Privacy Policy

 

Thank you for visiting our website www.valentin-software.com and your interest in our company and our products. Insofar as personal data is collected and processed on the occasion of your visit and during the use of our products and services, this is done in accordance with the applicable legal regulations as follows:

 

1. Responsible Office

Responsible for the processing of your personal data in accordance with Art. 4 (7) EU General Data Protection Regulation (GDPR) is

Valentin Software GmbH
Stralauer Platz 34
10243 Berlin
E-Mail: datenschutz@valentin-software.com

 

2. Data processing when visiting our website

When you access the website, the following access data is automatically collected by us or our internet provider and temporarily stored in a so-called log file:

  • the IP address of the computer you are using,
  • date and time of your visit,
  • the internet pages that you visit with us, as well as your duration of stay
  • the internet page from which you have reached our website,
  • browser type and version and
  • the operating system of your computer.

The data is used to establish the connection to the website and to ensure system security. The access data will in no case be used to establish a reference to your person. The legal basis for data processing is Art. 6 (1) sentence 1 f) GDPR. Our legitimate interest in data processing arises from the aforementioned purposes.

The data will be deleted as soon as it is no longer required for the aforementioned purposes. The data required for establishing the connection is deleted as soon as you leave our website. Otherwise, the data in the log files are deleted after seven days at the latest.

 

3. Online-Shop: Hosting by Shopify

For our online shop, we use Shopify, a cloud-based store system from Shopify International Ltd, 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland. For this purpose, we have concluded an order processing agreement with Shopify in accordance with Art. 28 GDPR. Shopify provides us with infrastructure and storage space for our online shop on its servers and takes care of maintenance, technical support and system operation. Accordingly, the provider processes personal data transferred when using our services on our behalf.

Furthermore, it is in our legitimate interest pursuant to Art. 6 para. 1 p. 1 f) GDPR to ensure a functional and secure operation of our online shop.

In the course of providing these services, Shopify may also transfer personal data to other regions, for example to Canada and the USA. The transfer of data to Canada takes place on the basis of an adequacy decision issued by the European Commission pursuant to Art. 45 GDPR. Insofar as Shopify processes data in the USA, this is done on the basis of standard contractual clauses pursuant to Art. 46 (2) c) GDPR, which have been approved by the European Commission. Nevertheless, it cannot be ruled out that U.S. authorities and U.S. intelligence agencies may access the data without informing persons concerned.

You can find the standard contractual clauses here: https://eur-lex.europa.eu/legal-content/EN/TXT/?locale-en=&uri=CELEX%3A32021D0915

Shopify's privacy policy can be found here: https://help.shopify.com/en/manual/your-account/privacy

 

4. TLS-encryption

The website uses the encryption method TLS (Transport Layer Security). The procedure corresponds to the current state of the art and serves to protect your personal data from access by third parties during transmission.

In addition, appropriate technical and organizational measures are taken for the security of your data to protect against accidental or intentional manipulation, loss, destruction or against unauthorized access. The security measures are adapted according to the technical development.

 

5. Data processing on the occasion of your contact

When you contact us (e.g. by e-mail, telephone or via a contact form), data such as your e-mail address, name and telephone number will be stored by us. When using the contact form, the data is requested as shown on the form. The data will be processed for the purpose of responding to your request and deleted as soon as your request has been dealt with. The legal basis for the data processing is our legitimate interest in processing your request in accordance with Art. 6 para. 1 sentence 1 f) GDPR.

If your request is made for the purpose of concluding a contract, the data will be processed at the same time for the implementation of pre-contractual measures or for the performance of the contract in accordance with Art. 6 para. 1 p. 1 b) GDPR (see section 6).

 

6. Contract execution

We process your data for the execution of the contract and for the implementation of corresponding pre-contractual measures, in particular for the purpose of processing orders in our web store as well as for the provision of our other services such as conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, consulting and training services, etc.

For this purpose, we process personal data such as your name, address, e-mail address, telephone number and fax number, if applicable, as well as your text entries, videos and photos etc. that you submit. If you use our online forms, we process the data as shown in the respective form.

You can voluntarily create a customer account by clicking the appropriate box, so that your order data will be stored for future purchases. The legal basis for this is Art. 6 para. 1 p. 1 a) GDPR. You can withdraw your consent at any time by sending an e-mail to sales@valentin-software.com. Your customer account will then be deleted. Data that we need for the processing of an order placed or that are required for the fulfillment of our legal retention obligations remain unaffected by the deletion of the customer account.

The above-mentioned data is processed for the fulfillment of the contract or the implementation of pre-contractual measures in accordance with Art. 6 para. 1 p. 1 b) GDPR. After the contract has been fulfilled, the data will be deleted, insofar as no legal regulations, for example tax and commercial law retention obligations, conflict with this and you have not given us your express consent for further use.

