Datenschutzerklärung

 

This privacy policy clarifies the nature, purpose and scope of the processing of personal data ("data") within our company and on our websites. This also includes all associated websites, functions and content such as our Facebook page.

 

Who is responsible for data protection?

Responsible for compliance with data protection is

pointslook GmbH

Market place 44

88400 Biberach

Represented by Axel Fischer

E-mail address: axel.fischer@pointslook.com

Our data protection officer ensures compliance with data protection regulations in all our products and services. You can reach him at datenschutz@pointslook.com.

 

What data is processed?

We process the following data from you inventory data such as

  • Name and address, company structure, contact person
  • Contact data such as e-mail addresses, telephone numbers, skype addresses, etc.
  • Content data such as text entries, photographs, videos, screenshots.
  • Usage data such as websites visited, products purchased, pages and products rated or commented on, access times
  • Contract data such as subject matter of the contract or duration
  • Payment information such as bank details or payment histories
  • Product information such as software and hardware used
  • Meta and communication data such as IP addresses, provider IDs, device information

This data is so-called "personal data", i.e. information that relates to an identified or identifiable natural person. A person is identifiable if they can be identified directly or indirectly - e.g. via an assignment to an identifier such as a name or a cookie.

The processing of this data is understood to mean an (automated) process carried out with this data. The term is very broad and includes practically any handling of the data.

 

Who is affected by data processing?

  • All visitors and users of our online services
  • Individuals and companies who contact us by telephone, email, messaging services or other contact systems
  • Users who use our products as a cloud service via a third-party system

The group of persons described is referred to below as "users".

 

What is the purpose of data processing?

  • Provision of our online services, the functions and content contained therein
  • Answering contact enquiries and communicating with users
  • Processing of customer projects
  • Provision of our software in our cloud and hosting environment
  • Security measures for the secure operation of our online services and the online services of our customers
  • Optimisation of our product range
  • Advising our customers on how to optimise their business activities
  • Reach measurement and marketing

 

What security measures are taken to protect data?

We store all personal data taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing. This includes both technical measures, e.g. by always storing confidential data in encrypted or coded form, and organisational measures. These include, in particular, access restrictions to all personal data.

Data that is generated as part of our product and project support is physically separated. This includes all MAIA (eCommerce) instances operated by us (on-premise and cloud versions) as well as shop-on-target accounts. The mixing of personal data between the individual instances is therefore technically and organisationally impossible.

We already take the protection of personal data into account during the development and selection of hardware and software as well as when establishing new processes, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).

 

Is data passed on to third parties?

We sometimes pass on personal data to third parties. This is done exclusively on the basis of legal authorisation:

  • The data transfer is necessary for the fulfilment of the contract (e.g. with payment service providers)
  • You have consented to the data transfer
  • There is a legal obligation to pass on data
  • We have a legitimate interest in data transfer (e.g. for hosting)

If we commission third parties to process data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR.

If a third country - i.e. a country outside the European Union (e.g. the USA) - receives personal data from us or processes it on our behalf, this is also only done in the cases described above. To this end, we ensure that the requirements pursuant to Art. 44 et seq. GDPR are fulfilled. For example, special guarantees must be in place, such as the officially recognised determination of a level of data protection corresponding to the EU (in the USA this would be the "Privacy Shield") or officially recognised special contractual obligations (so-called "standard contractual clauses").

 

How long is the data stored?

Once the contract has been fully processed, the data is initially stored for the duration of the warranty period, then in accordance with statutory retention periods, in particular under tax and commercial law, and then deleted after this period has expired, unless you have consented to further processing and use. The check for deletion takes place every three years.

 

What rights do data subjects have?

If the legal requirements are met, you have the following rights in accordance with Art. 15 to 20 GDPR

  • Right of access,
  • to rectification,
  • to erasure,
  • to restriction of processing,
  • to data portability.

You also have the right to object to processing based on Art. 6 (1) f GDPR and to processing for the purposes of direct marketing in accordance with Art. 21 (1) GDPR.

If you wish, please contact us at datenschutz@repalogic.com.

If you are of the opinion that the processing of your personal data is not lawful, you have the right to lodge a complaint with the supervisory authority in accordance with Art. 77 GDPR.

