Data Protection

Data Protection Privacy Statement

1. Data Protection at a Glance

General Information

The following information will provide you with an easy-to-navigate overview of what happens with your personal data when you visit this website. The term “personal data” comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Privacy Policy, which we have included beneath this text.

Data Recording on this Website

Who is the responsible party for recording data on this website?

The data on this website is processed by the operator of the website. The operator’s contact information is available under the “Information about the responsible party (referred to as the ‘controller’ in the GDPR)” section in this Privacy Policy.

How do we record your data?

We collect your data as a result of your sharing your data with us. These data may, for instance, be information you enter into our contact form.

Other data shall be recorded by our IT systems automatically or after you consent to their recording during your website visit. They are primarily technical data (e.g. internet browser, operating system or time of the page visit). The data are recorded automatically as soon as you enter this website.

What are the purposes for which we use your data?

Some of the data are collected to guarantee the error-free provision of the website. Other data may be used to analyze your user patterns.

What rights do you have in terms of your data?

You have the right to access information free of charge about the source, recipients, and purposes of your stored personal data at any time. You also have the right to demand that your data are rectified or erased. If you have consented to data processing, you have the option to revoke this consent at any time to affect all future data processing. Under certain circumstances, you also have the right to demand the imposition of restrictions on processing your personal data. You are also entitled to complain to the competent supervisory agency.

You may contact us at any time if you have further questions on data protection.

Analysis Tools and Third-Party Tools

When you visit this website, your surfing pattern can be evaluated statistically. This is rendered primarily with so-called analysis programs.

For detailed information on these analysis programs, please refer to the following Privacy Policy.

2. Hosting and Content Delivery Networks (CDN)

Mittwald

We host our website with Mittwald. The provider is Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp (hereinafter: Mittwald).

For further information, please refer to the Privacy Policy at: https://www.mittwald.de/datenschutz.

The use of Mittwald is based on Art. 6(1)(f) GDPR. We have a legitimate interest in our website being displayed as reliably as possible. If corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6(1)(a) GDPR; the consent can be revoked at any time.

Contract processing

We have concluded a contract regarding contract processing with the provider named above. This is a contract stipulated under data protection law, ensuring that this provider processes the personal data of our website visitors only according to our instructions and while observing GDPR.

3. General Notices and Mandatory Information

Data Protection

The operators of these pages take the protection of your personal data very seriously. We handle your personal data in confidence and in keeping with the statutory data protection regulations, as well as this Privacy Policy.

If you use this website, various personal data are collected. The term “personal data” comprises data that can be used to personally identify you. This Privacy Policy explains which data we collect and the purpose for which we use them. The Privacy Policy also explains how and for which reason this is performed.

Please bear in mind that data transmission on the internet (e.g. during e-mail communication) can involve security loopholes. Complete protection against third parties accessing the data cannot be guaranteed.

Notice on the Responsible Entity

The responsible entity for data processing on this website is:

CAS Software AG

CAS-Weg 1-5

76131 Karlsruhe

Phone: +49 721 9638-0
E-mail:
info@cas.de

The responsible entity is the natural person or legal entity deciding alone or together with others about the purposes and means of processing personal data (e.g. name, e-mail addresses, etc.).

Storage Duration

If this Privacy Policy does not state a more specific storage duration, your personal data remain with us until the purpose for data processing becomes obsolete. If you assert a legitimate erasure request or revoke consent to data processing, your data are erased if we do not have different legally permissible reasons for storing your personal data (e.g. data retention periods under tax or commercial law); in the latter case, the erasure is rendered once these reasons become obsolete.

Data Protection Officer

We have appointed a data protection officer for our company.

Thomas Heimhalt (external data protection officer)
DATENSCHUTZ perfect e.K.
datenschutz@cas.de

Transfers of Personal Data to Third Countries

We only transfer your data to countries outside the European Economic Area - EEA (third countries) if this is required by law or under the following conditions of Article 49, paragraph 1, 1st sub-section GDPR:

a) you have explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards;

b) the transfer is necessary for the performance of a contract between you and us or the implementation of pre-contractual measures taken at your request;

c) the transfer is necessary for the conclusion or performance of a contract concluded in your interest between us and another natural or legal person;

d) the transfer is necessary for important reasons of public interest;

e) the transfer is necessary for the establishment, exercise or defense of legal claims;

f) the transfer is necessary in order to protect the vital interests of the data subject or of other persons, where the data subject is physically or legally incapable of giving consent;

g) the transfer is made from a register which according to Union or Member State law is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions laid down by Union or Member State law for consultation are fulfilled in the particular case.

