1.)General information on the processing of personal data
Protecting your personal data is particularly important to us. Therefore, we hereby wish to inform you
in detail which personal data are processed when you use our websites and services.
Data Controlller according to GDPR is:
Ninox Software GmbH
Authorized managing dirctor: Frank Böhmer
- Kastanienallee 32, 10435 Berlin, Deutschland
- Fax: +49 30 7001431160
- e-Mail: firstname.lastname@example.org
- Internet: http://ninox.com
- Telefon: +49 30 288 69 807
- (hereinafter: “Ninox”). More detailed information can be found in our Imprint.
Designated Data Protection Officer according to Art. 37 ff. General Data Protection Regulation („GDPR“) is:
- Falk Schmidt
- FS / CS GmbH
- Mühlstr. 13-15, 63667 Nidda, Germany
- Phone: +49 6043 57590-50
- E-mail: email@example.com
We only process personal data in strict accordance with the pertinent data protection provisions. That
means that the data are only processed when doing so is legally permissible. That means especially: when
processing the data is necessary in order for us to fulfil our contractual obligations and provide our
online-services; is legally required; consent has been given; due to our legitimate interests (i.e.
interests in the analysis, optimization, economic operation and security of our online-services pursuant
to Art. 6 Para. 1 lit. f. GDPR, especially in the context of reach measurement, the creation of profiles
for promotion and marketing purposes as well as the collection of access data and the use of third-party
The legal basis for consent is provided in Art. 6 Para. 1 lit. a and Art. 7 GDPR, the legal basis for
data processing for purposes of fulfilling our services and contractual measures is Art. 6 Para. 1 lit b
GDPR, the legal basis for processing data in order to meet our legal obligations is Art. 6 Para. 1 lit.
c GDPR, and the legal basis for processing data with a view to upholding our legitimate interests is
provided by Art. 6 Para. 1 lit. f GDPR.
You have the following rights in relation to us with regard to the personal data concerning you:
- Right of access (Art. 15 GDPR),
- Right to rectification and erasure (Art. 16 and 17 GDPR),
- Right to restriction of processing (Art. 18 GDPR),
- Right to object processing (Art. 21 GDPR),
- Right to data portability (Art. 20 GDPR).
Furthermore, you have the right to complain to a supervisory authority for data protection about the
processing of your data by us.
We would like to point out that any possible consent you have given pertaining to data protection can be
revoked at any time, effective immediately. The same applies when you have given consent to be
approached in a promotional manner. To do so, please contact us informally via e-mail at:
firstname.lastname@example.org. Such revocation can result in our services no longer being available at all, or only
Insofar as we base the processing of your data on a balancing of interests (Art. 6 Para. 1 Sent. 1 lit.
f GDPR), you can object to such processing. In exercising such an objection, we kindly ask that you
present the reasons why we should not process your data in the manner in which we have processed them.
Should you voice a justified objection, we examine the factual circumstances of the matter and will then
either cease processing of your data, modify how your data are processed, or illustrate the compelling
legitimate grounds on basis of which we will continue to process your data.
3.)Transmission of data to third parties and third party providers
We only pass your data on to third parties if doing so is necessary for contractual purposes pursuant to
Art. 6 Para. 1 lit. b GDPR or can be justified on the basis of legitimate interests pursuant to Art. 6
Para. 1 lit. f GDPR.
In the event that we employ subcontractors in order to provide our services, we shall take appropriate
legal precautions and corresponding technical and organisational measures in order to ensure that your
personal data are protected in accordance with the applicable statutory provisions.
Where third-party providers are stated in this privacy statement and the stated registered offices of
those third party providers are situated in a third country, it should be assumed that data are
transferred to the countries in which the third party providers have their registered offices. We only
process your data in third countries: if doing so is necessary in order for us to meet our
(pre)contractual obligations (Art. 6 Para. 1 lit. a GDPR); on the basis of your consent (Art. 6 Para. 1
lit. a GDPR), due to a legal obligation (Art. 6 Para. 1 lit. c GDPR), or; on the basis of our legitimate
interests (Art. 6 Para. 1 lit. f GDPR). The same applies for the processing of data by third parties on
our behalf, the disclosure of your personal data to third parties and their transmission to third
The data we store shall be deleted as soon as they are no longer needed for the purpose for which they
are being stored and the law does not prescribe a statutory duty for the data to be retained. In the
event that data are not deleted on grounds that they are still required for other or legally admissible
reasons, their processing shall be restricted. This means that the data shall be blocked and shall not
be processed for other purposes. This applies, for instance, for data that have to be kept for reasons
pertaining to trade or tax law.
In accordance with the pertinent legal provisions, such data shall be stored for 6 years pursuant to
Section 257 Para. 1 German Commercial Code (commercial books, inventories, opening balance sheets,
annual financial statements, trade letters, accounting records, etc.) and ten years pursuant to Section
147 Para. 1 of the German Fiscal Code (accounts, records, situation reports, accounting records, trade
or business letters, documents relevant for taxation, etc.).