 

What data is processed by customers?

We process the data of our customers in a customer account. This data includes

  • Inventory data such as name and address, company structure, contact person
  • Contact data such as e-mail addresses, telephone numbers, skype addresses, etc.
  • Content data such as text entries, photographs, videos, screenshots.
  • Usage data such as software and hardware products used and purchased, pages and products rated or commented on, software functions used
  • Contract data such as subject matter of the contract or duration
  • Payment information such as bank details or payment histories
  • Product information such as software and hardware used
  • Meta and communication data, e.g. in the context of analysing and measuring the success of development or marketing measures.
  • We do not process special categories such as health data.
  • The following are affected by the processing
  • Customers
  • Interested parties
  • Other business partners such as suppliers

Data is stored for the purpose of providing contractual services, billing, delivery, conceptual and strategic consulting, customer service, data analysis, training services, server administration and process optimisation.

In order to optimise our business activities, we analyse the data on business transactions, contracts and enquiries available to us in the customer account. The analyses are used for internal market research, business evaluations and marketing. We also use the analyses to increase user-friendliness and optimise our offering.

The customer data is also used to provide the customer with customised offers that appear relevant based on the previous business relationship. The e-mail addresses available in the customer account are therefore used for direct advertising.

Processing is carried out on the basis of Art. 6 (1) lit. a (voluntary information), b (data required for contract fulfilment), c (data required for archiving) and f (analysis, statistics, optimisation, security measures). If data has been provided voluntarily and is not required for contract fulfilment or archiving, you can withdraw your consent at any time by notifying us without affecting the lawfulness of processing based on consent before its withdrawal.

As part of the administrative tasks within our company (e.g. financial accounting), we transmit personal data to the tax authorities, consultants such as tax advisors and auditors as well as other fee centres and payment service providers.

No further forwarding of personal data or the resulting analysis results takes place unless the results have been anonymised and summarised. If analyses or profiles are personal, they are deleted or anonymised when the user gives notice, otherwise after two years from the conclusion of the contract. Otherwise, the overall business analyses and general trend determinations are created anonymously where possible.

We delete the data after the expiry of all statutory warranty and comparable obligations and the cancellation of all contractual services. The deletion obligation is reviewed every 3 years.

 

What data is processed as part of a contractual service?

For the purposes of this privacy policy, we define contractual services as all agency and hosting services for the creation and operation of an eCommerce platform for our customers. Additional personal data may be collected in this context. In addition to the customers or interested parties themselves, their customers, users, website visitors or employees are particularly affected. The data is physically stored separately in special customer environments that are only accessible to authorised persons.

The following data is processed:

  • Inventory data such as name and address, company structure, contact persons
  • Contact data such as e-mail addresses, telephone numbers, skype addresses, etc.
  • Content data such as text entries, photographs, videos, screenshots.
  • Usage data such as pages visited, products purchased, products rated (unless anonymised)
  • Contract data such as subject matter of the contract or duration
  • Payment information such as bank details or payment histories
  • Meta and communication data, e.g. in the context of analysing and measuring the success of development or marketing measures.
  • We do not process special categories, such as health data, unless explicitly instructed to do so.

This data is processed as part of our contractual services for conceptual and strategic consulting, campaign planning and implementation, software and design selection and development, server administration, data analysis, for training purposes and to support our customers.

Processing is based on Art. 6 (1) lit. b GDPR (contractual services), Art. 6 (1) lit. f GDPR (analysis, statistics, optimisation, security measures). We only process data that is required to justify and fulfil the contractual services. Data will only be passed on to third parties if necessary. When processing the data provided to us as part of an order, we act in accordance with the instructions of the client and the legal requirements of order processing in accordance with Art. 28 GDPR and do not process the data for any purposes other than those specified in the order.

The contract data is stored as part of the customer account. The necessity of storing the data is reviewed every three years. In the case of data disclosed to us by the client as part of an order, we delete the data in accordance with the specifications of the order, generally after the end of the order.

 

What data is processed during an application?

We only process applicant data for the purpose of and as part of an application process. For this purpose, the user provides us with personal data such as name, address, addresses and documents relating to the application electronically.

