Privacy notice

The controller in terms of the data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

soft-nrg Development GmbH
Einsteinring 37
85609 Aschheim
T +49 89 452280-0
[email protected]

We have appointed the following Data Protection Officer:

activeMind AG
Management and Technology Consulting
Potsdamer Strasse 3
80802 München
T +49 89 919294-900
[email protected]

You have the right to information about your data stored by us and its processing (Art. 15 GDPR), the right to rectification of inaccurate personal data (Art. 16 GDPR), the right to erasure of your data stored by us (Art. 17 GDPR), the right to restriction of data processing if we are not yet permitted to erase your data due to legal obligations (Art. 18 GDPR), the right to object to the processing of your data by us (Art. 21 GDPR) and the right to data portability if you have consented to data processing or have concluded a contract with us (Art. 20 GDPR).

If you have given us your consent, you can revoke it at any time with effect for the future.

You can contact a supervisory authority at any time with a complaint, e.g., the competent supervisory authority of the federal state of your residence or the authority responsible for us as the controller.

A list of supervisory authorities (for the non-public sector) with addresses can be found at https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html.

1. Nature and purpose of the process: When you access our website, i.e., if you do not register or otherwise transmit information, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address, etc.

The information is processed for the following purposes in particular:

• Ensuring a smooth connection to the website
• Ensuring the smooth use of our website
• Evaluating system security and stability
• For other administrative purposes

We do not use your data to draw conclusions about your person. Information of this kind may be statistically evaluated by us in order to optimize our website and the technology behind it.

2. Legal basis: Processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

3. Recipients: The recipients of the data are technical service providers who act as processors for the operation and maintenance of our website.

We use the "Cloudflare" service provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. Cloudflare offers a content delivery network with DNS that is available worldwide. This means that the transmission of information between your browser and our website is technically routed via the Cloudflare network. Further information on Cloudflare's security precautions and privacy policies can be found at the following link: https://www.cloudflare.com/privacypolicy/.

4. Third country transfer: Cloudflare is based in the USA. The data is therefore transferred to a third country, specifically the USA. Data is transferred on the basis of the EU standard contractual clauses. Cloudflare is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when processing data in the USA. Every DPF-certified company is obliged to comply with these data protection standards.

5. Storage duration: Data is stored in server log files in a form that enables the identification of the data subjects for a maximum period of 7 days, unless a security-relevant incident occurs (e.g., a DDoS attack).

In the event of such an incident, server log files are stored until the security-relevant incident has been rectified and fully investigated.

6. Prescribed or required provision of data: The provision of the aforementioned personal data is neither legally nor contractually required. However, without the IP address, the service and functionality of our website cannot be guaranteed. In addition, individual services may be unavailable or restricted. Objection is precluded for this reason.

1. Nature and purpose of the processing: When you contact us (e.g., via contact form, email, telephone, or social media), the data you provide is stored for the purpose of processing your inquiry and communicating with you individually.

2. Legal basis: The processing of your data provided in the contact request is based on a legitimate interest (Art. 6(1)(f) GDPR). We provide the contact options to make it easy for you to get in touch with us. The information you provide is stored for the purpose of processing your request and for possible follow-up questions.

If you contact us to request an offer, the data transmitted is processed to carry out pre-contractual measures (Art. 6(1)(b) GDPR).

3. Recipients: Our website and our email system are maintained by a service provider who acts as our processor. If you send us an inquiry regarding an offer, service providers used by us may receive data for these purposes if they require the data to fulfill their respective service (e.g., IT services).

4. Third country transfer: There is no transfer to third countries.

5. Storage duration: Your data is deleted no later than six months after the request has been processed. If there is a contractual relationship, we are subject to the statutory retention periods and delete your data after six or ten years.

6. Prescribed or required provision of data: The provision of your personal data is voluntary. However, we can only process your request if you provide us with your name, email address, and the reason for the request.

7. Right of objection: Information about your right to object in accordance with Art. 21 GDPR can be found further below.

1. Nature and purpose of the processing: When you register to receive our newsletter, the data you provide is used exclusively for this purpose. Subscribers may also be informed by email about circumstances relevant to the service or registration (e.g., changes to the newsletter offer or technical circumstances).

For effective registration, we require your title, first name, last name, company name, and a valid email address. We use the "double opt-in" procedure to check that a registration is actually made by the owner of an email address. To do so, we log the subscription to the newsletter, the sending of a confirmation email, and the receipt of the reply requested. No further data is collected. The data is used exclusively for sending the newsletter and is not passed on to third parties.