Countries outside of the European Union may be considered unsafe third countries in terms of data protection law. The recipients of the data are often not subject to the standards of the EU GDPR. We therefore have no influence on how such recipients handle your data or the extent to which and for which purposes the data are further processed in the third country.

Duration of Data Storage

We store the personal data given by you other than by consent according to Article 6(1)(a) GDPR for the following duration:

session data until completion of the session

as long and as far as this is necessary for the duration of our business relationship. This also includes the initiation and execution of a contract.

If we are obliged to do so on the basis of retention and documentation duties, e.g. in accordance with the German Civil Code (BGB), the German Commercial Code (HGB) or the German Tax Code (AO). The periods for retention or documentation specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.

Consent and Revocation of your Consent to Data Processing

When you disclose your personal data to us, you thereby give your consent for us to store and use them within the constraints of the GDPR. The personal information you provide is accessible only to CAS Software AG and to its partners where appropriate.

Many data processing procedures are possible only with your express consent. You may revoke at any time any consent you have granted. An informal e-mail to us is sufficient. The legally binding nature of the data processing up until revocation remains unaffected by the revocation.

You may object also to the stated analysis and evaluation of your surfing and user patterns or prevent such by not using certain tools.

You have the following rights against us if the respective legal requirements are met:

right of access by the data subject according to Article 15 GDPR,

right to rectification according to Article 16 GDPR

right to erasure (‘right to be forgotten’) according to Article 17 GDPR

right to restriction of processing according to Article 18 GDPR

right to object according to Article 21 GDPR

 right to data portability according to Article 20 GDPR;

Revocation of your Consent to Data Processing

Many data processing procedures are possible only with your express consent. You may revoke at any time any consent you have granted. The legally binding nature of the data processing up until revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases as well as Direct Advertising (Art. 21 GDPR)

IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS PRIVACY POLICY. IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PURPOSE OF THE PROCESSING IS THE CLAIMING, EXERCISING OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA ARE BEING PROCESSED TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to Log a Complaint with the Competent Supervisory Agency

In the event of violations of the GDPR, data subjects are entitled to log a complaint with a supervisory agency, in particular in the Member State where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The right to log a complaint is in effect regardless of any other administrative or court proceedings available as legal recourses.

Right to Data Portability

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser's address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Accessing Information, Erasure and Correction

Within the scope of the applicable statutory provisions, you have the right at any time to access information about your stored personal data, their source and recipients, as well as the purpose of the processing of your data. You may contact us at any time if you have questions on this or further questions on personal data.

Right to Demand Processing Restrictions

You have the right to demand the imposition of restrictions on processing your personal data. To do so, you may contact us at any time. The right to demand restriction of processing applies in the following cases:

In the event that you should dispute the correctness of your personal data stored by us, we will usually need some time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.

If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data in lieu of demanding the erasure of this data.

If we do not need your personal data any longer and you need it to exercise, defend or assert legal claims, you have the right to demand the restriction of the processing of your personal data instead of its erasure.

If you have raised an objection pursuant to Art. 21(1) GDPR, your rights and our rights will have to be considered against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.

If you have restricted the processing of your personal data, these data – with the exception of their storage – may be processed only subject to your consent or to claim, exercise or defend legal claims or to protect the rights of other natural persons or legal entities or for important public interest reasons cited by the European Union or a Member State of the EU.

Objection to unsolicited E-mails

We herewith object to the use of contact information published in conjunction with the mandatory information to be provided in our Site Notice to send us promotional and information material that we have not expressly requested. The operators of this website and its pages reserve the express right to take legal action in the event of the unsolicited sending of promotional information, for instance via SPAM messages.

