1 Introduction
We are pleased to welcome you to our website and thank you for your interest in SOPTIM AG, [hereinafter referred to as “SOPTIM”].
This data privacy policy informs you about the collection and use of your personal data in connection with the visit to our websites (www.soptim.de) [hereinafter referred to as the “websites”] and the use of the services available there.
SOPTIM takes the protection of your data very seriously. In the collection, processing and usage of your data we of course observe the applicable data protection regulations, in particular the provisions of the General Data Protection Regulation [hereinafter referred to as the “GDPR”], the Federal Data Protection Act (Bundesdatenschutzgesetz) and the Tele-media Act (Telemediengesetz).
Please note that SOPTIM reserves the right to modify the content of this data privacy policy. We therefore recommend that you consult the data privacy policy at regular intervals.
2 Controller and Data Protection Officer
The Controller of the websites responsible for processing personal data in accordance with the provisions of the GDPR is:
SOPTIM AG
Im Suesterfeld 5-7
52072 Aachen
Germany
Phone: +49 241 400 23 – 0
Fax: +49 241 400 23 – 109
E-mail: info@soptim.de
Our data protection officer Peter Kansy is also available to answer any questions regarding data privacy aspects and our data privacy policy. > datenschutz@soptim.de
3 Personal data
Personal data refers to individual information about personal or factual circumstances of a natural person. Accordingly, your personal data includes all data that contains information about your personal or factual circumstances and thus allows identification of your person. Examples of such data include your name, address, telephone number or e-mail address.
4 Purpose and legal basis of data processing
4.1 Informational use of the websites
You can visit the SOPTIM website for informational use without giving any personal information. In this case, SOPTIM does not process any personal data – with the exception of the data transmitted by your browser to enable you to visit our website. We process this data on the following legal basis:
- If you visit our website for informational use: to carry out pre-contractual measures and, if applicable, to fulfil a contract pursuant to Art. 6 para. 1 b) GDPR.
- In order to make the websites technically available to you and to take measures to protect our website with respect to cyber risks: to protect our legitimate interests pursuant to Art. 6 para. 1 f) GDPR.
4.1.1 Data processed
When you visit our website, SOPTIM accordingly collects data about the corresponding access and saves it as server log files. For example, the following data can be logged:
- Web pages visited
- Time of access
- Source/reference from where the site was reached
- Country from which access was made
- “Return” (re-visit)
- Duration of visit
- Downloads performed
- Browser used
- Type of device used
- Operating system used
- IP address used
The aforementioned data, which are not linked to your personal data, are used solely for statistical evaluations and for the improvement of the websites. SOPTIM reserves the right to check the server logfiles retrospectively, if specific indications point to an illegal use of the website.
4.1.2 Use of cookies
Our website uses cookies. These are small text files that are stored on your device. They simplify and accelerate the management of your visit to our website, increase its user-friendliness and enable an usage analysis, in particular for the purpose of optimizing our internet offering.
One of the cookie types we use is session cookies, which are stored temporarily for the duration of your use of the internet pages. They save a session ID, which allows different requests from your browser to be assigned to the shared session so that your browser can be recognized when you return to a webpage. Closing the browser deletes these session cookies.
We also use permanent cookies. These are for user-friendliness, so that certain preferences are immediately available to you when you next visit our websites, for example. The content of the permanent cookies is limited to an identification number. Your name, IP address, etc. are not saved, so that a single profile about your usage behavior is not created.
You can prevent the installation of the cookies or control and/or delete cookies by making appropriate settings in the browser software you use. You can still use our website in this case, although in certain cases functional restrictions may occur.
4.1.3 Use of web tracking
Our website uses Google Analytics, a web analytics service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland [hereinafter referred to as “Google”] to determine the frequency of use and the number of users of our website.
Google Analytics uses cookies which are text files that are stored on your computer and enable us to analyse your use of our website. The information created by the cookie with respect to your use of our website is generally transferred to and stored on Google servers in the USA.
Google Analytics cookies are stored on the basis of Art. 6 para. 1 f GDPR, as we, the operator of our website, have a legitimate interest in analysing user behaviour in order to improve our website and the services available on it.
