Privacy Policy

This privacy policy applies to the vOffice website voffice.pro. Please also refer to the privacy policy of the vOffice software.

Responsible body for processing according to EU General Data Protection Regulation

The person responsible within the meaning of the General Data Protection Regulation and other data protection laws applicable in the member states of the European Union and other regulations of a data protection nature is

RA-MICRO Software AG
Washingtonplatz 3, Cube Berlin
10557 Berlin
Germany
info@ra-micro.de

Privacy policy

We welcome you to our website and are pleased about your interest. The protection of your personal data is very important to us. Therefore, we conduct our business in compliance with applicable laws on data privacy protection and data security. In the following, we would like to inform you which data from your visit will be used for which purposes. Should you have any further questions regarding the handling of your personal data, please do not hesitate to contact our data protection officer:

Keyed GmbH
Mr. Nils Möllers
Siemensstrasse 12
48341 Altenberge
info@keyed.de
https://www.keyed.de/

1. What are personal data?

The term personal data is defined in the German Federal Data Protection Act and the EU-GDPR. According to these laws, these are individual details about personal or factual circumstances of a certain or determinable natural person. This includes, for example, your civil name, your address, your telephone number or your date of birth.

2. Scope of anonymous data collection and data processing

Unless otherwise stated in the following sections, no personal data is collected, processed or used when using our websites. However, by using analysis and tracking tools, we learn certain technical information based on the data transmitted by your browser (e.g. browser type/version, operating system used, websites visited via us including the time spent on them, previously visited website). We evaluate this information for statistical purposes only.

3. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary for the performance of pre-contractual measures.

Insofar as processing of personal data is necessary to fulfil a legal obligation to which the data controller is subject, Art. 6(1)(c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.

If the processing is necessary to safeguard our legitimate interest or that of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6(1)(f) GDPR serves as the legal basis for the processing.

4. use of cookies

The internet pages of RA-MICRO Software AG use cookies. Cookies are data which are stored by the internet browser on the user’s computer system. The cookies can be transmitted to the site when a page is called up and thus enable the user to be identified. Cookies help to simplify the use of internet pages for the user. These purposes also include our legitimate interest in the processing of personal data in accordance with Article 6(1)(f) GDPR. In addition, we use cookies on our website which enable us to analyse the following surfing behaviour of the users:

(1) Entered search terms

(2) Frequency of page views

(3) Use of website functions.

It is possible to object to the setting of cookies at any time by changing the settings in the Internet browser accordingly. Set cookies can be deleted. Please note that if cookies are deactivated, it may not be possible to use all functions of our website to their full extent. The user data collected in this way will be pseudonymized by technical precautions. It is therefore no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the users.

When calling our website, users are informed by an info banner about the use of cookies for analysis purposes and are referred to this privacy policy. In this context, it is also possible to agree only to the use of technically necessary cookies. Here you can view the current status of your consent and modify it if necessary.

The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1)(f ) GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is Article 6(1)(a) GDPR if the user has given his consent to this.

Here you will find a detailed list of the cookies used on www.voffice.pro and for what purpose they are used.

5. Creation of log files

Every time the website is accessed, RA-MICRO Software AG collects data and information through an automated system. These are stored in the log files of the server. The data is also stored in the log files of our system. A storage of these data together with other personal data of the user does not take place.

The following data can be collected:

(1) Information about the browser type and the version used

(2) The user’s operating system

(3) The user’s Internet Service Provider

(4) The IP address of the user

(5) Date and time of access

(6) Websites from which the user’s system accesses our website (referrer)

(7) Websites that are called up by the user’s system via our website

6. Registration on our website

If the data subject takes advantage of the possibility to register on the website of the data controller by providing personal data, the data will be transmitted to the controller in the relevant input mask. The data are stored by the data controller for internal use only. The data will be deleted as soon as they are no longer required for the purpose for which they were collected.

During registration, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services. The data will not be passed on to third parties. An exception is made if there is a legal obligation to pass on data.

The registration of the data is necessary for the provision of content or services. Registered persons have the possibility to delete or change the stored data at any time. The person concerned will receive information about the personal data stored about him/her at any time.

