized or renamed, and interface and audit data are deleted via a tool used specifically for this purpose.
In addition, for the further development of our models, all responses of the persons concerned to our questionnaires are permanently stored in anonymized form in a separate database. This data is not deleted even when the user account is deleted. When this data is saved, a new random ID is generated, which makes it impossible to assign it to the person concerned.
Since the anonymized data can no longer be assigned to a person, it is no longer considered personal data and is not covered by the obligation to surrender or delete data.
12. disclosure of data
a) Recipient of the data
We only pass on your personal data within our company to those areas and persons who need this data to fulfill contractual and legal obligations or to implement our legitimate interests.
Your personal data is processed on our behalf on the basis of order processing contracts in accordance with Art. 28 DS-GVO. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR. Otherwise, data will only be transferred to recipients outside the company if this is permitted or required by law, if the transfer is necessary to fulfill legal obligations, or if we have your consent.
b) Note on data transfer to the USA and other third countries
If you have actively consented in each case, we use, among other things, tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
13. rights of the data subjects
If we have obtained personal data from you, you have, among other things, the rights listed in this section by law as a "data subject". We are the data controllers.
a) Right to confirmation
Every data subject has the right to obtain confirmation from the controller as to whether personal data concerning him or her are being processed (see Article 15(1) of the GDPR). If a data subject wishes to exercise this right of confirmation, he or she may, at any time, contact our employees.
b) Right to information
Any person affected by the processing of personal data has the right (see Art. 15 DS-GVO) to obtain from the controller, at any time and free of charge, information about the personal data stored about him or her and a copy of this information. Furthermore, data subject has the right of access to the following information:
- the processing purposes
- the categories of personal data that are processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
- the existence of a right to obtain the rectification or erasure of personal data concerning them or to obtain the restriction of processing by the controller or a right to object to such processing
- the existence of a right of appeal to a supervisory authority
- if the personal data are not collected from the data subject: All available information about the origin of the data
- the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject
Furthermore, the data subject shall have the right to obtain information as to whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.
If you as a data subject would like to exercise this right to information, you can contact one of our employees at any time.
c) Right to rectification
Every person affected by the processing of personal data has the right to demand the immediate correction of inaccurate personal data in accordance with Article 16 of the GDPR. Furthermore, the data subject has the right to request the completion of incomplete personal data - also by means of a supplementary declaration - taking into account the purposes of the processing.
If a data subject wishes to exercise this right of rectification, he or she may contact one of our employees at any time.
d) Right to erasure (right to be forgotten)
Any person concerned by the processing of personal data has the right to obtain from the controller the erasure without delay of personal data concerning him or her, where one of the following grounds applies and insofar as the processing is not necessary (Article 17(1) of the GDPR):
- The personal data were collected or otherwise processed for purposes for which they are no longer necessary.
- The data subject revokes the consent on which the processing was based pursuant to Art. 6(1)(a) DS-GVO or Art. 9(2)(a) DS-GVO and there is no other legal basis for the processing.
- The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
- The personal data have been processed unlawfully.
- The deletion of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
- The personal data was collected in relation to information society services offered pursuant to Art. 8 (1) DS-GVO.
If one of the aforementioned reasons applies, and a data subject wishes to arrange for the deletion of personal data stored by us, he or she may, at any time, contact any of our employees. Our employees will arrange for the deletion request to be complied with immediately.
If the personal data has been made public by us and our company as the controller is obliged pursuant to Art. 17 para. 1 DS-GVO to erase the personal data, we shall take reasonable measures, including technical measures, taking into account the available technology and the cost of implementation, to inform other data controllers which process the published personal data that the data subject has requested from those other data controllers to erase all links to or copies or replications of the personal data, unless the processing is necessary (see Article 17 (2) DS-GVO). Our employees will take the necessary steps in individual cases.
The right to erasure does not apply in a case described under Article 17 (3) DS-GVO. A request for deletion of the data is limited, for example, if the data is necessary for the assertion, exercise or defense of legal claims.
e) Right to restriction of processing
Any person concerned by the processing of personal data has the right to obtain from the controller the restriction of processing if one of the following conditions under Article 18(1) of the GDPR is met:
- The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data.
- The controller no longer needs the personal data for the purposes of processing, but the data subject needs it for the assertion, exercise or defense of legal claims.
- The data subject has objected to the processing pursuant to Article 21(1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.
If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of personal data stored by us, he or she may, at any time, contact any of our employees. The employee will arrange the restriction of the processing.
If you restrict the processing of your personal data, this data - apart from its storage - may only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State (Article 18 (2) DS-GVO).
