Data Protection Regulations
We are controller according to Article 13 (1)(a) GDPR:
CAS Software AG
represented by Martin Hubschneider.
CAS Software AG aims to respect and protect your privacy. We have designed our website so that you can visit the web pages of CAS Software AG (hereinafter referred to as website) without being personally identifiable and without any personal information about you being disclosed. If you decide to disclose personal information to us, we undertake to treat it with great care.
Personal data and recipients
The term 'personal data' refers to items of information which can give indications as to the identity or private matters of an individual.
Categories of personal data we process:
- • personal data (first name, surname)
- • contact data (address, email address, phone number and comparable data)
- • date of birth (as far as specified by you)
- • location (as far as specified by you, e.g., for the claim of place-related services given)
- • bank account data (IBAN, BIC) (as far as specified by you)
- •Internet Protocol (IP) addresses in anonymized form
- • session data as well as data required for the anonymous identification and analysis of your user behavior; these include the IP address and metadata such as the browser you use, the browser language, date and time, user preferences, e.g. by setting cookies
Based on the above definition, it does not include information, which does not give indications as to the identity or private matters of an individual, such as the number of visitors to a website.
Recipients of your personal data:
- • companies in the same group
- • processors according to Article 4 (8) GDPR
- • companies that use anonymous data of users to identify, analyze and exploit the behavior of Internet users for marketing purposes, such as: Matomo, yext, google, wiredminds. This doesn‘t affect your personal contact information.
- • advertising partners
- • social media services, such as Facebook, and their users
Gathering and use of personal data
The information provided by CAS Software AG is normally freely accessible. No personal registration is required. Personal information is gathered where necessary in order to perform relevant services. This is the case, for example, if you subscribe online to the CAS@WORK customer magazine, or if you request information material or obtain test software. We only use your personal data to enable us to provide you with the services you request.
Part of the data is collected to ensure the proper functioning of the website. Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form. Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
Some of the data collected is used to ensure the error-free provision of the website.
Your personal data will be processed for the following purposes:
a) on the basis of a given consent according to Article 6 (1) (a) GDPR
If you have given consent to the processing of your personal data, this is the legal basis of the affecting processing of data. You can revoke your consent at any time with effect for the future. The legality of the processing based on your consent until your revocation is not affected by this.
b) to fulfil contractual obligations and pre-contractual measures according to Article 6 (1) (b) GDPR
- • for the execution of our contracts with you
- • for the implementation of measures and activities within the framework of pre-contractual relationships
c) for compliance with legal obligation according to Article 6 (1) (c) GDPR
We process your personal data if this is necessary to fulfil legal obligations (e. g. commercial, tax laws).
d) if processing is necessary for the purposes of the legitimate interests pursued by us or a third party according to Article 6 (1) (f) GDPR
Your personal data may be used by us or by third parties on the basis of a balance of interests to protect a legitimate interest. This is done for the following interests and purposes:
- • temporary storage of automatically generated session data in log files
- • advertising or market research, provided you have not objected to the use of your data
- • the anonymous determination and evaluation of your user behaviour by third parties such as Matomo
- • the assertion of legal claims and defence in legal disputes which are not directly attributable to the contractual relationship
- • internal and external investigations and/or safety reviews
- • operation of social media services
e) your obligation to provide data
It is required that you provide information that is necessary for us to enter into a business relationship or to enter into a pre-contractual relationship or that we are required to collect by law. Without these data, we can not conclude or execute a contract with you. This may also apply to data required later in the business relationship.
Disclosure of data and Consent
When you disclose your personal data to us, you thereby give your consent for us to store and use it within the constraints of the GDPR. The personal information you provide is accessible categorically only to CAS Software AG and to its partners where appropriate. Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
You have the following rights against us if the respective legal requirements are met:
- • right of access by the data subject according to Article 15 GDPR,
- • right to rectification according to Article 16 GDPR
- • right to erasure (‘right to be forgotten’) according to Article 17 GDPR
- • right to restriction of processing according to Article 18 GDPR
- • right to object according to Article 21 GDPR
- • right to data portability according to Article 20 GDPR
Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
Right to information, blocking and deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
Opposition to promotional emails
We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.