IP anonymisation is activated on our websites. Accordingly, your IP address is truncated within member states of the European Union or in other states party to the Agreement on the European Economic Area before transmission. Only in exceptional cases will the full IP address be sent to Google servers in the US and truncated there. As a result, the information transmitted can no longer be assigned to one individual person and the IP address will not be merged with other Google data.
As part of the processing agreement that we have concluded with Google, Google uses the information collected to analyse the use of our website and the activities on our website and provides services associated with the internet usage.You can choose whether or not a web-analysis cookie, that enables Google Analytics to collect and analyse statistical data, will be stored on your computer.
You can decide below whether a unique web analysis cookie may be stored in your browser to enable SOPTIM to collect and analyse various statistical data with the help of Google Analytics.
You can prevent cookies from being stored by making an appropriate setting in your browser software. The use of our websites remains possible in this case. In certain cases, however, functional restrictions may occur. In addition, you can prevent Google from collecting and processing the data generated by the cookie and relating to the use of our website (including your IP address) by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de
You can also prevent Google Analytics from collecting your data on this website by clicking on the following link. An opt-out cookie will be set and stored on your browser to prevent the future collection of your data when you visit our website: deactivate Google Analytics
More information on data protection aspects regarding Google Analytics is available within Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de
HubSpot
We use HubSpot, a digital marketing tool, on our website. The service provider is the American company HubSpot, Inc, 25 First Street, 2nd Floor Cambridge, MA, USA. The company also has a registered office in Ireland at 1 Sir John Rogerson’s Quay, Dublin 2, Ireland.
HubSpot also processes your data in the USA, among other places. HubSpot is an active participant in the EU-U.S. Privacy Framework, which governs the correct and safe transfer of personal data from EU citizens to the United States. For more information, please visit https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
In addition, HubSpot uses standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission to ensure that your data complies with European data protection standards even when transferred to and stored in third countries (such as the US). Through the EU-U.S. Privacy Framework and the standard contractual clauses, HubSpot agrees to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and maintained in the United States. These clauses are based on an implementing decision of the EU Commission. The decision and the corresponding standard contractual clauses can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
The data processing agreement, which corresponds to the standard contractual clauses, can be found at https://legal.hubspot.com/dpa.
For more information about the data processed through the use of HubSpot, please see our privacy policy at https://legal.hubspot.com/de/privacy-policy.
Google Ads
This website uses Google Ads. Google Ads is an online advertising programme of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to serve ads on Google’s search engine or on third party websites when a user enters certain search terms in Google (keyword targeting). It also allows us to show targeted ads based on user information available to Google, such as location and interests (audience targeting). As a website operator, we can quantify this data by analysing, for example, which search terms led to the display of our ads and how many ads led to clicks.
As part of Google Ads, we also use conversion tracking. When you click on an ad served by Google, we set a conversion tracking cookie. Cookies are small text files that are stored on a user’s computer by their web browser. These cookies expire after 30 days and are not used to personally identify the user. If the user visits certain pages on this site and the cookie has not yet expired, Google and we may be able to tell that the user clicked on the ad and was directed to that page.
Each Google ads customer receives a different cookie. The cookies cannot be tracked across advertisers’ websites. The information collected by the conversion cookie is used to generate conversion statistics for advertisers who have opted in to conversion tracking. Advertisers are told the total number of users who clicked on their ads and were directed to a page with a conversion tracking tag. However, they will not receive any personally identifiable information. If you do not want to opt out of this tracking, you can opt out by simply disabling the Google conversion tracking cookie in your web browser’s preferences. As a result, you will not be included in conversion tracking statistics.
The storage of “conversion cookies” is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. This consent may be revoked at any time.
The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details can be found at https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
4.2 Active use of our website
In addition to the purely informational use of our website, you can use our website in an active way. You can, for example send us messages, register for a training session provided by the SOPTIM Academy or subscribe to the SOPTIM newsletter. In addition to the above-mentioned processing of your personal data for purely informational purposes, in this case, we will also process other personal data that we require from you in order to process and respond to your inquiry, for instance.
4.2.1 Inquiries
Inquiries within the meaning of this data privacy policy are, for example inquiries regarding the scope of the software solutions offered by us or inquiries regarding the use of the SOPTIM software that is in operational use within your company [hereinafter referred to as “your company”].
