Your privacy is important to us!

 Updated contract data pro­cessing agree­ment, and technical and organisational measures

The new General Data Protection Regulation (EU) will be in force as of May 25th. We as snapADDY GmbH have intensively dealt with the topic and set the course, so both, you as our customer and we, are very well prepared for all new changes.

As part of this, we have drawn up a new contract data processing agreement together with our data protection officer, datenschutz süd GmbH, including the technical and organisational measures, which are in compliance with the new GDPR (EU).We have also adapted all necessary steps and processes internally.

The contract contains all important information, such as the subject of data processing, persons concerned or subcontractors.

Please return the completed and signed contract to adv@snapaddy.com.

If you have signed the former agreement with us, we should replace it with the new contract.

PLEASE NOTE: You agree to the German Privacy Policy which has been translated to English for your convenience only. The German Privacy Policy is binding.

We welcome you to our website. We would like to inform you about the management of your personal data in accordance with Art. 13 General Data Protection Regulation (GDPR).


Our data protection guidelines

Introduction

We appreciate your interest in our products and know that data protection is important. We treat your data with great care. We collect, store and use data exclusively in accordance with the legal requirements. Personal data will of course be treated confidentially and will not be passed on for advertising purposes without your authorization. We would like to point out that we reserve the right to transfer personal data to third parties if this is necessary for the fulfilment of the contract or if you expressly request it.

The protection of your personal data has top priority at snapADDY GmbH (hereinafter referred to as provider or organization). For the use of our services, in some cases you will be asked for personal data (data by means of which you can be identified directly, such as your name in combination with your address).

The following data protection declaration in section 2 informs you about your rights and our obligations in handling your personal data. Some services require active consent from you. The assigned consents are listed in section 3 "Consent clauses". Contact information is given under 4 "Contacts". In accordance with the requirements (Art. 15 GDPR), you may request information.

1. Privacy Policy

1.1. Registration process and further information on use.

In order to use the provider's applications, you must register. Therefore, you will be asked to provide certain personal information such as name, e-mail or telephone number via the registration form. When registering, you have the option of subscribing to a newsletter (see Newsletter). After a free trial period, you can convert your account into a paid account. For this purpose, payment information is requested for the payment methods.

1.2. Contract for order processing according to § 28 GDPR

As the client, you must place the request for order data processing in writing. In order to offer you the best possible service, the provider offers a template for order data pro-cessing. You can use this template to fulfill the legal obligation according to § 28 GDPR. To do so, you must sign this form in duplicate and send it by post to snapADDY GmbH, Juliuspromenade 3, DE-97070 Würzburg or digitally by e-mail to adv@snapaddy.com. Further information on the applications, the contractual provisions and the processing or security measures can be found in the provider’s general terms and conditions, the contract for order data processing, the public procedural directory or the further information on the applications on the website.

1.3. Information on the use of other services on the website

Below you find more information on the respective services:

1.3.1. Newsletter

On our website we provide the opportunity to subscribe to our newsletter. If you consent to this processing separately, this processing is pursuant to Art. 6 para. 1 s. 1 lit. a GDPR. This is also only permitted with your consent. Your consent can be withdrawn at any time without affecting the lawfulness of the prior processing. If consent is withdrawn, we will stop the corresponding data processing.

You may unsubscribe from the newsletter at any time, e.g. via an email sent to support@snapaddy.com or via the link to unsubscribe from the newsletter, which you will find in every newsletter email.

1.3.2. Making contact via a form, a blog or the feedback button

The provider offers you to contact us via the website using various online forms and ser-vices. The data collected will only be used for the purpose for which it was collected and stored in accordance with statutory retention regulations or deleted after expiry (e.g. commercial letters; legal retention period of 6 years). The legal basis for processing is Article 6 Para 1 lit. f GDPR. Your data will only be used to answer your inquiry. The data will not be passed on to third parties. You can contact us via these forms to ask us questions as a customer or future contractual partner via a contact form, e.g. to arrange product presen-tations or to receive information on the product and to provide us with feedback on our products or the website.

1.3.3. Social Media Plugins

For reasons of data protection, we do not integrate any social media plugins directly into our website. Therefore, when you access our pages, no data is transferred to social media services such as Facebook, Twitter, XING or Google+. A profiling by third parties is thus impossible.

However, you still have the option of sharing selected pages by clicking on the Facebook, Twitter, XING or Google+ buttons and you can see how often a page has been shared in the past. We use the so-called Shariff solution developed by the German c't Magazine to offer a data protection compliant alternative to the classic social plugins.

What's behind it? The Shariff solution means that as a first step, all the data and functions required to display Facebook, Twitter, XING or Google+ buttons are provided by our web server. Only when you decide to share a post via the corresponding button and click on it, does a data transfer to the operator of the respective social media service takes place.

1.3.4. Cookies

We use cookies on our website. Cookies are small pieces of data that are stored and read in your terminal-device. A distinction is made between session cookies, which are deleted when you close your browser, and permanent cookies, which are stored even after your visit has expired. Cookies may contain data that enables the recognition of the device being used. However, in some cases cookies only contain information on certain settings which are not personal data.

