Privacy policy

We appreciate your interest in our company and our products and would like you to feel secure when visiting our website, also with regard to the protection of your personal data.

scdsoft AG takes your legitimate data protection concerns very seriously and complies with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG-new), the Telecommunications Digital Services Data Protection Act (TDDDG) and, where applicable, the provisions of other applicable data protection regulations.

All data processing operations (collection, processing and utilisation) by scdsoft AG are carried out in strict compliance with the statutory data protection regulations. We collect, process and use personal data in order to fulfil orders and to further improve the content and functionality of our services.

scdsoft AG handles the data you provide carefully and conscientiously. Insofar as data of any kind is collected, processed or used, this is always done within the framework of the legal provisions or with your express consent.

The protection of privacy is of crucial importance for the future of Internet-based business models and for the development of an Internet-based economy. With this privacy statement, scdsoft AG underscores its commitment to the protection of privacy. In the following, you will learn how scdsoft AG handles personal data on this website.

This privacy policy applies to this and all other websites that refer to this privacy policy. Under certain circumstances, other data protection provisions apply to individual scdsoft AG companies. We therefore ask you to carefully read the data protection statements of all scdsoft websites you visit.

Responsible person according to Art. 4 para. 7 of the Basic Data Protection Regulation (DSGVO) is:
scdsoft AG
Albert-Nestler-Straße 21
76131 Karlsruhe

Mannheim Local Court Commercial Register Number: HRB 109104
Sales tax identification number: DE 811449988
Phone: +49 721 160800 – 0
Fax: +49 721 160800 – 99
E-Mail: info@scdsoft.de
Internet: www.scdsoft.de

You can reach our data protection officer at scdsoft AG at:
scdsoft AG
Thomas Fletschinger
E-Mail: dsb@scdsoft.de

Global data protection standards

Our handling of personal data has been aligned with global principles and standards with regard to transparency in the use of personal data, observance and granting of rights of choice, access regulations, rules on data integrity, data security, data sharing and monitoring the lawfulness of processing. In particular, scdsoft AG complies with the General Data Protection Regulation (DSGVO).

Consent

By using this website, you consent to the electronic storage and use of your data as described below. Changes to this privacy policy will always be posted on this page so that you are always aware of what data scdsoft AG stores and how it is used. Where required by applicable data protection law, we will also expressly ask for your consent for the further processing of personal data collected on this website or provided by you.

Cookie consent with Borlabs cookie
 Our website uses the cookie consent technology of Borlabs Cookie to obtain your consent to store certain cookies in your browser and to document this in accordance with data protection law. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg (hereinafter Borlabs).

When you enter our website, a Borlabs cookie is stored in your browser, which stores the consents you have given or the revocation of these consents. This data is not shared with the Borlabs cookie provider.

The collected data will be stored until you request us to delete it or delete the Borlabs cookie yourself, or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. Details on the data processing of Borlabs Cookie can be found under https://borlabs.io/kb/what-information-does-borlabs-cookie-store/.

The use of Borlabs cookie consent technology takes place in order to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c DSGVO.

Manage cookie settings

 

Collection and processing of personal data
 scdsoft AG would like to better understand your needs and interests and provide you with optimal service. Therefore, scdsoft AG collects and uses personal information in the manner described below and in accordance with applicable data protection law.

When you visit our website, we collect your IP address and use cookies and other Internet technologies (hereinafter referred to as “automated tools” and “integrated web links”) that help us obtain general information about visitors to our website and their interests. Below we explain which technologies are used and what kind of information is collected with them.

We also collect and process data that you voluntarily provide to us, for example, when you register for events, subscribe to newsletters, participate in online surveys, join discussion groups or forums, or make purchases. In addition, we collect and process data that you voluntarily provide to us, for example, when you register for events, subscribe to newsletters, participate in online surveys, join discussion groups or forums, or make purchases.

What data do we collect and why?
With the help of the collected data, scdsoft AG would like to provide you with consistent personal support. scdsoft AG will use your data exclusively as described in this statement or at the time of collection. Any subsequent change in the purpose of use is subject to your express consent, unless the change is otherwise legitimized by applicable law.

