Data protection is a particularly important topic at our company. In the following, we will inform you about the collection of personal data when using our website. Personal data is all data related to you personally, such as name, address, e-mail addresses or user behavior. We have put in place extensive technical and operational safeguards to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. We regularly review our security measures and adapt them to technological progress.
1 Responsible party for data processing
Responsible party pursuant to Art. 4 (7) EU General Data Protection Regulation (GDPR) is
|
ALLPLAN GmbH Konrad-Zuse-Platz 1 81829 München Deutschland E-Mail: info@allplan.com |
and |
ALLPLAN Deutschland GmbH Konrad-Zuse-Platz 1 81829 München Deutschland E-Mail: info.de@allplan.com |
In the conduct of business, it is essential that data is also regularly exchanged between ALLPLAN's subsidiaries and business operations in order to promote intra-group cooperation and use resources effectively. For this reason, central processes are not limited to the area of a single group company, but also extend to other group companies and benefit from the processes established and resources available there. The ALLPLAN companies therefore cooperate in many areas and act in the data protection sense as so-called jointly responsible parties for this website as indicated above.
Information on the essential content of the contract due to joint responsibility:
In order to ensure the security of processing and the effective assertion of your rights, and against the above background, the member companies have concluded a contract as joint controllers within the meaning of Art. 26 in conjunction with Art. 4 No. 7 DSGVO. This contract regulates the following points in particular:
- Subject matter, purpose, means and scope as well as the competences and responsibilities regarding data processing.
- Information of the data subjects
- Fulfillment of the other rights of the data subjects
- Security of the processing
- Involvement of data processors
- Procedure in the event of data protection violations
- Other joint and mutual obligations
- Cooperation with supervisory authorities
- Liability
2 Get in touch with our data protection officer
Please contact our data protection officer at datenschutzbeauftragter@allplan.com or our postal address by adding “data protection officer”.
3 General data collection when accessing our website
If you use the website for informational purposes only, i.e., if you do not register or otherwise transmit information to us (e.g., via a contact form), we collect the following technical information (log file data):
|
Data |
Purpose of processing |
Duration of storage |
|
Operating system used |
Evaluation by devices in order to ensure an optimized display of the website |
The data is deleted in log files for the purpose of operating the website and to protect against misuse in accordance with our security regulations, generally after 30 days |
|
Information about the type of browser and the version used |
Evaluation of the browser used in order to optimize our websites for this purpose |
|
|
The Internet service provider of the user |
Evaluation of the Internet service provider |
|
|
IP address |
Display of the website on the respective device |
|
|
Date and time of access |
Ensuring the proper operation of the website |
|
|
If necessary, manufacturer and type designation of the smartphone, tablet or other end device |
Evaluation of device manufacturers and types of mobile devices for statistical purposes |
|
|
Name of accessed site |
Ensuring proper operation of the website |
|
|
Referrer URL (source URL from which you came to the website) |
Ensuring proper operation of the website |
We collect this data for technical reasons to display our website to you and to ensure stability and security. We (and our hosting service providers) are generally not aware of who is behind an IP address. We do not merge the above data with any other data.
The legal basis is the legitimate interest pursuant to Art. 6 (1) s. 1 lit. f GDPR. Within the framework of the balancing of interests pursuant to Art. 6 (1) lit. f GDPR, we have considered and weighed our interest in providing and your interest in processing your personal data in accordance with data protection. Since the following data is technically necessary for us to provide you with our service and to ensure stability and security, in particular to protect from misuse, we have to process this data – while ensuring data security in line with the state of the art – taking due account of your interest in processing in line with data protection requirements. If the processing is based on another legal basis (e.g. consent according to Art. 6 (1) lit. a GDPR), this will be shown accordingly.
4 Legal basis of our data processing
The processing of personal data may be based on various legal grounds. If we need your data to honor a contract with you or to respond to inquiries from you regarding a contract, the legal basis for this data processing is Art. 6 (1) s. 1 lit. b GDPR.