We use session cookies and permanent cookies on our website. The data is processed in accordance to Art. 6 para. 1 s. 1 lit. f GDPR and in the interest of optimizing or enabling user guidance and improving our website presence.

Please be aware that you can set your browser to inform you when cookies are being stored or used on the website you are visiting. Thus, any use of cookies is transparent to you. You have the possibility to delete your browser configuration at any time and prevent any use of new cookies. If you choose not to accept the use of cookies, please note that our web sites may not be displayed optimally and some functions may no longer be technically available.

1.3.5. Web analysis

Some of our services allow you to share your personal information with other users. Please handle this possibility responsibly.

Google Analytics

We use Google Analytics to create pseudonymous user profiles for improving and design-ing our website on demand. Google Analytics uses “cookies”, which are text files placed on your device and can be read by us. In this way, we are able to recognize and count return-ing visitors. This data processing is carried out on the basis of Art. 6 para. 1 s. 1 lit. f GDPR or § 15 para. 3 TMG and in the interest of finding out how often our website is viewed by different users.

The information generated by the cookies about your use of the website will be transmit-ted to and stored by Google on its servers in the United States. We have activated IP-anonymization on this website , your IP address will be truncated within the area of Member States of the European Union. Only in exceptional cases is the whole IP address transferred to a Google server in the USA and truncated there (an adequate level of data protection is ensured according to Art. 45 para. 1 GDPR because Google is a participant in the Privacy Shield Agreement). We have also concluded a contract with Google Inc. (USA) for order processing pursuant to Art. 28 GDPR. Accordingly, Google will solely use collected data for the purposes intended, which are to evaluate the use of the website and to compile reports on website activities.

You can withdraw your consent to the processing at any time. Please use one of the following options:

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you proceed accordingly you may not be able to benefit from the full functionality of this website.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=en).

1.3.6. Retargeting Google

We use Google's retargeting technologies in order to offer you advertising, on other websites, that is tailored to your interests. Data processing is carried out on the basis of Art. 6 para. 1 s. 1 lit. a GDPR.

When you visit our website, recognition features of your browser or end device are retrieved, your IP address is evaluated or a recognition feature is stored as a small text file (e. g. so-called third-party cookie) on your end device. Furthermore, it is possible that Google connects your visit of our website with your usage behavior which is recorded when you visit various websites. The characteristics are designed pseudonymously. If you are logged in with your Google account, these features can be assigned directly to your profile. Google can link and store your visits to our web pages with your features to display target-ed advertising on other Internet sites. The aforementioned recognition features are pseudonymous and we can use Google to recognize your end device on other internet pages. Your device and your browser will be recognized by Google, e.g. when you visit a page that displays advertisements on Google's behalf.

Remarketing

We can add so called remarketing tags to our website. We may add keywords to our webpages that contain statements about the content of the website, such as offered products. Google receives these keywords which contain neither personal nor sensitive information. When you visit a page with certain keywords related to products, Google stores them and assigns them to your pseudonymous recognition features. Google can use this link to determine whether and, if so, which of our advertisements will be displayed to you.

Cross Device Remarketing

We can therefore commission Google to place advertisements on other websites based on the pages you visited. If you visit another website that participates in Google's display network, Google can use recognition features and keywords stored for this purpose to deter-mine whether and, if so, which of our ads should be displayed.

For more information on how Google Remarketing technologies work, visit https://www.google.com/policies/technologies/ads/.

What does cross-device remarketing mean?

If you sign in to Google services with your own credentials or use one or more of your own Google accounts, Google may link the recognition features of different browsers and de-vices. So once Google has created a unique identifier for the laptop, desktop, smartphone or tablet you are using, you can associate those identifiers with one another by using or having used your sign-in information to use a Google service. In this way, Google can also play our advertising campaigns beyond the end device in a targeted manner. However, Google will only do this if you have agreed to this data processing in your dealings with Google.

You Have the Option to Define Advertising Settings

You can object to this form of advertising at any time. To do this, please visit https://support.google.com/ads/answer/2662922 and deactivate personalized advertising. Please note that these settings may not affect all devices and browsers. Further infor-mation is also available at https://support.google.com/ads/answer/2662922.

1.3.7. Sweepstakes

Information you submit to take part in a sweepstake or surveys will only be used in order to identify and contact the winner (Art. 6 para. 1 s. 1 lit. f GDPR). The winners will be notified in writing. We will not use your data for advertising purposes. Relevant data will be deleted immediately after the prize is handed over or if you withdraw your consent to processing of your personal data. If you consent, we will transfer your personal data, provided within the framework of a sweepstake, to our co-operating partners.