We always process your personal data for a specific purpose.In particular, we may process your personal data for the following purposes:

  • to manage our relationship with you, for example, through our databases, in which we aggregate data about you from our various sources to provide an overview of how we work together; and to improve and personalize our understanding of your preferences and our communications with you;
  • for order processing and delivery of ordered services and products.
  • to carry out tasks for the preparation or performance of contracts;
  • to provide evidence of business transactions;
  • to provide you with appropriate and up-to-date information and our products and services;
  • to improve the quality of our products and services by adapting our offer to your specific needs;
  • to answer your inquiries and provide you with efficient support;
  • to track our activities (e.g., measure collaboration or sales, number of appointments/meetings, topics discussed, materials presented);
  • to invite you to events sponsored by us or used by us (e.g., lectures, conferences);
  • to grant you access to our specified IT systems so that you can use certain services provided by scdsoft AG;
  • to manage our IT resources, including infrastructure management and business continuity.;
  • to protect the Company’s economic interests and ensure compliance and reporting (e.g., adhering to our policies and local regulatory requirements, taxes and deductions, complying with internally established grant limits, managing alleged instances of misconduct or fraud, conducting audits, and defending litigation).;
  • for archiving and logging;
  • for the processing of job inquiries
  • for invoicing and accounting as well as
  • other purposes prescribed by law and by the authorities.
  • In certain cases, we are required by law to transmit data to a requesting government agency (institution or authority). The legal basis for the processing is Art. 6 para. 1 c DSGVO or § 24 para. 2 no. 1 BDSG.
  • in some cases, business partners require personal data from our customers. This usually takes place in the context of order fulfillment (e.g. in the case of complaints). This is expressly provided for by law. In this case, scdsoft AG remains responsible for the protection of your data – if necessary, in addition to the order processor. The respective business partner works according to our instructions, which scdsoft AG ensures through strict contractual regulations.
  • to fulfill the legal obligations for recording, documentation and reporting to competent authorities.

IP addresses
IP addresses are used for malfunction analysis, website administration, and to gather demographic information. Furthermore, we use IP addresses and possibly other information that you have provided to us on this website to learn which pages from our offer are accessed and which topics our Visitors are interested in. We use the insights gained to be able to offer you an optimized range of information on our products and services. As a matter of principle, scdsoft AG only collects such data in anonymized form and will not link it to a registered user’s profile without the user’s consent. When visiting our website, only the domain name is recorded by default.

scdsoft AG only collects data in connection with your visit to the scdsoft website. We do not collect any personal data in connection with your visits to the websites of other companies or organizations that are not part of scdsoft AG.

Cookies

  • we use cookies on our website or websites. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablets, smartphone, etc.) when you visit our websites. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware. In the cookie, information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we gain direct knowledge of your identity. The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our websites. These are automatically deleted after you leave our site.
  • in addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our website again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again..
  • on the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies enable us to automatically recognize that you have already been to our website when you visit it again. These cookies are automatically deleted after a defined period of time..
  • the cookies process data and are necessary for the stated purposes to protect our legitimate interests as well as those of third parties in accordance with Art. 6 (1) p. 1 lit. f) DSGVO.
  • most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.

E-mail addresses
If you give us your e-mail address or provide it via the contact form, we will also contact you by e-mail. We will not pass on your e-mail address to third parties outside scdsoft AG. You can choose at any time not to receive any more e-mails from scdsoft AG.

Orders and registration for events
 Our website contains forms that you can fill out to request information, products and services.

Use of external service providers
We work with service providers who process certain data on our behalf. This is done exclusively in accordance with the applicable data protection law. In particular, we have concluded data processing agreements on behalf of our service providers that meet the requirements of Article 28 of the GDPR.

Newsletter notices and consents
With the following information, we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the described procedures.

Newsletter content
We send newsletters and e-mails advertising information (hereinafter “newsletter”) only with the consent of the recipients or a legal permission. The contents circumscribed in the context of a registration for the newsletter are decisive for the consent of the users.

Double opt-in and logging
The registration for our newsletter takes place in a so-called double opt-in process. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address.

Login data
To register for the newsletter, it is sufficient to enter your e-mail address. In addition, we use other data such as name and first name, country and customer group. This information is only used for personalization and segmentation of the newsletter.

Statistical survey and analyses
The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times.

