Data Protection Declaration

 

Valid as of 1 October 2018

 

1 Principles

Our data protection declaration affords you an overview of the nature, scope and purpose of the personal data processed by i-ROM GmbH and your rights to the protection of your data.

In processing your personal data, we comply with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other legal provisions (such as the German Act Against Unfair Competition [UWG]).

i-ROM GmbH does not sell or lease your data. We disclose your data to third parties only within the narrow limits described in this declaration.

Concerning the protection of sensitive non-personal data, such as information regarding your products (design data, state of development, functional models, simulation results) entrusted to us by you as our client for the services we offer (support, consulting, order calculation), we will undertake to maintain confidentiality in a separate agreement.

Which data we process and for which purposes is very individual and depends on the contracts you sign with us. For this reason, not all portions of this data protection declaration will apply in the same manner to you.

2 Questions for the data protection officer

If you have questions regarding data protection, please send us an email or make direct contact with the person in our organisation responsible for data protection using the following contact details:

The data protection declaration applies to data processing by

3 Your rights as a data subject

By contacting our data protection officer using the contact details above, you may exercise the following rights at any time:

• acquisition of information regarding your data stored with us and its processing,
• rectification of incorrect personal data,
• erasure of your data stored with us,
• restriction of data processing if we are not yet allowed to delete your data due to legal obligations,
• objection to our processing of your data and
• data portability if you have consented to the data processing or have concluded a contract with us.

If you have given your consent, you may revoke it with effect for the future.

You can file a complaint with your competent supervisory authority at any time. Your competent supervisory authority is determined by the federal state where you reside, where you work or where the alleged violation occurred. A list of supervisory authorities (for the non-public sector) with addresses can be found at

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

The data protection officer for Saxony may be contacted at:

4 Purposes of data processing by i-ROM and by third parties

We process your personal data for the following purposes:

• to provide our products, service and support
• to offer consulting and training services
• to process your service orders
• to organise seminars, trade fairs and other events
• for authentication in the context of licence management
• to manage and improve our products and services as well as our website
• to conduct customer-satisfaction surveys
• to inform you about new products, updates, seminars, etc. (newsletter)
• to provide you with important information regarding contracts, version upgrades and other notifications regarding the products you use
• to process job applications
• to implement our contracts and claims and
• to fulfil our legal or regulatory obligations.

Third parties only process the personal data you share with us to a limited extent

• as web- and system-infrastructure providers
• as providers of business services (such as payment processing)
• as partners or distributors
• as organisers or service providers of online or telephone conferences, web seminars and training

Whenever we disclose personal information to third parties, we commit the recipient to protecting the received data in accordance with legal requirements.

There is no disclosure of your personal information to third parties for purposes other than those described above.

5 Legal basis for the processing of personal data

i-ROM GmbH will only process personal data if

• you have given your express consent for this to occur,
• the processing is necessary for the execution of a contract with you,
• the processing is required to fulfil a legal obligation (this includes, in particular, compliance with export restrictions and compliance with legal trade and tax regulations) or
• the processing is required to safeguard legitimate interests and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data.

6 Sources of processed personal data

We process personal data that we gather directly from you (see Points 6.1 and 6.2) or from publicly accessible sources (such as Internet or press sources) in a legitimate manner.

If we collect data relevant to you but not directly from you, we will notify you of this within a reasonable time, and at the latest within one month. If we use your personal data when communicating with you, we notify you no later than the time of our initial contact with you.

6.1 Email, telephone and post

If you contact us by email, telephone or post, we assume that you consent to the use of your personal data. We use the personal data you share with us (name, company, telephone number / email address / postal address) to process your request, and we store it in our customer relationship management (CRM) system together with the date of entry, intended use and legal basis.

After answering the request, we will erase your personal data unless a further contractual relationship is initiated or already exists and the erasure is not contrary to Section 17, Para. 3 of the General Data Protection Regulation (GDPR). Please see Point 3.

6.2 Website with our online offers and contact forms

6.2.1 Acquisition of general information when visiting our website

When you access our website, we process your access data on our server. In the process, so-called “server log files” are created that contain the following information:

• names of the web pages and files accessed
• date and time of access
• amount of data transferred
• browser type and version used
• operating system used
• referrer URL
• your IP address and provider

This information is technically necessary to display the web pages correctly and is mandatory when using the Internet. In particular, it is used for the following purposes:

• to ensure problem-free establishment of a connection to the website,
• to ensure problem-free use of our website,
• to assess system security and stability.

The processing of your personal data is based on our legitimate interest in data collection arising from the purposes listed above. We do not use your data to identify you personally. Only the controller and, where appropriate, the processors will receive the data.

We evaluate anonymous information of this kind statistically in order to optimise our website and the technology behind it.

The server logs that affect you are stored for a maximum of seven days and then erased unless longer storage is required for evidential purposes.

6.2.2 Cookies

Like many other websites, we also use so-called “cookies”. Cookies are small text files that are downloaded to your computer and saved in your browser. These make it easier for you to navigate and make it possible to display our web pages correctly and make the website more secure.

The cookies we use are automatically deleted when you leave our website. They contain no viruses and do not damage your computer.