4. Data Recording on this Website

Cookies

Our websites and pages use what the industry refers to as “cookies.” Cookies are small text files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently stored on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain stored on your terminal device until you actively erase them or they are automatically erased by your web browser.

In some cases, third party cookies may be stored on your device once you enter our site (third party cookies). These cookies enable you or us to take advantage of certain services offered by the third party (e.g. cookies for the processing of payment services).

Cookies have a variety of functions. Many cookies are technically essential since certain website functions would not work in the absence of the cookies (e.g. the shopping cart function or the display of videos). The purpose of other cookies may be the analysis of user patterns or the display of promotional messages.

Cookies required for the performance of the electronic communication procedure (required cookies) or for the provision of certain functions you want to use (functional cookies, e.g. for the shopping cart function) or those that are necessary for the optimization of the website (e.g. cookies that provide measurable insights into the web audience), shall be stored on the basis of Art. 6(1)(f) GDPR unless a different legal basis is cited. The operator of the website has a legitimate interest in the storage of cookies to ensure the technically error free and optimized provision of the operator’s services. If your consent to the storage of the cookies has been requested, the respective cookies are stored exclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR); this consent may be revoked at any time.

You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.

In the event that third party cookies are used or if cookies are used for analytical purposes, we will separately notify you in conjunction with this Privacy Policy and, if applicable, ask for your consent.

Consent with CCM19

This website uses the CCM19 consent technology to obtain your consent to store certain cookies on your device or to use certain technologies and to document such consistent with data protection. This technology is offered by Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany, website: www.ccm19.de (hereinafter “CCM19”).

When you visit our website, the following personal data are transmitted to CCM19:

Your consent(s) and or revocation of your consent(s)

Your IP address

Information about your browser

Information about your device

Time of your visit to the website

Moreover, CCM19 stores a cookie in your browser to be able to allocate to you the consents you granted and/or their revocation. The data recorded in this way are stored until you prompt us to erase them, erase the CCM19 cookie yourself, or the reason for the data storage becomes obsolete. Mandatory statutory data retention periods remain unaffected.

CCM19 is used to obtain the statutorily required consents for using certain technologies. Confidentiality pursuant to Article 6(1)(c) GDPR.

Contract processing
We have concluded a contract regarding contract processing with the provider named above. This is a contract stipulated under data protection law, ensuring that this provider processes the personal data of our website visitors only according to our instructions and while observing GDPR.

Server Log Files

The website provider automatically collects and stores information that your browser automatically transmits to us in server log files. These are:

Browser type and browser version

Operating system used

Referrer URL

Host name of the accessing computer

Time of the server request

IP address

These data will not be combined with data from other sources.

These data are recorded based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in its website being displayed in a technically error-free manner and well as in optimizing its website – the server log files must be recorded for this purpose.

Contact Form

Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We will not forward these data without your consent.

The processing of these data is based on Art. 6(1)(b) GDPR, if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested.

The information you have entered into the contact form shall remain with us until you ask us to erase the data, revoke your consent to the data storage or if the purpose for which the data are being stored no longer exists (e.g. after we have concluded our response to your inquiry). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

Inquiry by E-Mail, Telephone or Fax

If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We will not forward these data without your consent.

The processing of these data is based on Art. 6(1)(b) GDPR, if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested.

The information you sent to us shall remain with us until you ask us to erase the data, revoke your consent to data storage or if the purpose for which the data are being stored no longer exists (e.g. after we have concluded our response to your concern). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

5. Analysis Tools and Advertising

Leadlab

Our website uses the tracking pixel technology of WiredMinds GmbH (www.wiredminds.de) to analyze the user patterns. In the process, a visitor’s IP address is processed. The process takes place exclusively for the purpose of collecting company-relevant information, such as the company name. IP addresses of natural persons are excluded from further use (white list procedure). The IP address is never stored in LeadLab.

In processing data, it is our legitimate interest to protect the data protection rights of natural persons. Our interest is based on Art. 6(1)(f) GDPR. The data we collect never allow an identifiable person to be traced.

WiredMinds GmbH uses this information to create anonymous use profiles, relating to the visit patterns on our website. The data obtained in this manner are not used to personally identify visitors to our website.