If we obtain your consent for certain data processing, the legal basis is Art. 6 (1). s. 1 lit. a GDPR. We carry out some data processing on the basis of our legitimate interest, always weighing your interests worthy of protection against our legitimate interests. The legal basis is Art. 6 (1) lit. f GDPR. Insofar as the processing is necessary for the fulfillment of a legal obligation to which we are subject, the legal basis is Art. 6 (1) s. 1 lit. c GDPR.
We explain below how we process personal data via our website.
5 Registration
Before you can purchase from our store, you must first register with us and create a customer account.
For the registration we use the so-called double-opt-in procedure. This means that after you have entered your e-mail address, we will send you a confirmation e-mail to the e-mail address you have entered, in which we ask you to confirm your registration. If you do not confirm this within 24 hours, your registration will be automatically deleted from the database. Upon confirmation, we will store your data for the storage period indicated in the table. The storage also takes place for participation in the ALLPLAN Community with which you also have the possibility to use our services (Allplan Share, Allplan Exchange, Allplan Connect, Allplan Campus, Allplan Bimplus) with an account. Once you have registered, you will receive personal, password-protected access and can view and manage the data you have stored.
Furthermore, we store the time of registration when you register. The purpose of this procedure is to provide evidence of your registration as part of our accountability obligations and, if necessary, to be able to clarify any possible misuse of your personal data. Due to the fulfillment of the accountability obligation, we have a legitimate interest in accordance with Art. 6 (1) lit. f DSGVO in processing the data of the double-opt-in procedure.
For the registration we collect and store the following personal data from you:
|
Data |
Purpose of processing |
Legal basis of processing |
Storage period |
|
E-mail address and username |
Creation of the customer account |
Legitimate interest / contract execution |
Until the termination of the customer account term |
|
Password |
Creation of the customer account |
Legitimate interest / contract execution |
Until the termination of the customer account term |
|
IP address at login |
Proof of Double-Opt-In |
Legitimate interest |
3 years after termination of customer relationship |
|
Time of registration |
Proof of Double-Opt-In |
Legitimate interest |
3 years after termination of customer relationship |
|
IP address at DOI |
Proof of Double-Opt-In |
Legitimate interest |
3 years after termination of customer relationship |
|
Time of DOI verification |
Proof of Double-Opt-In |
Legitimate interest |
3 years after termination of customer relationship |
|
Customer number |
Assignment in case of already existing contractual relationship |
Legitimate interest / contract execution |
Until the end of the tax statutory limitation periods (10 years after the end of the contractual relationship) |
|
Salutation |
Direct approach within the scope of the contractual relationship |
Legitimate interest / contract execution |
Until the end of the tax statutory limitation periods (10 years after the end of the contractual relationship) |
|
First Name |
Direct approach within the scope of the contractual relationship / invoicing |
Legitimate interest / contract execution |
Until the end of the tax statutory limitation periods (10 years after the end of the contractual relationship) |
|
Last Name |
Direct approach within the scope of the contractual relationship / invoicing |
Legitimate interest / contract execution |
Until the end of the tax statutory limitation periods (10 years after the end of the contractual relationship) |
|
Company |
Invoicing |
Legitimate interest |
Until the end of the tax statutory limitation periods (10 years after the end of the contractual relationship) |
|
Phone |
Contract execution (customer support) |
Legitimate interest / contract execution |
After the end of the contractual relationship |
|
Language |
Control of language settings |
Legitimate interest / contract execution |
After the end of the contractual relationship |
|
Country |
Conclusion and execution of contract |
Legitimate interest / contract execution |
Until the end of the tax statutory limitation periods (10 years after the end of the contractual relationship) |
|
Address |
Invoicing |
Legitimate interest / contract execution |
Until the end of the tax statutory limitation periods (10 years after the end of the contractual relationship) |
Necessary personal data is marked as mandatory in the respective registration form, additional information is voluntary.
You can delete your customer account at any time. Upon deletion of the account, all personal data that is not subject to a legal obligation to retain data or to article 17 (3) DSGVO will be anonymized.
6 Cookies
Our website uses cookies. Cookies are files that are placed on your computer by a website you visit and allow your browser to be reassigned. Cookies transmit information to the entity that sets the cookie. Cookies can store various information, such as your language setting, the duration of your visit to our website or the entries you have made there. This ensures, for example, that you do not have to re-enter required form data each time you use it. The information stored in cookies can also be used to identify preferences and target content according to areas of interest.