2. Procedure directory of snapADDY GmbH

2.1. Name or company of the responsible body

snapADDY GmbH, Umsatzsteuer-ID gemäß § 27 a Umsatzsteuergesetz: DE 189 243 380

2.2. Owners, directors, managing directors or other managers appointed in ac-cordance with the constitution of the company and the persons entrusted with the management of data processing

Management:

  • Roland Hötzl
  • Sebastian Metzger
  • Jochen Seelig

Head of data processing:

  • Sebastian Metzger

2.3. Address of the responsible body

Juliuspromenade 3
DE-97070 Würzburg
Telefon: +49 931 466212 00
E-Mail: info@snapADDY.com

2.4. Purposes of data collection, processing or use

Data is collected, processed or used for the following purposes:

  • Development of software applications and the associated sale of products and associated services, in particular training, service, support and other ancillary business.
  • The administration of personnel, suppliers, prospective customers, partners or customers can be understood as secondary purposes.
  • To guarantee data security, technical data is collected by analysis services, which may also contain IP addresses, in order to prevent misuse of the website or IT sys-tems and to guarantee data security.
  • Personal data is collected, processed and used for the performance of services within the corporate relationship.
  • Data is collected, processed and used to carry out lotteries and invitations to tender.
  • Data is collected, processed and used to optimize services and products through feedback.

2.5. Description of the groups of persons concerned and the relevant data or data categories

Data from the following groups of persons is collected within the scope of fulfilling the business purpose:

  • Employees, trainees, interns, former employees (contract, master and accounting data, details of private and business address, area of activity, salary payments, name and age, wage tax data, bank account data, entrusted assets, details of pro-fessional career, training and further education, qualifications, routing slip includ-ing user accounts), appointment management and correspondence.
  • Customer data (master and contract data, correspondence (e.g. feedback and product comments, support requests, product interest), application usage data, IP addresses and other technical data when using the web service, customer ac-count and payment information)
  • Parties interested in the contract (master and contract data, correspondence (e.g. feedback and product comments, product interest), offer data, IP addresses and other technical data when using the web service)
  • Applicants (cover letter, application data, correspondence, IP addresses and other technical data when using the web service)
  • Sales representatives and agencies (address, business and contract data as well as contact information, employee functions, communication information, IP address-es and other technical data when using the web service)
  • Suppliers (contract and master data, cost and performance accounting data, schedule management data)
  • Business partner (contract and master data, correspondence, appointment man-agement data)
  • Third parties (IP addresses and other technical data when using the web service)

2.6. Recipients or categories of recipients to whom the data may be communicat-ed

We transmit your data to service providers who support us in operating our websites (e.g. hosting at AWS in Frankfurt) and the associated processes within the framework of order processing in accordance with Art. 28 GDPR. Our service providers are strictly bound to our instructions and are contractually bound accordingly.

2.7. Standard periods for the deletion of data

The legislator has enacted a variety of storage obligations and periods. After expiry of these periods, the corresponding data is routinely deleted if it is no longer necessary to fulfil the contract. Thus, the commercial or financial data of a closed fiscal year are deleted in accordance with legal regulations, unless longer retention periods are prescribed or required for legitimate reasons. Shorter cancellation periods are used in special areas. If data are not affected by this, they will be deleted when the purposes mentioned under 2.4 cease to apply.

2.8. Planned data transmission to third countries

In some cases, we transfer personal data to a third country outside the EU. We have always ensured an appropriate level of data protection:

In the case of Google Analytics (USA), an appropriate level of data protection follows from the corresponding participation in the Privacy Shield Agreement (Art. 45 para. 1 GDPR).

3. Rights as a User

As a website user, the GDPR grants you certain rights when processing your personal data.

3.1. Right of access (Art. 15 GDPR):

You have the right to obtain confirmation at to whether or not personal data concerning you is being processed, and, where that is the case access to the personal data and the information specified in Art. 15 GDPR.

3.2. Right to rectification and erasure (Art. 16 and 17 GDPR):

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, if necessary, the right to have incomplete personal data completed.

You also have the right to obtain an erasure of the personal data concerning you without undue delay, if one of the reasons listed in Art. 17 GDPR applies, e.g. if the data is no longer necessary for the intended purpose.

3.3. Right to restriction of processing (Art. 18 GDPR):

If one of the conditions set forth in Art. 18 GDPR applies, you shall have the right to restrict the processing of your data to mere storage, e.g. if you revoke consent, to the processing, for the duration of a possible examination.

3.4. Right to data portability (Art. 20 GDPR):

In certain situations, listed in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or demand a transmission of the data to another third party.

3.5. Right to object (Art. 21 GDPR):

If the data is processed pursuant to Art. 6 para. 1 s. 1 lit. f GDPR (data processing for the purposes of the legitimate interests), you have the right to object to the processing at any time for reasons arising out of your particular situation. We will then no longer process personal data, unless there are demonstrably compelling legitimate grounds for pro-cessing, which override the interests, rights and freedoms of the person concerned, or the processing serves the purpose of asserting, exercising or defending legal claims.

3.6. Right to lodge a complaint with a supervisory authority

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory au-thority if you consider the processing of the data concerning you infringes data protection regulations. The right to lodge a complaint may be invoked in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement.

4. Contact Details of the Data Protection Officer

Please contact our data protection officer if you have any further questions, suggestions or wishes regarding data protection:

Dr. Christian Borchers
datenschutz süd GmbH
datenschutz-nord-guppe.de
E-Mail: office@datenschutz-sued.de
Telefon: +49931-3049760