- 1. General information on the processing of personal data
- 2. Your rights
- 3. Transmission of data to third parties and third party providers
- 4. Data erasure
- 5. Data processing activities when you visit our websites
- 7. Data processing when you contact us
- 8. Data processing during the performance of contract
- 9. Newsletter
- 10. Final provisions
1. General information on the processing of personal data
Protecting your personal data is particularly important to us. Therefore, we hereby wish to inform you in detail which personal data are processed when you use our websites and services.
Data Controller according to GDPR is:
Ninox Software GmbH (hereinafter: “Ninox”).
Managing directors: Frank Böhmer, Alexander Koenig and Jürgen Thiel
More detailed information can be found in our Imprint.
Designated Data Protection Officer according to Art. 37 ff. General Data Protection Regulation („GDPR“) is:
FS / CS GmbH
Mühlstr. 13-15, 63667 Nidda, Germany
Phone: +49 6043 57590-50
We only process personal data in strict accordance with the pertinent data protection provisions. That means that the data are only processed when doing so is legally permissible. That means especially: when processing the data is necessary in order for us to fulfil our contractual obligations and provide our online-services; is legally required; consent has been given; due to our legitimate interests (i.e. interests in the analysis, optimization, economic operation and security of our online-services pursuant to Art. 6 Para. 1 lit. f. GDPR, especially in the context of reach measurement, the creation of profiles for promotion and marketing purposes as well as the collection of access data and the use of third-party services).
The legal basis for consent is provided in Art. 6 Para. 1 lit. a and Art. 7 GDPR, the legal basis for data processing for purposes of fulfilling our services and contractual measures is Art. 6 Para. 1 lit b GDPR, the legal basis for processing data in order to meet our legal obligations is Art. 6 Para. 1 lit. c GDPR, and the legal basis for processing data with a view to upholding our legitimate interests is provided by Art. 6 Para. 1 lit. f GDPR.
2. Your rights
You have the following rights in relation to us with regard to the personal data concerning you:
- Right of access (Art. 15 GDPR),
- Right to rectification and erasure (Art. 16 and 17 GDPR),
- Right to restriction of processing (Art. 18 GDPR),
- Right to object processing (Art. 21 GDPR),
- Right to data portability (Art. 20 GDPR).
Furthermore, you have the right to complain to a supervisory authority for data protection about the processing of your data by us.
We would like to point out that any possible consent you have given pertaining to data protection can be revoked at any time, effective immediately. The same applies when you have given consent to be approached in a promotional manner. To do so, please contact us informally via e-mail at: firstname.lastname@example.org. Such revocation can result in our services no longer being available at all, or only with restrictions.
Insofar as we base the processing of your data on a balancing of interests (Art. 6 Para. 1 Sent. 1 lit. f GDPR), you can object to such processing. In exercising such an objection, we kindly ask that you present the reasons why we should not process your data in the manner in which we have processed them. Should you voice a justified objection, we examine the factual circumstances of the matter and will then either cease processing of your data, modify how your data are processed, or illustrate the compelling legitimate grounds on basis of which we will continue to process your data.
3. Transmission of data to third parties and third party providers
We only pass your data on to third parties if doing so is necessary for contractual purposes pursuant to Art. 6 Para. 1 lit. b GDPR or can be justified on the basis of legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR.
In the event that we employ subcontractors in order to provide our services, we shall take appropriate legal precautions and corresponding technical and organisational measures in order to ensure that your personal data are protected in accordance with the applicable statutory provisions.
Where third-party providers are stated in this privacy statement and the stated registered offices of those third party providers are situated in a third country, it should be assumed that data are transferred to the countries in which the third party providers have their registered offices. We only process your data in third countries: if doing so is necessary in order for us to meet our (pre)contractual obligations (Art. 6 Para. 1 lit. a GDPR); on the basis of your consent (Art. 6 Para. 1 lit. a GDPR), due to a legal obligation (Art. 6 Para. 1 lit. c GDPR), or; on the basis of our legitimate interests (Art. 6 Para. 1 lit. f GDPR). The same applies for the processing of data by third parties on our behalf, the disclosure of your personal data to third parties and their transmission to third parties.