The processing is carried out on the basis of Art. 6 (1) lit. 1 GDPR. If the user voluntarily transmits special categories such as ethnic origin, the processing is based on Art. 9 (2) lit. b GDPR. However, the user should refrain from transmitting this data because it is irrelevant for the application process.

Applicants can send us their applications by email. Please note, however, that emails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves.

In the event of a successful application, the personal data provided will be processed by us for the purpose of the employment relationship. Otherwise, the applicant's data will be deleted. This also applies if the applicant withdraws the application.

Unless otherwise requested by the applicant, the data will be deleted after a period of six months so that we can answer any follow-up questions about the application and fulfil our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax law requirements.

 

What data is stored when accessing the online offers?

You can use our websites without providing any personal details. However, usage data is transmitted by your internet browser and stored in log files each time you access a page. This includes the page accessed, the date and the time of access. We also store the IP address of the access and associated provider information.

The data is processed on the basis of Art. 6 (1) lit. f GDPR in order to be able to take appropriate measures against hacking attacks. For example, we regularly and automatically check page access for known hacking patterns (including so-called SQL injection attacks).

The log files are automatically deleted after 7 days. Data whose further retention is required for evidence purposes is excluded from deletion until the respective incident has been finally clarified.

 

What happens to the data from the contact forms?

When you use our contact forms, only the personal data that you have filled out in the contact form is transmitted. This personal data is sent to us by email and stored in your email inbox. The data processing is therefore exclusively for the purpose of making contact. By sending your message, you consent to the processing of this data (Art. 6 (1) lit. a GDPR).

You can withdraw your consent at any time by sending us a message without affecting the lawfulness of processing based on consent before its withdrawal. We will only use your e-mail address to process your enquiry. Your data will then be deleted unless you have consented to further processing and use.

 

What happens when you register?

Users can register on our websites. A customer account is created for the user. Only mandatory information is requested as part of the registration process. In addition to the user's name and e-mail address, this also includes their date of birth. This date is used to generate a new password in the event of a forgotten password. The date of birth protects against misuse of this function.

Users can be informed about information relevant to the customer account - e.g. new product versions - by e-mail. If users have cancelled their customer account, their data relating to the user account will be deleted, subject to a statutory retention obligation. It is the responsibility of users to back up their data before the end of the contract in the event of cancellation. We are authorised to irretrievably delete all user data stored during the term of the contract.

As part of the use of our registration and login functions and the use of the user account, we store the IP address and the time of the respective user action. This data is stored on the basis of our legitimate interests as well as those of the user in protection against misuse and other unauthorised use. This data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 para. 1 lit. c GDPR. The IP addresses are anonymised or deleted after 7 days at the latest.

 

How is the order processed?

When you place an order, we collect and use your personal data to the extent necessary to fulfil and process the order. The collection and storage is necessary in order to fulfil your order.

Data processing is carried out on the basis of Art. 6 (2) GDPR. Failure to provide the data means that the contract cannot be fulfilled.

The data will not be passed on to third parties. The only exceptions to this are our service partners that we require to fulfil the contractual relationship or service providers that we use as part of order processing. In addition to the recipients named in the respective clauses of this privacy policy, these are, for example, recipients of the following categories Shipping service providers, payment service bar and service providers for order processing. In all cases, we strictly observe the legal requirements. The scope of data transmission is limited to a minimum.

The data is stored as part of the customer account. The deletion periods can be found in the corresponding section.

 

What data is processed when I leave a comment?

When you comment on an article, a contribution, a product or an order, we only collect your personal data (name, e-mail address, comment text, rating) to the extent that you provide it. If you are logged in with your customer account, the comment will be linked to the customer account.

When your comment is published, the name you provide will be published unless you have chosen to publish it anonymously.

The purpose of processing is to enable comments to be made and to display comments. By submitting the comment, you consent to the processing of the transmitted data.

The processing is carried out on the basis of Art. 6 (1) lit. a GDPR with your consent. We reserve the right to process the user's details for spam detection on the basis of our legitimate interests in accordance with Art. 6 (1) lit. f GDPR.

You can revoke your consent at any time by notifying us without affecting the legality of the processing carried out on the basis of the consent until revocation. Your personal data will then be deleted. If you do not withdraw your consent, the data will be stored permanently.

