When processing personal data, we comply with the provisions of the General Data Protection Regulation (GDPR) and, as applicable, with the provisions of other relevant statutory provisions of national legislation on data protection, e.g. in Germany the Federal Data Protection Act (BDSG), and any other legislation, e.g. in Germany the Unfair Competition Act (UWG).
We use binding contractual agreements to protect sensitive non-personal data, e.g. data about products (development status, design data, functional samples, simulation results), which you entrust to us as a customer in the context of the services we offer in the form of support, advice and/or commissioned calculation. Our obligations arising from these agreements extend considerably further than the obligations arising from the statutory provisions (in Germany, for example, from the Act to Protect Business Secrets - GeschGehG).
1. PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
The controllers within the meaning of the GDPR observe the standard principles for processing of personal data set out in Art. 5(1) GDPR. These are lawfulness, fairness, transparency, limitation of purpose, data minimization, correctness, limitation of storage, integrity and confidentiality.
Within the framework of a comprehensive data protection management system, the controllers have put in place the technical and organizational prerequisites that allow demonstration of compliance with these principles, as described in Art. 5(2) GDPR (accountability obligation).
2. NAME AND CONTACT DETAILS OF THE CONTROLLER
The controllers within the meaning of the GDPR are the following legally independent companies of the CADFEM Group.
CADFEM International GmbH
Am Schammacher Feld 37
85567 Grafing near Munich
Phone: +49 (0)8092-7005-97
3. CONTACT DETAILS OF THE DATA PROTECTION OFFICER
You can contact our data protection officer at
Phone: +49 8092-7005-10
4. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
Your personal data will only be processed by us if you have consented to its processing for the relevant purpose (Art. 6(1) sentence 1 point (a) GDPR), if processing is necessary for the execution of a contract or for the implementation of pre-contractual measures (Art. 6(1) sentence 1 point (b) GDPR), if we have an overriding interest in its processing (Art. 6(1) sentence 1 point (f) GDPR) or if the GDPR or another law permits or prescribes its processing (Art. 6(1) sentence 1 point (c) GDPR).
5. TARGET GROUP
Personal data of minors (under the age of 16) will not be knowingly collected by us or used in any form. As a rule, we do not know the age of visitors to our website. However, we have not taken any specific measures to protect such data. Persons under the age of 16 may not submit personal data without the explicit consent of their parents or guardians.
6. SOURCES, TYPES AND PURPOSES OF PERSONAL DATA PROCESSED BY US
We process personal data that we receive directly from you from the sources listed below.
A) OUR WEBSITE
I) DATA PROCESSING ON OUR WEBSITES
a) Collection of access data and log files
When you access our website, we process data about your access to the server on which we provide our site. Server log files are created in the process. The information stored includes the names of the web pages and files accessed, the date and time of access, the volume of data transferred, confirmation of successful access, the browser type you are using including its version, the operating system you are using, the so-called referrer URL (this is the website you visited before accessing our website and from which you followed a link to our web service), your IP address and the provider through which our website was accessed. The purpose of processing your personal data in this case is to ensure the security of our website. The legal basis for processing your personal data is our legitimate interest in pursuing this purpose, Art. 6(1) sentence 1 point (f) GDPR. Server log files relating to you are stored for a maximum of seven days and deleted thereafter, unless longer storage is required for evidential purposes.
c) Data transfers to a country outside the European Economic Area
If you have given your consent, your personal data may be transmitted to servers of a third-party provider (e.g. Google, LinkedIn, etc.) whose servers are located in the USA or another third country (i.e. a country outside the European Economic Area (EEA)). We would like to point out that the level of data protection in the USA and other third countries is not comparable to the EU. You are therefore at risk of access to this data by a government agency. This risk may also exist with regard to other third countries. The admissibility of these data transfers to the USA and other affected third countries is based on your express consent, which you have given after being informed of the risks, pursuant to Art. 49(1) sentence 1 point (a) GDPR.
d) Google Analytics
We use Google Analytics in our web services. This is a web analytics service provided by Google LLC (“Google”). The responsible service provider in the EU and Switzerland is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called cookies. These are text files that are stored on your computer and that allow an analysis of the use of our web services by you. The data generated by the cookies about your use of our web services is transmitted to a Google server and stored there. The IP address you use when visiting our web services is only stored in anonymous form (via an irreversible truncation of the IP address).
Data is only collected and stored by Google Analytics if you have given your permission for the corresponding cookie class in the cookie consent banner.
