I. Name and address of the controller
Controller for the purposes of the General Data Protection Regulation (GDPR – Datenschutz Grundverordnung), other national data protection laws of member states of the European Union and other provisions related to data regulations is:
Iterative Daten Modellierung Jens Buttler
II. General information on data processing
1. Scope of the processing of personal data
In principle, we only collect and use personal data of our users insofar as this is necessary to provide a functional website and / or to provide our content and services. The collection and use of personal data of our users takes place (generally) only with the consent of the user. An exception applies in those cases in which prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.
By using the website, you declare that you agree to the conditions of these policies for the protection of personal data.
2. Processing of data and information in our services / web applications
In our cloud services / web applications we process the user and content data of the service / web application. The user data of cloud services and web applications is totally separated from the registered users of our website and is only contained and used in your instance of the service / web application.
The content data is created / maintained in the service / web application. It consists of:
- Configuration data of the data model (metadata like iterations and business objects),
- The data of the individual configured business objects
- Uploaded/Downloaded files, like attachments or Import and Export files
This data is needed to
- ensure only authorized users can access your service / web application,
- to deliver / process the content of the service / web application.
By using the services / web applications, you declare that you agree to the conditions of these policies for the protection of the user and content data.
3. Legal basis for the processing of personal data
If we obtain the consent of the data subject to process personal data; Article 6 (1) (a) of the General Data Protection Regulation of the EU (GDPR) serves as the legal basis.
When processing personal data that is required to fulfil a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
If the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the first-mentioned interests, Art. 6 (1) (f) GDPR serves as the legal basis for processing.
4. Deletion and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this is provided by European or national legislators in Union regulations, laws or other regulations to which the controller is subject to. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data in order to conclude or fulfil a contract.
The content-related data of our services / web-applications will be deleted according to the general terms and conditions after the service contract expires.
5. Security of your data
Your personal and content-related data made available to us are secured by technical and organizational measures in such a way that they are inaccessible to unauthorized third parties. However, we would like to point out that data transmission over the Internet (e.g. Email) can generally have security gaps. A complete protection of the data against access by third parties is not possible. When sending very sensitive data or information, it is advisable to use postal services, as complete data security cannot be guaranteed by Email.
II. Provision of the website and creation of log files
Our website / services are hosted by external providers (Cloud Providers). This means that the data is processed on servers of external providers.
1. Description and scope of data processing
Our website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. The following data can be collected:
- the browser type and version used,
- the operating system of the user,
- the internet service provider of the user,
- the IP address of the user,
- the date and time of access,
- websites from which the user’s system reached our website
- websites that are accessed by the user’s system via our website
- the website from which an accessing system reaches our website (so-called referrers),
This data is not stored together with other personal data of the user. A transfer to third parties, for commercial or non-commercial purposes, does not take place.
2. Data processing for the purpose of contract processing
In the execution of the contract, only personal data is collected and stored that is necessary for the provision of services and the processing of the contractual relationship with you, including the payment process. This data is:
- First and last name
- Date of birth
- Telephone number
- Email address
- Products / Cloud Services / Other services ordered
- Bank details, provided you have given us permission to direct debit
- Connection data when ordering, in particular the IP address used
- Time and duration of the order
3. Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 (1) (f) GDPR.
4. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s device. To do this, the user’s IP address must be saved for the duration of the session. The storage in log files takes place in order to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
Our legitimate interest in data processing in accordance with Art. 6 (1) (f) GDPR lies in these purposes.
5. Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. Further storage is possible. In this case, the IP addresses of the users will be deleted or anonymized so that an assignment to the calling client is no longer possible. If the storage purpose no longer applies or a prescribed storage period expires, the personal data will be blocked or deleted in accordance with the statutory provisions.
6. Options to object and for removal
The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Therefore there is no possibility for the user to object.
1. Description and scope of data processing
The following data is stored and transmitted in the cookies:
- Log-in information (both homepage / web shop and cloud services / web applications)
- Article in the shopping cart (homepage / web shop)
- Reference on selected data records (cloud services / web applications)
2. Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) (f) GDPR.