There are different types of cookies: Session cookies are sets of data that are only temporarily held in memory and are deleted when you close your browser. Permanent or persistent cookies are automatically deleted after a predefined duration, which may differ depending on the cookie. With this type of cookies, the information can also be stored on your computer in text files. You can, however, also delete these cookies at any time via your browser settings.
First-party cookies are set by the website you are currently visiting. Only this website is allowed to read information from these cookies. Third-party cookies are set by organizations that are not operators of the website you are visiting. These cookies are used by marketing companies, for example.
The legal basis for possible processing of personal data by means of cookies and their storage period may vary. If you have given us your consent, the legal basis is Art. 6 (1) s. 1 lit. a GDPR. Insofar as the data processing is based on our overriding legitimate interests, the legal basis is Art. 6 (1) s. 1 lit. f GDPR. The stated purpose then corresponds to our legitimate interest.
We use cookies to ensure the proper operation of the website, to provide basic functionality, to measure reach and, with your consent, to tailor our services to preferred areas of interest.
You can delete cookies already stored on your mobile device at any time. If you want to prevent cookies from being stored, you can do so via the settings in your Internet browser. You can find instructions for popular browsers here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile. Alternatively, you can also install so-called ad blockers. Please note that individual functions of our website may not work if you have disabled the use of cookies.
When accessing our website, all users of our website are also informed by an information banner about our use of cookies and referred to this privacy policy. Here, as a user, you will also be asked for your consent to the use of certain cookies, in particular those relevant for the personalization of services and for marketing measures. Once you have given your consent, you can revoke it at any time with future effect by calling up the cookie administration via the icon (fingerprint) in the bottom left-hand corner of each page and unchecking the box next to processing to which you had consented. In the cookie manager you can also find more information about the cookies we use.
6.1 Usercentrics
We use the Usercentrics service to manage consent on our website. Usercentrics is software produced by Usercentrics GmbH, Rosental 4, 80331 Munich, Germany.
Usercentrics identifies the language used by your browser. They set a cookie to check whether you have already made a selection in our consent tool on a previous visit to our website. This cookie is necessary because it allows the website to recognize whether you have consented to tracking or not. Usercentrics also creates a log file in order to be able to prove that consent has been given. This file contains the IP address in anonymized form, information about the browser that was used, data about the scope of consent, and the date and time of the visit.
The legal basis for the processing is our legitimate interest pursuant to Art. 6 (1) s. 1 lit. f GDPR.
The purpose of data processing is a user-friendly and legally compliant design of our website. We want to make it as easy as possible for you to give or withdraw consent and to increase the transparency of data processing using cookies, pixels, tags or similar on our website. Our legitimate interest also lies in the purpose of processing data.
The cookie containing your consent or refusal to use cookies is stored on your device for one year. Consent data (consent given and consent revoked) will be retained for three years.
Cookies are stored on the user’s computer and transmitted from it to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings of your Internet browser, you can disable or restrict the transfer of cookies. You can delete cookies that have already been saved at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
6.2 Website analysis
To analyze and optimize our websites, we use various services described below. We use these services to analyze how many users visit our site, what information is most in demand, or how users find an offer. We also record data on which Internet page a user came to our website from (so-called referrer), which sub-pages of the Internet page were accessed or how often and for how long a sub-page was viewed. This helps us to design our offers in a user-friendly way, to find errors and to improve our offers.
6.2.1 Matomo
On our website, we use the open source web analytics software Matomo, a software of “InnoCraft Ltd”, a company located at 150 Willis St, 6011 Wellington, New Zealand. Since InnoCraft is located outside the EU, InnoCraft has appointed a representative in the EU (privacy@innocraft.com). The software is operated exclusively from our own servers.
They use cookies, to analyze the use of the website. For this purpose, the usage information collected in the cookie (including your shortened IP address) is transmitted to our server and stored for usage analysis purposes. Matomo does not transmit data to servers that are outside of our control. Your IP address is immediately anonymized during this process, so that you as a user are not identifiable to us. We do not share the information we collect about your use of this website with third parties. We use the collected data for statistical analysis of user behavior for the purpose of optimizing the functionality and stability of the website and for marketing purposes. Our interest in and purpose of data processing is to optimize our website, to adapt the content and to improve our offer. The user's interests are sufficiently protected by making the data anonymous.