Your contractual data will only be passed on to third parties if this is necessary for the processing of the contractual relationship with you in accordance with Art. 6 para. 1 p. 1 b) GDPR.

Your payment data will be processed for the purpose of processing your order by the payment service company commissioned with the payment (see section 7).

 

7. Payment processing

You can pay us with PayPal and via Shopify Payments with credit card (VISA, Maestro/Mastercard and American Express).

a) PayPal

For payment with PayPal, you will be redirected to the PayPal website during the ordering process, where you log in to your PayPal account. Your payment data stored there will be used by PayPal for payment processing. The legal basis for the payment processing is Art. 6 para. 1 p. 1 b) GDPR.

Credit rating

When paying by credit card and direct debit and - if offered - when purchasing on account, PayPal compares your data with databases of external credit agencies such as SCHUFA for the purpose of checking your identity and creditworthiness. The following data is transmitted to the credit agency: First and last name, address, date of birth and your account details. If necessary, PayPal will additionally transmit information about non-contractual or fraudulent behavior on your part.

The data is stored by the credit agency and can be used, among other things, by the credit agency to determine your ability and willingness to pay in the form of scoring values. The calculation of the scoring value is based on a mathematical-statistical procedure. Personal and demographic data can be used for this purpose, for example. If the creditworthiness check is negative, the selected payment method is not possible. You will be informed of this immediately. The legal basis for the data processing and transfer for the purpose of credit assessment and fraud prevention is Art. 6 para. 1 p. 1 b) and Art. 6 para. 1 p. 1 f) GDPR. It is in PayPal's legitimate interest to protect itself against payment defaults.

You have the right to object to PayPal processing your data for the purpose of credit assessment. For details, please refer to the privacy policy of PayPal (Europe), S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, at the following link: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

There you will also find an overview of the credit agencies PayPal works with.

b) Payment by credit card via Shopify Payments and Stripe

Through Shopify Payments, we offer credit card payments (VISA, Maestro/Mastercard and American Express). Shopify Payments processes credit card payments via the technical service provider Stripe. Stripe collects your order data (name, address, e-mail address, telephone number, payment method, date and payment amount of the transaction) and your credit card data for the payment processing. The legal basis for the payment processing is Art. 6 para. 1 p. 1 b) GDPR.

Credit rating

Stripe uses transaction data to detect and prevent fraudulent activity and also to detect unauthorised logins using your online activity. Stripe may share information about you with us and other business users, including card issuers and others involved in payment processing, in order to assess the fraud risk of the payment in question. Stripe may check the data against credit agency databases for identity and credit checks. For this purpose, your address as well as account and card data will be transmitted to the credit agency. The credit agency stores the data and can use it, among other things, to determine your ability and willingness to pay in the form of scoring values. The calculation of the scoring value is based on a mathematical-statistical procedure. For example, personal and demographic data can be used for this purpose. If the creditworthiness check is negative, you will not be able to use the payment method you have chosen. You can contact Stripe to find out which credit agencies Stripe uses.

The legal basis for data processing and disclosure for the purpose of credit assessment and fraud prevention is Art. 6 para. 1 p. 1 b) and Art. 6 para. 1 p. 1 f) GDPR. The legitimate interest lies in the prevention of payment defaults. You have the right to object to the processing of data for the purpose of credit assessment vis-à-vis Stripe under the legal conditions.

Insofar as the payment services process data in the USA or in other countries where there is no adequate level of data protection, the data transfer shall be based on standard contractual clauses pursuant to Art. 46 (2) c) GDPR, which have been approved by the European Commission. You can view the standard contractual clauses of the European Commission here: https://eur-lex.europa.eu/legal-content/EN/TXT/?locale-en=&uri=CELEX%3A32021D0915

Stripe is a payment service provided by Stripe Payments Europe, Limited, The One Building, 1, Lower Grand Canal Street, Dublin 2, Ireland. You can access Stripe's privacy policy via the following link: https://stripe.com/en/privacy

Shopify Payments is a payment service provided by Shopify International Limited, 2nd Floor Victoria Buildings 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. You can access the Shopify Payments privacy policy here: https://www.shopify.com/legal/privacy

VISA: Contact: Visa Europe Management Services Limited, German Branch, Neue Mainzer Straße 66-68, 60311 Frankfurt. You can find the privacy policy here: https://usa.visa.com/legal/global-privacy-notice.html

Maestro/Mastercard: Contact: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium. You can find the privacy policy here: https://www.mastercard.us./en-us/vision/corp-responsibility/commitment-to-privacy/privacy.html

American Express: Contact: American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main. You can find the privacy policy here: https://www.americanexpress.com/us/company/privacy-center/online-privacy-disclosures/

 

8. Transfer of data to third parties

Your personal data will only be transferred to third parties in the following cases:

  • You have consented to the disclosure in accordance with Art. 6 para. 1 p. 1 a) GDPR.
  • The transfer is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 p. 1 b) GDPR.
  • Pursuant to Art. 6 para. 1 p. 1 c) GDPR, the disclosure is necessary for the fulfilment of a legal obligation to which we are subject.
  • The disclosure is necessary pursuant to Art. 6 para. 1 p. 1 d) GDPR in order to protect your vital interests or those of another natural person.
  • The disclosure is necessary in accordance with Art. 6 para. 1 p. 1 f) GDPR for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
  • The transfer takes place in accordance with Art. 28 GDPR on the basis of a contract for commissioned processing.