If you do not want cookies to be processed, click here.

6.2.3 Use of Google Analytics

We use Google Analytics on our web pages. This is a web analytics service of Google Inc. (hereinafter “Google”). Google Analytics uses cookies, which are text files stored on your computer that make it possible to analyse the use of our website.

The information generated by the cookies about your use of this website is generally sent to a Google server in the United States and stored there. In the process, the IP address you used when visiting our website is stored only in anonymised form – i.e., using an irreversibly truncated IP address.

You can block the capture of data by Google cookies (including your IP address) and the processing of the data by Google Analytics by downloading and installing a browser plug-in available at the following link: Use of Google Analytics http://tools.google.com/dlpage/gaoptout?hl=en.

6.2.4 Newsletter

Our website gives you the option of signing up to receive our newsletter. If you consent to receipt of our newsletter, we will use your email address and any names you have chosen to provide when we send the newsletter to you. This information is stored in our customer relationship management system together with date of entry and purpose. We evaluate your use of the newsletter in order to send you information on our products and services that meet your needs. You can revoke your consent to receive future issues of the newsletter at any time. You can find the link for this purpose at the end of each newsletter. Withdrawal of consent will result in the erasure of the user data stored. Please see Point 3 of this declaration.

6.2.5 Contact form

Our website gives you a variety of options for contacting us directly with questions or orders (such as a request for a test version). Personal data is collected when you contact us in this way. By using the contact form, you give your consent to the processing of your personal data.

The personal data help us to assign your enquiry and the subsequent response. Additional data you provide is necessary, among other things, to determine whether you are operating in a business environment or performing an educational task. The information you provide will be stored in our customer relationship management (CRM) system together with entry date and purpose so that we can process your request. After we have dealt with your request, your personal information will be erased unless needed to fulfil contractual obligations or for pre-contractual measures.

If your data are processed for the purpose of direct-marketing purposes based on your consent, you can revoke this consent at any time with effect for the future. Your revocation will result in your data being erased. Please see Point 3 of this declaration.

6.3 Purchase of products, ordering of services, registration for events

Your personal data will be collected when you purchase products, order services or register for events. The personal data will be processed for the purpose of executing the respective contracts and thus meeting contractual obligations.

When programs are installed (for testing purposes or after concluding a software license agreement), the following information will be collected:

• Operating system and edition
• Administrator’s name, email and contact details
• User’s name, email and contact details
• Information about the computer where the program is to be installed

The collection and use of these data are essential for the respective contract to become effective and to be executed. Data related to the computer, user or administrator will be deleted once the contractual relationship has ended and no tax or legal requirements prevent such deletion.

7 Recipients of personal data within i-ROM GmbH

Your personal data will be stored in our customer relationship management (CRM) system together with details of the permissible use and the legal basis of the processing. Besides system administrators and company executives, only those employees who need access to achieve the intended purpose will have access.

Third-party access is granted only in a few exceptional cases. Third-party access is also limited to only that personal information that they need to support us in conducting the business relationship (such as for telecommunications).

8 Transfer of data to third countries

We will transmit your personal data to places outside the European Union (so-called “third countries”) in the following cases:

• The transfer is necessary for the execution of contracts we have concluded with you;
• The transfer is necessary to comply with export regulations or prevent the violation of export regulations (such as US export regulations).

We will obtain your explicit consent before disclosing the data.

9 Duration and criteria for data storage

We will store your personal data for as long as necessary to conduct our business relationships and fulfilment of resulting contractual and statutory obligations.

Personal information no longer needed to conduct business relationships will be deleted at regular intervals. We review personal data every three years to determine whether they are still needed.

i-ROM GmbH is subject to the commercial and tax regulations in Germany. The standard retention period for commercial- and tax-law matters, and thus for the personal data related to them, is ten years.

Furthermore, the rules regarding limitation periods in accordance with Section 195 et seq. of the German Civil Code must be observed. The standard limitation period in such matters is three years beginning at the end of the year in which the claim arose. Additionally, special limitation periods can last up to 30 years and can lead to a very long retention period in certain cases.

10 Data security

We use state-of-the-art SSL-over-HTTPS encryption procedures to protect the security of your data during transmission.

11 Deletion and blocking of data

We adhere to the principles of data avoidance and data minimisation. We therefore retain your personal data only for as long as required to achieve the purposes described here or as stipulated by the various retention periods specified by the legislator. Once the respective purpose has ceased to exist or these periods have expired, the corresponding data will be routinely blocked or deleted in accordance with the legal provisions.

12 Obligation to provide data

We require our customers to provide the personal data necessary for concluding, executing or terminating contracts.

Our customers have the further obligation to provide us with the personal data we are legally required to collect. Please note that we offer products that may be subject to export restrictions. We are therefore obliged to check the identity of our customers as needed to avoid any violation of export restrictions.

We will be unable to enter into a business relationship with potential customers who fail to make the required data available to us.

13 Changes to our privacy policy

We reserve the right to make changes to this data protection declaration so that it always corresponds to the current legal requirements, or in order to implement changes in our services in the data protection declaration, such as when introducing new services. The new data protection declaration shall then apply the next time you visit.