If you send us an inquiry (e.g. by making use of the corresponding contact forms on our website, by e-mail or by phone), we process your personal data provided by you in this context. In all cases, this includes your name and e-mail address, so that we can send you an answer to your inquiry. Further data may also be required in this context (e.g. your telephone number and the name of your company when sending an inquiry regarding the use of the SOPTIM software). Furthermore, this includes other information that you send us in the context of your inquiry.
We process this data on the following legal basis:
- To carry out pre-contractual measures and, if applicable, to fulfil a contract pursuant to Art. 6 para. 1 b) GDPR.
- To protect our legitimate interests pursuant to Art. 6 para. 1 f) GDPR – in order to answer your inquiry in an adequate way.
4.2.2 Subscription to the SOPTIM newsletter
You have the option of subscribing to a free SOPTIM newsletter on the corresponding website. The newsletter will then be sent after each publication to the e-mail address you provided.
Of course, you also have the option within the newsletter-related e-mail to unsubscribe from the newsletter with effect for the future. Alternatively, you can also send a corresponding request to the Data Protection Officer listed in No. 2 of this data privacy policy.
In case you want to subscribe to the SOPTIM newsletter, you only have to provide your e-mail address (mandatory information). If you also provide your name this allows us to personalise the newsletter for you.
We process this data on the following legal basis:
- Based on the transmission of your data and your given consent, in accordance with Art. 6 para. 1 a) GDPR.
4.2.3 Processing of comments
On our website’s blog in particular, you have the opportunity to enter a comment stating your name and, if applicable, your e-mail address.
Please note that such a comment with the above-mentioned personal data as well as the date and time of its creation is then visible on the respective website, and is as such publicly accessible.
By using the commenting option, you agree to this display of the above-mentioned data.
SOPTIM reserves the right to alter or, if necessary, to delete a comment you have created, if SOPTIM deems this to be necessary due to legal regulations or other reasons.
We process this data on the following legal basis:
- Based on the transmission of your data and your given consent, in accordance with Art. 6 para. 1 a) GDPR.
4.2.4 Services
On our website we provide a number of services, for example SOPTIM Community. Before making use of some of these services, a contract of use first has to be signed by your company.
For some services, the contract of use is concluded when you personally accept the corresponding terms of use online on behalf of your company. Irrespective of this, you must generally also register or log in personally to use the services when you access them. When you register/login for the first time, you will be shown the terms of use for the service you have accessed.
These terms of use also provide information on which personal data is stored and processed in the context of the service. As such, please read the terms of use carefully and accept them (if you agree with them).
Accordingly, we process this data on the following legal basis:
- Based on the transmission of your data and your given consent, in accordance with Art. 6 para. 1 a) GDPR.
- To fulfil a contract pursuant to Art. 6 para. 1 b) GDPR.
4.2.5 SOPTIM Academy
Our website provides the possibility to register online for events offered by the SOPTIM Academy. The personal data that has to be provided in this context is shown in the corresponding registration form. If case you transfer your data to us in this context – irrespective of whether this is done by using the online registration form or by other means – we process this data on the following legal basis:
- Based on the transmission of your data and your given consent, in accordance with Art. 6 para. 1 a) GDPR.
- To fulfil a contract pursuant to Art. 6 para. 1 b) GDPR.
5 Video plug-ins
5.1. YouTube video plug-in
Our website uses YouTube plug-ins. YouTube is provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of our pages that provides YouTube plug-ins, a connection is established to the YouTube servers and the servers will be informed which of our pages you have visited.
If you are logged into your YouTube account, YouTube is able to assign your surfing behaviour to your profile. This can be avoided by logging out of your YouTube account in advance.
The use of YouTube and the related processing of your data is based on our legitimate interest in providing sophisticated online services pursuant to Art. 6 para. 1 f) GDPR.
Further information regarding the processing of user data can be found in Google’s/YouTube’s privacy policy: https://www.google.de/intl/de/policies/privacy
5.2. Vimeo video plug-in
Some of our webpages use Vimeo plug-ins to embed videos. Vimeo is operated by Vimeo, LLC, headquartered at 555 West 18th Street, New York, New York 10011, USA.