 

9. Use of forum

If you would like to use our forum to exchange information with other product users and our software developers on various application possibilities or specific questions, we will collect your e-mail address.

To prevent the misuse of your e-mail address by unauthorized persons, we use the double opt-in procedure: After your registration, you will receive an e-mail with an activation link. Only when you click on this link, the registration is completed and you can use our forum.

Your e-mail address will not be published. It is stored by us in order to contact you for comment in the event that your forum post is reported by third parties as illegal (e.g. due to offensive content). The legal basis is Art. 6 para. 1 p. 1 f) GDPR. Our legitimate interest results from the aforementioned purpose.

If you leave comments or other forum contributions, your IP address will be stored for a period of approx. 10 - 14 days based on our legitimate interests within the meaning of Art. 6 para. 1 p. 1 f) GDPR. The storage serves to legally secure us in case your contribution contains illegal content.

Your posts and comments and the data contained therein will be permanently stored and published by us in the forum. The legal basis is Art. 6 para. 1 p. 1 b) and f) GDPR. The legitimate interest results from the purpose of the forum to enable the exchange of experiences between product users and our software developers.

If you want to delete your posts, please send us a message by e-mail.

 

10. Newsletter

Insofar as you have consented in accordance with Art. 6 (1) p. 1 a) GDPR, Art. 7 GDPR in conjunction with § 7 (3) UWG, we will use your e-mail address to send you our free newsletter 5-8 times per year with information and advertising about our service offerings.

In order to exclude misuse, you will receive an e-mail with a link to confirm your registration after you have registered for the newsletter. Only when you click on the link, you will receive our newsletter in the future.

To prove your consent to receive our newsletter, we log your IP address and the date and time of your subscription based on our legitimate interests pursuant to Art. 6 para. 1 p. 1 f) GDPR.

You can revoke your consent to receive the newsletter at any time by unsubscribing from the newsletter via the "unsubscribe" link in each newsletter or by sending an e-mail to us. If you unsubscribe from the newsletter, we will delete your e-mail address from our newsletter distribution list.

Newsletter without registration

Insofar as we have received your e-mail address in connection with the sale of a product or service, we may send you our newsletter by e-mail with advertising for our own products or services similar to those from your order. The prerequisite for this is that you have not objected to the use of the e-mail address and that we clearly inform you when collecting the e-mail address and each time it is used that you can object to the use at any time without incurring any costs other than the transmission costs according to the basic rates. Legal bases are § 7 para. 3 UWG and Art. 6 para. 1 p. 1 f) GDPR. Our legitimate interest in the data processing described above is to present you with further products and services from our range for advertising purposes. You can exercise your right to object by sending us an e-mail or by clicking on the unsubscribe link contained in every newsletter.

rapidmail

We use rapidmail to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. Among other things, rapidmail is used to organize and analyse the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter is stored on rapidmail's servers in Germany. If you do not wish to be analysed by rapidmail, you can unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. For the purpose of analysis, the emails sent with rapidmail contain a so-called tracking pixel, which connects to the rapidmail servers when the email is opened. In this way, it can be determined whether a newsletter message has been opened. We can also use rapidmail to determine whether and which links in the newsletter message have been clicked on. Links in the email can also be set as tracking links, with which your clicks can be counted.

The recipient of the data is rapidmail GmbH. Data processing is carried out on the basis of an agreement of joint responsibility in accordance with Art. 28 GDPR with rapidmail. Data is not transferred to third countries. The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR.

The data stored by us as part of your consent for the purpose of the newsletter will be stored until you unsubscribe from the newsletter and deleted from both our servers and the servers of rapidmail after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.

You have the option of withdrawing your consent to data processing at any time with effect for the future. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

For more information, please refer to rapidmail's data security information at: Datenschutzerklärung - rapidmail
For more information on the analysis functions of rapidmail, please see the following link: Support und Hilfe für unser Newsletter-Tool - rapidmail

 

11. Cookies

Cookies are small text files that are stored by the browser on your device when you visit our website. Different information can be stored within the cookies. The primary purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during or after his or her visit to an online service.