We use the Gravatar service of Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA, within our online offerings for commenting. Users can register with this service and add a profile picture to their email address. This profile picture is used in the comments. For this purpose, it is necessary to send the transmitted e-mail address to Gravatar. The transmission is encrypted.

Gravatar is used on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f) GDPR, as we use Gravatar to offer post and comment authors the opportunity to personalise their posts with a profile picture.

By displaying the images, Gravatar learns the IP address of the user, as this is necessary for communication between a browser and an online service. Further information on the collection and use of data by Gravatar can be found in Automattic's privacy policy: https://automattic.com/privacy/.

If users do not want a user image linked to their email address at Gravatar to appear in the comments, they should use an email address that is not stored at Gravatar to comment. Users can completely prevent the transfer of data by not using our commenting system.

 

When are cookies used?

Our online presence uses various cookies. These are small text files that are stored in the user's internet browser. Among other things, order information, user information (for automatic login) and tracking information are stored in the cookies in order to be able to recognise you between individual page views (e.g. as part of an order). Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognised even after a page change.

We also use cookies on our website to enable us to analyse the surfing behaviour of our website visitors.

Furthermore, we use cookies for the purpose of subsequently addressing site visitors on other websites with targeted, interest-based advertising.

The processing is carried out on the basis of Section 15 (3) TMG and Art. 6 (1) lit. f GDPR from the legitimate interest in the above-mentioned purposes.

The data collected from you in this way is pseudonymised by technical precautions. It is therefore no longer possible to assign the data to your person. The data will not be stored together with your other personal data.

You have the right to object to this processing based on Art. 6 (1) f GDPR at any time for reasons arising from your particular situation. Use the technical settings of your internet browser to do this. Cookies that have already been saved can be deleted at any time. However, we would like to point out that you may then not be able to use all the functions of this website to their full extent.

Browser-specific information on the use of cookies can be found under the following links

Chrome browser: https://support.google.com/accounts/answer/61416?hl=de

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

 

What data does Google Analytics process?

We use the web analysis service Google Analytics from Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") on our website. The purpose of data processing is to analyse this website and its visitors. For this purpose, Google will use the information obtained on behalf of the operator of this website to analyse your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

The analysis with Google Analytics requires cookies. The information generated by the analysis is usually stored on servers in the USA. An anonymous transmission of your IP address is stored.

The processing is carried out on the basis of Art. 6 (1) lit. f GDPR from the legitimate interest in the needs-based and targeted design of the website. You have the right to object to this processing at any time. You can prevent the storage of cookies by selecting the appropriate technical settings in your browser software; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link [https://tools.google.com/dlpage/gaoptout?hl=de]. To prevent Google Analytics from collecting data across all devices, you can set an opt-out cookie. Opt-out cookies prevent the future collection of your data when you visit this website. You must opt out on all systems and devices used for this to be fully effective. If you click here, the opt-out cookie will be set: Deactivate Google Analytics.

You can find more information on terms of use and data protection at https://www.google.com/analytics/terms/de.html or at https://www.google.de/intl/de/policies/.

 

What data is processed by the remarketing or 'similar target groups' function of Google Inc

We use the remarketing or 'similar target groups' function of Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") on our website. This function serves the purpose of analysing visitor behaviour and visitor interests. For this purpose, Google uses cookies to record visits to the website and anonymised data on the use of the website. No personal data of visitors to the website is stored. If you subsequently visit another website in the Google Display Network, you will be shown adverts that are highly likely to take into account previously accessed product and information areas. Your data may also be transmitted to the USA.

Processing is carried out on the basis of Art. 6 (1) lit. f GDPR for the legitimate interest of targeting visitors to the website with advertising by displaying personalised, interest-based advertisements to visitors to the provider's website when they visit other websites in the Google Display Network.

You have the right to object to this processing at any time. You can permanently deactivate the use of cookies by Google by following the link below and downloading and installing the plug-in provided there: https://support.google.com/ads/answer/7395996?hl=de

Alternatively, you can deactivate the use of cookies by third-party providers by accessing the deactivation page of the Network Advertising Initiative at https://www.networkadvertising.org/choices/ and implementing the further information on opt-out mentioned there.

