Data protection
Declaration on data protection
It is important to us that we use your personal data only in accordance with the applicable data protection laws and that we act in a transparent manner towards you, with regard to the use of your data. This privacy policy explains what data we collect from you on our website, why we collect it, how we use the collected data and what options and rights you have with regard to the processing of your personal data.
I. Name and address of the data controller
The data controller in accordance with data protection regulation is
CADIS GmbH, Oberanger 34-36, c/o Arnecke Sibeth Dabelstein, 80331 Munich, Germany
Email: info(at)cadissoftware.com, Web: https://www.cadissoftware.com
Tel. +49-89-54198162
II. Contact data of the data protection officer
You can contact our data protection officer as follows:
Data Protection Officer, CADIS GmbH, Oberanger 34-36, c/o Arnecke Sibeth Dabelstein, 80331 Munich, Germany,
info(at)cadissoftware.com, tel. +49-89-54198162
III. General information on data processing
1. Scope of the processing of personal data
We collect and use the personal data of our users only to the extent necessary for the provision of a functioning website and of our content and services.
The collection and use of the personal data of our users generally occurs only with the user's consent.
An exception applies in those cases where the prior obtention of consent is not possible for practical reasons, and where the processing of the data is permitted by law.
2. Legal basis for the processing of personal data
Insofar as we obtain consent for the processing of personal data from the person concerned, Section 6(1a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
With regard to the processing of personal data required for the performance of a contract to which the affected person is party, Section 6(1b) GDPR shall serve as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
As far as the processing of personal data is required for compliance with a legal obligation to which our company is subject, Section 6(1c) GDPR shall serve as the legal basis.
If processing is required in order to maintain a legitimate interest of our company or that of a third party, and if the interests, fundamental rights and freedoms of the party concerned do not outweigh the former interest, then Section 6(1f) GDPR shall serve as the legal basis for the processing.
3. Deletion of data and duration of storage
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer exists.
In addition, storage may occur if provision is made for it by European or national legislators in EU legal regulations, laws or other rules to which the data controller is subject.
The blocking or deletion of data is then also carried out if the specified storage period specified under the standards referred to expires, unless the data needs to be stored for a further period of time for the purpose of the conclusion of a contract or contract performance.
IV. Provision of website and creation of log files
1. Description and scope of data processing
Upon every visit to our website, our web server automatically collects data and information from the system of the computer used to visit the website.
The following data is collected:
1. Information about the browser type and version used
2. Operating system of the user
3. IP address of the user
4. Date and time of access
5. Websites from which the user's system accessed our website
The data is also stored in the log files of our web server. This data is not stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Section 6(1f) GDPR.
3. Purpose of the data processing
The temporary storage of the IP address by the web server is necessary to enable the website to be delivered to the user's computer. This requires the storage of the user's IP address for the duration of the session.
Storage in log files is carried out to ensure the functionality of the website. In addition, the data helps us to optimize the website and to ensure the safety of our information technology systems. No evaluation of the data for marketing purposes takes place in this context.
Our legitimate interest in the processing of data also lies within these purposes, pursuant to Section 6(1f) GDPR.
4. Duration of storage
The data will be deleted as soon as it is no longer required for the achievement of the purpose of its collection. In the case of the collection of data for the provision of the website, this is the case if the session has finished.
In the case of storing the data in log files, this is the case after seven days at the latest. Storage which exceeds these time periods is possible. In this case, the IP addresses of the users are deleted or altered, so that assignment to the accessing client is no longer possible.
5. Opposition and removal possibility
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the internet page. There is therefore no possibility of the user opting out of this.
V. Webshop
1. Description and scope of data processing
Registration
Before the webshop site can be used, we make an agreement with your company about the use of the webshop (hereinafter referred to as "Agreement"). In this context, your company defines the authorized users and collects the required contact data. If this is personal data, your company will ask for your consent.
Your company will provide us with the contact details of authorized users.
- Name
- Email address
- Telephone number
You will receive an email with the access data. The registrations for the webshop are logged.
The following data is collected during registration:
- Email address
- Access data (date and time of the visit, the IP address used, browser type and operating system as well as the pages visited and the origin page)
Based on the existing webshop agreement between your company and CADIS GmbH:
- Name, contact data (e-mail, telephone numbers) of the customer
- Delivery and billing address of your company
Based on your order:
- Shopping cart
2. Legal basis for data processing
The legal basis for the processing of the data after the user's registration for the webshop is Section 6(1a) GDPR, where the user has provided consent.
The legal basis for the logging of the registration procedure and the implementation of webshop tracking is Section 6(1f) GDPR.
