Privacy Policy

At WSW Software GmbH, privacy and data security are among our most important principles. WSW Software GmbH attaches great importance to the protection of your privacy and complies with all applicable data protection legislation. In the following, we explain how we process your personal data.

1. Data controller

The data controller with responsibility for the collection, processing and use of your personal data within the meaning of the GDPR is:

WSW Software Gesellschaft mit beschränkter Haftung
Fußbergstraße 1
D-82131 Gauting
Phone: +49 (0) 89 89 50 89-0
Fax: +49 (0) 89 89 50 89-190
CEO: Klaus Müer

1.1 Name and contact details of the Data Protection Officer

Stefan Herz
Phone: +49 (0) 89 89 50 89-160
datenschutz@wsw.de

1.2 Legal basis for the processing of personal data

Insofar as we obtain the data subject's consent to process their personal data, Article 6 (1) (a) of the General Data Protection Regulation (GDPR) provides the legal basis.

We process your personal data for the purposes of the contract, whereby Article 6 (1) (b) GDPR provides the legal basis. This also applies to processing operations carried out for the purpose of implementing pre-contractual measures.

To the extent that it is necessary to process personal data in order to fulfill a legal obligation on the part of our company, Article 6 (1) (c) GDPR provides the legal basis.

Where the processing is necessary to safeguard the legitimate interests of our company, and provided that the interests, fundamental rights and freedoms of the data subject do not outweigh the former interests, then Article 6 (1) (f) GDPR provides the legal basis for the processing. Our interests in the processing include, in particular, ensuring the operation and security of the website, analyzing the usage of the website by visitors and simplifying the use of the website.

1.3 General information

Types of processed data:

  • Contact details (e.g., e-mail, telephone numbers)
  • Content data (e.g., text entries, photographs)
  • Usage data (e.g., visited websites, content of interest, access times)
  • Meta/communication data (e.g., device information, IP addresses)

Data subjects

The data subjects are the visitors to – and users of – our online services. In the following, we also refer to the data subjects as "users."

Purpose of the processing

  • To deliver our online services, including the related functions and content
  • To respond to contact requests and communicate with users
  • Reach measurement/marketing

Terms used

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"). A natural person is considered to be identifiable if they can be identified directly or indirectly, in particular by association with an identifier such as a name, identification number, location data, an online identifier (e.g., a cookie) or by means of one or more unique features which express the physical, physiological, genetic, psychological, economic, cultural or social identity of said natural person.

"Processing" means any process performed with or without the aid of automated procedures or any such process associated with personal data. This term covers a wide range of activities and covers virtually every type of interaction with data.

The "data controller" refers to the natural or legal person, public authority, institution or body which, either alone or in concert with others, decides on the purposes and means of the processing of personal data.

Hosting

We have leased data centers for the purpose of providing and operating this website. These data centers possess various certifications, including ISO 27001.

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, disk space and database services, collateral and technical maintenance services, which we use to operate this online service.

In doing so, we (or our hosting provider) process the inventory data, contact data, content data, contract data, usage data, meta and communication data submitted by customers, interested parties and visitors to this website on the basis of our legitimate interest in making this online offer available in an efficient and secure manner in accordance with Article 6 (1) (f) GDPR in conjunction with Article 28 GDPR (conclusion of an order processing contract).

The data centers are located in the European Union. To the extent that personal data of EU citizens is stored in data centers outside the European Union, we only transfer data to a third country if an adequacy decision pursuant to Article 45 GDPR or appropriate safeguards pursuant to Article 46 GDPR are in place. As a rule, we achieve appropriate safeguards under Article 46 of the GDPR and an adequate level of data protection by concluding the Standard Contractual Clauses (SCC) issued by the European Commission with the receiving entity.

Storage period

Unless specifically stated, we store personal data only for as long as necessary to fulfill the stated purpose.