You can find more information on Google Remarketing and the associated privacy policy at: https://www.google.com/privacy/ads/

 

What data does Google Adwords Conversion Tracking process?

We use the online advertising programme "Google AdWords" on our website and conversion tracking in this context. Conversion tracking means analysing what percentage of users perform a certain action (e.g. a purchase). Google Conversion Tracking is an analysis service of Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). When you click on an advert placed by Google, a cookie for conversion tracking is stored on your computer. These cookies have a limited validity, do not contain any personal data and are therefore not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognise that you have clicked on the ad and have been redirected to this page. Each Google AdWords customer receives a different cookie. It is therefore not possible for cookies to be tracked via the websites of AdWords customers.

The information obtained with the help of the conversion cookie is used to create conversion statistics. This tells us the total number of users who clicked on one of our adverts and were redirected to a page with a conversion tracking tag. However, we do not receive any information with which users can be personally identified. The processing is carried out on the basis of Art. 6 (1) lit. f GDPR from the legitimate interest in targeted advertising and analysing the impact and efficiency of this advertising.

You have the right to object to this processing at any time. To do so, you can prevent the storage of cookies by selecting the appropriate technical settings in your browser software. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You will then not be included in the conversion tracking statistics.

You can also deactivate personalised advertising for you in the Google advertising settings. You can find instructions on how to do this at https://support.google.com/ads/answer/2662922?hl=de. You can also deactivate the use of cookies by third-party providers by visiting the deactivation page of the Network Advertising Initiative at https://www.networkadvertising.org/choices/aufrufen and implementing the further information on opt-out mentioned there.

Further information and Google's privacy policy can be found at: https://www.google.de/policies/privacy/

 

Which third-party services and content are used on the online pages?

We use third-party services and content on our online pages. The processing is always carried out on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 (1) lit. f. GDPR). GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content").

The integration always requires that the IP address of the user can be recognised by the third-party provider, as without this it is not possible to transfer the content to the browser. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as 'web beacons') for statistical or marketing purposes. Pixel tags can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, visit time and other information about the use of our online offer, as well as being linked to such information from other sources.

YouTube

We integrate the videos of the platform "YouTube" of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

Google Fonts

We integrate the fonts ('Google Fonts') of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Google Maps

We integrate the maps of the "Google Maps" service of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may include, in particular, IP addresses and location data of users, which, however, are not collected without their consent (usually as part of the settings of their mobile devices). The data may be processed in the USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

 

How are Sociel Network systems integrated?

All functions for sharing content from our online offers on social network systems such as Facebook use a data protection-safe "Shariff" button. Data is only transferred to the social network when you use the share function. Otherwise, your user data will not be transferred to the social network.

 

What is processed in the newsletter?

We offer you the opportunity to subscribe to our newsletter on our online services. The newsletter contains promotional information about our products and services, but also about developments in the market as a whole that are relevant to our customers.

We only send newsletters, emails and other electronic notifications with the consent of the recipient or with legal authorisation. We use a double opt-in procedure for this purpose. This means that you will receive an e-mail after your registration in which you must confirm your registration. The registration is logged in order to be able to prove the correct registration process. This includes storing the time of registration and confirmation as well as the IP address.

The newsletter and the performance measurement associated with it are sent on the basis of the recipient's consent in accordance with Art. 6 para. 1 lit. a, Art. 7 GDPR in conjunction with Section 7 para. 2 no. 3 UWG or, if consent is not required, on the basis of our legitimate interests in direct marketing in accordance with Art. 6 para. 1 lt. f. GDPR in conjunction with Section 7 para. 2 no. 3 UWG. GDPR in conjunction with. § Section 7 para. 3 UWG.

The logging of the registration process is based on our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. We are interested in using a user-friendly and secure newsletter system that serves both our business interests and the expectations of users and also allows us to provide proof of consent.

You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to unsubscribe from the newsletter at the end of each newsletter. We may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time.

 

What data is stored in social media?

We maintain additional online presences on social media, including Facebook, Twitter and Instagram. In order to be able to communicate with the customers, interested parties and users active there, the terms and conditions and data processing guidelines of the respective operator apply.

We process the data of users within these platforms if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.