3. Purpose of the data processing
The storage of data serves to provide our products and services.
The collection of the email address and the name of the user is used to deliver the webshop and to personalize it.
The logging of the time of registration and confirmation, and of the IP address is to provide evidence of the registration process, in accordance with the legal requirements.
webshop tracking is used to provide a better insight into your interests. The storage and processing of this data is done solely for the purpose of being able to give the users relevant content. Rather, the evaluations help us to learn about our users' reading habits and to adapt our content to the latter, and/or to send different content to our users in accordance with their respective interests.
Our legitimate interest in the processing of data also lies within this purpose, pursuant to Section 6(1f) GDPR.
4. Duration of storage
The data will be deleted as soon as it is no longer required for the achievement of the purpose of their collection.
5. Opposition and removal possibility
Your company asks for your consent for collection by your company and processing by us.
Therefore you can:
- assert with your company your rights regarding:
access, erasure, rectification, objection - exercise with CADIS GmbH your right of access to your data.
VI. Telemarketing (UK only)
1. Description and scope of data processing
We collect personal data in the following ways:
- When you provide your contact details to us
- when requesting information about our products or services, either via the telephone, our online enquiry forms or face-to-face
- When you give us your business card
- When you sign up for our webshop
- When you register to attend one of our webinars
- When we meet you at trade shows
- When you engage with us through social media
- When we call to speak to you or other employees at your business
- Via openly available public sources (e.g. LinkedIn, company websites or Google searches).
We collect the following data:
- Business contact data (full name, email address, postal address, job title, company name)
- Contact history of communication and conversations with CADIS GmbH employees
2. Recipients
In supplying marketing information as well as product, service and company updates and information, we are supported by our service provider Shortlist Marketing Ltd, Space 2
Dakeyne Street, Nottingham, NG3 2AR. An email providing updated product and services is distributed using Shortlist Marketing email system. The email addresses of our recipients and the data collected during the registration process are stored on Shortlist Marketing servers in UK. No forwarding to other third parties takes place.
Shortlist Marketing uses this information for the purposes of distribution and evaluation of prospects, ex-customers and suppliers on our behalf. We have concluded an agreement with Shortlist Marketing regarding the processing. It is a contract through which Shortlist Marketing is committed to protect the privacy of our recipients, to process such data on our behalf exclusively according to our data protection provisions and, in particular, not to pass it on to third parties or to combine it with other data.
3. Legal basis for data processing
The legal basis for the collection of the data and the distribution of marketing information is our legitimate interest (Section 6(1f) GDPR.). We have balanced with the interests of our prospects, suppliers and other business contacts. A copy of our balance test is available on request.
4. Purpose of the data processing
Processing personal data is necessary to enable us to contact targeted prospects at relevant organizations regarding our products and services. This will include marketing information as well as product, service and company updates and information.
Our legitimate interest in the processing of data also lies within this purpose, pursuant to Section 6(1f) GDPR.
5. Duration of storage
CADIS GmbH will store relevant personal data under the terms of Legitimate Interest on prospects for no longer than a 5 year period.
6. Opposition and removal possibility
The subscription may be cancelled at any time by the relevant user. To this end, there is a corresponding link in every email.
This link also provides the option to withdraw consent of the storage of personal data collected during the registration process and during webshop tracking. Separate cancellation is unfortunately not possible.
VII. Your rights
If your personal data is processed, then you are the "party concerned" within the meaning of the GDPR, and you have the following rights vis-à-vis the data controller:
1. Right to information
You can request confirmation from the data controller as to whether personal data relating to you is being processed by us.
If such processing is indeed taking place, you can request the following information from the data controller:
(1) the purposes for which the personal data is being processed;
(2) the categories of personal data which are being processed;
(3) the recipients and/or categories of recipients to whom the personal data has been or will be disclosed;
(4) the planned duration of the storage of personal data relating to you or, if specific details are not available in this respect, the criteria for determining the duration of storage;
(5) the existence of a right to correction or deletion of personal data concerning you, of the right to limitation of processing by the data controller or of the right to object to this processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information concerning the source of the data, if the personal data is not collected from the person concerned;
(8) the existence of an automated decision-making system including profiling according to Section 22(1) and (4) of the GDPR and – at least in these cases – significant information as to the logic involved and the scope and desired impact of such processing for the person concerned.
You have the right to demand information as to whether your personal data is transferred to a third country or to an international organisation. In this context, you may demand information regarding the appropriate guarantees according to Section 46 GDPR, in connection with such transfer.