Temporary cookies or "session cookies" or "transient cookies" are cookies that are deleted as soon as you close the browser. These cookies ensure essential functions of the website (e.g. navigation, transactions, etc.).

Others, so-called "permanent cookies", have a longer lifespan and are used to recognise your browser on a subsequent visit on the basis of the information stored in the cookie.

The legal basis for the use of cookies that are technically necessary or absolutely necessary for the fulfilment of pre-contractual measures and the execution of contracts (e.g. registration, shopping cart function) is Art. 6 para. 1 sentence 1 b) GDPR.

If cookies are used to save the settings you have made (e.g. language settings) for subsequent visits, the legal basis is Art. 6 para. 1 p. 1 f) GDPR. Our legitimate interest is to make your visit to our website user-friendly according to your preferences.

Insofar as you have given your consent to the use of cookies from third-party providers (so-called "third-party cookies"), in particular for analysis, advertising and marketing purposes, the legal basis is Art. 6 para. 1 p. 1 a) GDPR, § 25 TTDSG. Details can be found in the description of the respective service.

The lifetime of the cookies is a maximum of 24 months, unless otherwise stated in this privacy policy. At the end of their lifetime, they are automatically deleted.

You can revoke your consent at any time by clicking on the "Revoke Given Consents" link on the website. Click on the "Change privacy settings" link on the website to access the cookie consent banner and manage your choices there by clicking in the appropriate box. Please refer to section 12 for details.

Alternatively, you can decide whether to reject cookies or have them removed when you close your browser by selecting the appropriate option in your browser settings. You can also delete stored cookies there. You will find further instructions in the settings of your browser in the "Help" area.

If you refuse cookies, you may not be able to use all the features of the website.

 

12. Cookie-consent-banner

We use the "Real Cookie Banner" on our website, a cookie consent tool from devowl.io GmbH, Tannet 12, 94539 Grafling, Germany. The service allows us to request your consent, where required, for the use of cookies and to store your decision for proof. For this purpose, a cookie is set so that your decision can be retrieved on future visits to our website. The cookie for consent management is stored for a maximum of 12 months and then automatically deleted.

You can access the cookie consent banner at any time by clicking on "Change privacy settings" and manage your consents (by ticking or un-ticking) in the settings. The cookie consent service serves our legal obligation to request and document the legally required consents. The legal basis is Art. 6 para. 1 p. 1 c) GDPR. Details of the service can be found on the provider's website at https://devowl.io/wordpress-real-cookie-banner/.

 

13. Webinars and online meetings with GoTo

When you book a webinar with us, personal data such as your name, e-mail address and/or telephone number will be processed on our behalf by GoTo, GoTo Technologies Ireland Unlimited Company, The Reflector, 10 Hanover Quay, Dublin 2, D02R573, Ireland for the purpose of providing the meeting functions. For this purpose, data such as the duration, date and time of the meeting, your IP address, browser type and version and the operating system/version of your computer as well as audio, video data and chat messages are also stored.

The legal basis for data processing for the purpose of conducting the online meeting is Art. 6 para. 1 p. 1 b) GDPR (see above para. 6).

Data processing by GoTo is carried out on the basis of a processing agreement in accordance with Art. 28 GDPR. In addition, the secure and technically reliable implementation of our webinars and online meetings corresponds to our legitimate interest within the meaning of Art. 6 para. 1 p. 1 f) GDPR. The meeting history and any cloud recordings are automatically deleted by GoTo after one year.

Insofar as GoTo processes data in the USA or in other countries where there is no adequate level of data protection, the data transfer takes place on the basis of standard contractual clauses pursuant to Art. 46 para. 2 c) GDPR, which have been approved by the European Commission. Nevertheless, it cannot be ruled out that US authorities and US intelligence services may access the data without informing data affected persons.

For more information on the use of your data, please visit: https://www.goto.com/company/legal/privacy/international

 

14. Services from Google on the Website

The provider of the services described in this section is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Insofar as Google also processes data in the USA, this is done on the basis of standard contractual clauses pursuant to Art. 46 (2) c) GDPR, which have been approved by the European Commission. Nevertheless, it cannot be ruled out that US authorities and US intelligence services may access the data without informing data subjects of this.

You can view the European Commission's standard contractual clauses here: https://eur-lex.europa.eu/legal-content/EN/TXT/?locale-en=&uri=CELEX%3A32021D0915

You can access Google's privacy policy via the following link: https://policies.google.com/privacy?hl=en

a) Google Fonts

We use Google Fonts, a directory of open source fonts provided by Google, which can be downloaded from the internet. When the fonts are integrated, a connection to the Google server is established. In the process, personal data such as the IP address of the computer you are using is transferred to Google, which is also processed by Google in the USA.

The legal basis for data processing is your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR. You can revoke your consent at any time with effect for the future (see point 12 above).