2. Legal basis: On the basis of your express consent (Art. 6(1)(a) GDPR), we will regularly email you our newsletter or comparable information to the email address you have provided.

3. Recipients: We use a service provider who acts as our processor for dispatch and any evaluations that may take place.

4. Third country transfer: There is no transfer to third countries.

5. Storage duration: The data is only processed in this context as long as the corresponding consent has been given. They are then deleted.

6. Prescribed or required provision of data: The provision of your personal data is voluntary, solely on the basis of your consent. Unfortunately, we cannot send you our newsletter without your consent.

7. Withdrawal of consent: You can revoke your consent to the storage of your personal data and its use for sending the newsletter at any time. There is a corresponding link in every newsletter. You can also revoke your consent by unsubscribing on the website and via the other contact options provided on the website.

1. Nature and purpose of the processing: The personal data provided during registration is processed exclusively for the purpose of conducting the webinar.

2. Legal basis: The legal basis for this is Art. (6)(1) sent. 1(f) GDPR, the practicable and user-friendly implementation of the webinar including a good user experience for the purpose of external presentation of the company.

In the case of paid webinars, the legal basis is Art. 6(1) sent. 1(b) GDPR.

3. Recipients: Recipients are technical service providers to carry out the registration as part of order processing.

With regard to the transfer of data to recipients outside our company, it should first be noted that we only pass on necessary personal data in compliance with the applicable data protection regulations. Under these conditions, recipients of personal data may be, for example:

• public bodies and institutions (e.g., tax authorities, law enforcement authorities) in the event of a legal or official obligation,
• credit and financial services institutions (processing of payment transactions),
• tax consultants, business and payroll tax auditors (statutory audit mandate),
• technical service providers for registration management as part of order processing.

All service providers are contractually obliged to treat your data confidentially.

4. Third country transfer: There is no transfer to third countries.

5. Storage duration: Login data is deleted after the purpose has been fulfilled. Deletion generally takes place after a maximum storage period of six months in our system.

For paid webinars, we process and store your personal data as long as this is necessary for the fulfillment of our contractual and legal obligations. If the data is no longer required for the fulfillment of contractual or legal obligations, it is regularly deleted.

There are exceptions to the above deletion criteria for data

• that are required for the fulfillment of statutory retention obligations, e.g. German Commercial Code (HGB) and German Fiscal Code (AO). The retention and documentation periods specified there are generally six to ten years,
• for the preservation of evidence within the scope of the statutory limitation periods. According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.

6. Prescribed or required provision of data: The provision of your personal data is voluntary. We can only offer the webinar if we can carry out the associated processing.

7. Right of objection: Information about your right to object in accordance with Art. 21 GDPR can be found further below.

1. Nature and purpose of the processing: We conduct user and customer surveys from time to time. In this case, we ask respondents to answer the questions we have asked about our services and offers. The processing is carried out for the purpose of conducting the survey (user and customer surveys) as well as the statistical analysis and evaluation of the data obtained. This enables us to gain insights into the work performed on site and optimize processes for the future.

2. Legal basis: We process the data from user surveys on the basis of your express consent (Art. 6(1)(a) GDPR).

3. Recipients: Recipients of the data may be our processors. All service providers are contractually obliged to treat your data confidentially.

If you provide us with data by means of a survey, we use easyfeedback GmbH to evaluate it. We have concluded an order processing contract with easyfeedback in accordance with Art. 28 GDPR. You can find easyfeedback's privacy policies for participating in surveys here: https://easy-feedback.com/privacy/participation-in-surveys/

4. Third country transfer: There is no transfer to third countries.

5. Storage duration: The data is deleted or anonymized as soon as it is no longer required to achieve the purpose for which it was collected. The data is deleted no later than twelve months after the survey has been processed. It is also possible to participate in a survey without giving your name.

6. Prescribed or required provision of data: The provision of your personal data is voluntary. If you do not take part in the survey, you will not suffer any disadvantages.

7. Withdrawal of consent: You can revoke your consent to the storage of your personal data and its use for sending the survey at any time. There is a corresponding link in each survey. You can also withdraw your consent unsubscribing on the website or by using the other contact options provided on the website.

1. Nature and purpose of the processing: We maintain a company profile on LinkedIn. This platform is operated by LinkedIn Unlimited Company, Wilton Place, Dublin 2, Ireland. We maintain this LinkedIn company page to inform users, interested parties, and customers about our company. We provide information via our LinkedIn profile and offer users the opportunity to communicate with us.