3. Purpose of data processing
We need cookies in the following cases:
- Shopping cart (homepage / web shop)
- Checkout (homepage / web shop)
- My Account (homepage / web shop)
- Ensure authorized access (cloud services / web applications)
- Open records in new views, e.g. in a new tab / window (services / web applications)
The user data collected by technically necessary cookies is not used to create user profiles.
Our legitimate interest in the processing this data in accordance with 6 (1) (f) GDPR lies in these purposes.
4. Duration of storage, Options to object and for removal
The transmission of Flash cookies cannot be prevented via the settings of the browser, but by changing the settings of the Flash Player.
IV. Registration (homepage / web shop)
1. Description and scope of data processing
On our website (homepage / shop) we offer users the opportunity to register by providing personal data. The data is entered in an input mask and transmitted to us and stored. A transfer of data to third parties does not take place. The following data is collected during the registration process:
- User Name
- Email address
- First and last name
- Company name (optional)
- Telephone number (optional)
At the time of registration, the following data is also stored:
- The user’s IP address
- Date and time of registration
As part of the registration process, the user’s consent to the processing of this data is obtained.
2. Legal basis for data processing
If the user has given his / her consent, the legal basis for processing the data is Article 6 (1) (a) GDPR.
If the registration serves to fulfil a contract to which the user is a party or to carry out pre-contractual measures, the additional legal basis for the processing of the data is Article 6 (1) (b) GDPR.
3. Purpose of data processing
The registration of the user is necessary for the availability of certain content and services on our website (homepage / web shop). Orders placed by the user can only be viewed on our website if the order has been placed by a registered user. Otherwise, only a confirmation will be sent by email. Orders can therefore be completed with or without registration.
The IP address of the user and the date and time of registration are saved on registration. This serves to prevent misuse of the services.
4. Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
This is the case when the data is no longer required for the registration process (to fulfil a contract) or to carry out pre-contractual measures. Even after the contract has been concluded, it may be necessary to store personal data of the contractual partner in order to meet contractual or legal obligations.
5. Options to object and for removal
As a user, you can cancel your registration at any time. You can have the data stored about you changed at any time. To delete a registration contact the controller (e.g. by Email). To change your data, please log in to the website and change your data via your account (“My Account”). Alternatively, you can also inform the controller about the changes (e.g. by Email).
If the data is required to fulfil a contract or to carry out pre-contractual measures, deletion of the data is only possible if there are no contractual or legal obligations to prevent deletion.
V. Rights of the data subject
If your personal data is processed, you are affected within the meaning of the GDPR and you have the following rights against the controller:
1. Right of confirmation and access
You can request confirmation from the controller whether personal data relating to you is being processed by us or not. If such processing has taken place, you can request the following information from the controller:
- the purposes for which the personal data is processed;
- the categories of personal data processed;
- the recipients or the categories of recipients to whom the personal data relating to you have been disclosed or will be disclosed;
- the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
- the existence of a right to rectification or deletion of your personal data, a right to restrict processing by the controller or a right to object to this processing;
- the right to submit a complaint with a supervisory authority;
- all available information about the origin of the data if the personal data is not collected from the data subject;
- the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information about whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees according to Art. 46 GDPR in connection with the transmission.
2. Right to rectification
You have the right of rectification and / or completion against the controller, if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without undue delay.
3. Right to restriction of processing
Under the following conditions, you can request that the processing of your personal data should be restricted:
- if you dispute the accuracy (of the personal data concerning you) for a period that enables the controller to check the accuracy of the personal data;
- The processing is unlawful and the data subject rejects the deletion of the personal data and requests instead the restriction of the data use instead.
- the controller no longer needs the personal data for the purposes of processing, but you need them to establish, exercise or defend legal claims, or
- If you have lodged an objection to the processing in accordance with Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.
If the processing of your personal data has been restricted, this data – apart from its storage – may only be used with your consent or to establish, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest processed by the Union or a Member State. If the processing restriction has been restricted according to the above conditions, you will be informed by the controller before the restriction is cancelled.