 

2. General use of this website

2.1 Cookies

Each time you contact us, we receive and store certain information. Among other things, we use so-called "cookies" and "Flash cookies" and receive certain information as soon as your web browser opens the WSW website and/or other content that is provided by or on behalf of WSW on other websites. Cookies and Flash cookies are text files that are transmitted to your computer via your web browser or other programs. As a result, our system is able to recognize your browser and to offer you various services. In this way, our use of cookies facilitates your visit to our site.

If you wish to prevent additional cookies from being accepted by your browser, or to be notified when you receive new cookies, or if you wish to disable all cookies, please access the help function via your web browser's menu bar. You can disable or delete Flash cookies or similar features that are used by certain browser add-ons either by changing the settings of the respective browser add-on or by following the instructions on disabling them provided on the manufacturer's website.

Please take into account, however, that certain features of the WSW website require the use of cookies.

Link to privacy settings

2.2 Use of web fonts

In order to ensure that fonts are displayed consistently, this site uses so-called "web fonts" provided by MyFonts Inc., 600 Unicorn Park Drive, Woburn, MA 01801, United States. Whenever you access a web page, your browser loads the required web fonts into your browser cache in order to correctly display text and fonts.

In order to do this, the browser you are using must connect to the MyFonts servers. During this process, MyFonts is able to determine that our website was accessed from your IP address. Our use of MyFonts corresponds to our interest in ensuring of a consistent and attractive presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If your browser does not support web fonts, a default font will be used by your computer.

Further information about MyFonts is available at:

https://www.monotype.com/de/rechtshinweise/nutzungsbedingungen/ und https://www.monotype.com/de/rechtshinweise/datenschutzrichtlinie/.

2.3 Access data

WSW collects information about you when you use this website. We automatically collect information about your usage behavior and interactions with us, and record information about your computer or mobile device. We collect, store and use data each time you access our online service (so-called "server log files"). This access data includes the name and URL of the retrieved file, the date and time of the retrieval, the quantity of data transferred, a notification of successful retrieval, the browser type and version, the operating system, the referrer URL (i.e. the previously visited page), the IP address, and the requesting provider.

We do not use this log data to identify you or for other profiling purposes, and instead use it for statistical analysis for the purpose of operation, security and optimization of our online services, and also to anonymously determine the number of visitors to our website (traffic) as well as the extent and nature of your use of our website and services. This information enables us to analyze traffic, find and fix bugs, and improve our services. We reserve the right to check the log data retrospectively in cases where we have legitimate grounds to suspect unlawful use of our services on the basis of concrete evidence. We store IP addresses in the log files for a limited period and to the extent necessary for security purposes or for the provision of services or the billing of a service. We also store IP addresses if we have compelling reasons to suspect criminal activity in connection with the use of our website. We also save the date of your last visit (e.g., when registering, logging in, clicking links, etc.) as part of your account data.

The legal basis for this data processing is provided by Article 6 (1) (1) (f) GDPR. Our legitimate interest follows from the data collection purposes listed above.

2.4 Contact by E-Mail or Contact Form

Processing purposes and legal bases

We enable you to contact us in an uncomplicated manner by means of a general e-mail address as well as a contact form. In doing so, the data you provide or enter will be stored for the purpose of individual communication, such as processing your inquiry. We thus ensure that an exchange with you as well as the processing of further inquiries always takes place in a timely manner.

By entering your data in our contact form, you consent to the processing of this data. The consent constitutes the legal basis for the processing in accordance with Article 6(1)(a) of the GDPR.

If you contact us to request a quote, the data entered in the contact form will be processed to carry out pre-contractual measures pursuant to Article 6(1)(b) GDPR.


Recipient of the Data
Our website is maintained by a service provider who acts on our behalf as a commissioned processor.
If you send us an inquiry about an offer, the service providers we use may received data for this purpose, provided they require these data to fulfill their respective service. All service providers are contractually obligated to treat your data in confidence.


Storage Period
Data will be deleted no later than 6 months after the inquiry has been processed.
If a contractual relationship arises, we are legally bound to keep the data on file for up to ten years.