RA-MICRO Online stores and processes personal data collected within the scope of the conclusion of the contract in accordance with the General Data Protection Regulation, the Federal Data Protection Act, the Telecommunications Act (TKG) and the Telemedia Act (TMG) in order to fulfil the obligations arising from the contract and for the purpose of billing for services.

This data includes the contact information of the customer and his employees as well as subcontractors, i.e. title, surname and first name, possible affiliation to an organization (law firm, company, etc.) address, telephone/fax number and/or e-mail address(es), data on payment processing (contract data) as well as information on other RAM services or products already used by the customer.

7. Newsletter

If the newsletter of our company is subscribed to, the data in the respective input mask will be transmitted to the data controller. The subscription to our newsletter is done in a so-called double opt-in procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with foreign e-mail addresses.

When registering for the newsletter, the IP address of the user as well as the date and time of registration are stored. This serves to prevent abuse of the services or the e-mail address of the person concerned. The data will be forwarded to our newsletter service provider CleverReach. There is an order processing with CleverReach.

The data is used exclusively for sending the newsletter. The subscription to the newsletter can be cancelled by the data subject at any time. Likewise, the consent to the storage of personal data can be revoked at any time. For this purpose, there is a corresponding link in every newsletter.

The legal basis for the processing of the data after registration for the newsletter by the user is Article 6 (1)(a) GDPR if the user has given his consent. The legal basis for the dispatch of the newsletter as a result of the sale of goods or services is Article 7 (3) UWG.

7.1 CleverReach

Description and purpose

We use the CleverReach service for sending newsletters. The provider of the service used is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. CleverReach is a service with which the newsletter dispatch can be organized and analysed. The data you enter when registering for the newsletter, such as your e-mail address, is stored on the CleverReach servers in Germany or Ireland.

Newsletters sent with CleverReach allow for an analysis of the behaviour of the respective recipient of the newsletter, which we can perform. In this context, it is possible to analyse, among other things, how many recipients have opened the respective newsletter message and how often, for example, one of the links from the respective newsletter was clicked. In addition, it is possible to perform an analysis through so-called conversion tracking regarding the triggering of an action defined in CleverReach in advance, such as the purchase of goods on this website or the use of a service after a link in the newsletter was clicked.

Legal basis

The legal basis for data processing is your consent in accordance with Article 6(1)(a) GDPR. You can revoke this consent at any time by unsubscribing the newsletter. The revocation of consent does not affect the legality of the processing of the data that has taken place on the basis of the consent until the revocation.

Receiver

The recipient of the data is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede.

Transfer to third countries

The data you enter when registering for the newsletter, such as your e-mail address, is stored on the CleverReach servers in Germany or Ireland.

Storage duration

Activities of recipients are stored in CleverReach for three to six months. The exact duration depends on the total number of newsletter recipients. In case of a revocation, the data will be deleted. You can find more information about the storage period and about the activities generated by CleverReach under

https://support.cleverreach.de/hc/de/articles/202372941-Wie-lange-speichert-CleverReach-die-Aktivit%C3%A4ten-

Contractual or legal obligation to provide personal data

The provision of personal data is not required by law or contract and is not necessary for the conclusion of a contract. Nor are you otherwise obliged to provide the personal data. However, failure to provide it would mean that we would not be able to offer you a newsletter and would therefore not be able to send it to you.

Possibility of withdrawal

If you do not want to be analysed by CleverReach, you must unsubscribe from the newsletter by clicking on the corresponding link contained in every newsletter e-mail.

The data that you have provided us with for the purpose of subscribing to the newsletter will be stored until you unsubscribe from the newsletter and, if you unsubscribe, will be deleted from our servers as well as from the CleverReach servers. If your data has been stored for any other purpose, such as your e-mail address for registration on our website, it will continue to be stored independently of the newsletter cancellation.

