The abidance by the Data Protection Law is not only a compulsory matter but also an important trust factor for the Software Factory. With the following data protection agreement, we want to be transparent about the kind, scope and purpose of the personal data we handle within the internet domain as well as your rights in relation to this.
Accountability for Processing of Data
The Software Factory GmbH, Parkring 57-59, 85748, Garching near Munich (hereinafter: “we”) is the operator of the website www.sf.com, responsible for Art. 4 (7) of the EU-General Data Protection Regulation (GDPR). For questions, you can contact us at firstname.lastname@example.org.
Data Protection Agent
The responsible data protection agent is: Peter Bartl, email@example.com
Your Rights as the Person Concerned
As the person concerned, you have the following rights in respect to the collection of personal data:
- The right to disclosure of the categories of the edited data, the purpose of the processing, the stored time of the data as well as the possible recipients. (Art. 15 GDPR)
- The right to amend or delete untrue or incomplete data. (Art. 17 GDPR)
- The right to restrict the processing, when an erasure is not possible or is in dispute. (Art. 18 GDPR)
- The right to object to the processing, to the extent that the processing of the data was based on a legitimate interest. (Article 21 (1) GDPR)
- The right to revoke an assent given with effect for the future. (Art. 7 (3) GDPR)
- The right to data portability in a common format. (Art. 20 GDPR)
- You also have the right to complain to a Data Protection Supervisory Body about the processing of your personal data. In particular to the Member of the State of your usual place of residence, place of employment or place of alleged infringement. (Art. 77 GDPR)
Data Protection Measures
We secure our website and other systems, including your data, through technical and organizational measures against loss, destruction, access, alteration or dissemination of the data by unauthorized persons. In particular, your personal data will be encrypted when transmitted on the internet. We are currently using the coding system, TLS (Transport Layer Security).
However, the transmission of the information on the internet is not completely secure. Therefore, we cannot 100% guarantee the security of handling the data retrieved from our website.
Data Transmission to Third Parties Countries Outside of the EU
All information that we attain from you will essentially be processed within the European Union. Transmitting or processing your data by third party countries will only take place without your expressed consent, if this is provided for by law and if a data protection level for this purpose is ensured in the third country.
Dissemination of Data, Contract Data Processing
Essentially, we do not hand over your information to third parties, unless:
1) You have allowed for the data to be disseminated
2) We are entitled or obliged to disseminate the data, based on
- a) Lawful agreements, or
- b) Administrative or judicial orders.
The right to disclosure can involve you especially if in the case of following up criminal proceedings and/or preventing or enforcing intellectual property rights. Furthermore, we disseminate your data to external service providers (data processers), in order to simplify our own data processing. In this case, the data processor is contractually bound by Art. 28 GDPR. In other words, this means that the processor has sufficient guarantees that appropriate technical and organizational measures will be carried out by them in such a way that the processing complies with the requirements of the GDPR protection of your rights as a data subject. Despite commissioning the data processor, we stand responsible for processing your personal data and abiding by the data protection policy.
Type, Purpose and Storage Time of the Data, Legal Foundations
With every load of our website, the following general information from your browser is transmitted to our server (so-called “server-log-files”): IP-address, product and version information about the browser and the operating system you are using, the internet site that you accessed (so-called “Referrer”), date and time of the request as well as your internet service provider. Furthermore, the status and the transmitted data amount from this request will also be included.
The IP-address of your computer will also be saved but only for the time you are using the website. Afterwards, it will be immediately deleted or made anonymous by abbreviating it. The leftover data will be saved for a limited period of time (maximum 7 days). The legal foundations for the use of the server-log-files is Art. 6, (1) (1) (f) GDPR (rightful interest in data processing). The legitimate interest stems from operational concerns of the website. In particular, to detect and eliminate website errors, to determine the workload of the website, to make adjustments or improvements as well as to ensure the security of the system.