You can also prevent data processing by deactivating JavaScript in your browser settings.

b) Registration by means of ReCaptcha

To avoid automated registrations, we use the ReCaptcha Enterprise service. ReCaptcha is a risk analysis service from Google that serves to protect us from abuse by malicious software on the website. The service recognises whether entries (for example in the online contact form) come from humans or whether they are bots or other automated attacks. The latter are stopped, at the same time valid users are not hindered.

For this purpose, a cookie is set and your user behaviour on the website as well as mouse movement and IP address are transmitted to a Google server in the USA and permanently stored there.

The legal basis for data processing is Art. 6 para. 1 sentence 1 a) GDPR. You can revoke your consent at any time with effect for the future (see point 12 above).

c) Google Universal Analytics and Google Analytics 4

We use Google (Universal) Analytics and Google Analytics 4, a method of Google Analytics in which user analysis is carried out on the basis of a pseudonymous user ID and thus a pseudonymous profile of the user is created with information from the use of various devices (so-called „Cross-Device-Tracking“).

We use the service for the purpose of analysing and statistically evaluating the use of our website. We use the information obtained in this way for marketing and optimising our website. Pseudonymised user profiles are created and cookies are used for this purpose (please see above section 11). The following information is collected by the cookie:

  • the IP address of your computer,
  • date and time of your visit,
  • the internet pages you visit on our website,
  • the internet page from which you have accessed our website,
  • the type and version of the browser you are using, and
  • the operating system of your computer.

This data is transferred to Google servers in the USA and stored there. When using Google Analytics, we have activated the anonymisation of the IP address by "_anonymizeIp()", which means that your IP address is shortened and anonymised beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage for website optimisation purposes. Google also uses the information for its own purposes to provide the analysis and tracking service.

The data processing takes place on the basis of a joint responsibility agreement pursuant to Art. 26 GDPR, which we have concluded with Google.

The legal basis for data processing is your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR. You can revoke your consent at any time with effect for the future (see point 12 above). In addition, you can prevent the storage of cookies by setting your browser software accordingly (see point 11 above).

You can also prevent the collection of data generated by the cookie and related to your use of the website (incl. your IP address) by Google and the processing of this data by Google by downloading and installing the browser add-on for deactivating Google Analytics available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en

For more information, please see Google's privacy policy here: https://policies.google.com/privacy?hl=en and https://policies.google.com/technologies/partner-sites?hl=en

 

15. Plausible

In order to understand and improve the use of our website in accordance with our interest in analysing, optimising and economically operating our online offer, we use the open source web analysis tool "Plausible Analytics", offered by Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia. Plausible does not set cookies and does not store any personal data. You can find more information on data protection at Plausible Analytics at: https://plausible.io/data-policy

 

16. Data processing when using our products

We use third-party service offerings in our products on the basis of our legitimate interests within the meaning of Art. 6 (1) p. 1 f) GDPR and in the interests of our business customers for the planning, design and simulation of the systems as follows:

a) Google Maps

We integrate the map service Google Maps. Cookies are set and data such as the IP address, browser and device type, operating system, date and time of the call and your location data are transferred to Google. The data is usually also transferred to a Google server in the USA and stored there.

Insofar as Google processes data in the USA, this is done on the basis of standard contractual clauses pursuant to Art. 46 (2) c) GDPR, which have been approved by the European Commission. Nevertheless, it cannot be ruled out that US authorities and US intelligence services may access the data without informing affected persons of this.

The legal basis is Art 6 para. 1 p. 1 f) GDPR. It is our legitimate interest and also in the interest of our business customers to make our products as user-friendly as possible.

Google Maps is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. You can access Google's privacy policy via the following link: https://policies.google.com/privacy?hl=en

b) OpenStreetMap

Users of our programmes can also use the maps of the OpenStreetMap service. OpenStreetMap is offered on the basis of the Open Data Commons Open Database License (ODbL) by the OpenStreetMap Foundation (OSMF).

Cookies are used for this purpose. The following information is collected by the cookie: IP address, browser and device type, operating system as well as date and time of the call. This data is transmitted to OSMF servers. Insofar as your location is also transmitted, this is only done approximately in the form of the country in which you are probably located. OSMF will only use the data for technical or security support of the service and in anonymised form for research and other purposes.

Insofar as data is also transmitted to OSMF servers in the United Kingdom, this is done on the basis of an adequacy decision issued by the European Commission pursuant to Art. 45 GDPR.

The legal basis is Art 6 para. 1 p. 1 f) GDPR. It is our legitimate interest and also in the interest of our business customers to make our products as user-friendly as possible.