Further privacy policy:

Further information on data protection at CleverReach is available at

https://www.cleverreach.com/de/datenschutz/

Information about data analysis by the CleverReach newsletter can be found at

https://www.cleverreach.com/de/funktionen/reporting-und-tracking/

8. online services

8.1 RA-MICRO SMS

The message to be sent, recipient and sender information are first transmitted from the user’s computer via an encrypted connection (SSL or TLS) to the RA-MICRO Software AG web server (RAM server). This web server is located in a “high-end data centre certified for highest data security and failure safety at the location of the company PlusServer in Germany.

Subsequently, message, recipient and sender information are transmitted via a likewise encrypted connection from the RAM server to the server of our service partner http://www.smskaufen.com. The actual SMS dispatch in the context of RMO SMS is done via http://www.smskaufen.com.

Due to the encryption it is almost impossible that unauthorized third parties can view the data transmitted between the computers and servers. It is therefore very unlikely that anyone other than the sender and the recipient can gain knowledge of the content of the message.

The user is identified as the sender by the RMO access data (user number) transmitted with the message.

The messages themselves are not stored. Only the connection data is stored:

– Time of SMS dispatch

– Sender (user number, customer number, sender name)

– Recipient’s phone number

– Status of the transmission

The connection data is stored both on the RAM server and on the server of http://www.smskaufen.com.

The privacy policy of PlusServer can be viewed at https://www.plusserver.com/impressum#datenschutz.

The privacy policy of http://www.smskaufen.com can be viewed at http://www.smskaufen.com/Datenschutzerklaerung.pdf.

8.2 RA-MICRO Online Research

RA-MICRO forwards data on behalf of the customer within the scope of RA-MICRO Online research to partner companies, which in turn process these data in the form of registration information or creditworthiness/debtor/consumer information. The result data are delivered by the partner companies to RAM, from where they are forwarded to the client (customer).

The regulations for commissioned data processing (Article 28 GDPR) apply to the processing of personal data transmitted for this purpose.

The customer is responsible as a client for compliance with the regulations of the GDPR, the BDSG and other regulations concerning data protection.

RA-MICRO has appointed a company data protection officer in accordance with Article 37 GDPR. Personal data will only be processed at RA-MICRO by employees who have been committed to data secrecy (Article 53 BDSG).

The data provided by the client to the contractor will be used by RA-MICRO exclusively according to the contractual agreements and individual instructions. If RA-MICRO is of the opinion that an instruction of the client violates data protection regulations, it will immediately inform the client.

The personal data provided will not be passed on to third parties and will not be processed for RA-MICRO’s own purposes.

The data will be transmitted using the so-called “Secure Socket Layer” or “Transport Layer Security” procedure (SSL/TLS) with a key size of at least 128 bit.

The contractor is entitled to transfer the personal data provided by the client to the relevant partner company of RA-MICRO within the framework of the agreement between both parties and the RA-MICRO service used (RA-MICRO Online research, registration inquiry, creditworthiness or debtor information) in compliance with the data protection regulations.

8.3 E-Legal Protection

When you use the insurance communication interface E-Rechtsschutz for the first time, you are automatically registered as a law firm with the insurance service providers drebis/adesso or e.Consult and created as a user. Your drebis/adesso or e.Consult access data will be automatically stored by the E-Rechtsschutz on the RA-MICRO server to your RA-MICRO Online access data. Subsequently, you will be automatically logged in to drebis/adesso or e.Consult with your drebis/adesso or e.Consult access data by E-Rechtsschutz.

During the automatic registration at drebis/adesso, the law firm master data with which the law firm is registered at RA-MICRO, such as the name of the law firm, address, telephone and fax number as well as a valid e-mail address are transmitted to drebis/adesso or e.Consult. The user has to ensure that the data stored at RA-MICRO Online are up-to-date.

Further information on the topic of data protection in connection with the e-legal protection interface for insurance communication can be found in the data protection declarations of the third-party providers adesso/drebis and e.Consult.

In detail these are:

– the general terms and conditions as well as the privacy policy of adesso AG, Stockholmer Allee 24, 44269 Dortmund, for the e-legal protection interface via “drebis” (or “drebis” portal).

