Privacy Policy

Contents

1. General information on the processing of personal data

Protecting your personal data is particularly important to us. Therefore, we hereby wish to inform you in detail which personal data are processed when you use our websites and services.

Data Controller according to GDPR is:

Ninox Software GmbH (hereinafter: “Ninox”).

Kastanienallee 32
10435 Berlin
Deutschland

Managing directors: Frank Böhmer, Alexander Koenig
More detailed information can be found in our Imprint.

Fax: +49 30 7001431160
Email: info@ninox.com
Internet: http://ninox.com
Phone: +49 30 288 69 807

Designated Data Protection Officer according to Art. 37 ff. General Data Protection Regulation („GDPR“) is:

Falk Schmidt
FS / CS GmbH
Mühlstr. 13-15, 63667 Nidda, Germany
Phone: +49 6043 57590-50
E-mail: dpo@ninox.com

We only process personal data in strict accordance with the pertinent data protection provisions. That means that the data are only processed when doing so is legally permissible. That means especially: when processing the data is necessary in order for us to fulfil our contractual obligations and provide our online-services; is legally required; consent has been given; due to our legitimate interests (i.e. interests in the analysis, optimization, economic operation and security of our online-services pursuant to Art. 6 Para. 1 lit. f. GDPR, especially in the context of reach measurement, the creation of profiles for promotion and marketing purposes as well as the collection of access data and the use of third-party services).

The legal basis for consent is provided in Art. 6 Para. 1 lit. a and Art. 7 GDPR, the legal basis for data processing for purposes of fulfilling our services and contractual measures is Art. 6 Para. 1 lit b GDPR, the legal basis for processing data in order to meet our legal obligations is Art. 6 Para. 1 lit. c GDPR, and the legal basis for processing data with a view to upholding our legitimate interests is provided by Art. 6 Para. 1 lit. f GDPR.

2. Your rights

You have the following rights in relation to us with regard to the personal data concerning you:

  • Right of access (Art. 15 GDPR),
  • Right to rectification and erasure (Art. 16 and 17 GDPR),
  • Right to restriction of processing (Art. 18 GDPR),
  • Right to object processing (Art. 21 GDPR),
  • Right to data portability (Art. 20 GDPR).

Furthermore, you have the right to complain to a supervisory authority for data protection about the processing of your data by us.

We would like to point out that any possible consent you have given pertaining to data protection can be revoked at any time, effective immediately. The same applies when you have given consent to be approached in a promotional manner. To do so, please contact us informally via e-mail at: info@ninox.com. Such revocation can result in our services no longer being available at all, or only with restrictions.

Insofar as we base the processing of your data on a balancing of interests (Art. 6 Para. 1 Sent. 1 lit. f GDPR), you can object to such processing. In exercising such an objection, we kindly ask that you present the reasons why we should not process your data in the manner in which we have processed them. Should you voice a justified objection, we examine the factual circumstances of the matter and will then either cease processing of your data, modify how your data are processed, or illustrate the compelling legitimate grounds on basis of which we will continue to process your data.

3. Transmission of data to third parties and third party providers

We only pass your data on to third parties if doing so is necessary for contractual purposes pursuant to Art. 6 Para. 1 lit. b GDPR or can be justified on the basis of legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR.

In the event that we employ subcontractors in order to provide our services, we shall take appropriate legal precautions and corresponding technical and organisational measures in order to ensure that your personal data are protected in accordance with the applicable statutory provisions.

Where third-party providers are stated in this privacy statement and the stated registered offices of those third party providers are situated in a third country, it should be assumed that data are transferred to the countries in which the third party providers have their registered offices. We only process your data in third countries: if doing so is necessary in order for us to meet our (pre)contractual obligations (Art. 6 Para. 1 lit. a GDPR); on the basis of your consent (Art. 6 Para. 1 lit. a GDPR), due to a legal obligation (Art. 6 Para. 1 lit. c GDPR), or; on the basis of our legitimate interests (Art. 6 Para. 1 lit. f GDPR). The same applies for the processing of data by third parties on our behalf, the disclosure of your personal data to third parties and their transmission to third parties.

4. Data erasure

The data we store shall be deleted as soon as they are no longer needed for the purpose for which they are being stored and the law does not prescribe a statutory duty for the data to be retained. In the event that data are not deleted on grounds that they are still required for other or legally admissible reasons, their processing shall be restricted. This means that the data shall be blocked and shall not be processed for other purposes. This applies, for instance, for data that have to be kept for reasons pertaining to trade or tax law.

In accordance with the pertinent legal provisions, such data shall be stored for 6 years pursuant to Section 257 Para. 1 German Commercial Code (commercial books, inventories, opening balance sheets, annual financial statements, trade letters, accounting records, etc.) and ten years pursuant to Section 147 Para. 1 of the German Fiscal Code (accounts, records, situation reports, accounting records, trade or business letters, documents relevant for taxation, etc.).