Necessity of Provision
The provision of personal data is not required by law or contractual agreement. However without it, the inquiry cannot be processed.


Revocation
Information regarding your right of revocation can be found in Point 3.6 of this data privacy statement.

2.5 Marketing Automation with SALESmanago

On our website, we use the service "SALESmanago" of BENHAUER Sp. z o.o. 21 Grzegórzecka St. 31-532 Krakow, Poland.

This service stores text files (cookies) locally on your terminal device in order to enable recognition when you visit our website again. With this recognition possibility, we create - initially pseudonymous - user profiles in order to be able to provide you with personalized advertising.

This initially pseudonymous usage profile will not be merged with your personal data without your express consent. Insofar as such aggregation takes place, this is based on the legal basis of consent previously given by you pursuant to Article 6(1)a GDPR. In this case, your user profile can be merged with the following, possibly personal data and used:

  • First and last name
  • Email address
  • IP address
  • Times of visits to online offers of WSW Software GmbH
  • Technical browser settings
  • Details of the company and position in the company

Furthermore, you can subscribe to our newsletter, which is also sent via SALESmanago, on the basis of your consent pursuant to Article 6(1)a GDPR. The only information required for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and will be used to address you personally.

For the registration to our newsletter we use the "double opt-in" procedure. Thus, after your registration, we will send you an e-mail to the specified e-mail address, in which we ask you to confirm that you wish to receive the newsletter. After your confirmation, we will store the data you provide for the purpose of sending you the newsletter. If you do not confirm your registration, your information will be automatically deleted. In addition, we will store your IP address and the time of registration and confirmation in order to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

Furthermore, this service evaluates on our behalf whether you open the newsletter and which links you click on. This information is provided to us in aggregated form by the service provider so that we can determine whether the contents of our newsletter are of interest to you as a recipient and whether we can improve our newsletter if necessary. The legal basis for this processing is Article 6(1)f of the GDPR.

For the purpose of sending the newsletter, the data will only be used until your consent is revoked. Any collection, processing or use of personal data in connection with SALESmanago takes place within the territory of the European Union. There is no obligation on the part of the visitor to provide personal data in the context of the processes described above, and a refusal to do so will not have any detrimental effects.

You can revoke your consent to receive the newsletter and unsubscribe at any time. You can declare revocation of consent by clicking on the link provided in every newsletter e-mail, by sending an e-mail to news@wsw.de, or by sending a message to the contact details given in the imprint.

2.6 Registration for WSW events

By registering, you are confirming that you agree to our data privacy conditions in relation to events.
The personal data you share on the event registration form and at event registrations will be used for the purposes of event registration and organization. We will only share your personal data with third parties if this is required for the organization of the event you are attending. The information requested is essential for your participation. Consent is given voluntarily and without prejudice to the right of revocation, with effect for the future, unless there are legal grounds to the contrary. Failure to provide consent, however, may mean that participation in the event in question will not be possible.

By registering, you declare that you consent to any image or sound recordings that may be made during the event being used as part of public relations activities. Photographs taken at an event may subsequently be published in printed products, on the WSW website and within its employee network. They will not be passed directly by WSW to third parties for other purposes. That said, however, we must point out that the photographs are freely available to view worldwide once published on the Internet. The reuse of these photographs by third parties therefore cannot be completely excluded. The declaration of consent applies from the date of registration up to the point at which you leave the event. This declaration of consent can be revoked at any time with effect for the future. Revocation means that any published photographs will be removed from the WSW website and no further photographs will be uploaded. The deletion of images from the website may take a few working days to complete following receipt of your revocation. If a group photograph is published, any later revocation by one individual will not generally lead to the imaging having to be removed.

2.7 Access and reach measurement

Matomo

The following data is processed via the Matomo tool in self-hosting for the purpose of reach analysis:

  • The user's browser type/version
  • The user's operating system
  • The user's country of origin
  • The date and time of the request via the server
  • The number of visits
  • The duration of the visit to the website
  • The external links selected by the visitor

Each user's IP address is anonymized before it is saved.