5.)Data processing activities when you visit our websites
If you use our websites for informational purposes only, i. e. if you do not lodge a request or query,
do not log in or otherwise provide us with personal information, we process such data that your browser
transmits to our server and which are technically necessary in order for us to display our websites to
you and to guarantee stability and security:
- Date and time of the request,
- Duration of visit to the website
- Time zone difference to Greenwich Mean Time (GMT),
- Content of the request (specific site/page),
- Access status/HTTP-status code,
- Respective data amount transferred,
- Website that the request is coming from,
- Which webpages you visit when on our website,
- Internet service provider,
- Browser type,
- Server Log Files,
- Operating system and its interface,
- Language and version of the browser software.
The legal basis is Art. 6 Para. 1 Sent. 1 lit. f GDPR, namely our legitimate interest in displaying the
websites that are called up.
In addition to the aforementioned data, cookies are saved to your device when you use our websites.
Cookies are small text files which are saved on your hard drive and associated to your browser and which
provide us with information. They serve to make our web-services more user-friendly and efficient. The
legal basis is provided in Art. 6 Para. 1 Sent. 1 lit. f GDPR, namely our legitimate interest in
improving the user-friendliness of our web-services and to evaluate our online marketing activities.
You can configure your browser settings to meet your preferences, for instance by refusing to accept
cookies. We do point out that if you do so, you may not be able to use all of the functions and features
of our websites.
6.1 )Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC, Amphitheatre Parkway,
generated by the cookie regarding your use of our websites is usually transmitted to and stored
on a Google server in the USA.
If IP-anonymisation is activated, within member states of the European Union and other parties
to the Agreement on the European Economic Area Google shortens your IP-address prior to
transmission to the USA. In highly exceptional cases, the full IP-address is transmitted to a
Google server in the USA and shortened there. IP-anonymisation is activated in our web service.
Upon our request, Google shall use this information to analyse the use of our websites, to
compile activity reports and to provide us with other services related to the use of our
websites and the internet.
According to Google, the IP-address that your browser passes on to Google Analytics is not
combined with any other Google data. We complementarily refer to Google’s data protection
policy. You can prevent Google from capturing and subsequently processing the data generated by
the cookie and which refer to your usage (including your IP-address) by downloading and
installing a browser-plugin.
6.2 )Google AdWords Conversion Tracking
We use the online advertising program “Google AdWords”, and within Google AdWords we use the
Conversion Tracking feature. Google Conversion Tracking is an analytical service provided by
Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). If you click on an ad
placed by Google, a conversion tracking cookie is stored to your device.
If you visit certain pages on our website and the cookie has not yet expired, both we and Google
can see that you clicked on the ad and were subsequently redirected to the webpage. Every
Google-AdWords customer has a different cookie. Cookies can, therefore, not be tracked or traced
via the websites of AdWords-customers. The information gathered by the conversion cookie is used
to compile conversion statistics for AdWords customers who use Conversion Tracking. Customers
who do can see the total number of users who have clicked on their ads and been redirected to
webpages outfitted with a Conversion Tracking tag. They do not, however, receive any information
that could serve to personally identify users.
Further information is available here and in Google’s data protection policy.
6.3 )Google Dynamic Remarketing
We use the remarketing or “Similar Audiences” function provided by Google LLC, Amphitheatre
Parkway, Mountain View, CA 94043, USA (“Google”) on our websites. Using this function, we can
address you, as a visitor of our websites, with targeted advertising by displaying personalized,
interests-based ads when you visit other websites that are also part of the Google Display
foundation for providing interests-based advertising. To do so, Google saves a small file
containing a numerical sequence in your browser. Via this number, visits to the website as well
as anonymised website usage data are collected. No personal data of visitors to the website are
stored. Should you visit another website that belongs to the Google Display Network, ads will be
displayed that are very likely to reflect product and information categories that you have
browser-plugin. Further information on Google Remarketing can be found in Google’s data
Doubleclick by Google is a service provided by Google LLC, Amphitheatre Parkway, Mountain View,
of relevance for you. To do so, your browser is assigned a pseudonymous identification number
(ID) in order to determine which ads have been displayed in your browser and which ads were
clicked on. The cookies contain no personal information. Use of the Doubleclick-cookies only
enables Google and its partner-websites to display ads on the basis of previous visits to our
website or other websites on the internet.
The information generated by the cookies is transmitted by Google to a server in the USA for
analysis and storage. Google only transfers data to third parties when so required by law or in
the context of commissioned data processing. Google shall under no circumstances combine your
data with other data collected by Google. By using our websites, you declare that you accept
that Google processes the data collected about you, the fashion in which they are processed
described above, and the purpose for which they are collected and processed.