– the GTC as well as the privacy policy of e.Consult AG, Robert-Koch-Str. 18, 66119 Saarbrücken, for the e-legal protection interface via e.Consult interface using the e-legal protection interface.

Further information can be found in the RA-MICRO Online AGB (available at http://www.ra-micro-online.de/rmo_agb , there under § 10 ).

8.4 Registration vOffice

In order to use the vOffice service, you must register. vOffice informs the customer that the data collected, processed and used by RA-MICRO is for the purpose of fulfilling the obligations arising from the contract in accordance with the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). By registration personal data of you will either be stored locally on our server (e.g.: e-mail address or profile picture of the user) or stored in a web database (e.g.: company name, address data, contact data, data on current position and qualification). In either case, an appropriate level of security is guaranteed in accordance with Article 32 GDPR.

Legal basis

The legal basis is our contractual relationship in accordance with Article 6(1)(b) GDPR.

Duration of processing

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In addition, the data will be deleted if you revoke your consent or request the deletion of your personal data.

9. Possibilities to contact us

On the internet pages of RA-MICRO there is possibility to contact via a contact form or an e-mail address provided. If the data subject contacts the data controller via one of these channels, the personal data transmitted by the data subject will be stored automatically. The storage is solely for the purpose of processing or contacting the data subject. The data will not be passed on to third parties. The legal basis for the processing of the data is Article 6(1)(a) GDPR if the user has given his consent.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Article 6(1)(f) GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Article 6(1)(b) GDPR.

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified.

Any additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

9.1 Use of Help Scout

Description and purpose

We use the CRM and ticketing system Help Scout, operated by Help Scout Inc., 131 Tremont St, Boston, MA 02111-1338, USA, to process user requests faster and more efficiently. Help Scout uses the users’ data only for the technical processing of the inquiries and does not pass them on to third parties. In order to use Help Scout it is necessary to enter at least a correct e-mail address. A pseudonymous use is possible. In the course of processing service requests it may be necessary to collect further data (name, address). If users do not agree to data collection via and data storage in Help Scout’s external system, we offer them alternative contact options for submitting service requests by e-mail, telephone, fax or post. If Help Scout has been implemented within a software solution and our customers submit service requests from it, the requests are automatically assigned a license or customer number. Help Scout complies with some certifications, such as Privacy-Shield or HIPAA.

Legal basis

The legal basis for the processing of personal data is the legitimate interest in accordance with Article 6(1)(f) GDPR in the efficient processing of our customers’ inquiries.

Receiver

The recipient is Help Scout Inc. 131 Tremont St, Boston, MA 02111-1338, USA.

Transfer to third countries

A transfer of data to the USA takes place.

Duration of data storage

Contractual or legal obligation

There is no contractual or legal obligation to provide the data.

Further data protection information via link

More information on data processing and data protection by Help Scout can be found here: https://www.helpscout.com/company/legal/privacy/

9.2 Use of Zammad ticket system

Description and purpose

In order to be able to answer your inquiries as quickly as possible, we use a helpdesk system (ticket system) and thus process your personal data. The helpdesk system makes it possible to sort and structure support requests, as well as to arrange them by category, so that they can be assigned to the responsible persons more quickly and the status of the ticket can always be kept in view. To implement the helpdesk system, we use the service of Zammad GmbH, Marienstraße 18, 10117 Berlin.

Legal basis

The legal basis for the processing of personal data is the legitimate interest in accordance with Article 6(1)(f) GDPR in the efficient processing of our customers’ inquiries.

Receiver

The recipient is Zammad GmbH, Marienstraße 18, 10117 Berlin.

Transfer to third countries

Data is not transferred to a third country.

Duration of data storage

Possibility of objection

You have the possibility to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of data processing operations in the past.

Contractual or legal obligation

There is no contractual or legal obligation to provide the data.

Further data protection information via link

For more information on data processing and privacy by Zammad, please visit: https://zammad.com/de/datenschutz

10. Routine deletion and blocking of personal data

The controller shall process and store personal data of the data subject only for as long as necessary to achieve the purpose of storage. In addition, data may be stored for as long as this is provided for by the European or national legislator in EU ordinances, laws or other regulations to which the data controller is subject.