2. Right to correction
You have a right to have the data controller corrected and/or complete your processed personal data, where it is inaccurate, or incomplete. We will undertake this correction immediately.
3. Right to restriction of processing
In the following situations, you may demand the restriction of the processing of personal data concerning you:
(1) if you dispute the accuracy of your personal data for a period of time which allows the data controller to check the correctness of the personal data;
(2) the processing is unlawful and your waive the right to have your personal data deleted, and instead demand the restriction of the use of the personal data;
(3) the data controller no longer requires the personal data for the purposes of processing, but does require it for the assertion, exercise or defense of legal claims, or
(4) if you raise an objection to the processing in accordance with Section 21(1) GDPR and it has not yet been decided whether our legitimate reasons as the data controller prevail over the grounds you cite.
If the processing of personal data has been restricted, this data – irrespective of its storage – may only be processed with your consent or for the assertion, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of substantial public interests of the European Union or of a Member State.
If the restriction on processing has itself been restricted according to the aforementioned conditions, you will be informed by the data controller before the restriction is lifted.
4. Right to deletion
a) Deletion obligation
You may demand of the data controller that your personal data is deleted immediately, and the data controller is obliged to immediately delete this data insofar as one of the following reasons applies:
(1) Your personal data is no longer necessary for the purposes for which they were collected or processed in any other way.
(2) You revoke your consent to processing based on Section 6(1a) or Section 9(2a) GDPR, and there is a lack of any legal basis for the processing.
(3) Your raise an objection against the processing of the data, pursuant to Section 21(1) GDPR, and no legitimate reasons for processing exist, or you raise an objection against the processing pursuant to Section 21(2) GDPR.
(4) Your personal data has been processed unlawfully.
(5) The deletion of your personal data is required in order to comply with a legal obligation in accordance with EU law or the law of the Member States to which the data controller is subject.
(6) Your personal data is collected in relation to services rendered by the information society in accordance with Section 8(1) GDPR.
b) Information for third parties
If the data controller has made your personal data public and if it is obliged to delete it pursuant to Section 17(1) GDPR, then it shall perform appropriate measures – taking into account the available technology and the implementation costs – including measures of a technical nature, in order to inform the party responsible for the data processing that you, as a person concerned, have demanded the deletion of all links to this personal data and of any copies or replicas of this personal data.
c) Exceptions
The right of deletion does not apply if the processing is required:
(1) to ensure the exercise of the right to freedom of expression and information;
(2) for the fulfilment of a legal obligation, where the latter requires processing in accordance with EU law or the law of the Member States to which the data controller is subject, or for the performance of a task carried out in the public interest or in the exercise of public authority, where this has been transferred to the data controller;
(3) for the assertion, exercise or defense of legal claims.
5. Right to information
If you have asserted the right to correction, deletion or restriction of the processing of the data vis-à-vis the data controller, then the latter is obliged to communicate this correction, deletion or restriction to all recipients to whom the personal data has been disclosed, unless this proves to be impossible or would involve disproportionate effort.
You have the right to demand that the data controller informs you about these recipients.
6. Right to data portability
You have the right to receive the personal data you have provided to the data controller in a structured, common and machine-readable format. You also have the right to communicate this data to another data controller without interference from the data controller to whom the personal data were first provided, if
(1) the processing is based on a consent according to Section 6(1a) GDPR or Section 9 (2a) GDPR or on a contract pursuant to Section 6(1b) GDPR and
(2) the processing is performed using automated procedures.
In exercising this right, you also have the right to have your personal data transferred directly from one data controller to another, insofar as this is technically feasible. The freedoms and rights of other persons may not be affected by this.
7. Right of objection
You have the right to raise objections – at any time and for reasons related to your specific situation – to the processing of your personal data, where this processing occurs pursuant to Section 6(1e) or (1f) GDPR.
The data controller shall no longer process your personal data, unless it can state grounds worthy of defense which outweigh your interests, rights and freedoms, or unless the processing serves the assertion, exercise or defense of legal claims.
8. Right of revocation of the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. By revoking consent, the lawfulness of the processing carried out on the basis of the consent up until the time of revocation shall not be affected.
9. Right to file a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you are entitled to file a complaint with a supervisory authority in the Member State where you reside, the Member State in which your place of work is located or where the alleged infringement took place, if you are of the opinion that the processing of personal data breaches the GDPR.
The supervisory authority to which the complaint is filed will inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy pursuant to Section 78 GDPR.
Your competent supervisory authority is that of your place of residence:
- Supervisory authorities in Europe:
http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080 - Supervisory authorities in Germany are organised by federal state.