The statistical surveys also include the determination of whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is not our intention to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

Disclosure of data, transfer to third country
The transfer of your personal data to third parties for purposes other than those listed below does not take place. We will only disclose your personal data to third parties if:

  • you have given your express consent in accordance with Art. 6 (1) p. 1 lit. a) DSGVO, § 26 (2) Federal Data Protection Act (BDSG).,
  • the disclosure is necessary in accordance with Art. 6 para. 1 p. 1 lit. f) DSGVO for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.,
  • in the event that a legal obligation exists for the disclosure pursuant to Art. 6 (1) sentence 1 lit. c) DSGVO as well as
  • this is legally permissible and necessary according to Art. 6 para. 1 p. 1 lit. b) DSGVO, § 26 para. 1 BDSG for the processing of a contractual relationship with you or for pre-contractual measures at your instigation..

A transfer to a third country or an international organization is not intended and there is no automated decision making, unless otherwise provided for in this privacy policy.

If necessary, information will also be passed on by scdsoft AG to business partners, service providers, third parties or subcontractors. This may be necessary to provide a service or transaction requested by you, such as order processing, for customer service purposes or to inform you about services or products and services.

Your personal information will not be disclosed, sold or otherwise made available to third parties for marketing purposes without your prior consent.

scdsoft AG may be required to disclose your data and related information in response to a court or regulatory order. We also reserve the right to use your data to assert or defend legal claims.

In the event of an acquisition or merger with another company, disclosure or transfer of personal data to potential or actual buyers may be required. In such a case, scdsoft AG will strive to protect the data as much as possible.

In accordance with applicable law, we reserve the right to store and disclose personal and other data for the purpose of detecting and combating illegal activities and attempted fraud or a violation of the scdsoft AG Terms of Use.

Privacy policy for newsletter dispatch with rapidmail

When you subscribe to our company’s newsletter, the data entered in the respective input mask is transmitted to the controller responsible for processing. Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary to prevent anyone from registering with someone else’s email address. When you register for the newsletter, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the email address of the person concerned. The data will be used exclusively for sending the newsletter. The data subject can unsubscribe from the newsletter at any time. Consent to the storage of personal data can also be revoked at any time. For this purpose, a corresponding link is provided in each newsletter.

The legal basis for the processing of data after the user has registered for the newsletter is Art. 6 (1) lit. a) GDPR, provided that the user has given their consent. The legal basis for sending the newsletter as a result of the sale of goods or services is § 7 (3) UWG (German Unfair Competition Act).

Use of rapidmail

Description and purpose: We use rapidmail to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. rapidmail is used, among other things, to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter is stored on rapidmail’s servers in Germany. If you do not want rapidmail to analyze your data, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message. For the purpose of analysis, emails sent with rapidmail contain a so-called tracking pixel, which connects to rapidmail’s servers when the email is opened. This allows us to determine whether a newsletter message has been opened. Furthermore, with the help of rapidmail, we can determine whether and which links in the newsletter message are clicked on.

Legal basis: The legal basis for data processing is Art. 6 (1) (a) GDPR.

Recipient: The recipient of the data is rapidmail GmbH.

Transfer to third countries: The data is not transferred to third countries.

Duration: The data you have provided us with in the context of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from both our servers and the servers of rapidmail after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g., email addresses for the member area) remains unaffected by this.

Right of revocation: You have the right to revoke your consent to data processing at any time with future effect. The legality of data processing operations that have already taken place remains unaffected by the revocation.

Further data protection information: For more details, please refer to rapidmail’s data security information at: https://www.rapidmail.de/hilfe/kategorie/dsgvo-datensicherheit.

For more information on rapidmail’s analysis functions, please refer to the following link: https://www.rapidmail.de/hilfe.

Analysis tools

The tracking measures listed below and used by us are carried out on the basis of Art. 6 (1) p. 1 lit. f) DSGVO. With the tracking measures used, we want to ensure a needs-based design and continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the tracking tools described in more detail below.

Privacy policy for the use of Matomo
On this website, data is collected and stored using the web analytics service software Matomo (www.matomo.org), a service of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, (“Matomo”) on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes pursuant to Art. 6 para. 1 lit. f DSGVO. Pseudonymized user profiles can be created and evaluated from this data for the same purpose.