As soon as the storage purpose ceases to apply or a storage period prescribed by the aforementioned regulations expires, the personal data is routinely blocked or deleted.

11. online store

We use your personal information to process your online purchases at RA-MICRO (your orders and returns are processed through our online services) and to send you notifications of delivery status or notifications of problems with the delivery of your items. We use your personal information to process your payments. We also use your information to process complaints and product warranty claims. Your personal information is used to establish your identity, ensure that you are of legal age to make online purchases, and to match your address with external partners.

12. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the controller:

12.1 Right to information

You may request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing has taken place, you can request information from the data controller about the following:

1. the purposes for which the personal data are processed

2. the categories of personal data which are processed;

3. the recipients or the categories of recipients to whom your personal data have been or will be disclosed;

4. the planned duration of the storage of your personal data or, if it is not possible to give specific details, criteria for determining the storage period;

5. the existence of a right to rectification or erasure of your personal data, a right to have the processing limited by the controller or a right to object to such processing;

6. the existence of a right of appeal to a supervisory authority;

7. any available information as to the origin of the data if the personal data are not collected from the data subject;

8. the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject.

You have the right to request information as to whether your personal data is being transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees pursuant to Article 46 of the GDPR in connection with the transfer.

12.2 Right of rectification

You have the right to ask the data controller to correct and/or complete the data if the personal data processed concerning you is incorrect or incomplete. The data controller must make the correction without delay.

12.3 Right to limit processing

Under the following conditions, you can request the restriction of the processing of your personal data:

1. if you dispute the accuracy of your personal data for a period of time that allows the controller to verify the accuracy of the personal data

2. the processing is unlawful and you object to the deletion of the personal data and instead request the restriction of the use of the personal data;

3. the controller no longer needs the personal data for the purposes of the processing, but you need it for the purpose of asserting, exercising or defending legal claims; or

4. if you have lodged an objection to the processing pursuant to Article 21(1) GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.

If the processing of your personal data has been restricted, these data – apart from their storage – may only be processed with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State. If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

12.4 Right of cancellation

12.4.1 You can demand that your personal data be deleted immediately by the controller, and the controller is obliged to delete this data immediately if one of the following reasons applies:

1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed

2. You revoke your consent on which the processing was based in accordance with Article 6(1)(a) or Article 9(2)(a) GDPR and there is no other legal basis for the processing.

3. You object to the processing in accordance with Article 21(1) GDPR and there are no legitimate reasons for the processing, or you object to the processing in accordance with Article 21(2) GDPR.

4. The personal data concerning you have been processed unlawfully.

5. The deletion of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.

6. The personal data concerning you has been collected in relation to the information society services offered in accordance with Article 8(1) GDPR.

12.4.2 If the data controller has made your personal data public and is obliged to delete it pursuant to Article 17(1) GDPR, he shall take reasonable measures, including technical measures, taking into account the available technology and implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.

12.4.3 The right of cancellation does not apply insofar as the processing is necessary

(a) to exercise the right to freedom of expression and information

(b) to comply with a legal obligation requiring processing under Union or national law to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;

c) for reasons of public interest in the field of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;

d) for archival, scientific or historical research purposes in the public interest or for statistical purposes pursuant to Article 89(1) GDPR, insofar as the right referred to in paragraph 1 is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or

e) to assert, exercise or defend legal claims.

12.5 Right to information

If you have asserted the right to rectification, erasure or limitation of processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort.

You have the right, vis-à-vis the data controller, to be informed of these recipients.

12.6 Right to data transferability

You have the right to receive your personal data, which you have provided to the controller, in a structured, common and machine-readable format. You also have the right to have this data communicated to another data controller without interference from the controller to whom the personal data has been communicated, provided that

1. the processing is based on a consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and

2. the processing is carried out using automated procedures.

In exercising this right, you also have the right to obtain that your personal data be transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be impaired by this.

The right to data transferability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

12.7 Right of objection

You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data carried out pursuant to Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

The data controller will no longer process your personal data unless he can demonstrate compelling reasons for processing that are worthy of protection, which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing, including profiling, insofar as it is connected with such direct marketing.