More information about the OpenStreetMap Foundation, based at St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom, can be found here: https://blog.openstreetmap.org/about/

You can find OSMF's privacy policy here: https://wiki.osmfoundation.org/wiki/Privacy_Policy

c) Bing Maps

Our software products also include the maps Bing Maps, a map service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Cookies are set for the geographical display and data such as the IP address, browser and device type, operating system, date and time of the call and your location data are transferred to Microsoft. The data is usually also transferred to a Microsoft server in the USA and stored there.

Insofar as Microsoft processes data in the USA, this is done on the basis of standard contractual clauses pursuant to Art. 46 (2) c) GDPR, which have been approved by the European Commission. Nevertheless, it cannot be ruled out that US authorities and US intelligence services may access the data without informing data subjects of this.

The legal basis is Art 6 para. 1 p. 1 f) GDPR. It is our legitimate interest and also in the interest of our business customers to make our products as user-friendly as possible.

You can find the privacy policy under https://privacy.microsoft.com/en-us/privacystatement

d) Matomo

In our software PV*SOL we use the tool Matomo, an open source software for web analysis, to collect anonymous usage data for analysis purposes. No personal data is transmitted with the collected data: The IP address is anonymised and no project data is collected that could contain personal data. The legal basis for the data processing is Art. 6 para. 1 p. 1 f) GDPR. Our legitimate interest in data processing follows from the aforementioned purpose.

You can prevent the collection of your data by Matomo by switching off the data processing when installing the software. After installation, you can object to data processing at any time by making the appropriate setting in the programme option.

You can access Matomo's privacy policy via the following link: https://matomo.org/privacy-policy/

e) Microsoft Azure database

In our PV*SOL and GeoT*SOL software, we use a Microsoft Azure database to collect anonymous usage data. The transmission of this data is voluntary and can be switched off by the user during installation (PV*SOL) or the first start (GeoT*SOL) and later in the programme at any time via the programme options. No personal data is transmitted with the collected data: The IP address is anonymised and no project data is collected that could contain personal data. The database is hosted in a Microsoft data centre in Western Europe. To the privacy policy of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA: https://azure.microsoft.com/en-us/explore/trusted-cloud/privacy/

f) Additional services: Interfaces for climate data

Various climate data are available to our users via interface. The provider named in each case is solely responsible for data processing when using the services named below:

i. PVGIS

You can access climate data for Europe, Africa, large parts of Asia and America from PVGIS (Photvoltaik Geographical Information System) of the European Commission, EU Science Hub, free of charge via an interface in our programmes. Under the link Privacy policy | European Commission (europa.eu) you will find further information on data protection.

ii. Solcast

We have integrated an interface for the predominantly fee-based climate data offer of Solcast, 32, Halloran St Lilyfield 2040, Sydney, Australia into our PV*SOL software. If you wish to use Solcast's service, you will be asked by the service provider to provide your e-mail address for the purpose of registering and creating an account. You will be directed to Solcast's online website and will receive an e-mail from Solcast inviting you to create a password in the API Toolkit account.

The data may be processed in Australia. Please note that no adequate protection can be guaranteed for your personal data. For more information on data protection, please click here: https://solcast.com/privacy-policy

iii. SolarAnywhere

SolarAnywhere is a paid climate data service from the USA that is integrated into our products via an interface. Clean Power Research is located at 1541 Third St., Napa, CA 94559. The company states in its privacy policy that it complies with the GDPR standards regarding data subjects' rights. You can find the privacy policy here: https://www.cleanpower.com/privacy-policy/. Nevertheless, we would like to point out the risk that the data will be processed in the USA and thus no adequate protection can be guaranteed for your personal data.

 

17. Business analyses and market research

Insofar as you have given us your consent in accordance with Art. 6 para. 1 p. 1 a) GDPR, we internally analyse the data we have on business transactions, contracts, enquiries, etc. in order to operate our business economically and to be able to recognise market trends and the wishes of contractual partners and users. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata, whereby the persons concerned include contract partners, interested parties, customers, visitors and users of our online offer.

The analyses are carried out for the purpose of business evaluations. In doing so, we can take into account the profiles of the registered users with information, e.g. on the services they have used. The analyses serve us to increase user-friendliness, optimise our offer and improve business management.

The analyses are for internal purposes only and are not published unless they are anonymous analyses with summarised value.

If these analyses or profiles are personal, they will be deleted or made anonymous upon termination by the user, otherwise after two years from the conclusion of the contract. In other respects, the macroeconomic analyses and general tendency determinations are created anonymously wherever possible.

You can revoke your consent at any time by sending us a message to this effect by e-mail.

 

18. Application process

When you apply to us, we process your surname, first name, date of birth, address, e-mail address and telephone number. We also process personal data that you provide to us as part of the application process in your application documents (CV, certificates, etc.) and during the interview. The data is processed for the purpose of carrying out the application procedure for the selection of suitable applicants and, if suitable, for the establishment of an employment relationship. If you are employed by us after completion of the application process, your data collected during the application process will be stored in the personnel file insofar as this is necessary for the implementation of the employment relationship. Otherwise, the data will be deleted. The legal basis is Art. 6 para. 1 p. 1 b) GDPR and § 26 para. 1 p. 1 Federal Data Protection Act.