Exclude from tracking (In the process, a technically necessary cookie is set to exclude permanent tracking by WiredMinds LeadLab on this website)

Evalanche

We use the Evalanche marketing tool. The provider is SC-Networks GmbH, Würmstraße 4, 82319 Starnberg (hereinafter Evalanche).

Evalanche is a tool to optimize and automate our marketing activities. Using Evalanche, we are able to automate our lead generation and align our website based on target groups, for example. Moreover, we are able to analyze the user patterns of our website visitors and trigger marketing campaigns on this basis. For this purpose, Evalanche stores various data from website visitors, such as addresses, interests, geographical location, etc.

Evalanche is certified according to the internationally recognized ISO 27001 IT security standard.

Evalanche is used based on the legitimate interest of the controller in optimizing its marketing campaigns. If corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6(1)(a) GDPR; the consent can be revoked at any time.

Contract processing

We have concluded a contract regarding contract processing with the provider named above. This is a contract stipulated under data protection law, ensuring that this provider processes the personal data of our website visitors only according to our instructions and while observing GDPR.

 

Bing Ads

On our website, Bing Ads technologies are used to collect and store data from which usage profiles are created using pseudonyms. This is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This service enables us to track the activities of users on our website if they have reached our website via ads from Bing Ads. If you arrive at our website via such an ad, a cookie is set on your computer. A Bing UET tag is integrated on our website. This is a code which, in conjunction with the cookie, stores some non-personal data about the use of the website. This includes, among other things, the length of time spent on the website, which areas of the website were accessed and via which ad the users arrived at the website. Information about your identity is not collected.

The information collected is transferred to Bing servers in the USA and stored there for a maximum of 180 days. You can prevent the collection of data generated by the cookie and related to your use of the website, as well as the processing of this data, by deactivating the setting of cookies. This may restrict the functionality of the website under certain circumstances.

In addition, Bing may be able to track your usage behavior across several of your electronic devices through so-called cross-device tracking and is thus able to display personalized advertising on or in Bing websites and apps. You can disable this behavior at: account.microsoft.com/privacy/ad-settings/signedout.

For more information about Bing's analytics services, please visit the Bing Ads website (https://help.ads.microsoft.com/#apex/3/de/53056/2). For more information about Bing and Microsoft privacy, see Microsoft's privacy policy (https://privacy.microsoft.com/de-de/privacystatement).

6. Newsletters and mail advertising

Newsletter data

If you would like to subscribe to the newsletter offered on this website, we will need from you an e-mail address as well as information that allow us to verify that you are the owner of the e-mail address provided and consent to the receipt of the newsletter. No further data shall be collected or shall be collected only on a voluntary basis. We shall use such data only to send the requested information and shall not share such data with any third parties.

Inxmail

This website uses Inxmail for distributing newsletters. The provider is Inxmail GmbH, Wetzinger Straße 17, 79106 Freiburg (hereinafter referred to as “Inxmail”).

Inxmail is a service that, among other aspects, organizes the mailing of newsletters and allows the analysis of such services. The data you enter for the purpose of subscribing to the newsletter is processed on Inxmail servers.

Inxmail Data Analysis

With the assistance of Inxmail, we are in a position to analyze our newsletter campaigns. For instance, this allows us to see whether a newsletter message has actually been opened and which links were clicked. This enables us to find out, among other aspects, which links are clicked with great frequency.

We are also able to recognize whether specific pre-defined acts were carried out following the opening/clicking (conversion rate). We are thus able to recognize whether you have made a purchase once the newsletter has been clicked.

Inxmail also enables us to sub-divide the newsletter recipients based on various categories (“clustering”). In the process, the newsletter recipients can be sub-divided according to age, gender or place of residence, for example. In this manner, the newsletters can be more optimally attuned to the respective target groups. If you do not want Inxmail to conduct this analysis, you need to unsubscribe from the newsletter. We provide a relevant link for this in each newsletter message.

You can find the Inxmail Privacy Policy at: https://www.inxmail.de/datenschutz.