You can also prevent collection of the data generated by the cookies of Google Analytics and related to your use of our web services (including your IP address) and processing of that data by Google Analytics by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout.You can also prevent collection by Google Analytics by clicking on the following link. Your objection will then be implemented by an opt-out cookie, which prevents future collection of your data when using the current browser to visit our web services: disable collection of data by Google Analytics for this website.Data is only collected and stored by Google Analytics if you have given your permission for the corresponding cookie class in the cookie consent banner. Your personal data is transferred to the USA, where the level of data protection is not comparable to the EU. You are therefore at risk of access to this data by a government agency.
The legal basis for data processing is Art. 6(1) sentence 1 point (a) GDPR in conjunction with Art. 49(1) sentence 1 point (a) GDPR.
e) Google Ads
We use the online advertising system Google Ads of Google LLC. (“Google”). The responsible service provider in the EU and Switzerland is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). We use so-called conversion tracking in this connection and so-called remarketing in connection with Google Analytics (see above).
Data is only collected and stored by Google Ads if you have given your permission for the corresponding cookie class in the cookie consent banner.
The legal basis for data processing is Art. 6(1) sentence 1 point (a) GDPR in conjunction with Art. 49(1) sentence 1 point (a) GDPR.
Data is only collected and stored by Google Maps if you have given your permission for the corresponding cookie class in the cookie consent banner.
II) ONLINE PRESENCE ON SOCIAL MEDIA
We maintain online presences on social networks and platforms, in particular Facebook, Twitter, YouTube, LinkedIn and Xing, in order to communicate with customers and potential and existing users who are active there and to inform them about our services. When accessing these networks and platforms, the terms and conditions and data processing regulations of the respective provider apply. We would like to point out that you use our pages and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. posting, sharing, rating).
When you visit our online presence, the operators of the respective social networks and platforms record your IP address and other information that is available on your PC in the form of cookies. The data collected about you in this context is processed by the respective social networks and platforms and, if necessary, transferred to countries outside the European Union, where the level of data protection is not comparable to the EU. You are therefore at risk of access to this data by a government agency. We have no control over the type and extent of the data processed, the type of processing or the use or transmission of the data to third parties. We also have no effective control options in this respect. The information collected is also used to provide us, as the operator, with statistical information about the use of our respective online presence.
Detailed information about data processing by the operators of the social networks and platforms can be found in their data usage guidelines.
The guidelines of Meta (formerly Facebook) Ireland Ltd. can be found at https://facebook.com/privacy/explanation/.
The guidelines of Twitter, Inc. can be found at https://twitter.com/en/privacy
The guidelines of the LinkedIn Ireland Unlimited Company (“LinkedIn Ireland”) can be found at https://www.linkedin.com/legal/privacy-policy
The guidelines for the use of Xing can be found in the data protection declaration of New Work SE, at https://privacy.xing.com/en.
III) VIDEO PLATFORMS VIMEO AND YOUTUBE
We offer you the opportunity to watch videos on our website. For this we use the services of the video platforms Vimeo and YouTube. The platform Vimeo is operated by the company Vimeo, LLC with its headquarters at 555 West 18th Street, New York, New York 10011, USA. The platform YouTube is operated by the company YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, which has been a subsidiary of Google, LLC since 2006. When you access a video on our website, a connection to the servers oft he respective platform is established and the plugin required for viewing the video is displayed. In addition, various cookies are downloaded to your hardware from servers of the respective platform. Among other things, the respective platform is able to determine which of our web pages you have visited. If you have an account with the respective platform and are logged into it, the platform assigns this information to your account. In this case, the platform will also assign the fact that you are actually watching a video to your account.
Your personal data may be transferred to the USA, where the level of data protection is not comparable to the EU. You are therefore at risk of access to this data by a government agency.
The legal basis for data processing is your consent pursuant to Art. 6(1) sentence 1 point (a) GDPR in conjunction with Art. 49(1) sentence 1 point (a) GDPR. In particular, we use a so-called two-click solution, in which cookies of the platforms are not set immediately when the page containing them is called up, but only after a second click, with which you declare your consent to the data transfer. You have the option at any time to revoke your consent in the settings of the cookie banner.
Data is only collected and stored by YouTube and Vimeo if you have given your permission for the corresponding cookie class in the cookie consent banner.
B) CONTACTING US BY E-MAIL, WEB FORMULAR AND TELEPHONE
If you contact us by phone or by e-mail, the personal data you transmit to us (telephone number/e-mail address) is used to process your inquiry and respond to it. The legal grounds for this is the consent you have given in accordance with Art. 6(1) sentence 1 point (a) GDPR and, insofar as you request pre-contractual measures to be taken, also Art. 6(1) sentence 1 point (b) GDPR. Your personal data will be stored in a customer relationship management system (“CRM system”), specifying the date of entry, purpose of use and legal basis. When your inquiry has been dealt with, we will delete your personal data, provided that no further contractual relationship exists with you and that further storage is not required under Art. 17(3) GDPR.