Insofar as we process special categories of personal data pursuant to Art. 9 (1) GDPR (e.g. health data) that you voluntarily provide to us, this processing is carried out pursuant to Art. 9 (2) a) GDPR. Insofar as the processing of these special categories of data is necessary in order to exercise or fulfil rights and obligations, for example under employment law, the legal basis is Art. 9 (2) (b) GDPR.

In the event of rejection, the data will be deleted within six months of you receiving our notification of rejection, unless we have your consent for the further use of the data. At your request, the data will be deleted before the end of the application process if you no longer wish to participate in the application process.

 

19. Social Media

a) YouTube

Insofar as you have given us your consent in accordance with Art. 6 para. 1 p. 1 a) GDPR, YouTube is activated and you can watch YouTube videos embedded on our website.

For the playback of the videos, data such as the IP address, browser and device type, operating system and time of playback are transmitted to YouTube. In addition, a connection to the DoubleClick advertising network, a subsidiary of Google LLC, is established. This sets cookies that are used to provide relevant advertising for you, to improve campaign performance reports or to prevent you from seeing the same ads more than once.

We have embedded the videos in extended data protection mode. This means that data transmission only begins when you activate playback of the video by clicking on it.

Insofar as YouTube or Google processes data in the USA, this is done on the basis of standard contractual clauses pursuant to Art. 46 (2) c) GDPR, which have been approved by the European Commission. Nevertheless, it cannot be ruled out that US authorities and US intelligence services may access the data without informing the data subjects.

You can revoke your consent at any time with effect for the future. Details on revocation can be found above in section 12 of this privacy policy. You can also prevent the storage of cookies by setting your browser software accordingly (see above chapter 11).

You can also deactivate personalised advertising from Google via the advertising settings. In the case of deactivating personalised advertising, you will still receive ads, but the ads will no longer be tailored to your interests. Instructions for deactivation can be found on the following website: https://support.google.com/My-Ad-Center-Help/answer/12155764?visit_id=638112950336951966-1047377327&rd=1&hl=en-GB#stop_goog_p13n

Alternatively, you have the option to install a browser plug-in to disable personalised advertising. This sets an opt-out cookie that prevents the DoubleClick cookie and disables interest-based advertising. You can download the browser plug-in from the following website: https://support.google.com/ads/answer/7395996?hl=en

YouTube is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. You can access Google's privacy policy via the following link: https://policies.google.com/privacy?hl=en

You can view the European Commission's standard contractual clauses here: https://eur-lex.europa.eu/legal-content/EN/TXT/?locale-en=&uri=CELEX%3A32021D0915

b) Facebook, LinkedIn and XING

So that you can also communicate with us via the social networks, we have an online presence on Facebook, LinkedIn and XING.

Insofar as you have given the corresponding permission in your user account in the social network, the operators of the networks use cookies to analyse and measure your behaviour in the social network for advertising and marketing purposes and to display relevant advertising to you in the social network and also on websites outside the network.

The data processing takes place on the basis of a joint responsibility agreement pursuant to Art. 26 GDPR, which we have concluded with the respective social network. Insofar as the social networks transfer data to the USA or other third countries (outside the European Economic Area), this is done on the basis of standard contractual clauses pursuant to Art. 46 (2) c) GDPR, which are approved by the European Commission, as well as on the basis of adequacy decisions issued by the European Commission regarding certain countries.

Nevertheless, in the case of processing in the USA, it cannot be ruled out that US authorities and US secret services may access the data without informing the data subjects.

The legal basis for the data processing is your consent pursuant to Art. 6 para. 1 sentence 1 a) GDPR. You can revoke your consent at any time with effect for the future by making the appropriate privacy settings in the social network.

For details on data protection, please refer to the privacy policy of the respective provider as follows:

Facebook is a service of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. The joint responsibility agreement according to Art. 26 GDPR with Facebook is available here: https://de-de.facebook.com/legal/terms/page_controller_addendum

You can find Facebook's privacy policy here: https://m.facebook.com/policy.php

LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The joint responsibility agreement according to Art. 26 GDPR with LinkedIn is available here https://legal.linkedin.com/pages-joint-controller-addendum

You can find LinkedIn's privacy policy here: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_join-form-privacy-policy

You can also object to data processing for advertising purposes by LinkedIn. You can find an opt-out option here: https://www.linkedin.com/help/linkedin/answer/62931/manage-advertising-preferences?lang=en

XING is a service of New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. Details of XING's data protection can be found here: https://www.xing.com/app/share?op=data_protection

c) LinkedIn Insight Tag

Our website uses the conversion tracking tool "LinkedIn Insight Tag" from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The LinkedIn Insight Tag sets a cookie in your browser and enables the collection of the following data, among others: URL, referrer URL, IP address, device and browser properties, timestamp and page events (e.g. page impressions, page views, etc.).