We would also like to point out that, as the operator of a LinkedIn company profile, we are jointly responsible with LinkedIn for processing the personal data of site visitors (Art. 26 GDPR). We have therefore concluded a corresponding contract with LinkedIn on joint controllership, which defines the distribution of data protection obligations between us and LinkedIn. You can download this contract here. In accordance with this agreement, LinkedIn is primarily responsible for responding to requests from data subjects. To assert your rights as a data subject, you can contact LinkedIn online or via the contact details in the Privacy Policy. You can also contact LinkedIn’s Data Protection Officer.

You can also contact us in this respect to exercise your rights as a data subject. All you need to do is contact us using the contact form or by email with your request. In this case, we will forward your request to LinkedIn.

2. Legal basis: The processing of your personal data is based on the legitimate interest pursuant to Art. 6(1)(f) GDPR. Our legitimate interest exists exclusively for marketing purposes, such as better accessibility of target groups, increasing visibility, image building, user information, and employer branding.

The initiated analysis processes (LinkedIn Insights) may be based on different legal bases, which must be specified by the operators of the social networks (e.g., on the basis of your consent pursuant to Art. 6(1)(a) GDPR, which you have given to LinkedIn as part of your registration).

Further information on the processing of your data by LinkedIn can be found in the LinkedIn privacy policy.

3. Recipients: The recipient of your data in this context is LinkedIn. We cannot rule out the possibility that a transfer to a third country, e.g., to servers located in the USA, may take place when our LinkedIn company website is accessed.

4. Third country transfer: Please note that in accordance with the LinkedIn Privacy Policy, LinkedIn also processes personal data in the USA or other third countries. LinkedIn states that it only transfers personal data to countries for which an adequacy decision has been issued by the European Commission in accordance with Art. 45 GDPR or on the basis of suitable guarantees in accordance with Art. 46 GDPR.

5. Storage duration: LinkedIn retains your personal data until you close your account. LinkedIn may also store certain information (e.g., employer ratings) beyond this time in anonymous form.

6. Prescribed or required provision of data: The provision of your personal data is neither legally nor contractually required. However, you cannot interact with us or our content on LinkedIn without providing your personal data.

7. LinkedIn Insights: In addition, LinkedIn will process information about how you interact with our LinkedIn company page, e.g., whether you are a follower of our page.

This data is processed in anonymized form, in particular in the form of statistics. This gives us insights into the behavior of people who are interested in our website (Page Insights). With the Page Insights, LinkedIn only provides us with summarized Page Insights, i.e., it is not possible for us to use this information to draw conclusions about individual persons.

We have entered into a joint controllership agreement with LinkedIn Ireland Unlimited Company, which sets out the allocation of data protection obligations between soft-nrg Development GmbH and LinkedIn. You can download this agreement here: Joint Controller Addendum.

Like many other websites, we also use "cookies". Cookies are small text files that are stored on your terminal (laptop, tablet, smartphone, etc.) when you visit our website.

You can delete individual cookies or the entire cookie inventory. You also receive information and instructions on how to delete these cookies or block their storage in advance. Depending on your browser provider, you will find the necessary information under the following links:

• Microsoft Edge: https://support.microsoft.com/en-US/edge/microsoft-edge-browsing-data-and-privacy
• Mozilla Firefox: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop
• Chrome: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en&sjid=6346231170183816967-EU
• Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
• Opera: https://help.opera.com/en/latest/web-preferences/

Technically necessary cookies

1. Nature and purpose of the processing: We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to be able to be identified even after a page change.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. They require the browser to be recognized even after a page change. Among other things, we require cookies for consent management.

2. Legal basis: The processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in a user-friendly design of our website.

3. Recipients: Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.

4. Third country transfer: Processing also takes place outside the EU, namely in the USA. Guarantees exist in the form of agreed standard contractual clauses. The best way to ensure a level of data protection that is approximately the same as within the EU is by technically restricting the transfer of data.

5. Storage duration: You can find more detailed information in the notes on the individual tools in Section 10 of this Privacy Policy.

6. Prescribed or required provision of data: The provision of the aforementioned personal data is neither legally nor contractually required. However, without this data the service and functionality of our website cannot be ensured. In addition, individual services may be unavailable or restricted.

7. Right of objection: Information about your right to object in accordance with Art. 21 GDPR can be found further below.

Cookies that are not technically necessary

1. Nature and purpose of the processing: In addition, we use cookies to better tailor the offer on our website to the interests of our visitors or to generally improve it on the basis of statistical evaluations.

To find out which providers set cookies, please refer to the information below on the display, tracking, remarketing, and web analysis technologies used.

2. Legal basis: The legal basis for this processing is your consent, Art. 6(1)(a) GDPR.

3. Recipients: Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.

For further recipients, please refer to the information on the display, tracking, remarketing, and web analysis technologies used and the cookie consent tool below.