You can prevent that the website-usage data are collected by the cookies and that these data are
processed by Google by downloading and installing the DoubleClick deactivation expansion
Within our online offer, due to our legitimate interests in the analysis, optimization and
economic operation of our web services and for these purposes, we use the so-called
"Facebook-Pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker
Way, Menlo Park, CA 94025, USA, or, if you are an EU resident, Facebook Ireland Ltd, 4 Grand
Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
On the one hand, the Facebook-Pixel enables Facebook to identify users of our online services as
the target group for the display of advertisements (so-called “Facebook-Ads”). Accordingly, we
use the Facebook-Pixel to ensure as far as possible that the Facebook-Ads we have placed are
only displayed to those Facebook-Users who have expressed an interest in our online services or
who exhibit certain criteria or attributes (f. ex. interests in certain topics or products as
ascertained based on the websites the user has visited) that we transmit to Facebook (so-called
“Custom Audiences”). By using the Facebook-Pixel, we furthermore aim to ensure that our
Facebook-Ads correspond to the potential interests of the users and do not come across as
disturbing, harassing or annoying. Moreover, using the Facebook-Pixel helps us to understand the
effectiveness of Facebook-Ads for statistical and market research purposes, in that we can see
whether users are directed to our website after clicking on a Facebook-Ad (so-called
The Facebook-Pixel is immediately integrated when one of our web pages is opened, and can store
a so-called cookie, i. e. a small file, on your device. If you subsequently log in to Facebook
or visit Facebook while logged in, your visit to our online service is assigned to your profile.
The data collected which pertain to you are anonymous to us, and thus do not allow us to infer
the identity of users. The data are, however, stored and processed by Facebook, so that they
could be linked to the respective user profile and used by Facebook or for our own market
research and advertising purposes. In the event that we should transfer data to Facebook for
matching purposes, such data are locally encrypted by the browser and are only then transferred
to Facebook via a secure https-connection. This is done solely for the purpose of making a
comparison with the data that have likewise been encrypted by Facebook.
Facebook processes the data in accordance with Facebook’s Data Usage Policy. Special information
and details on the Facebook-Pixel and how it works can be found in Facebook’s help section.
You can opt out of your data being collected by the Facebook-Pixel and used to display
Facebook-Ads. In order to customize which types of advertisements are displayed for you within
Facebook, you can open the respective page provided by Facebook and follow the instructions for
setting up use-based advertising.
6.6 )Capterra Conversion tracking
We use Capterra for our online marketing activities. Capterra is operated by Capterra Inc,
a software company with headquarters at 1201 Wilson Blvd, 9th Floor, Arlington, VA 22209, USA
If you trigger a so-called conversion event on a Ninox website (e.g. registration of a user
account or request for a product demo) Capterra sets cookies, which are needed for marketing
and analysis purposes and sends the information that a conversion event has taken place to the
servers of Capterra Inc. No personal data is transmitted to Capterra Inc.
The legal basis for the use of this service is Art. 6 I f GDPR - legitimate interest.
Our legitimate interest in the use of this service is that we must be able to evaluate
the profitability of our Capterra marketing campaigns and to optimize the use of our website.
7.)Data processing when you contact us
When you contact us via E-mail, telephone or a contact form, we process the data you provide (f. ex.
E-mail address, name, telephone number, or the content of the request) in order to respond to your
questions and/or to process your requests. The legal basis is provided by Art. 6 Para. 1 lit. b GDPR.
8.)Data processing during the performance of contract
If you use our application, we process your contact and payment data as well as your communication,
contract and usage data in order to fulfil, process and invoice the contractual services described in
our General Terms and Conditions. All aforementioned types of data, with the exception of communication
and usage data, are necessary for the conclusion of the contract. Without them, the contract cannot be
concluded. For the aforementioned purpose, your data may be transferred to service providers (hosters,
operators of communications applications and other service providers) who support us with our business,
who we have of course selected with the utmost care and diligence and who are bound to our instructions.
Such service providers include, in particular, providers of technical services who support us in
rendering our services.
The existing contractual relationship constitutes the legal basis (Art. 6 Para. 1 Sent. 1 lit. b. GDPR).
We send out e-mails and other electronic notifications with promotional information (hereinafter:
“newsletter”) only with your consent or when we are legally permitted to do so. The newsletters contain
information about our products, services, campaigns and our company. By subscribing to our newsletter,
you declare your consent to receiving it.
The use of a delivery service provider, the conduction of statistical surveys and analyses as well as
the logging of the registration process all occur on the basis of our legitimate interests pursuant to
Art. 6 Para. 1 lit. f GDPR. Our interest lies in providing a user-friendly and secure newsletter system
that both serves our business interests and meets your expectations.
You can withdraw your consent to receive our newsletter at any time. A respective withdrawal link is
provided at the end of each newsletter.
We employ technical and organizational security measures to protect the data we have gathered,
especially against accidental or deliberate manipulation, loss, destruction or attack by unauthorized
persons. Our security measures are subject to continuous improvement in line with technological advances
if they are reasonable and can be reasonably expected of you. In such cases, you will be informed in due
time via E-mail, on our websites, in our application or via other means. You have the right to object to
to the new policy, we reserve the right to terminate the contractual relationship. You are assumed to
agree with the new policy should you not state otherwise within the given time frame. When notifying you