4. Data erasure
The data we store shall be deleted as soon as they are no longer needed for the purpose for which they are being stored and the law does not prescribe a statutory duty for the data to be retained. In the event that data are not deleted on grounds that they are still required for other or legally admissible reasons, their processing shall be restricted. This means that the data shall be blocked and shall not be processed for other purposes. This applies, for instance, for data that have to be kept for reasons pertaining to trade or tax law.
In accordance with the pertinent legal provisions, such data shall be stored for 6 years pursuant to Section 257 Para. 1 German Commercial Code (commercial books, inventories, opening balance sheets, annual financial statements, trade letters, accounting records, etc.) and ten years pursuant to Section 147 Para. 1 of the German Fiscal Code (accounts, records, situation reports, accounting records, trade or business letters, documents relevant for taxation, etc.).
5. Data processing activities when you visit our websites
If you use our websites for informational purposes only, i. e. if you do not lodge a request or query, do not log in or otherwise provide us with personal information, we process such data that your browser transmits to our server and which are technically necessary in order for us to display our websites to you and to guarantee stability and security:
- Date and time of the request,
- Duration of visit to the website
- Time zone difference to Greenwich Mean Time (GMT),
- Content of the request (specific site/page),
- Access status/HTTP-status code,
- Respective data amount transferred,
- Website that the request is coming from,
- Which webpages you visit when on our website,
- Internet service provider,
- Browser type,
- Server Log Files,
- Operating system and its interface,
- Language and version of the browser software.
The legal basis is Art. 6 Para. 1 Sent. 1 lit. f GDPR, namely our legitimate interest in displaying the websites that are called up.
In addition to the aforementioned data, cookies are saved to your device when you use our websites. Cookies are small text files which are saved on your hard drive and associated to your browser and which provide us with information. They serve to make our web-services more user-friendly and efficient. The legal basis is provided in Art. 6 Para. 1 Sent. 1 lit. f GDPR, namely our legitimate interest in improving the user-friendliness of our web-services and to evaluate our online marketing activities.
You can configure your browser settings to meet your preferences, for instance by refusing to accept cookies. We do point out that if you do so, you may not be able to use all of the functions and features of our websites.
6.1 Google Analytics
If IP-anonymisation is activated, within member states of the European Union and other parties to the Agreement on the European Economic Area Google shortens your IP-address prior to transmission to the USA. In highly exceptional cases, the full IP-address is transmitted to a Google server in the USA and shortened there. IP-anonymisation is activated in our web service. Upon our request, Google shall use this information to analyse the use of our websites, to compile activity reports and to provide us with other services related to the use of our websites and the internet.
According to Google, the IP-address that your browser passes on to Google Analytics is not combined with any other Google data. We complementarily refer to Google’s data protection policy. You can prevent Google from capturing and subsequently processing the data generated by the cookie and which refer to your usage (including your IP-address) by downloading and installing a browser-plugin.
6.2 Google AdWords Conversion Tracking
We use the online advertising program “Google AdWords”, and within Google AdWords we use the Conversion Tracking feature. Google Conversion Tracking is an analytical service provided by Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). If you click on an ad placed by Google, a conversion tracking cookie is stored to your device.
If you visit certain pages on our website and the cookie has not yet expired, both we and Google can see that you clicked on the ad and were subsequently redirected to the webpage. Every Google-AdWords customer has a different cookie. Cookies can, therefore, not be tracked or traced via the websites of AdWords-customers. The information gathered by the conversion cookie is used to compile conversion statistics for AdWords customers who use Conversion Tracking. Customers who do can see the total number of users who have clicked on their ads and been redirected to webpages outfitted with a Conversion Tracking tag. They do not, however, receive any information that could serve to personally identify users.
Further information is available here and in Google’s data protection policy.
6.3 Google Dynamic Remarketing
We use the remarketing or “Similar Audiences” function provided by Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) on our websites. Using this function, we can address you, as a visitor of our websites, with targeted advertising by displaying personalized, interests-based ads when you visit other websites that are also part of the Google Display Network.
The information generated by the cookies is transmitted by Google to a server in the USA for analysis and storage. Google only transfers data to third parties when so required by law or in the context of commissioned data processing. Google shall under no circumstances combine your data with other data collected by Google. By using our websites, you declare that you accept that Google processes the data collected about you, the fashion in which they are processed described above, and the purpose for which they are collected and processed.
You can prevent that the website-usage data are collected by the cookies and that these data are processed by Google by downloading and installing the DoubleClick deactivation expansion browser-plugin.