4. Third country transfer: For associated information, please refer to the lists of the individual tools in the cookie consent tool.

5. Storage duration: You can find more information in the notes on the individual tools below and in the cookie consent tool.

6. Prescribed or required provision of data: You can naturally also view our website without cookies. Web browsers are regularly set to accept cookies. In general, you can disable the use of cookies at any time via your browser settings (see Withdrawal of consent).

Please note that individual functions of our website may not work if you have disabled the use of cookies.

7. Withdrawal of consent: You can withdraw your consent at any time via our cookie consent tool.

8. Profiling: The extent to which and whether we analyze the behavior of website visitors with pseudonymized user profiles is provided in the information on the technologies used below.

1. Nature and purpose of the processing: We use Google Maps on this website. Google Maps is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). This allows us to show you interactive maps directly on the website and enables you to conveniently use the map function.

You can find more information about data processing by Google in Google's privacy policy at https://policies.google.com/privacy?hl=en. You can also change your personal privacy settings there in the privacy center.

Detailed instructions on how to manage your own data in connection with Google products can be found at https://support.google.com/accounts/answer/162744?hl=en&sjid=6346231170183816967-EU

2. Legal basis: The legal basis for the integration of Google Maps and the associated data transfer to Google is your consent (Art. 6(1)(a) GDPR).

3. Recipients: When you visit the website, Google receives information that you have accessed the corresponding subpage of our website. This takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account.

If you do not want the data to be assigned in your Google profile, you must log out of Google before activating the button. Google stores your data as user profiles and uses it for the purposes of advertising, market research, and/or the needs-based design of its website. This type of analysis is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, which requires you to contact Google to exercise this right.

We do not collect any personal data through the integration of Google Maps.

4. Third country transfer: Data is transferred to a third country, specifically the USA. Data is transferred on the basis of the EU standard contractual clauses.

If you do not want Google to collect, process, or use data about you via our website, you can disable JavaScript in your browser settings. However, in this case you will not be able to use our website or only to a limited extent.

5. Prescribed or required provision of data: The provision of your personal data is voluntary, solely on the basis of your consent. If you prevent access, this may result in functional restrictions on the website.

1. Nature and purpose of the processing: We embed YouTube videos on our website. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (hereinafter "YouTube"). A connection to YouTube servers is established when you visit a page with the YouTube plugin. YouTube is informed of the pages you visit. If you are logged into your YouTube account, YouTube can assign your surfing behavior to you personally. You can prevent this by logging out of your YouTube account beforehand.

When a YouTube video starts, the provider uses cookies that collect information about user behavior.

Further information on the purpose and scope of data collection and its processing by YouTube can be found in Google's privacy policy at https://policies.google.com/privacy?hl=en. There you will also find further information on your associated rights and setting options to protect your privacy.

2. Legal basis: The legal basis for the integration of YouTube and the associated data transfer to Google is your consent (Art. 6(1)(a) GDPR).

3. Recipients: Accessing YouTube automatically triggers a connection to Google.

4. Storage duration: If you have disabled the storage of cookies for the Google Ad program, you will not have to expect any such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you wish to prevent this, you must block the storage of cookies in your browser.

5. Third country transfer: Data is transferred to a third country, specifically the USA. Data is transferred on the basis of the EU standard contractual clauses.

6. Prescribed or required provision of data: The provision of your personal data is voluntary, solely on the basis of your consent. If you prevent access, this may result in functional restrictions on the website.

We only handle personal data insofar as this is possible in accordance with data protection regulations. We also take all necessary technical and organizational security measures to adequately protect your personal data from unauthorized access and misuse at all times.

Insofar as we store or process personal data, this takes place within a high-security data center. We use encryption methods (e.g., SSL) via HTTPS to protect the security of your data during transmission. Our servers are protected by a firewall and virus protection. Back-up and recovery procedures as well as role and authorization concepts are an inherent part of our activities.

Our employees are obliged to comply with the provisions of the GDPR and the Federal Data Protection Act (BDSG) when handling data.

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the data protection notice, e.g., when introducing new services. The new privacy policy then applies to your next visit.

Individual right of objection

You have the right to object, on grounds relating to your particular situation, to processing of personal data concerning you which is based on lit. f of Article 6(1) GDPR (data processing on the basis of a balancing of interests) at any time; this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which overrides your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

Recipient of an objection

The objection can be made informally with the subject "Objection", stating your name, address or other identifying features and should be addressed to:

soft-nrg Development GmbH
Einsteinring 37
85609 Aschheim
T +49 89 452280-0
[email protected]