Matomo uses cookies stored on users' computers to analyze their use of our online services. The processed data may be used to create pseudonymous usage profiles. The storage period of the cookies is one week. The information generated by the cookie about your use of this website will only be stored on our server and will not be shared with third parties.

Logs containing user data will be deleted after 13 months at the latest.

If we request consent via our privacy settings, the legal basis of this processing is article 6 para 1 (a) GDPR. Otherwise, the users' personal data will be processed on the basis of our legitimate interest (i.e. our interest in the analysis, optimization and operation of our online services within the meaning of Article 6 (1) (f) GDPR).

 

Google Analytics is a web analysis service. It collects usage data from our websites and enables us to generate reports on website activity and thus improve the website. The information generated by the service about your use of this website is usually transmitted to a Google server in the USA and stored there. However, due to IP anonymization on this website, your IP address will be anonymized beforehand by Google within member states of the European Union or the EEA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

Processing Company
Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data Processing Purposes
This list represents the purposes of data collection and processing.

  • Analysis

Used Technologies

This list contains all the technologies that this service uses to collect data. Typical technologies are cookies and pixels placed in the browser.

  • Cookies
  • Pixel-Tags

Collected Data

This list contains all (personal) data collected during or through the use of the Service.

  • IP-Address
  • Date and time of the visit
  • Usage data
  • Click path
  • Browser information
  • Device information
  • JavaScript support
  • Visited pages
  • Referrer URL
  • Downloads
  • Flash version
  • Location information
  • Widget interaction

Legal Basis
The following is the required legal basis for the processing of data

Article 6 paragraph 1 sentence 1 letter a) DSGVO

Processing Location
This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.

European Union

Storage Duration
The storage duration is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer needed for the specified processing purposes.

The data collected with Google Analytics is stored for a period of 14 months.

Transfer to Third Countries
Transfer to Third Countries

This service may transfer the collected data to another country. Please note that this service may transfer data outside the European Union and the EEA and to a country that does not provide an adequate level of data protection. If the data is transferred to the U.S., there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without you possibly having any legal remedies. Below is a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing.

  • Worldwide

Data Recipient

The following is a list of the recipients of the data collected.

  • Alphabet Inc.
  • Google LLC
  • Google Ireland Limited

Click here to read the privacy policy of the data processor.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by

  1. Not giving your consent to the cookie being set, or
  2. downloading and installing the browser add-on to disable Google Analytics HERE.

Mouseflow

This website uses Mouseflow, a web analytics tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to record randomly selected individual visits (with anonymized IP address only).

This creates a log of mouse movements and clicks with the intention of randomly sampling individual website visits and deriving potential improvements for the website.

The information is not personal and will not be shared. If you do not want a recording, you can deactivate this in the privacy settings.

2.8 Online presence in social media

We maintain an online presence within social networks and platforms in order to communicate with customers, interested parties and users there, and to inform them about our services. When you access the respective networks and platforms, the terms and conditions and the data processing policies of the respective operators apply.

Unless otherwise stated in our Privacy Policy, we will process users' data to the extent that they communicate with us within social networks and platforms, e.g., by creating posts on our online service or sending us messages.

Integration of third-party services and content

On the basis of our legitimate interest (i.e. our interest in the analysis, optimization and economic operation of our online services within the meaning of Article 6 (1) (f) GDPR), we include content and services offered by third parties within our online services, e.g., for the purpose of integrating videos and/or fonts (collectively referred to as "content").

This always requires the user's IP address to be shared with the respective third-party providers, since they require the user's IP address in order to send the content to their browser. The user's IP address is therefore required for the presentation of this content. We endeavor only to use content whose respective providers will use the IP address exclusively for the purpose of delivering the respective content. Third parties may also use so-called "pixel tags" (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. These "pixel tags" can be used to evaluate specific information, such as visitor traffic on the pages of this website. This pseudonymous information may also be stored in cookies on the user's device and may include, but is not limited to, technical information about the respective browser and operating system, the referring web pages, the time of the visit, as well as other information regarding the use of our online services.