Anonymized tracking

We use Inxmail’s anonymous tracking, which allows us to identify you only if you have explicitly consented to this in advance.

Legal basis

The data are processed on the basis of your consent Art. 6(1)(a) GDPR. You may revoke your consent at any time with effect for the future.

Storage duration

The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after unsubscribing from the newsletter or after the purpose for its use has ceased to exist. We reserve the right to erase email addresses from our newsletter distribution at our own discretion in conjunction with our legitimate interest pursuant to Art. 6(1)(f) GDPR or to block them. This will not affect data we store for other purposes.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if such action is necessary to prevent future mailings. Data from the blacklist will be used exclusively for this purpose and will not be merged with other data. This is in your and our best interest and also in the interest of compliance with the statutory mandates for sending newsletters (legitimate interest as defined in Art. 6(1)(f) GDPR). There is no time limit for storage in the blacklist. You may object to the storage if your interests outweigh our legitimate interest.

Concluding a contract on data processing

We have concluded a contract regarding contract processing with Inxmail. This is a contract stipulated under data protection law, ensuring that Inxmail processes the personal data of our website visitors only according to our instructions and while observing GDPR.

Mail advertising

We use your address in observance of all legal provisions for distributing postal advertising (postal advertising).

The legal basis for this is our legitimate interest in direct advertising according to Art. 6(1)(f) in conjunction with consideration reason 47 GDPR. If corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6(1)(a) GDPR; the consent can be revoked at any time. Special regulations may be reported to you during data collection and supersede this regulation.

Your address remains with us until the purpose of the data processing becomes obsolete. If you assert a legitimate erasure request or revoke consent to mail advertising, your data are erased if we do not have different legally permissible reasons for storing your personal data (e.g. data retention periods under tax or commercial law); in the latter case, the erasure is rendered once these reasons become obsolete.

We use the following service provider to deliver our mail items:

[Name and complete address of the service provider]

Contract processing

We have concluded a contract regarding contract processing with the provider named above. This is a contract stipulated under data protection law, ensuring that this provider processes the personal data of our website visitors only according to our instructions and while observing GDPR.

7. Plug-ins and tools

Google Web Fonts

This website uses so-called Google Web Fonts to ensure that fonts are uniformly displayed. The Google Fonts are installed locally. No connection is made here to Google servers.

For further information on Google Web Fonts, please visit https://developers.google.com/fonts/faq and in the Google Privacy Policy: https://policies.google.com/privacy?hl=de.

OpenStreetMap

We are using the mapping service provided by OpenStreetMap (OSM). The provider of this service is the Open-Street-Map Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom.

When you visit any website, into which OpenStreetMap has been embedded, your IP address and other information concerning your user patterns on this website will be transferred to the OSMF. Under certain circumstances, OpenStreetMap will save cookies in your browser or use comparable recognition technologies.

Cookies are text files that are recorded on your computer and that make it possible to conduct an analysis of your website use. The provider of this website has no control over this type of data transfer. For details, please consult the Data Privacy Policy of OpenStreetMap under the following link: https://wiki.osmfoundation.org/wiki/Privacy_Policy.

We use OpenStreetMap with the objective of ensuring the attractive presentation of our online offers and to make it easy for visitors to find the locations we specify on our website. This is a legitimate interest according to Art. 6(1)(f) GDPR. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing takes place exclusively on the basis of Art. 6(1)(a) GDPR; the consent can be revoked at any time.

SmartMaps map service

We use the “SmartMaps” offering of YellowMap AG, CAS-Weg 1-5, 76131 Karlsruhe, meaning that we are able to display maps services to you directly in the website.

If the SmartMaps service is viewed, your browser transmits technically mandatory data to the YellowMap AG servers to be able to provide the service. These data are processed compliant with GDPR and not stored permanently.

For further information, please visit www.smartmaps.net/faq

Userlike with enhanced data protection mode

We use Userlike (hereinafter: “Userlike”) to process user inquiries sent through our support channels or through live chat systems. Provider is Userlike UG (limited liability), Probsteigasse 44 – 46, 50670 Cologne.