Our website offers users, via a number of access points, the opportunity to directly get in contact with us. When you send the contact form or an email to us, this indicates that you understand how we process and save your details (especially your email address). The data passed on to us will be processed until we have achieved the particular purpose of your contact request, which will be within seven days. This processing can always be changed for the future, if so desired. For this, use the contact form in our company information section. The statutory source for the use of your data from the contact form can be found in Art. 6 (1) (1) (a) GDPR (agreement of the affected persons).
In order to make our website more user-friendly, we use “cookies”. Simply put, a cookie is a small text file, which includes data about the visited site. Cookies save a type of “user profile”, encapsulating information on your chosen language for the site as well as other site settings. These are necessary for the site and offering you specific services. This file will then be saved onto your computer from our website, which will then be of use for future website visits. More specifically, the cookie allows for the same settings you had in the past to be replicated for future visits. We also retrieve information from the cookies about your activity on the website, thus enabling us to tailor content to your individual interests and to accelerate the execution of your requested task.
You can always manually delete cookies in the security settings on your browser. You can also change your settings so your browser will not save the cookies initially. Please be aware that this could hinder using certain functions on our website. If you would only like to block the use of our cookies on the website then you can click on “Block cookies from third party” when the pop-up appears.
Services of Third Parties
We use services of third parties on our website, such as plugins or APIs (Application Programming Interface), to expand our website’s scope of operation. This may involve sending data to the provider of these services. In particular, we use the following services:
Our website uses the following services from the company Google LLC (“Google”), 1600 Amphitheatre Parkway Mountain View, CA 94043, US. The company Google fulfills the requirements of the “EU-Privacy-Shield”. The Privacy-Shield-Agreement regulates the protection of personal data, which come from a country in the EU and is transferred to the United States. The agreement ensures that the transmitted data is still in line with the European Union data protection standards. The list of certified companies can be found here: https://www.privacyshield.gov/list. More information on the handling of your user data is provided by Google in their data protection explanation: https://www.google.de/intl/de/policies/privacy/.
Our website uses the external font-service “Google Fonts” from Google. This service allows us to show the font on our website to all users, even those who may have different configuration on their devices. To achieve this, the necessary font styles will be requested from a server from Google in the US. For this request, the following information will be sent and saved to the server from Google: the specific internet site that you visited as well as the IP-address of the end-device. The legal basis for processing your data in relation to the “Google Fonts” service is in Art. 6 (1) (1) (f) GDPR (legitimate interest in data processing). The legitimate interest arises from our need for a responsive and consistent presentation of our online offers. Our website uses Google’s external map service “Google Maps”. Google Maps is designed to provide an interactive map on our website that shows you how to find and reach us. This service enables us to present our website in an appealing way by loading maps of our location from an external server. The required data is usually requested from a Google server in the US. As a result of this request, the following information is usually sent to a Google server in the US and stored there for several months: the web page you visited and the IP address of your end device. The legal basis for the processing of your data in relation to the “Google Maps” service is Article 6 (1) (1) (f) GDPR (legitimate interest in data processing). The legitimate interest results from our need for an attractive representation of our online offer as well as users being able to find our office on our website. Our website uses Google’s anti-abuse “Google reCAPTCHA”. reCAPTCHA is used to prevent cyberattacks and malpractice by so-called “bots” (artificial website users) by checking whether it is a real person visiting the website via an input field. This service allows us our website to operate in a stable manner and protect it from misuse. For this purpose, the data entered is usually transmitted to a Google server in the US and processed there for review. As a rule, the following information is transmitted by this request and stored there for several months: the Internet page that you visited, your entry in the input field and the IP address of your end device. The legal basis for the processing of your data in relation to the service “Google reCAPTCHA” is in Article 6 (1) (1) (f) GDPR (legitimate interest in data processing). The legitimate interest stems from our need to effectively protect our online offers from cyber-attacks and malpractice.