Facebook

Within our online presence, functions and content may be integrated from the Facebook service, provided by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This may include, for example, content such as images, videos, or text and buttons that allow users to share content from our online services within Facebook. If the users are members of the Facebook platform, Facebook is able to link their use of the aforementioned content and functions to their user profiles.

Facebook: Social network; service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com;
Privacy policy: https://www.facebook.com/about/privacy;Revocation option (opt-out): Settings for advertisements: https://www.facebook.com/settings?tab=ads;

Additional information on data protection: Agreement regarding the shared processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum

Data privacy information for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.

If you do not wish Facebook to be able to associate your visit to our website with your user account, please log out of your Facebook user account first.

Measurement of User Interaction with our Fanpage
At https://www.facebook.com/wswsoftware/ we use a Facebook Fanpage. Facebook provides us with insights regarding these fanpages. Page insights contain collated data that tell us how users are interacting with our fanpage. The page insights can be based on personal data which has been captured in relation to a visit or an interaction between people on or with our fanpage and its content. Together with Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook Ireland”), we are jointly responsible under the terms of Art. 26 GDPR, for the processing of insights data and have signed an agreement with Facebook Ireland in this regard. You can find this at https://www.facebook.com/legal/terms/page_controller_addendum. The legal basis for our use of the Facebook Fanpage and page insights is a justified interest as defined in Article 6 (1) f of the GDPR, namely in relation to the fanpage the use of Facebook as a channel for information regarding our company and in relation to the Insights pages the better understanding of the interests of visitors to our fanpage in order to be able to address these interests in a targeted manner.

XING

The "XING share button" is used on this website. When this button is activated, a short-term connection is established via your browser to the servers of XING SE ("XING"), which provide the "XING share button" functions (in particular, the calculation/display of the counter value). XING does not store any personal data about you when this website is accessed. In particular, XING does not store any IP addresses. In addition, no evaluation of your usage behavior takes place via the cookies used in connection with the "XING share button." The current data protection information regarding the "XING share button", as well as supplementary information, can be found on this website:

https://www.xing.com/app/share?op=data_protection

kununu

On our web pages, we use the plugin provided by the XING social network in the form of the "XING share button" and the "Kununu" service. Kununu is an application provided via the XING service. When you visit our web pages, a short-term connection is established by your browser to the servers of XING SE ("XING"), which provide the "XING share button" functions (in particular the calculation/display of the counter value).

We would like to point out that, as the provider of the web pages, we have no knowledge of the contents of the transmitted data or its use by kununu. We have no control over the quantity of data collected by kununu via the button. For information about the purpose and scope of the data collection, its further processing and the use of your data by kununu, as well as your rights in this context and your options with regard to protecting your privacy, please refer to the latest version of kununu's privacy policy:

https://www.kununu.com/info/agb
https://privacy.xing.com/de/datenschutzerklaerung

If you do not want kununu to be able to associate your visit to our website with your user account, please log out of your kununu user account before accessing the respective content.

LinkedIn

Our online services may include integrated functions and content provided by the LinkedIn service (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland). This may include, for example, content such as images, videos, or text and buttons that allow users to share content from our online services within LinkedIn. If the users are members of the LinkedIn platform, LinkedIn is able to link their use of the aforementioned content and functions to their user profiles.

The LinkedIn privacy policy is available here: https://www.linkedin.com/legal/privacy-policy.

Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

YouTube

We integrate the videos of the platform "YouTube" of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Privacy policy https://www.google.com/policies/privacy/

Opt-out https://adssettings.google.com/authenticated.