5. Data processing activities when you visit our websites

If you use our websites for informational purposes only, i. e. if you do not lodge a request or query, do not log in or otherwise provide us with personal information, we process such data that your browser transmits to our server and which are technically necessary in order for us to display our websites to you and to guarantee stability and security:

  • IP-address,
  • Date and time of the request,
  • Duration of visit to the website
  • Time zone difference to Greenwich Mean Time (GMT),
  • Content of the request (specific site/page),
  • Access status/HTTP-status code,
  • Respective data amount transferred,
  • Website that the request is coming from,
  • Which webpages you visit when on our website,
  • Internet service provider,
  • Browser type,
  • Server Log Files,
  • Operating system and its interface,
  • Language and version of the browser software.

The legal basis is Art. 6 Para. 1 Sent. 1 lit. f GDPR, namely our legitimate interest in displaying the websites that are called up.

6. Data processing activities via the use of cookies

In addition to the aforementioned data, cookies are saved to your device when you use our websites. Cookies are small text files which are saved on your hard drive and associated to your browser and which provide us with information. They serve to make our web-services more user-friendly and efficient. The legal basis is provided in Art. 6 Para. 1 Sent. 1 lit. f GDPR, namely our legitimate interest in improving the user-friendliness of our web-services and to evaluate our online marketing activities.

You can configure your browser settings to meet your preferences, for instance by refusing to accept cookies. We do point out that if you do so, you may not be able to use all of the functions and features of our websites.

6.1 Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics also uses cookies. The information generated by the cookie regarding your use of our websites is usually transmitted to and stored on a Google server in the USA.

If IP-anonymisation is activated, within member states of the European Union and other parties to the Agreement on the European Economic Area Google shortens your IP-address prior to transmission to the USA. In highly exceptional cases, the full IP-address is transmitted to a Google server in the USA and shortened there. IP-anonymisation is activated in our web service. Upon our request, Google shall use this information to analyse the use of our websites, to compile activity reports and to provide us with other services related to the use of our websites and the internet.

According to Google, the IP-address that your browser passes on to Google Analytics is not combined with any other Google data. We complementarily refer to Google’s data protection policy. You can prevent Google from capturing and subsequently processing the data generated by the cookie and which refer to your usage (including your IP-address) by downloading and installing a browser-plugin.

6.2 Google AdWords Conversion Tracking

We use the online advertising program “Google AdWords”, and within Google AdWords we use the Conversion Tracking feature. Google Conversion Tracking is an analytical service provided by Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). If you click on an ad placed by Google, a conversion tracking cookie is stored to your device.

If you visit certain pages on our website and the cookie has not yet expired, both we and Google can see that you clicked on the ad and were subsequently redirected to the webpage. Every Google-AdWords customer has a different cookie. Cookies can, therefore, not be tracked or traced via the websites of AdWords-customers. The information gathered by the conversion cookie is used to compile conversion statistics for AdWords customers who use Conversion Tracking. Customers who do can see the total number of users who have clicked on their ads and been redirected to webpages outfitted with a Conversion Tracking tag. They do not, however, receive any information that could serve to personally identify users.

Further information is available here and in Google’s data protection policy.

6.3 Google Dynamic Remarketing

We use the remarketing or “Similar Audiences” function provided by Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) on our websites. Using this function, we can address you, as a visitor of our websites, with targeted advertising by displaying personalized, interests-based ads when you visit other websites that are also part of the Google Display Network.

Google uses cookies in order to conduct the website-usage analyses that constitute the foundation for providing interests-based advertising. To do so, Google saves a small file containing a numerical sequence in your browser. Via this number, visits to the website as well as anonymised website usage data are collected. No personal data of visitors to the website are stored. Should you visit another website that belongs to the Google Display Network, ads will be displayed that are very likely to reflect product and information categories that you have previously visited.

You can permanently deactivate the use of cookies by Google by downloading and installing a browser-plugin. Further information on Google Remarketing can be found in Google’s data protection policy.

6.4 Doubleclick

Doubleclick by Google is a service provided by Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Doubleclick by Google uses cookies in order to show you ads that are of relevance for you. To do so, your browser is assigned a pseudonymous identification number (ID) in order to determine which ads have been displayed in your browser and which ads were clicked on. The cookies contain no personal information. Use of the Doubleclick-cookies only enables Google and its partner-websites to display ads on the basis of previous visits to our website or other websites on the internet.

The information generated by the cookies is transmitted by Google to a server in the USA for analysis and storage. Google only transfers data to third parties when so required by law or in the context of commissioned data processing. Google shall under no circumstances combine your data with other data collected by Google. By using our websites, you declare that you accept that Google processes the data collected about you, the fashion in which they are processed described above, and the purpose for which they are collected and processed.