This data is transmitted in encrypted form to LinkedIn servers, even if you are not a member there. If you are logged into your LinkedIn account during your visit to our website, LinkedIn can assign the data to your account.

The data is pseudonymised by LinkedIn within seven days. The pseudonymised data is deleted within 180 days.

By means of the LinkedIn Insight Tag, we receive information about the use of our website and about the reach and success of our advertisements in the LinkedIn network. LinkedIn does not provide us with personal data, but aggregated evaluations to analyse our website target groups and LinkedIn advertising campaigns. In addition, the LinkedIn Insight Tag offers the possibility of retargeting, so that you can be shown interest-based advertising on LinkedIn and other websites.

Data processing takes place on the basis of a joint responsibility agreement pursuant to Art. 26 GDPR, which we have concluded with LinkedIn. Insofar as LinkedIn transfers data to the USA or other third countries (outside the European Economic Area), this is done on the basis of standard contractual clauses pursuant to Art. 46 (2) c) GDPR, which have been approved by the European Commission, as well as on the basis of adequacy decisions issued by the European Commission regarding certain countries. You can view the standard contractual clauses of the European Commission here: https://eur-lex.europa.eu/legal-content/EN/TXT/?locale-en=&uri=CELEX%3A32021D0915

Nevertheless, in the case of processing in the USA, it cannot be ruled out that US authorities and US secret services may access the data without informing the data subjects.

The legal basis for data processing is your consent pursuant to Art. 6 (1) p. 1 a) GDPR. You can revoke your consent at any time with effect for the future via the settings in our cookie consent banner (see point 12 above).

You can also object to data processing for advertising purposes by LinkedIn. You can find an opt-out option here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out?trk=microsites-frontend_legal_cookie-policy

The joint responsibility agreement pursuant to Art. 26 GDPR with LinkedIn is available here: https://legal.linkedin.com/pages-joint-controller-addendum

Learn more about the LinkedIn Insight Tag here: https://www.linkedin.com/help/lms/answer/a427661/linkedin-insight-tag-haufig-gestellte-fragen?lang=en

You can find LinkedIn's privacy policy here: https://www.linkedin.com/legal/privacy-policy

 

20. Links

Insofar as we link to the content of external websites, we are not responsible for the data protection on these websites. We can therefore not guarantee that the secure handling of your data guaranteed by us is equally guaranteed on the external websites. If you have any questions about data protection, please contact the respective operator.

 

21. Your rights

You have the right to request information from us at any time about your personal data stored by us (Art. 15 GDPR). This also concerns the recipients or categories of recipients to whom this data is passed on and the purpose of the storage. In addition, you have the right to demand correction under the conditions of Art. 16 GDPR and/or deletion under the conditions of Art. 17 GDPR and/or restriction of processing under the conditions of Art. 18 GDPR. Furthermore, you may request data transfer at any time under the conditions of Art. 20 GDPR.

 

22. Your right to complain to a supervisory authority

Pursuant to Art. 77 GDPR, without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.

 

23. Your right to withdraw consent

Insofar as you have given us your consent to the processing of personal data relating to you in accordance with Article 6 (1) sentence 1 a) GDPR, you have the right to revoke your consent at any time in accordance with Article 7 (3) GDPR. The lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by the revocation.

 

24. Right of objection

Insofar as we process your personal data to protect our legitimate interests pursuant to Art. 6 (1) p. 1 f) GDPR, you have the right under Art. 21 GDPR to object to the processing of your data at any time on grounds relating to your particular situation; this also applies to profiling based on this provision. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

To exercise your right to object, please send an e-mail to: datenschutz@valentin-software.com

 

25. Provision of personal data

The provision of your personal data is neither legally nor contractually required and you are not obliged to provide us with personal data. If you enter into a contract with us, certain personal data, such as your contact details, are required for the conclusion of the contract. If you do not provide us with this data, we will not be able to conclude the contract with you.

 

26. Existence of automated decision making

We do not use automated decision making or profiling.


27. Changes to the privacy policy

This privacy policy is currently valid. In view of possible changes to the website and our products and services as well as future changes to legal requirements, it may be necessary to adapt our data protection declaration from time to time. The currently valid version of the data protection declaration can be found on our website under the link "Privacy Policy".

For information, revocations or objections to data processing, please contact:
Valentin Software GmbH
Stralauer Platz 34
10243 Berlin
E-Mail: datenschutz@valentin-software.com

Berlin, February 2024