If you object to processing for the purposes of direct marketing, your personal data will no longer be processed for those purposes. You have the possibility to exercise your right of objection in relation to the use of the information society services, without prejudice to Directive 2002/58/EC, by means of automated procedures involving technical specifications.

12.8 Right to withdraw the declaration of consent under data protection law

You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation.

12.9 Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which has legal effect on you or which significantly affects you in a similar way. This shall not apply if the decision

1. is necessary for the conclusion or fulfilment of a contract between you and the controller

2. is authorised by Union law or the law of the Member States to which the controller is subject and that law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or

3. with your express consent.

However, these decisions may not be based on special categories of personal data according to Article 9(1) GDPR, unless Article 9(2)(a) or (g) GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in a. and c., the data controller shall take reasonable measures to safeguard the rights and freedoms and your legitimate interests, which shall include at least the right to obtain the intervention of a person from the data controller, to express his point of view and to challenge the decision.

12.10 Right to appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the alleged infringement, if you consider that the processing of your personal data is contrary to the GDPR.

The supervisory authority to which the complaint has been submitted will inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

13. Integration of other third-party services and content

It can happen that within this online offer third party content, such as videos from YouTube, map material from Google Maps, RSS feeds or graphics from other websites are integrated. This always presupposes that the providers of such content (hereinafter referred to as “third-party providers”) are aware of the IP address of the users. Without the IP address, they would not be able to send the content to the browser of the respective user. The IP address is therefore required to display this content. We make every effort to use only such content whose respective providers use the IP address only to deliver the content. However, we have no influence on this if the third-party providers store the IP address for statistical purposes, for example. As far as we are aware of this, we inform the users about it.

13.1 Google Analytics and Conversion Tracking

Description and purpose

This website uses the service “Google Analytics”, which is provided by Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to analyse the use of the website by users. The service uses “cookies” – text files which are stored on your end device. The information collected by the cookies is usually sent to a Google server in the USA and stored there. If necessary, Google Analytics is used on this website with the code “gat._anonymizeIp();” extended to ensure anonymous recording of IP addresses (so-called IP masking). Please also note the following information on the use of Google Analytics: The IP address of users is shortened within the member states of the EU and the European Economic Area. Due to this shortening, the personal reference of your IP address is not applicable. Within the framework of the agreement on commissioned data agreement which the website operators have concluded with Google LLC, the latter uses the information collected to create an evaluation of website use and website activity and provides services associated with internet use.

Legal basis

The legal basis for use is the norm of Article 6(1)(a) GDPR in conjunction with Article 49(1)(a) GDPR, if the anonymization of data collection using the code “gat._anonymizeIp” does not take place. Otherwise, especially in the case of the use of “gat._anonymizeIp”, Article 6(1)(f) GDPR is the legal basis.

Recipient

However, in the event that IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other states which are party to the Agreement on the European Economic Area. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet. In addition, we use Google Conversion Tracking in connection with Google Analytics. This enables us to record the behaviour of our website visitors. For example, it shows us how many PDF’s were downloaded from our website or how often the contact form was filled out. It also shows us how many clicks on advertisements from external sources (AdWords, LinkedIn, Xing, Facebook, Pinterest, Instagram, etc.) have led to our website. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (https://tools.google.com/dlpage/gaoptout?hl=de ). You can prevent the collection by Google Analytics by clicking on the following link.

Transfer to third countries

The data is transferred to a Google server in the USA and stored there. The personal data is transmitted on the basis of Article 46 and/or Article 49(1)(a) GDPR.

Duration of data storage

Data sent by us and linked to cookies, user IDs (e.g. User ID) or advertising IDs are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

Right of Revocation and objection

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser Add-on.

If you have only agreed to technically necessary cookies in the cookie banner (see point 4), a separate revocation for Google Analytics is not necessary.

Contractual or legal obligation

The provision of personal data is not required by law or contract and is not necessary for the conclusion of a contract. You are also not obliged to provide the personal data. However, failure to provide it may mean that you are unable to use this function of our website or cannot use it to its full extent.