You can prevent that the website-usage data are collected by the cookies and that these data are processed by Google by downloading and installing the DoubleClick deactivation expansion browser-plugin.

6.5 Facebook-Marketing-Services

Within our online offer, due to our legitimate interests in the analysis, optimization and economic operation of our web services and for these purposes, we use the so-called "Facebook-Pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are an EU resident, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").

On the one hand, the Facebook-Pixel enables Facebook to identify users of our online services as the target group for the display of advertisements (so-called “Facebook-Ads”). Accordingly, we use the Facebook-Pixel to ensure as far as possible that the Facebook-Ads we have placed are only displayed to those Facebook-Users who have expressed an interest in our online services or who exhibit certain criteria or attributes (f. ex. interests in certain topics or products as ascertained based on the websites the user has visited) that we transmit to Facebook (so-called “Custom Audiences”). By using the Facebook-Pixel, we furthermore aim to ensure that our Facebook-Ads correspond to the potential interests of the users and do not come across as disturbing, harassing or annoying. Moreover, using the Facebook-Pixel helps us to understand the effectiveness of Facebook-Ads for statistical and market research purposes, in that we can see whether users are directed to our website after clicking on a Facebook-Ad (so-called “Conversion”).

The Facebook-Pixel is immediately integrated when one of our web pages is opened, and can store a so-called cookie, i. e. a small file, on your device. If you subsequently log in to Facebook or visit Facebook while logged in, your visit to our online service is assigned to your profile. The data collected which pertain to you are anonymous to us, and thus do not allow us to infer the identity of users. The data are, however, stored and processed by Facebook, so that they could be linked to the respective user profile and used by Facebook or for our own market research and advertising purposes. In the event that we should transfer data to Facebook for matching purposes, such data are locally encrypted by the browser and are only then transferred to Facebook via a secure https-connection. This is done solely for the purpose of making a comparison with the data that have likewise been encrypted by Facebook.

Facebook processes the data in accordance with Facebook’s Data Usage Policy. Special information and details on the Facebook-Pixel and how it works can be found in Facebook’s help section.

You can opt out of your data being collected by the Facebook-Pixel and used to display Facebook-Ads. In order to customize which types of advertisements are displayed for you within Facebook, you can open the respective page provided by Facebook and follow the instructions for setting up use-based advertising.

7. Data processing when you contact us

When you contact us via E-mail, telephone or a contact form, we process the data you provide (f. ex. E-mail address, name, telephone number, or the content of the request) in order to respond to your questions and/or to process your requests. The legal basis is provided by Art. 6 Para. 1 lit. b GDPR.

8. Data processing during the performance of contract

If you use our application, we process your contact and payment data as well as your communication, contract and usage data in order to fulfil, process and invoice the contractual services described in our General Terms and Conditions. All aforementioned types of data, with the exception of communication and usage data, are necessary for the conclusion of the contract. Without them, the contract cannot be concluded. For the aforementioned purpose, your data may be transferred to service providers (hosters, operators of communications applications and other service providers) who support us with our business, who we have of course selected with the utmost care and diligence and who are bound to our instructions. Such service providers include, in particular, providers of technical services who support us in rendering our services.

The existing contractual relationship constitutes the legal basis (Art. 6 Para. 1 Sent. 1 lit. b. GDPR).

9. Newsletter

We send out e-mails and other electronic notifications with promotional information (hereinafter: “newsletter”) only with your consent or when we are legally permitted to do so. The newsletters contain information about our products, services, campaigns and our company. By subscribing to our newsletter, you declare your consent to receiving it.

The use of a delivery service provider, the conduction of statistical surveys and analyses as well as the logging of the registration process all occur on the basis of our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR. Our interest lies in providing a user-friendly and secure newsletter system that both serves our business interests and meets your expectations.

You can withdraw your consent to receive our newsletter at any time. A respective withdrawal link is provided at the end of each newsletter.

10. Final provisions

We employ technical and organizational security measures to protect the data we have gathered, especially against accidental or deliberate manipulation, loss, destruction or attack by unauthorized persons. Our security measures are subject to continuous improvement in line with technological advances and development.

Given the constant technical advances in our services, we shall update our privacy policy from time to time. Where the changes to our privacy policy do not affect the use of the data that we already have, the updated privacy policy shall take effect as of the date of its publication on our website. Changes to our privacy policy that affect our use of data that have already been collected are only permissible if they are reasonable and can be reasonably expected of you. In such cases, you will be informed in due time via E-mail, on our websites, in our application or via other means. You have the right to object to the new privacy policy within four weeks of being notified of its coming-into-force. Should you object to the new policy, we reserve the right to terminate the contractual relationship. You are assumed to agree with the new policy should you not state otherwise within the given time frame. When notifying you of the new privacy policy, we shall inform you of your right to object and of the relevance of the objection deadline.