According to Article 21 (1) GDPR you have the following right against us to object if the respective legal requirements are met:
„The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.“
Providently we do inform you about your further possible right to object according to Article 21 (2) GDPR:
„Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.“
Right to file complaints with regulatory authorities
You have a right to lodge a complaint with a supervisory authority (Article 77 GDPR). The supervisory authority responsible for us is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit
Königstrasse 10 a
Transfer of data
CAS Software AG will treat your personal data in strict confidence, and will not disclose it to third parties under any circumstances (except for partners of the CAS Group).
Transfers of personal data to third countries
We only transfer your data to countries outside the European Economic Area - EEA (third countries) if this is required by law or under the following conditions of Article 49, paragraph 1, subsection 1 GDPR:
a) you have explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards;
b) the transfer is necessary for the performance of a contract between you and us or the implementation of pre-contractual measures taken at your request;
c) the transfer is necessary for the conclusion or performance of a contract concluded in your interest between us and another natural or legal person;
d) the transfer is necessary for important reasons of public interest;
e) the transfer is necessary for the establishment, exercise or defence of legal claims;
f) the transfer is necessary in order to protect the vital interests of you or of other persons, where you are physically or legally incapable of giving consent;
g) the transfer is made from a register which according to Union or Member State law is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions laid down by Union or Member State law for consultation are fulfilled in the particular case.
Countries outside of the European Union may be considered unsafe third countries in terms of data protection. The recipients of the data are often not subject to the standards of the EU GDPR. We therefore have no influence on how such recipients handle your data or the extent to which and for what purposes the data is further processed in the third country.
Duration of data storage
We store the data given by you other than by consent according to Article 6 (1) (a) GDPR for the following duration:
- • session data until completion of the session
- • As long and as far as this is necessary for the duration of our business relationship. This also includes the initiation and execution of a contract.
- • If we are obliged to do so on the basis of storage and documentation obligations, e. g. in accordance with the German Civil Code (BGB), the German Commercial Code (HGB) or the Tax Code (AO). The periods for storage or documentation specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Data collection on our website
Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:
- • Browser type and browser version
- • Operating system used
- • Referrer URL
- • Host name of the accessing computer
- • Time of the server request
- • IP address
These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) GDPR. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time. The data processed before we receive your request may still be legally processed.
Analytics and advertising
Our website uses pixel-counting technology from wiredminds GmbH (www.wiredminds.de) to analyze visitor behavior.
This website uses the WordPress Stats tool to perform statistical analyses of visitor traffic. This service is provided by Automattic Inc., 60 29th Street # 343, San Francisco, CA 94110-4929, USA.
WordPress Stats cookies remain on your device until you delete them.
The storage of "WordPress Stats" cookies is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
You can object to the collection and use of your data at any time with future effect by clicking on this link and setting an opt-out cookie in your browser: https://www.quantcast.com/opt-out/.
If you delete the cookies on your computer, you will have to set the opt-out cookie again.
Use of Social Plugins
Our website uses so-called social plugins provided by selected platforms (Facebook, Google+, YouTube, Twitter, LinkedIn, Instagram). The plugins are usually identifiable by a logo and an additional text.
Facebook Plugins (Like & share button)
Our website includes plugins for the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognized by the Facebook logo or the Like button on our site. For an overview of Facebook plugins, see https://developers.facebook.com/docs/plugins/.
If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account.
By using the website, you consent to the processing of data about you by Facebook in the manner and for the purposes described above.
Google+ Plugin (+1 button)
Our pages use Google+ functions. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Collection and disclosure of information: Using the Google +1 button allows you to publish information worldwide. By means of the Google+ button, you and other users can receive custom content from Google and our partners. Google stores both the fact that you have +1'd a piece of content and information about the page you were viewing when you clicked +1. Your +1 can be displayed together with your profile name and photo in Google services, for example in search results or in your Google profile, or in other places on websites and advertisements on the Internet.
