The company responsible is
Data protection subject matter in this case is personal data. Per article 4 no. 1 GDPR (General Data Protection Regulation) this includes all information referring to an identified or identifiable natural person. Such data includes e.g. names and addresses and other characteristics such as IP addresses.
We collect and store information automatically in server log files. Information your browser communicates to us is included. This includes
This data cannot be assigned any natural person, mainly because the IP address is always anonymised, is not combined with data from other sources and is only accessed when there is reason to believe our infrastructure has been attacked and to remedy faults. In such cases we reserve the right to temporarily deactivate the anonymisation of the IP address/es. All log files are automatically deleted after seven days at the latest.
We collect this data as we have a justified interest in secure and fault-free operation of our server infrastructure, to combat misuse and to follow up crimes except where such interest is overridden by your interests or fundamental rights and freedoms which require protection of personal data (article 6 paragraph 1 lit. f GDPR).
If you register a test version of our software we will collect the following personal data:
Collecting and processing said personal data enables us to handle your registration and send you the test version requested (article 6 paragraph 1 lit. b GDPR).
We reserve the right to send you information on the use of our software and on upgrades / updates to it by e-mail or telephone if you use a test version thereof. We also reserve the right to contact you by e-mail just once on expiry of your test version to advise you of new functions and a further test option. Your registration data will be retained by us for a year for this purpose. You may of course object by e-mail to this at any time. If you do you will be removed from our distribution list and your data erased.
Saving and utilising this data is on the basis of our justified interest in advertising our software and this not having any deleterious effect on any interest of yours (article 6 paragraph 1 lit. f GDPR). E-mail transmission and telephone contact are on the basis of §7 paragraph 3 UWG (Unfair Competition Act).
If you decide after utilising a test version to agree to any tariff of ours requiring payment then we will collect the following data on you in addition to that in your registration insofar as same has not already been provided:
Collecting and processing said personal data enables us to properly draft invoices to you and to make our goods and services available to you (article 6 paragraph 1 lit. b GDPR).
We have a free newsletter containing information on new versions of our software, usually monthly. If you register for it we collect the following personal data:
We will send you an e-mail with a confirmation link once you have registered. Click on the link to confirm you wish to receive the newsletter. Only then will we send it to you. You can cancel the newsletter at any time by e-mail.
Collection and processing of your personal data here is to enable us to send you the newsletter (article 6 paragraph 1 lit. b GDPR).
Please use the contact form on our website to get in touch with us by e-mail. If you send us such a message we collect the following personal data:
Said data will only be used to generate an e-mail in the background with your contact information and send it to our support staff. No data will be stored in any other way.
Collection and processing of your personal data here is to enable us to process your enquiry as desired by you (article 6 paragraph 1 lit. b GDPR).
We treat your data as confidential and therefore do not pass it on to third parties on principle. Our servers are in Germany and operated by Suleitec Webhosting on our behalf. This ensures your data is always subject to EU GDPR.
It may be passed on if that serves the investigation of illegal use of our goods and/or services or to prosecute same. If there is concrete evidence of illegal behaviour or misuse then personal data will be passed on to law enforcement agencies and to third party victims. This may also be done where it serves enforcement of conditions of use or other contractual provisions. We are legally obliged to provide information to certain authorities (e.g. law enforcement agencies and tax authorities) on request.
Said data is passed on because we have a justified interest in preventing misuse and in crime being prosecuted except where such interest is overridden by your interests or fundamental rights and freedoms which require protection of personal data, (article 6 paragraph 1 lit. f GDPR).
We actually use
As we consider protection of your personal data very important we do not use analysis software on our website (e.g. Google Analytics or the like) and have no means of directly integrating with social networks (e.g. Facebook or the like) on said site.
Like many other companies, we run a Facebook fan page, which you can reach at https://www.facebook.com/crewbrain.software/ via the social network. If you use our Facebook Fanpage, the common responsibility for processing the data lies with us and Facebook Ireland. Saving and utilising this data is on the basis of our justified interest in advertising our software and this not having any deleterious effect on any interest of yours (article 6 paragraph 1 lit. f GDPR).
We offer our clients the software "CrewBrain" with which they can collect and process personal data (usually on personnel as part of an employment relationship). A personal database structure is generated for the purpose during registration so that client data can be saved strictly separately from our data and individually. The scope of the personal data recorded is determined by each client in their relationship/s with their staff / users themselves.
We have no direct access to the personal data stored in such client databases. If necessary, e.g. to analyse a fault, responsible persons (persons with administrative access rights to the software) can grant us access to the client system limited to a single login. Specially selected employees of ours may access the database in the event of a fault at the technical level and thus e.g. repair tables or render maintenance/service work.
Our client is the responsible person within the meaning of the German Federal Data Protection Act (BDSG) where all personal data collected and/or processed in the course of the relationship between our client and their staff / users is concerned. They define the respective purposes and advise staff / users thereof. All rights arising out of the GDPR (see the "Your rights" section) of individual employees / users are to be advised the client and will be complied with by them.
We process your personal data solely for the purpose/s given herein. Said purpose/s will only be deviated from if that is permitted in law or you have agreed to the relevant change/s in data processing purpose/s. Insofar as data is processed for any purpose/s other than that/those for which we originally collected same we will advise you comprehensively thereof.
Once the purpose for which we collected your personal data has been served we will erase said data or anonymise it. We save your personal data only for the duration of our mutual utilisation / contractual relationship unless otherwise stated. Thereafter your personal data will be erased unless otherwise required in law and the data is not needed for criminal prosecution or to safeguard, assert or implement any legal claim/s.
Every person has the right of access (article 15 GDPR), the right to rectification (article 16 GDPR), the right to erasure (article 17 GDPR), the right to restriction of processing (article 18 GDPR), the right to object (article 21 GDPR) and the right to data portability (article 20 GDPR). Where right of access and of erasure are concerned the restrictions in §34 und §35 BDSG apply. There is also a right to lodge a complaint with the responsible supervisory data protection authority (article 77 GDPR and §19 BDSG).
You always have the right to obtain information from us on the personal data concerning yourself that we have processed. This can be requested by post or e-mail to the address aforementioned.
If the personal data we have concerning you is incorrect you have the right to demand rectification thereof at any time. This can be requested by post or e-mail to the address aforementioned.
You have the right to demand erasure of your personal data subject to the conditions in article 17 GDPR at any time. This particularly applies if the purpose/s for which the data was collected or processed is/are no longer valid or the data was illegally collected or processed by any third party. This can be requested by post or e-mail to the address aforementioned.
You have the right to demand at any time that we restrict the processing of your personal data. This right applies in particular if the accuracy of the personal data concerned is disputed or if you demand restricted processing instead of erasure (e.g. if you need said data to assert, exercise or defend any legal claim). This can be requested by post or e-mail to the address aforementioned.
You have the right to object at any time to the processing of your personal data for reasons relating to your particular situation. In such case we will immediately cease processing said data unless we can prove there are compelling legitimate grounds for said processing. Those grounds must override your interests, rights and freedoms or have their origin in the establishment, exercise or defence of legal claims.
You may demand we send you your personal data in a structured, commonly used and machine-readable format at any time. This can be requested by post or e-mail to the address aforementioned.
There is also a right to lodge a complaint with the responsible supervisory data protection authority. Responsible supervisory authority:
Provincial Data Protection and Freedom of Information Officer for Baden-Wuerttemberg
Koenigstrasse 10 a