The information generated by the cookie in the pseudonymous user profile is not used to personally identify the visitor to this website and is not merged with personal data about the bearer of the pseudonym. If you do not agree with the storage and evaluation of this data from your visit, then you can object to the storage and use for the future at any time by mouse click. In this case, a so-called opt-out cookie will be stored in your browser, with the consequence that Matomo will not collect any session data.

Please note that the complete deletion of your cookies will result in the complete deletion of your cookies will result in the deletion of your cookies will result in the deletion of the opt-out cookie and you may have to reactivate it. As far as legally required, we have obtained your consent pursuant to Art. 6 (1) lit. a DSGVO for the processing of your data as outlined above. You can revoke your consent at any time with effect for the future. To exercise your revocation, please follow the option described above to make an objection.

The Matomo program is an open source project.

You can obtain information from the third-party provider on data protection at: https://matomo.org/privacy-policy/.

Privacy policy for the use of Vimeo plugins
Our website uses plugins of the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.

When you visit one of our pages equipped with a Vimeo plugin, a connection to the Vimeo servers is established. In the process, the Vimeo server is informed which of our pages you have visited. In addition, Vimeo obtains your IP address. This also applies if you are not logged in to Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA.

If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account.

For more information on the handling of user data, please refer to Vimeo’s privacy policy at: https://vimeo.com/privacy.

Privacy policy for the use of LinkedIn

Plugins of the social network LinkedIn of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter “LinkedIn”), are integrated on our website. You can recognize the LinkedIn plugins by the LinkedIn logo or the “share button” (“recommend”) on this website (hereinafter collectively referred to as “LinkedIn plugins”). When you visit our website, a direct connection between your browser and the LinkedIn server is established via the LinkedIn plugins. LinkedIn thereby receives the information that you have visited this website with your IP address. If you click the LinkedIn “Share Button” while logged into your LinkedIn account, you can link the content of this website on your LinkedIn profile. This allows LinkedIn to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn. Details on data collection (purpose, scope, further processing, use) as well as your rights and setting options can be found in LinkedIn’s privacy policy. LinkedIn provides this information at: https://www.linkedin.com/legal/privacy-policy.

Privacy policy for the use of Xing

The “XING Share button” is used on this website. When you visit this website, your web browser connects for a short time to the servers of XING AG (“XING”), which provides the functions of the “XING Share button” (including a visitor counter). XING does not store any personal data about you and your visit when you access the website. XING does not store IP addresses, nor does XING use cookies to monitor your visit behavior in relation to the “XING share button”. Please visit the following website for the latest version of the privacy policy for the “XING share button” and further information: https://dev.xing.com/plugins/share_button/privacy_policy.

Links to other websites

Our website may contain links to the websites of third parties such as XING, LinkedIn, Vimeo or others. scdsoft AG is not responsible for the data protection precautions or the content of the websites of third parties or websites that do not belong to scdsoft AG or affiliated companies.

Web fonts from myfonts.com
 This site uses so-called web fonts for the uniform display of fonts, which are provided by MyFonts Inc., 600 Unicorn Park Drive, Woburn, MA 01801, USA. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to the servers of MyFonts. This enables MyFonts to know that our website has been accessed via your IP address. The use of MyFonts is in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.

If your browser does not support web fonts, a standard font from your computer will be used. You can find more information about MyFonts at: https://www.monotype.com/legal/terms-use and https://www.monotype.com/legal/privacy-policy.

Data management
 scdsoft AG will retain personal data only for as long as is necessary for the purpose for which it was collected or for the purposes for which it is required by law.