4. Right to deletion
a) Obligation to delete
You can request the controller to delete the personal data concerning you immediately, and the controller is obliged to delete this data without undue delay if one of the following reasons applies:
- The personal data relating to you is no longer necessary for the purposes for which it was collected or otherwise processed.
- You revoke your consent on which the processing was based according to Article 6 (1) (a) or Article 9 (2) (a) GDPR and there is no other legal basis for the processing.
- You object to the processing according to Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing according to Art. 21 (2) GDPR.
- The personal data concerning you have been processed unlawfully.
- The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the member states to which the controller is subject to.
- The personal data relating to you was collected in relation to the information society services offered in accordance with Art. 8 (1) GDPR.
b) Information to third parties
If the controller has made the personal data concerning you public and is obliged to delete them in accordance with Art. 17 (1) GDPR, he shall take appropriate measures taking into account the available technology and the implementation costs, to inform other controllers (processing the personal data that should be deleted) that you (the data subject) have requested to delete all links to this personal data and / or copies or replications of this personal data.
The right to deletion does not exist if processing is necessary
- to exercise the right to freedom of expression and information;
- to fulfil a legal obligation that requires processing under the law of the Union or the Member States to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been transferred to the controller;
- for reasons of public interest in the area of public health in accordance with Article 9 (2) (h) and (i) and Article 9 (3) 3 GDPR;
- For archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR, insofar as the right mentioned under section a) is likely to make the realization of the objectives of this processing impossible or prevents them, or
- To establish, exercise or defend of legal claims.
5. Right to be informed
If you have asserted the right to rectification, deletion or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or deletion of the data or restriction of processing, unless this turns out to be impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the controller.
6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, if
- The processing is based on consent in accordance with Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract in accordance with Art. 6 (1) (b) GDPR and
- The processing is carried out using automated procedures.
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another controller, insofar as this is technically feasible. This must not adversely affect the freedoms and rights of others.
The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task that is in the public interest or takes place in the exercise of official authority that has been transferred to the controller.
7. Right to object
You have the right, for reasons that arise from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these policies.
The controller will no longer process the personal data relating to you, unless he can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.
If personal data concerning you is processed in order to operate direct marketing, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is connected to such direct advertising.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58 / EC, you have the option, in connection with the use of information society services, to exercise your right of objection by means of automated procedures in which technical specifications are used.
8. Right to withdraw data protection consent
You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawing your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of revocation.
9. Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which has legal effect on you or which significantly affects you in a similar manner. This does not apply if the decision
- is necessary for the conclusion or performance of a contract between you and the controller,
- is permissible on the basis of legal provisions of the Union or the member states to which the controller is subject and these legal provisions contain appropriate measures to safeguard your rights and freedoms as well as your legitimate interests or
- is made with your express consent.
However, these decisions may not be based on special categories of personal data according to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
With regard to the cases mentioned in 1. and 3., the controller shall take appropriate measures to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express the controllers own point of view and contest the decision.
10. Right to lodge a complaint with a supervisory authority
If you are of the opinion that the processing of your personal data violates the GDPR, then you have the right to lodge a complaint (regardless to any other administrative or legal remedy) with a supervisory authority; in particular in the member state of your place of residence, your place of work or the place of the alleged violation.
The supervisory authority to which the complaint was submitted informs the complainant of the status and the results of the complaint, including the possibility of a legal remedy according to Art. 78 GDPR.
VI. Objection to unsolicited sending of advertisements
The use of the contact data published in the legal notice for sending unsolicited advertisements and information materials is hereby rejected. The operators of this website expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.
VII. Changes to the privacy policies
We will update these privacy policies from time to time to protect your personal data. You should review these privacy policies from time to time to stay up to date on how we protect your data and continuously improve the content of our website. Should we make significant changes in the collection, use and / or disclosure of the personal data you have provided to us, we will make you aware of this by means of a clearly visible notice on the website.