C) PARTICIPATION IN CUSTOMER SATISFACTION SURVEYS
Participation in our customer satisfaction surveys is voluntary. If you participate in such surveys, your personal data will be processed on the basis of the information provided by you in accordance with Art. 6(1) sentence 1 point (a) GDPR. Your personal data will be stored in a customer relationship management system (“CRM system”), specifying the date of entry, purpose of use and legal basis.
D) REGISTRATION FOR CADFEM EVENTS
If you provide us with your personal data for the purpose of registering for events held by us (e.g. seminars, CADFEM ANSYS Simulation Conference, webinars, OpenHouse, etc.), it is processed for the purpose of running the event in question and thus for the fulfillment of contractual obligations (Art. 6(1) sentence 1 point (b) GDPR). For this purpose, your personal data will be stored in a customer relationship management system (“CRM system”), specifying the date of entry, purpose of use and legal basis.
7. RECIPIENTS AND CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Apart from the management and system administrators, only those employees who need personal data to fulfill the purpose of processing are given access to personal data. External persons only have access to the personal data they need to support us in the execution of the business relationship. These include employees of companies in the categories of printing services, shipping services and telecommunications as well as suppliers, especially licensors of purchased software products.
8. DURATION OF STORAGE AND CRITERIA FOR DETERMINING THAT DURATION
We store personal data for as long as is necessary to fulfill business relationships and the contractual and legal obligations resulting from them. Personal data that is no longer required to fulfill business relationships is deleted at regular intervals. We check the data that we have stored every four years to determine whether it is still needed.
We are subject to the retention requirements of commercial and tax law. The period of retention for personal data covered by this is usually ten years.
We would also like to point out that, for example, the rules on limitation periods set out in Sections 195 et seq. of the German Civil Code (BGB) provide for a normal limitation period of 3 years, which begins at the end of the year in which the claim arose. In addition, special limitation periods can be up to 30 years and thus, in individual cases, lead to a correspondingly longer period of retention.
9. YOUR RIGHTS AS A DATA SUBJECT
Data subjects have the right to request confirmation from the controller as to whether personal data concerning them is being processed; if this is the case, they have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR.
Data subjects have the right to demand from the controller the rectification of inaccurate personal data concerning them and, if necessary, the completion of incomplete personal data without undue delay (Art. 16 GDPR).
Data subjects have the right to demand from the controller that personal data concerning them be erased immediately if one of the reasons listed in detail in Article 17 of the GDPR applies, e.g. if the data is no longer needed for the purposes pursued (right to deletion).
Data subjects have the right to request the controller to restrict processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if the data subject has objected to the processing, for the duration of consideration of the case by the controller.
Data subjects have the right to be informed of the recipients of their personal data. The controller shall inform all recipients of any correction or erasure of personal data or restriction of processing in accordance with Articles 16, 17(1) and 18 of the GDPR, unless this proves impossible or involves disproportionate effort (Art. 19 GDPR).
Data subjects have the right to obtain the personal data concerning them which they have supplied to a controller in a structured, commonly-used and machine-readable format. Furthermore, they have the right, if technically feasible, to arrange for the transfer of that data to another controller (Art. 20 GDPR).
Data subjects have the right to object to the processing of personal data concerning them at any time, for reasons relating to their particular situation. The controller will then no longer process the personal data, unless it can prove compelling, legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims (Art. 21 GDPR).
Without prejudice to any other administrative or judicial remedy, all data subjects have the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data concerning them infringes the GDPR (Art. 77 GDPR). Data subjects may exercise this right with a supervisory authority in the Member State of their place of residence, their place of work or the place of the alleged infringement.
The responsible supervisory authority for Bavaria is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany, postal address: P.O. Box 1349, 91504 Ansbach, Germany, telephone: +49 (0) 981 180093-0, fax: +49 (0) 981 180093-800, e-mail: firstname.lastname@example.org.
10. CHANGE OF PURPOSE
According to Art. 6(4) GDPR, the processing of your personal data for a purpose other than that for which the personal data was collected is permissible, subject to certain strict limits, even without your consent. We do not exercise this right. If the use of your personal data for a purpose other than that for which it was collected is not justified by a legal basis other than Art. 6(4) GDPR, we will obtain your express consent before changing the purpose and will only use your data for other purposes on the basis of such consent.