Further data protection information via link

Further information on terms of use and data protection can be found at

https://policies.google.com/?hl=de&gl=del

https://policies.google.com/privacy?hl=de&gl=de

13.2 Google AdWords (Google Ads) and Conversion Tracking

Description and purpose

In order to draw attention to our current projects and developments, planned activities and services, we place Google AdWords ads and use Google Conversion Tracking as part of this. Google AdWords (Google Ads) is a service of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). These ads are displayed after searches on websites in the Google advertising network. We have the ability to combine our ads with specific search terms. We also use AdWords remarketing lists for search ads. This enables us to adapt search ad campaigns for users who have visited our website before. Through the services, we have the ability to combine our ads with specific search terms or to serve ads to previous visitors, for example, advertising services that visitors have viewed on our site. For interest-based offers, an analysis of online user behaviour is necessary. Google uses cookies to perform this analysis. When clicking on an advertisement or visiting our website, Google sets a cookie on the user’s computer. This information is used in order to be able to address the visitor specifically in a subsequent search query. Further information on the cookie technology used can also be found in Google’s notes on website statistics and in the data protection regulations. With the help of this technology, Google and we as customers receive information that a user has clicked on an advertisement and has been redirected to our websites to contact us via the contact form. Google and we as a customer also use Google’s redirection numbers to obtain information about when a user clicks on one of our phone numbers on the internet and contacts us by phone. The information obtained in this way is used exclusively for statistical evaluation for ad optimization. We do not receive any information that can be used to identify visitors personally. The statistics provided to us by Google include the total number of users who clicked on one of our ads and, if applicable, whether they were redirected to a page on our website that has a conversion tag. These statistics enable us to see which search terms lead to the most frequent clicks on our ads and which ads lead to the user contacting us via the contact form or by phone. With regard to telephone contact by interested parties or customers, the statistics provided by Google include start time, end time, status (missed or received), duration (seconds), area code of the caller, telephone costs and call type.

Legal basis

The legal basis for use is the norm of Article 6(1)(a) GDPR in conjunction with Article 49(1)(a) GDPR.

Recipient

The recipient is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. We have concluded a contract with Google for the use of Google Analytics for order processing (see Article 28 GDPR). Google processes the data on our behalf in order to evaluate your use of the website, to compile reports on website activities for us and to provide us with further services related to website and internet use. Google may transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Through the integration of Google Analytics, we pursue the purpose of analysing the user behaviour on our website and to be able to react to it. This enables us to continuously improve our offer. Within the scope of order processing, Google is entitled to engage subcontractors. You can find a list of these subcontractors at https://privacy.google.com/businesses/subprocessors/.

Duration of processing

Contractual or legal obligation and consequences

Further data protection information

You can find more detailed data protection information from Google at

www.google.com/policies/privacy/

Information regarding Google’s privacy settings can be found at

https://privacy.google.com/take-control.html?categories_activeEl=sign-in

13.3 Integration of Google Tag Manager

Description and purpose

On this website the Google Tag Manager is used. The Google Tag Manager is a solution from Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA), which enables companies to manage website tags through a single interface. Google Tag Manager is a cookie-less domain that does not collect any personal information. The Google Tag Manager triggers other tags that may collect data. We herewith point this out separately. The Google Tag Manager does not access this data. If deactivation has been made by the user at the domain or cookie level, this deactivation remains in effect for all tracking tags implemented with Google Tag Manager. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage for the website operator. Google uses pseudonyms for this purpose. The IP address transmitted by your browser in the context of Google Analytics is not combined with other data from Google. You can find more information about the Google Tag Manager at: https://www.google.com/intl/tagmanager/

Legal basis

The personal data are transmitted on the basis of Article 46 and Article 49(1)(a) GDPR.

Recipient

The data is usually transferred to a Google server in the USA and stored there.

Transmission to third countries

The personal data are transmitted on the basis of Article 46 and Article 49(1)(a) GDPR.