Data protection information in the application process

  1. We process the applicant data only for the purpose and within the scope of the application procedure in accordance with the legal requirements. The applicant data is processed to fulfill our (pre)contractual obligations within the scope of the application procedure in accordance with Art. 6 para. 1 lit. b. DSGVO Art. 6 para. 1 lit. f. DSGVO insofar as the data processing becomes necessary for us, e.g. within the scope of legal procedures (in Germany, § 26 BDSG also applies).
  2. The application process requires applicants to provide us with applicant data. Required applicant data are personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, curriculum vitae and certificates. In addition, applicants may voluntarily provide us with the following additional information.
  3. By submitting an application to scdsoft AG, applicants consent to the processing of their data for the purposes of the application process in the manner and to the extent set out in this privacy policy.
  4. Insofar as special categories of personal data within the meaning of Art. 9 (1) DSGVO are voluntarily communicated within the scope of the application procedure, their processing shall additionally be carried out in accordance with Art. 9 (2) lit. b DSGVO (e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 (1) DSGVO are requested from applicants as part of the application process, their processing is additionally carried out in accordance with Art. 9
    Para. 2 lit. a DSGVO (e.g. health data if this is necessary for the exercise of the profession).
  5. Applicants can send us their applications by post or by e-mail. However, please note that e-mails are generally not encrypted and applicants must ensure encryption themselves. We can therefore accept no responsibility for the transmission path of the application between the sender and receipt on our server. If the applicant has any concerns about the security of the application documents sent by e-mail, we recommend sending the application documents by post.
  6. The data provided by applicants may be processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a job offer is not successful, the applicants’ data will be deleted. The applicants’ data will also be deleted if an application is withdrawn, which the applicants are entitled to do at any time.
  7. Subject to a justified revocation by the applicant, the data will be deleted after the application process has ended for twelve months so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the Equal Treatment Act.
    In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted after two years. If you are awarded a position during the application process, the data will be transferred from the applicant data system to our HR information system and deleted 10 years after the end of the employment relationship.

Invoices for any reimbursement of travel expenses are archived in accordance with tax law requirements.

Data protection information for the use of Microsoft 365

We would like to inform you below about the processing of personal data in connection with the use of Microsoft 365 products.

1. Purpose of processing

scdsoft AG uses the Microsoft 365 application package as a work tool. Microsoft 365 consists of various applications (e.g. MS Teams, MS Office, MS SharePoint, MS OneDrive), all of which are operated in the cloud.

We also use the Microsoft 365 tool to communicate with you and to conduct telephone conferences, online meetings, video conferences and surveys, as well as queries with our clients, cooperation partners, service providers, suppliers, customers and participants.

2. Information about Microsoft 365 software

We use Microsoft 365 software from Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399 USA (hereinafter ‘Microsoft’). This is operated as a cloud application. In some cases, a user account must be created to use the individual components. If this user account was not created by us and made available to you, Microsoft is the responsible body or the body that provided you with the access data.

In addition, Microsoft reserves the right to process user data for its own business purposes. In this context, Microsoft is the responsible body. We have only limited influence over Microsoft’s use of your usage data. We take all possible measures to minimise the transfer of your usage data to Microsoft as far as possible, but cannot completely prevent this.

Details and contact information, in particular regarding your rights vis-à-vis Microsoft, can be found at the following links if you have any questions about this topic:

General: https://privacy.microsoft.com/de-de/privacystatement

Regarding Microsoft 365 Teams: https://docs.microsoft.com/de-de/microsoftteams/teams-privacy

We have concluded data protection agreements with Microsoft to guarantee a minimum level of data protection. To this end, we have agreed that the processing of personal data by Microsoft will generally take place on servers in the EU.

For some services, however, data is still transferred to the USA, which is considered by the EU to be an unsafe third country in terms of data protection. In order to establish an adequate level of data protection in third countries comparable to that within the European Union, standard contractual clauses have also been concluded with Microsoft.

Please note that we have only limited influence over the processing of your usage data by Microsoft. To the extent that Microsoft processes personal data in connection with Microsoft’s legitimate business operations, Microsoft is the independent data controller for this use and, as such, is responsible for complying with all applicable laws and obligations of a data controller.

Regarding Microsoft Forms: https://privacy.microsoft.com/de-de/privacystatement

We use Microsoft Forms for our contact forms, for internal and external surveys and queries, such as evaluating campaigns, registering for events, etc.

Microsoft Forms is a tool within Microsoft 365, which we use, and is a service provided by the third-party provider Microsoft Ireland Operations Limited.

Personal data is processed when using Microsoft Forms. Please note that this data protection notice only provides information about the processing of your personal data by us when you use Microsoft Forms together with us. If you require information about processing by Microsoft, please refer to the relevant statement at the following link: https://privacy.microsoft.com/de-de/privacystatement.