When you visit the pages that provide Vimeo plug-ins, a connection is established to the vimeo servers and the plug-in is displayed. This communicated to the Vimeo servers which of our websites you have visited.
If you are logged in as a member of Vimeo, Vimeo assigns this information to your personal user account. When you use the plug-in, e.g. by clicking the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.
The use of Vimeo and is based on our legitimate interest in providing sophisticated online services pursuant to Art. 6 para. 1 f) GDPR.
Further information regarding the processing of user data can be found in Vimeo’s privacy policy: https://vimeo.com/privacy
6 Social Links
Services such as LinkedIn or Xing are linked on the website. By clicking on the graphics included on our websites, you will be redirected to the page of the respective provider.
In this case, the external provider may receive the information from your browser describing which of our websites you have come from. Like any other website provider, we are unable to influence this process.
For information on the handling of your data when using the abovementioned services, please refer to the data privacy policy of the respective provider.
7 Recipients of your data
Initially, only employees of SOPTIM receive knowledge of your personal data.
A transfer of your personal data to third parties only takes place if you have consented to this transfer, if it is necessary for processing of an inquiry, a service provided on our websites or a contractual relationship and/or if we are required by a judicial or regulatory order to disclose your data.
In the context of providing our website and the related services as well as processing contracts, the following service providers in particular may be involved:
- Marketing service providers in the context of sending information/newsletters
- IT service providers in the context of administration and hosting of our website and the related services
- Hotels (e.g. in case you ask us to book a hotel room for you when visiting the SOPTIM Academy)
If required, these service providers are given access to your data as processors. In this context, the service providers are contractually obliged to comply with data protection regulations, and they process personal data only strictly in line with our instructions.
8 Transfer to a third country
SOPTIM does not transfer your personal data collected when using our website to countries outside the EU or the EEA (European Economic Area). An exception to this may be the transmission of anonymised data as part of web-tracking (see section 4.1.3).
9 Duration of data storage
In accordance with article 17 para. 1 a) GDPR, your personal data is routinely deleted if it is no longer necessary for fulfilment of an inquiry, a service provided on our website or a contract and if it is no longer subject to statutory retention periods.
Instead of being deleted, data is restricted for processing if there are legal or factual obstacles to deletion.
10 Automated decision making/profiling
SOPTIM does not use automated decision making or profiling (an automated analysis of your personal circumstances).
11 Security
Our website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as seminar bookings or enquiries that you send to us. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser bar. If SSL or TLS encryption is activated, the data you transfer to us cannot be accessed by third parties.
In addition, we take technical and organisational security measures to protect your personal data managed by us from accidental or intentional manipulation, loss, destruction or access by unauthorised persons.
Data processing and security measures are continuously being improved by SOPTIM in line with technological developments.
12 Your rights as a data subject (especially pursuant to Art. 15 – 21 GDPR)
12.1 Information
On request, you can obtain information about all personal data that we have stored about you at any time and free of charge.
12.2 Correction, deletion, restriction of processing (blocking) and objection
If you no longer agree to the storage of personal data or in the event that this data is no longer correct, we will arrange for the deletion or blocking of your data or make the necessary corrections (to the extent possible under the applicable law). The same applies if we receive the instruction to restrict processing with future effect.
12.3 Data transferability
Upon request, we will provide you with your personal data stored within our systems in a structured, commonly used and machine-readable format so that you can e.g. share this information with another company or Controller, for example.
12.4 Revocation
You have the right to revoke any consent given at any time with future effect. This revocation does not affect the legality of any data processing carried out with your consent before the time of revocation.
12.5 Complaint
Under the conditions laid down in Article 77 GDPR, you are entitled to lodge a complaint with a supervisory authority.
12.6 Exercising your rights as data subject
If you have any questions concerning the processing of your personal data, if you would like to exercise your right to information, correction, deletion, restriction of processing, objection or revocation with respect to your personal data or if you want to have your data provided for transfer, please contact our data protection officer (contact details can be found in clause 2 of this Data Privacy Policy).
We also recommend that you always address a complaint to our data protection officer first.
13 Data Privacy Policy – status
This privacy policy is currently valid and was issued on 22 December 2021.