2.9 Appointment bookings via Microsoft Bookings

To make appointments with prospects and customers, we use Microsoft Bookings as part of the Office 365 cloud application. Microsoft O365 and Microsoft Bookings are services of Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (hereinafter: "Microsoft").  We offer this service both if you are already a customer and if you are interested in our services or products without already having a contractual relationship with us (contract initiation). We process the data you enter in the input screen for the purpose of booking appointments and, if necessary, contacting you by telephone in the event of technical difficulties. The connection to the service is only established when you access the online booking function via a link in an e-mail or newsletter. Your input, your IP address, the page you accessed, as well as the time of access and your browser configuration are transmitted to Microsoft for this purpose. For more information about the purpose and scope of data collection and processing by Microsoft Bookings, please refer to Microsoft's privacy policy at https://privacy.microsoft.com/de-de/privacystatement

Please note that you are not obligated to use Microsoft Bookings to schedule an appointment. If you do not wish to use the service, please use another of the contact options provided to make an appointment.

The processing of the data you enter in the online form is based exclusively on your consent pursuant to Article 6(1)a GDPR. You can revoke this consent at any time. An informal message sent to us by e-mail is sufficient to do so. Revocation of consent shall not affect the legality of the data processing operations carried out until the time of revocation. The data you enter in the online form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.

Your personal data with regard to the use of the appointment booking option via Microsoft Bookings will not be transferred by us to third countries outside the EU or the European Economic Area. To the best of our knowledge, based on the information available from Microsoft, Microsoft does not transfer personal data to third parties. We have concluded the necessary data protection agreements with Microsoft.

3. Use of online communication platforms

3.1 Webinars on the GoToWebinar platform

We use the GoToWebinar platform of LogMeIn Ireland Ltd, The Reflector, 10 Hanover Quay, Dublin 2, Ireland as a third-party provider to conduct webinars. The third party provider has self-certified for the EU-US and Swiss-US Privacy Shield with respect to customer data. For more information on how the third party provider handles your data, please visit https://www.logmeininc.com/de/legal/privacy and at https://www.logmeininc.com/de/legal/privacy-shield.

We always observe the legal regulations when selecting third party suppliers and their services.

In the context of our offer, communication participant data is processed and stored on the third party supplier’s servers, provided it is part of the communication processes with us. This data may in particular include registration and contact data, visual and verbal contributions as well as entries in chats and shared screen content.

If users are referred to a third party provider or their software or platforms as part of communication, business or other relations with us, third party providers may process usage data and metadata for security, service optimization or marketing purposes. We therefore ask you to observe the data protection information of the respective third-party providers (see above).

Information about the legal bases:
Where we ask users to consent to the use of third party providers or certain features, the legal basis for the processing is consent. In addition, their use can be part of our (pre)contractual services, provided the use of the third party provider has been agreed in this context. Otherwise the user’s data is processed based on our legitimate interests in an efficient and secure communication with our communication partners. In this context, we would like to also refer you to the information about the use of cookies in this data protection declaration.

GoToWebinar:

  • Processed types of data:Inventory data (e.g. name, addresses), contact data (e.g. email, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Data subjects:Communication partners, users (e.g. website visitors, users of online services).
  • Purpose of processing:Contractual performance and service, contact requests and communication, office and organizational processes.
  • Legal basis:Consent (Art. 6 para. 1 p. 1 (a) GDPR), Contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 (b). GDPR), Legitimate interests (Art. 6 para. 1 p. 1 (f) GDPR).

 

3.2 Video conferencing function Microsoft Teams

We use the Microsoft Teams platform from the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter referred to as “third party supplier”) to carry out video conferences. We observe the legal regulations when selecting third party suppliers and their services.

In this context, communication participant data is processed and stored on the third party supplier’s servers, provided it is part of the communication processes with us. This data may in particular include registration and contact data, visual and verbal contributions as well as entries in chats and shared screen content.