Duration of data storage

Contractual or legal obligation

Further data protection information via link

Further information on terms of use and data protection can be found at

https://policies.google.com/?hl=de&gl=del

https://policies.google.com/privacy?hl=de&gl=de

14. Duration of storage of personal data

Personal data is stored for the duration of the respective legal retention period. After expiry of the period, the data is routinely deleted, unless there is a need to otherwise in order to initiate or fulfil a contract.

15. Career (Training & Vacancies)

By submitting their application to us, applicants agree to the processing of their data for the purposes of the application procedure in accordance with the type and scope described in this data protection declaration. Insofar as special categories of personal data within the meaning of Article 9(1) GDPR are voluntarily communicated in the context of the application procedure, their processing is additionally carried out in accordance with Article 9(2)(b) GDPR (e.g. health data, such as severely disabled status or ethnic origin).

Insofar as special categories of personal data within the meaning of Article 9(1) GDPR are requested from applicants in the course of the application procedure, their processing is also carried out in accordance with Article 9(2)(a) GDPR (e.g. health data if this is necessary for the exercise of the profession). If provided, applicants can send us their applications by means of an online form on our website. The data will be encrypted and transmitted to us according to the state of the art. Applicants can also send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves. We can therefore not take any responsibility for the transmission path of the application between the sender and the receipt on our server and therefore recommend rather to use an online form or the postal dispatch. This is because instead of applying via the online form and e-mail, applicants still have the option of sending us their application by post.

The data provided by the applicants can be processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a job offer is not successful, the applicants’ data will be deleted. The applicants’ data will also be deleted if an application is withdrawn, which the applicants are entitled to do at any time.

Subject to a justified revocation by the applicants, the data will be deleted after a period of six months so that we can answer any follow-up questions regarding the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any travel expense reimbursement will be archived in accordance with tax law requirements.

16. Security

We have taken extensive technical and operational precautions to protect your data from accidental or deliberate manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress. In addition, we guarantee data protection on an ongoing basis by constantly auditing and optimizing our data protection organization.

16.1 DE-Sync

The De-Sync e-mail service provides encryption for file exchange.

The De-Sync Mail service sends and receives encrypted data containers and thus secures the data traffic between sender and recipient device along the entire transport route on the internet by means of a communication password (synchronous encryption) agreed exclusively between the two De-Sync users. From the agreed communication passwords, a 32-character key is generated on the users’ end devices, which is then used to encrypt and decrypt the data on the devices using 256-bit AES.

The password must be entered once on the same calendar day by both users. No one except the two communication partner devices has access to the keys, not even RMO. Therefore, De-Sync explicitly does not cache and decrypt data for the purpose of checking for viruses or similar, as is sometimes the case with other systems.

Within the scope of the De-Sync service, the storage of the data containers to be transferred and collected is required on a De-Sync server. These are kept for a maximum of 10 days for retrieval and are deleted from the server after retrieval by the user’s terminal device or by time lapse and are not stored further.

The De-Sync server is operated in a data centre in Germany and administered by De-Sync itself; the allocation of the data stored at De-Sync is solely based on the data collected during the registration at RA-MICRO Online (RMO). The authentication of authorized users is based on the respective, internal RMO data. The verification is realized via a web service that is implemented on the RMO web server. There is no further storage of personal data. Due to the nature of the De-Sync service, all user data is stored on the De-Sync server exclusively in encrypted form. Since the passwords for the encryption of the data are unknown to De-Sync due to the system, a decryption of the data on the De-Sync server is practically impossible. Furthermore, the login and data transfer from and to the De-Sync service and from and to the RMO server is SSL/TLS encrypted. The RMO server as well as the De-Sync server is operated in a data centre in Germany. The ISO 27001 certified information security management system of the provider guarantees data security and a perfect compliance with data protection. This includes availability, confidentiality, integrity, authenticity and physical protection of data. On the De-Sync server, no independent processing of the stored data by De-Sync takes place. They are only kept there for the retrieval of users authenticated and authorized by RMO.

This privacy policy was created on 30.09.2019 by Nils Möllers. RA-MICRO Software AG reserves all rights to make changes and updates to this privacy policy.