We store the analysis data only as long as necessary for data processing purposes, but no longer than 14 months.
The legal basis for the described data processing is our legitimate interest pursuant to Art. 6 (1) s. 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time with future effect by changing your selection in the cookie settings (see section 5 Cookies above). Alternatively, you can delete your cookies (all or only from this website). You will then see the banner with the options again.
6.2.2 Google Analytics (Universal Analytics)
This website uses Google Analytics, a web analysis service of Google LLC, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The responsible entity for users in the EU/ EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. The use includes running Universal Analytics. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thereby analyze a user's activities across devices.
Google Analytics uses cookies that enable an analysis of your use of the website. The information about your use of this website created by the cookie is usually transmitted to a server of Google in the US and saved there. However, due to the activation of IP anonymization on this website, your IP address will be shortened by Google within Member States of the European Union or in other states party to the Agreement on the European Economic Area. The complete IP address is transmitted to a server of Google in the US and shortened there only in exceptional cases.
Insofar as data is processed outside the EU/ EEA, we have concluded the standard data protection clauses adopted by the EU Commission in accordance with Art. 46 GDPR with the service provider in order to establish a secure level of data protection; these clauses permit the transfer of personal data to a third country in individual cases.
The IP address that is transmitted by your browser within the frame of Google Analytics is not combined with other data of Google. On behalf of the operator of this website, Google will use such information for analyzing your use of the website, for compiling reports about the website activities and for rendering additional services that are related to the website use and internet use toward the website operator.
The data sent by us and linked to cookies or user IDs (e.g. user ID) are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.
The legal basis for the described data processing is our legitimate interest pursuant to Art. 6 (1) s. 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time with future effect by changing your selection in the cookie settings (see section 5 Cookies above). Alternatively, you can delete your cookies (all or only from this website). You will then see the banner with the options again.
For more information on the terms of use of Google Analytics and on data protection at Google, please visit https://marketingplatform.google.com/about/analytics/terms/us/ or https://policies.google.com/?hl=en.
6.2.3 Google Analytics 4
If you have given your consent, this website also uses Google Analytics 4, a web analytics service provided by Google LLC. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Google Analytics 4 uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.
In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be truncated by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
During your website visit, your user behavior is recorded in the form of "events". Events can be:
- Page views
- First visit to the website
- Start of session
- Your "click path", interaction with the website
- Scrolls (whenever a user scrolls to the bottom of the page (90%))
- clicks on external links
- internal search queries
- interaction with videos
- seen / clicked ads
Also recorded:
- Your approximate location (region)
- your IP address (in shortened form)
- technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- your internet service provider
- the referrer URL (via which website/advertising medium you came to this website)
On behalf of ALLPLAN, Google will use this information for the purpose of evaluating your anonymous use of the website and compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.
Recipients of the data are/may be
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 DSGVO).
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be ruled out that US authorities access the data stored by Google.
Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. If applicable, you are not entitled to any legal remedies against access by authorities.
The data sent by us and linked to cookies will be automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month.
The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit. a DSGVO. Once you have given your consent, you can revoke it at any time with future effect by changing your selection in the tracking settings (see above, under Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options will then be displayed again.
Alternatively, you can prevent cookies from being stored in the first place by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict functionality on this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google, by
- Not giving your consent to the setting of the cookie or
- downloading (HERE) and installing the browser add-on to disable Google Analytics.
For more information on Google Analytics' terms of use and Google's privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de.
7 Google Tag Manager
For transparency reasons, we would like to point out that we use the Google Tag Manager of the provider Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager itself does not collect any personal data. Google Tag Manager makes it easy for us to integrate and manage our tags. Tags are small pieces of code used to measure traffic and visitor behavior, track the impact of online advertising and social channels, set up remarketing and audience targeting, and test and optimize websites, among other things. We use the Tag Manager for the Google Analytics service. If you have disabled it, this disabling will be taken into account by Google Tag Manager. For more information on Google Tag Manager, please see: https://www.google.com/intl/de/tagmanager/use-policy.html
8 Data transfer
Your personal data will not be transferred to third parties for purposes other than those listed.