Google records information about your +1 activities to improve Google services for you and others. To use the Google + button, you need a globally visible, public Google profile that must contain at least the name chosen for the profile. This name is used by all Google services. In some cases, this name may also replace a different name that you have used to share content via your Google account. The identity of your Google profile can be shown to users who know your email address or other information that can identify you.
Use of collected data: In addition to the uses mentioned above, the information you provide is used in accordance with the applicable Google data protection policies. Google may publish summary statistics about users' +1 activity or share it with users and partners, such as publishers, advertisers, or affiliate websites.
The purpose and scope of the data collection and the further processing and use of the data by Google as well as your rights and setting options for the protection of your privacy can be found here in Google's data protection information on the "+1″ button: http://www.google.com/intl/de/+/policy/+1button.html and the FAQ: http://www.google.com/intl/de/+1/button/.
If you do not want Google to collect data about you via our website, you must log out of Google+ before visiting our website.
By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
Our website uses a button provided by YouTube to embed videos. YouTube is an offer provided by Google Inc, which is operated by YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066 in the USA. When entering this website, your browser establishes a direct connection to the servers of YouTube. The contents of the "YouTube" button are transmitted directly to your browser and the browser embeds it in the website. We therefore have no influence on the scope of the data that YouTube gathers using the button.
If you are a YouTube member and do not want YouTube to gather the data concerning your visit to our website and to connect it to your member data already stored by it, please log off YouTube before entering our website.
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. The plugins are identifiable by the Twitter logo (stylized blue bird) or the addition "Tweet" or "Follow". Using Twitter and the "Re-Tweet" or "Tweet" functionality links the website you visit to your Twitter account and shares it with other users. During this, data is also transmitted to Twitter.
Please note that we, as providers of the website, do not receive any information on the contents of the transmitted data and its use by Twitter. According to the latter, only the IP address of the user and the URL of the respective website is transmitted when including the button, but not used for any purposes other than displaying the button.
For more information on this you are encouraged to read Twitter's Data Privacy Statement at https://twitter.com/en/privacy.
If you are a Twitter member and do not want Twitter to connect the data concerning your visit to our website with your Twitter user account, please log off Twitter before entering our website.
Our site uses functions from the LinkedIn network. The service is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time one of our pages containing LinkedIn features is accessed, your browser establishes a direct connection to the LinkedIn servers. LinkedIn is informed that you have visited our web pages from your IP address. If you use the LinkedIn “Recommend” button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our website to your user account. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it will be used by LinkedIn.
Our website contains functions of the Instagram service. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
If you are logged into your Instagram account, you can click the Instagram button to link the content of our pages with your Instagram profile. This means that Instagram can associate visits to our pages with your user account. As the provider of this website, we expressly point out that we receive no information on the content of the transmitted data or its use by Instagram.
All information given on the CAS Software AG website is provided without guarantee. We cannot guarantee that data is complete and up-to-date at all times. Be advised that the website may contain technical inaccuracies or typographical errors.
We reserve the right to change or update the information given on the website at any time without prior notification. CAS Software AG can under no circumstances be made liable to you or to third parties for any direct, indirect, specific or miscellaneous loss consequential to use of this website or any linked to it. Any liability for loss of profit, loss of production or loss of computer programs or other data held in your information systems is likewise excluded. This also applies where we are expressly advised of the possibility of such loss.
If you have any questions or suggestions in relation to data protection, please e-mail us at: firstname.lastname@example.org.
Contact details of our data protection officer:
Thomas Heimhalt (External Data Protection Officer)
DATENSCHUTZ perfect GbR
Changes to this statement
CAS Software AG reserves the right to change this Data Protection Statement at any time within the constraints of the applicable law.
Version: May 2018