The data of users from the European Union is processed in data centres within the European Economic Area (EEA). However, it may be necessary for the provision of the service and within the scope of support that data is processed at the headquarters of Microsoft Inc. in the USA. Conclusion of a contract for order processing: In order to fully comply with the strict legal data protection requirements, we have concluded an order processing contract with Microsoft within the framework of the ‘Online Service Terms’ (OST). Microsoft is therefore solely a processor. Insofar as the Microsoft website www.office.com or ‘Microsoft Forms’ processes personal data or uses cookies, Microsoft is responsible for data processing. Cookies from Microsoft are used on the survey page to provide the Microsoft Forms service.

In addition, the EU standard contractual clauses have been contractually agreed for data transfers to third countries. The EU standard contractual clauses guarantee an adequate level of data protection in the EU. We would like to inform you that, according to the case law of the European Court of Justice, the USA is currently not a safe third country within the meaning of EU data protection law. Due to surveillance laws in the USA, US service providers may be obliged to disclose personal data to security authorities without the data subjects being able to appeal against this. It cannot therefore be ruled out that US authorities, such as intelligence services, will process, evaluate and permanently store your data located on US service providers’ servers for surveillance purposes. We have no influence on these processing activities.

Microsoft has therefore taken additional technical and organisational measures to protect personal data. In particular, personal data is only transmitted in encrypted form via Forms. In addition, Microsoft has contractually undertaken to defend against disclosure requests from US authorities in court as far as possible. It can therefore generally be assumed that Microsoft provides an adequate level of protection when processing personal data.

The use of our contact forms and participation in our surveys is voluntary. If consent is given by participating in the survey, the legal basis is Art. 6 (1) sentence 1 lit. a GDPR (consent of the data subject). Consent that has been given can be revoked at any time with effect for the future. There are no disadvantages to revoking or not giving consent.

If the use of contact forms and surveys is necessary for the initiation and/or fulfilment of contracts, the processing of personal data is carried out in accordance with Art. 6 (1) sentence 1 lit. b GDPR.

If no contractual relationship exists, the use of the contact form may be based on our legitimate economic interest in providing you with efficient, economical and recipient-friendly services or, in the case of surveys, on our legitimate interest in the effective planning and implementation of projects and processes, etc. in accordance with Art. 6 (1) sentence 1 lit. f GDPR.

The form owners have access to Microsoft Forms and can create and distribute surveys, forms and questionnaires directly, either alone or with other owners. They are also the sole recipients of the responses.

These are graphically processed in Microsoft and are available to the form owners.

3. Data processing for the technical delivery of services:

Certain information is automatically processed as soon as you access one of the Microsoft 365 applications:

  • IP address, technical information for the delivery of a correct web page
  • Data required for authentication, licence use, logging and misuse detection
  • Date and time of access, type of access

To investigate and prosecute legal violations:

If necessary to investigate illegal or abusive use of Microsoft 365 services or for legal prosecution, personal data will be forwarded to law enforcement agencies or other authorities, as well as to injured third parties or legal advisors, if applicable. However, this will only happen if there are indications of illegal or abusive behaviour. Disclosure may also take place if it serves to enforce terms of use or other legal claims. We are also legally obliged to provide information to certain public authorities upon request. These include law enforcement agencies, authorities that prosecute administrative offences punishable by fines, and tax authorities.

The processing of this information serves our legitimate interest in the effective provision and security of the services used, as well as for legal prosecution. The legal basis is Art. 6(1)(f) GDPR.

When using Microsoft 365 Teams

We use the Microsoft 365 Teams tool as an exchange platform for a variety of communications, including

  • to conduct training measures/online seminars
  • for virtual one-on-one meetings
  • for group meetings

In some cases, participation is possible without login details, in other cases you must log in with your access data to participate in such meetings.

The following data is collected, which can usually also be displayed to the other participants:

  • Your user name (access data for Microsoft 365 applications)
  • At least the display name you have entered yourself
  • A dial-in number that you use when dialling into a meeting by telephone

possibly other identification features:

  • Information about yourself that you have stored as a user within Microsoft 365, in particular the following master data:
    • Surname, first name, contact details such as telephone number, email address, fax number, if entered by you or the organisation from which you received the access data.
  • Other voluntary data (such as a profile picture you have stored)
  • Communication content (text, audio, video)
  • If audio or video content is recorded, you will be notified separately.