If users are referred to a third party provider or its software or platform as part of communication, business or other relations with us, the third party provider may process usage data and metadata for security, service optimization or marketing purposes. We therefore ask you to observe the third party provider’s data protection notice https://privacy.microsoft.com/de-de/privacystatement

Information about the legal bases: If we ask users for their consent to use the third party provider or certain functions (e.g. consent to a recording of conversations), the legal basis for processing is the consent according to article 6 para. 1 p. 1 (a) GDPR. In addition, the use can be part of our (pre)contractual services according to article 6 para. 1 p. 1 (b) GDPR, provided the use of the third party provider has been agreed in this context. Otherwise the user’s data is processed based on our legitimate interests according to article 6 para. 1 p. 1 (f) GDPR in an efficient and secure communication with our communication partners. In this context, we would like to also refer you to the information about the use of cookies in this data protection declaration.

Microsoft Teams:

We only process personal data that the applicant provides us or that we receive in a permissible manner as part of the application process. At least the following personal data of the applicant is needed for the use of teams:

  • Last name
  • First name
  • Email address

As part of the use, teams may process additional personal data. This depends on the settings selected and the content and functions used as part of the utilization. In this respect, the text entries from the applicant are processed in order to display them in the video conference or to log them. To display video and audio, data from the applicant’s end device microphone as well as from any video camera of the end device is processed according to the duration of the conference. Note: You can always switch off or mute the camera or microphone using the teams applications.

  • Processed types of data:Inventory data (e.g. name, addresses), contact data (e.g. email, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. topic, description (optional), participant IP addresses, device/hardware information, e.g. browser).
  • Data subjects:Communication partners, users (e.g. website visitors, users of online services).
  • Purpose of processing:Contractual performance and service, contact requests and communication, office and organizational processes.

 

4. Rights of data subjects

Under the applicable laws, you have various rights regarding your personal data. If you wish to assert these rights, please send us your request by post or e-mail, clearly identifying yourself and using the contact details listed under points 1 and 1.1. As a data subject you have the following rights.

4.1 Right to information

You have the right to request information about your personal data that is processed by us. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, your right of rectification, deletion, restriction of or objection to the processing, your right of appeal, the source of your data if it was not collected from us, and the existence of automated decision-making, including profiling, and if applicable, detailed information about this.

4.2 Right to rectification

You have the right to demand the immediate rectification of any incorrect personal data concerning you. In light of the stated purposes, you have the right to request the completion of any incomplete personal data concerning you, including by means of a supplementary statement.

4.3 Right to deletion ("right to be forgotten")

You have the right to ask us to delete your personal data without delay. Furthermore, we are obliged to delete your personal data immediately if one of the following reasons applies:

  • the personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  • You have revoked your consent on which the processing was based pursuant to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, and no other legal basis for the processing exists.
  • You object to the processing pursuant to Article 21 (1) GDPR and there are no legitimate grounds for the processing (e.g. statutory retention periods), or you object to the processing pursuant to Article 21 (2) GDPR.
  • The personal data was processed unlawfully.
  • The deletion of the personal data is required to fulfill a legal obligation under applicable union or national law.
  • The personal data was collected in relation to information society services which were offered pursuant to Article 8 (1) GDPR.

Where we have made personal information public and are required to delete it, we will implement appropriate measures – taking into account the available technology and implementation costs, including technical measures – to inform the respective data controllers processing your personal data that you have requested the deletion of any links to – or copies or replications of – said personal data.

4.4 Right to restrict processing

You have the right to ask us to restrict the processing of your personal data if one of the following conditions applies:

  • the accuracy of the personal data is disputed by you for a period of time that allows us to verify the accuracy of the personal data;
  • the processing is unlawful and you refused the deletion of the personal data and requested instead the restriction of the use of the personal data;
  • the personal data is no longer required for the purposes of processing, but you need the data to assert, exercise or defend legal claims;
  • You have objected to the processing pursuant to Article 21(1) GDPR, as long as it has not yet been determined whether the legitimate reasons of our company outweigh yours.

4.5 Right of data portability

You have the right to receive the personal data relating to you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transfer that data to another controller without hindrance from us, provided that

  • the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR; and
  • the processing is carried out using automated procedures.