To the extent that a data subject obtained a restriction, the data subject must be informed before the restriction is lifted (see Art. 18(2) GDPR).
f) Obligation to notify in connection with the rectification or erasure of personal data or the restriction of processing
Pursuant to Art. 19 DS-GVO, the controller must notify all recipients to whom personal data have been disclosed of any rectification or erasure of the personal data or restriction of processing pursuant to Art. 16, Art. 17(1) and Art. 18 DS-GVO, unless this proves impossible or involves a disproportionate effort. The controller shall inform the data subject of these recipients if the data subject so requests.
g) Right to data portability
Pursuant to Article 20 of the GDPR, every person affected by the processing of personal data has the right to receive the personal data concerning him or her, which has been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Art. 6(1)(a) DS-GVO or Art. 9(2)(a) DS-GVO or on a contract pursuant to Art. 6(1)(b) DS-GVO and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, when exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to obtain that the personal data be transferred directly from one controller to another controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.
To assert the right to data portability, the data subject may at any time contact one of our employees.
h) Right of objection
Any person affected by the processing of personal data has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions (Art. 21 (1) DS-GVO).
We shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defense of legal claims.
If we process personal data for the purpose of direct marketing, the data subject shall have the right to object at any time to processing of personal data for such marketing. This also applies to profiling insofar as it is related to such direct marketing. If the data subject objects to us to the processing for direct marketing purposes, we will no longer process the personal data for these purposes (Article 21 (2) DS-GVO).
In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her which is carried out by us for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the Data Protection Regulation, unless such processing is necessary for the performance of a task carried out in the public interest (Article 21(6) of the Data Protection Regulation).
In order to exercise the right to object, the data subject may directly contact our employees or another employee. The data subject is also free, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise his or her right to object by means of automated procedures using technical specifications (Article 21(5) of the GDPR).
i) Automated decisions in individual cases including profiling
Any person concerned by the processing of personal data shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, where the decision is
(1) is not necessary for the conclusion or performance of a contract between the data subject and the controller, or
(2) is permitted by Union or Member State legislation to which the controller is subject and that legislation contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject; or
(3) is carried out with the express consent of the data subject (Art. 22 (1) and (2) GDPR).
If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the controller, or (2) it is made with the data subject's explicit consent, we shall take reasonable steps to safeguard the data subject's rights and freedoms and legitimate interests, which include at least the right to obtain the data subject's involvement on the part of the controller, to express his or her point of view and to contest the decision (Article 22(3) of the GDPR).
In the case of situations involving special categories of personal data, Art. 22 (4) of the GDPR must be observed.
If the data subject wishes to exercise rights concerning automated decisions, he or she may, at any time, contact our employees.
j) Right to revoke consent under data protection law
Any person affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time (see, inter alia, Art. 7(3) DS-GVO).
If the data subject wishes to exercise the right to withdraw consent, he or she may contact our employees at any time.
You can reach us via
- Phone: +49 (0) 89 925 63 800
- E-mail: info@softfact.works
- Post: soft.fact GmbH ℅ Wayra Germany, Kaufingerstraße 15, 80331 Munich, Germany
The legality of the data processing carried out until the revocation remains unaffected by the revocation.
k) Right of appeal to the competent supervisory authority
In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to other administrative or judicial remedies. See in particular Article 77 (1) of the GDPR.
14. data security
We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, entry into, disclosure of, assurance of availability of and segregation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, deletion of data and response to data compromise. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Article 25 of the GDPR).
The security measures include, in particular, the encrypted transmission of data between your browser and our server.
15. SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as your login data, which you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
III. your application with us
1. handling of applicant data
We offer you the opportunity to apply to us (e.g. by e-mail, by post or via the online application form). In the following, we inform you about the scope, purpose and use of your personal data collected during the application process. We assure you that the collection, processing and use of your data will be in accordance with applicable data protection law and all other legal provisions and that your data will be treated as strictly confidential.
2. scope and purpose of data collection
If you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.), insofar as this is necessary for the decision on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b DS-GVO (general contract initiation) and - if you have given your consent - Art. 6 para. 1 lit. a DS-GVO. Consent can be revoked at any time using the contact details provided in Chapter A. Your personal data will only be passed on within our company to persons who are involved in processing your application.
If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Section 26 BDSG and Art. 6 (1) lit. b DS-GVO for the purpose of implementing the employment relationship.
3. data retention period
If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to retain the data you have provided for up to 6 months from the end of the application process (rejection or withdrawal of the application) on the basis of our legitimate interests (Art. 6 (1) f DS-GVO). Subsequently, the data will be deleted and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will not be deleted until the purpose for continued storage no longer applies.
A longer storage can also take place if you have given a corresponding consent (Art. 6 para. 1 lit. a DS-GVO) or if legal storage obligations oppose the deletion.
In addition, you are also entitled to the rights described in Chapter B. II. No. 13 ("Rights of the persons concerned").
IV. Objection to advertising e-mails
We hereby object to the use of contact data published in the context of the imprint obligation to send unsolicited advertising and information material. We expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.
V. Changes to this privacy policy
This privacy policy is available on our website https://de.softfact.works/datenschutz/.
We reserve the right to change this Privacy Policy. If we make a change, we will update our privacy policy, which can be viewed on the aforementioned website, accordingly. In the event of significant changes and if you continue to have a contractual relationship with us, we will of course notify you of this by e-mail.