We will only share your personal information with third parties if:
- you have given your express consent to this,
- the disclosure is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
- there is a legal obligation for the disclosure, and
- this is legally permissible and necessary for the processing of contractual relationships with you.
External service providers and partner companies receive your data only to the extent necessary to process your order. In these cases, however, the scope of the data transmitted is limited to the minimum required. Insofar as our service providers come into contact with your personal data, we ensure within the framework of commissioned processing pursuant to Art. 28 DSGVO that they comply with the provisions of the data protection laws in the same manner. Please also note the respective privacy notices of the providers. The respective service provider is responsible for the content of third-party services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness.
We consider it important to process your data within the EU/ EEA. However, we may sometimes use service providers who process data outside the EU/ EEA. In these cases, we ensure that an adequate level of data protection is established at the recipient before transferring your personal data. This means that via EU standard contracts or an adequacy decision of the European Commission, a level of data protection is achieved that is comparable to the standards within the EU.
In the event of data transfer outside the European Union, the high European level of data protection does generally not exist. In the case of a transfer, it may be that there is currently no adequacy decision by the EU Commission within the meaning of Article 45 (1), (3) GDPR. This means that the EU Commission has not yet positively determined that the country-specific level of data protection corresponds to the level of data protection in the European Union based on the GDPR; therefore, we have put in place the aforementioned appropriate guarantees.
Possible risks that may not be completely excluded in connection with the transfer of data include, in particular:
- Your personal data could possibly be processed beyond the actual purpose.
- In addition, there is the possibility that you may not be able to assert and enforce your rights under data protection law, such as your right to information, correction, deletion or data portability, in the long term.
- There may also be a higher probability that incorrect data processing may occur, and that the protection of personal data does not fully comply with the requirements of the GDPR in terms of quantity and quality.
9 Data security
Your personal data is transferred securely at ALLPLAN using encryption. This applies to all form processes (including registration, login, ordering). ALLPLAN uses the SSL/TLS (Secure Socket Layer/Transport Layer Security) coding system. It is true that no one can guarantee absolute protection. However, ALLPLAN secures its website and other systems against loss, destruction, access, modification or distribution of your data by unauthorized persons by means of technical and organizational measures. We regularly review our security measures and adapt them to technological progress.
10 Your rights
You have the following rights with respect to us regarding personal data concerning you:
10.1 Basic permissions
You have a right to information, correction, deletion, restriction of processing, objection to processing and data portability. Insofar as processing is based on your consent, you have the right to revoke this consent with effect for the future.
To exercise your rights, please contact us by e-mail at datenschutzbeauftragter@allplan.com or by mail at ALLPLAN Deutschland GmbH, Konrad-Zuse-Platz 1, 81829 Munich, Germany. The exercise of your rights described in this point is free of charge for you.
10.2 Rights in data processing according to the legitimate interest
Pursuant to Article 21 (1) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) s. 1 lit. e GDPR (data processing in the public interest) or on the basis of Article 6 (1) s.1 lit. f GDPR (data processing for the purposes of safeguarding a legitimate interest); this also applies to profiling based on this provision. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
10.3 Rights in case of direct advertising
If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing pursuant to Art. 21 (2) DSGVO; this also applies to profiling, insofar as it is associated with such direct advertising.
In the event of your objection to processing for the purpose of direct advertising, we will no longer process your personal data for these purposes.
10.4 Right to complain to a supervisory authority
Without prejudice to these rights and the possibility of seeking any other administrative or judicial remedy, you may at any time exercise your right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection law (Article 77 GDPR).
11 Links to other websites
Our websites may contain links to websites of other providers. We would like to point out that this information on data protection applies exclusively to the website www.allplan.com. We have no influence on and do not control that other providers comply with the applicable data protection regulations.
12 Changes to the privacy policy
We reserve the right to change or adapt this information on data protection at any time in compliance with the applicable data protection regulations.
As of 01/10/2022