In exercising your right to data portability pursuant to paragraph 1, you have the right to arrange for the personal data to be transmitted by us directly to another data controller, insofar as this is technically feasible.

4.6 Right of objection

You have the right, for reasons related to your personal situation, to object at any time to the processing of your personal data pursuant to the first sentence of Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions. If you object, we will not process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or if the processing serves the purpose of enforcing, pursuing or defending against legal claims.

If your personal data is processed by us for the purpose of direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, to the extent that it is associated with such direct advertising.

4.7 Right to revoke your consent with regard to data protection

You have the right to revoke your consent to the processing of your personal data at any time.

4.8 Right of appeal to a supervisory authority

Should you believe the processing of your personal data to be unlawful, you have the right to appeal to a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged breach, in accordance with Article 77 GDPR.

A list of the supervisory authorities (for the non-public area) with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

5. Privacy relating to applications

5.1 Softgarden applicant portal

On our website, we offer you the opportunity to conveniently apply for a listed vacancy via a specially provided or linked portal. We use the application platform provided by softgarden e-recruiting GmbH, Tauentzienstrasse 14, 10789 Berlin.

As part of your application process, documents uploaded by you are processed and analyzed to extract CV data and convert it into a structured form (so-called "CV parsing"). To ensure data subject rights and security standards, an order processing contract was concluded with the service provider. The processor is the ISO27001 certified provider Textkernel B.V. Nieuwendammerkade 26 A 5, (1022AB) Amsterdam, The Netherlands. The data processing takes place within the EU on servers in the Netherlands and Germany.

The legal basis for the processing is § 26 para. 1 sentence 1 Federal Data Protection Act as well as Article 6 para. 1 sentence 1 (f) GDPR , in order to initiate an employment relationship and to make the application process efficient for you. Personal data is not transferred to third countries. Your data will be routinely deleted in accordance with the relevant retention periods.

Further privacy information about the softgarden portal is available via the following link: https://wsw-software.softgarden.io/de/data-security.

5.2 Interviews with applicants via video conference

See point 3.2 Videoconference function Microsoft Teams

 

6. Data security

We endeavor to implement all technical and organizational security measures that are necessary to protect your personal data against unauthorized access and misuse at all times. We only process your personal data if we are able to do so in accordance with the applicable data protection legislation.

If personal data is stored or processed, the associated activities are carried out exclusively by certified data center operators (see "Hosting"). To ensure the security of your data during transmission, we use encryption technologies (such as SSL) over HTTPS. Our servers are protected by firewalls and antivirus software. Furthermore, back-up and recovery procedures as well as role and authorization concepts are a matter of course for us.

Our employees are obliged to observe the regulations of the GDPR and the German Federal Data Protection Act (BDSG) when handling data.

7. Automatic decision-making

We do not conduct automated decision-making on the basis of the personal data we collect.

8. Transfer of data to third parties, no data transfer to non-EU/EEA countries

In principle, we use your personal data exclusively within our company.

If and to the extent that we engage third parties for the performance of contracts, they only receive transmitted personal data within the scope necessary to perform the corresponding service.

In the event that we outsource certain parts of the data processing ("order processing"), we contractually obligate our processors to use the personal data exclusively in accordance with the applicable data protection legislation and to ensure the protection of the data subject's rights.

Apart from the cases specified in this Privacy Policy, no data is transmitted to bodies or persons outside the EU; neither is such a transfer planned.

9. Changes to the Privacy Policy

WSW Software GmbH reserves the right to change this Privacy Policy in order to adapt it to changes to the legislation or to changes to the service and the data processing. However, this only applies to our policy with regard to data processing. To the extent that the users' consent is required or if elements of the Privacy Policy contain provisions governing the contractual relationship with users, the changes shall only be made with the users' consent.

We request that the users of our services regularly review the contents of our Privacy Policy.

Version date: September 2021 / Version 6.2