To enable video display and audio playback, data from your device’s microphone and any video camera on your device will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the video conference application.

Further technical usage data is collected in the process:

  • Data within the scope of multi-factor authentication that you have stored yourself in your Microsoft account (e.g. optionally your (private) mobile phone number)
  • Information about the data/files/documents that were accessed
  • All activities related to use, such as creating, changing or deleting a document, setting up a team (and channels in teams), taking notes in a notebook, starting a chat, replying in a chat

Insofar as the meetings take place within the framework of a contractual relationship between us, data processing is based on Art. 6(1)(b) GDPR. If no contractual relationship exists, the legal basis is Art. 6(1)(f) GDPR. In this case, our interest lies in the effective implementation of online meetings.

When using Microsoft Forms

When using ‘Microsoft Forms’, various types of data are processed. The scope of the data depends on the questions asked and answered, as well as any additional services that may be uploaded.

Basically, this involves the following personal data:

  • Surname, first name
  • Email address
  • Profile picture (optional, if stored in Microsoft 365)
  • Preferred language
  • Status (optional, if stored in Microsoft 365)
  • Date and time the questionnaire was opened
  • Date and time the response was sent

If you participate in an anonymous survey, your response will not contain any contact information and cannot be traced back to you.

The service provider of ‘Microsoft Forms’ necessarily obtains knowledge of this data as a processor in the course of providing its services.

4. Recipients / disclosure of data

Personal data processed in connection with the use of Microsoft 365 products will not be disclosed to third parties, except in the cases described in section 5, unless it is specifically intended for disclosure.

5. Data processing outside the European Union

At least some of your data will also be transferred and processed outside the EU or the EEA, namely in the USA and other third countries.

The possible adequate level of protection is ensured by the conclusion of standard data protection clauses in accordance with Art. 46(2)(c) or (d) GDPR.

6. Deletion of data

We delete personal data as a matter of principle when there is no longer any need for further storage. A need may exist in particular if the data is still required to fulfil contractual services, to comply with retention obligations or to enforce or defend legal claims. In the case of statutory retention obligations, deletion will only be considered after the respective retention obligation has expired. If you are registered as a user with Microsoft 365, reports on your usage data (login data and IP addresses, other metadata, telephone dial-in data, etc.) may be stored by the provider for up to 90 days.

If we store your data in data backups, it will be overwritten regularly and in a manner appropriate to our operations.

Data subject rights

You have the right,

  • according to Art. 15 DSGVO to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or opposition, the existence of a right of complaint, the origin of your data, if they were not collected by us, such as the existence of automated decision-making and, if necessary, meaningful information about its details;
  • demand the correction of inaccurate or the completion of your personal data stored by us without delay in accordance with Art. 16 DSGVO;
  • to request, pursuant to Art. 17 DSGVO, the erasure of personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation on grounds of public interest, or for the establishment, exercise or defense of legal claims;
  • to request the restriction of the processing of your personal data in accordance with Art. 18 DSGVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO;
  • in accordance with Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
  • according to Art. 7 (3) DSGVO to revoke your once given consent at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future, and
  • to complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the registered office of our company for this purpose.

The competent supervisory authority for data protection of scdsoft AG is:
Baden-Württemberg Supervisory Authority
The State Commissioner for Data Protection of Baden-Württemberg
P.O. Box 10 29 32, 70025 Stuttgart
Urbanstr. 32, 70182 Stuttgart
Tel. 0711 615541 – 0
Fax: 0711 615541 – 15
Mail: poststelle@lfd.bwl.de
http://www.baden-wuerttemberg.datenschutz.de

For the assertion of the aforementioned rights as well as for questions regarding data protection, you can contact the person responsible or send an appropriate e-mail to dsb@scdsoft.de.

Right of objection
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f) DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation. If you would like to make use of your right of revocation or objection, it is sufficient to send an e-mail to dsb@scdsoft.de.

Data security
a) Within the website visit, we use the widespread SSL procedure (Secure Sockets Layer) in conjunction with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can see whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
b) We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Changes to this privacy policy
Due to current circumstances, such as a change in the relevant data protection regulations, we will update this privacy policy if necessary.

Last change: 17 Dec. 2025