Messages you send to us may be saved in the Userlike ticket system or answered by our employees in the live chat. If you communicate with us via Userlike, we and Userlike store, among other aspects, your name and e-mail address if you have provided such, as well as your chat logs. These data are consolidated into a profile.

The messages you send to us shall remain with us until you ask us to erase the data, revoke your consent to the data storage or if the purpose for which the data are being stored no longer exists (e.g. after we have concluded our response to your inquiry). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

The use of Userlike is based on Art. 6(1)(f) GDPR. We have a legitimate interest in answering your inquiries as quickly, reliably and efficiently as possible. If corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6(1)(a) GDPR; the consent can be revoked at any time.

Userlike has its Head Office in the European Union; however, it uses the servers of Amazon Web Services, meaning that your data can also be transmitted to the USA.

You can find further information in the Userlike Privacy Policy: https://www.userlike.com/de/data-privacy and https://www.userlike.com/de/blog/live-chat-software-datenschutz-dsgvo.

Contract on Contract Processing

We have concluded a contract regarding contract processing with the provider of Userlike. This is a contract stipulated under data protection law, ensuring that the provider of Userlike processes the personal data of our website visitors only according to our instructions and while observing GDPR.

8. Audio and video conferences

Data processing

We use online conference tools, among other things, for communication with our customers. The tools we use are listed in detail below. If you communicate with us by video or audio conference using the internet, your personal data will be recorded and processed by the provider of the respective conference tool and by us.

The conferencing tools record all information that you provide/access to use the tools (e-mail address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” related to the communication procedure (metadata).

Furthermore, the provider of the tool processes all the technical data required for the processing of the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.

Should content be exchanged, uploaded, or otherwise made available within the tool, it is also stored on the servers of the tool provider. Such content includes, but is not limited to, cloud recordings, chat/instant messages, voicemail uploaded photos and videos, files, whiteboards, and other information shared while using the service.

Please note that we do not have complete influence on the data processing procedures of the tools used. Our possibilities are largely determined by the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the Privacy Policies of the tools used, and which we have listed below this text.

Purpose and legal bases

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest in the meaning of Art. 6(1)(f) GDPR). Insofar as consent has been requested, the tools in question will be used on the basis of this consent; the consent may be revoked at any time with effect from that date.

Storage duration

Data recorded directly by us via the video and conference tools will be deleted from our systems immediately after you request us to erase it, revoke your consent to storage, or the reason for storing the data no longer applies. Saved cookies remain on your device until you erase them. Mandatory statutory data retention periods remain unaffected by this provision.

We cannot influence the storage duration of your data as stored by the operators of the conference tools. For details on this, please inquire directly to the operators of the conference tools.

Conference tools in use

We use the following conference tools:

TeamViewer

We use TeamViewer. The provider is TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göppingen. For details on data processing, please refer to the TeamViewer Privacy Policy: https://www.teamviewer.com/de/datenschutzerklaerung/.

Contract processing

We have concluded a contract regarding contract processing with the provider named above. This is a contract stipulated under data protection law, ensuring that this provider processes the personal data of our website visitors only according to our instructions and while observing GDPR.

GoToMeeting

We use GoToMeeting. The provider is LogMeIn, Inc., 320 Summer Street Boston, MA 02210, USA. For details on data processing, please refer to the GoToMeeting Privacy Policy: https://www.logmeininc.com/de/legal/privacy.

Data transmission to the USA is based on standard contractual clauses from the EU Commission. You can find details here: https://logmeincdn.azureedge.net/legal/lmi-customer-dpa-2020v1-de.pdf.

Contract processing

We have concluded a contract regarding contract processing with the provider named above. This is a contract stipulated under data protection law, ensuring that this provider processes the personal data of our website visitors only according to our instructions and while observing GDPR.

Contact

If you have any questions or suggestions in relation to data protection, please e-mail us at:
cas-datenschutz@cas.de.

Contact details of our data protection officer:
Thomas Heimhalt (External Data Protection Officer)
DATENSCHUTZ perfect e. K.
E-Mail: datenschutz@cas.de

Changes to this statement
CAS Software AG reserves the right to change this Data Protection Statement at any time within the constraints of the applicable law.

Version: June 2023