Within our online offer, due to our legitimate interests in the analysis, optimization and economic operation of our web services and for these purposes, we use the so-called "Facebook-Pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are an EU resident, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
On the one hand, the Facebook-Pixel enables Facebook to identify users of our online services as the target group for the display of advertisements (so-called “Facebook-Ads”). Accordingly, we use the Facebook-Pixel to ensure as far as possible that the Facebook-Ads we have placed are only displayed to those Facebook-Users who have expressed an interest in our online services or who exhibit certain criteria or attributes (f. ex. interests in certain topics or products as ascertained based on the websites the user has visited) that we transmit to Facebook (so-called “Custom Audiences”). By using the Facebook-Pixel, we furthermore aim to ensure that our Facebook-Ads correspond to the potential interests of the users and do not come across as disturbing, harassing or annoying. Moreover, using the Facebook-Pixel helps us to understand the effectiveness of Facebook-Ads for statistical and market research purposes, in that we can see whether users are directed to our website after clicking on a Facebook-Ad (so-called “Conversion”).
The Facebook-Pixel is immediately integrated when one of our web pages is opened, and can store a so-called cookie, i. e. a small file, on your device. If you subsequently log in to Facebook or visit Facebook while logged in, your visit to our online service is assigned to your profile. The data collected which pertain to you are anonymous to us, and thus do not allow us to infer the identity of users. The data are, however, stored and processed by Facebook, so that they could be linked to the respective user profile and used by Facebook or for our own market research and advertising purposes. In the event that we should transfer data to Facebook for matching purposes, such data are locally encrypted by the browser and are only then transferred to Facebook via a secure https-connection. This is done solely for the purpose of making a comparison with the data that have likewise been encrypted by Facebook.
Facebook processes the data in accordance with Facebook’s Data Usage Policy. Special information and details on the Facebook-Pixel and how it works can be found in Facebook’s help section.
You can opt out of your data being collected by the Facebook-Pixel and used to display Facebook-Ads. In order to customize which types of advertisements are displayed for you within Facebook, you can open the respective page provided by Facebook and follow the instructions for setting up use-based advertising.
7. Data processing when you contact us
When you contact us via E-mail, telephone or a contact form, we process the data you provide (f. ex. E-mail address, name, telephone number, or the content of the request) in order to respond to your questions and/or to process your requests. The legal basis is provided by Art. 6 Para. 1 lit. b GDPR.
To best organise and process our customer support, we use software from FrontApp Inc., 550 15th St., CA 94103 San Francisco, USA, ("FrontApp"). As a customer, you have the possibility to contact us via various channels with enquiries, such as e-mail, Facebook or Twitter.
FrontApp channels all customer enquiries in one application and helps us to organise the customer enquiries with flags (e.g. processed or solved) in order to be able to solve your enquiry as quickly as possible.
8. Data processing during the performance of contract
If you use our application, we process your contact and payment data as well as your communication, contract and usage data in order to fulfil, process and invoice the contractual services described in our General Terms and Conditions. All aforementioned types of data, with the exception of communication and usage data, are necessary for the conclusion of the contract. Without them, the contract cannot be concluded. For the aforementioned purpose, your data may be transferred to service providers (hosters, operators of communications applications and other service providers) who support us with our business, who we have of course selected with the utmost care and diligence and who are bound to our instructions. Such service providers include, in particular, providers of technical services who support us in rendering our services.
The existing contractual relationship constitutes the legal basis (Art. 6 Para. 1 Sent. 1 lit. b. GDPR).
We send out e-mails and other electronic notifications with promotional information (hereinafter: “newsletter”) only with your consent or when we are legally permitted to do so. The newsletters contain information about our products, services, campaigns and our company. By subscribing to our newsletter, you declare your consent to receiving it.
The use of a delivery service provider, the conduction of statistical surveys and analyses as well as the logging of the registration process all occur on the basis of our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR. Our interest lies in providing a user-friendly and secure newsletter system that both serves our business interests and meets your expectations.
You can withdraw your consent to receive our newsletter at any time. A respective withdrawal link is provided at the end of each newsletter.
10. Final provisions
We employ technical and organizational security measures to protect the data we have gathered, especially against accidental or deliberate manipulation, loss, destruction or attack by unauthorized persons. Our security measures are subject to continuous improvement in line with technological advances and development.