Data Privacy Statement of the SMARTCRM GmbH

1 General information

1.1 Personal data

The subject matter of data protection is personal data (hereinafter also referred to as data). Personal data mean all information relating to an identified or identifiable natural person. These concern data such as last name, address, occupation, e-mail address, state of health, income, marital status, genetic characteristics, phone number and possibly user data such as IP address.

1.2 Controller and Data Protection Officer

SMARTCRM GmbH (hereinafter referred to as the operator or controller) is responsible for the processing of your personal data when you use the website www.smartcrm.gmbh (hereinafter referred to as the website). You can find the contact details in the imprint.
You can reach the data protection officer at the following address:
MORGENSTERN consecom GmbH
Große Himmelsgasse 1
67346 Speyer
Germany
Telefon: +49 (0) 6232 – 100119 44

2. Scope and purpose of data processing, legal bases, provision of data and duration of storage

2.1       Access and use of the website

Each time the website and its subpages are accessed, usage data is transmitted by the respective Internet browser and stored in log files (server log files). The stored data records contain the following data:

  • Date and time of access
  • Name of the accessed web page
  • IP address
  • Referrer URL (origin URL from which you came to the website)
  • Transmitted data volumeProduct and version information of the browser used

The admissibility of this processing is governed by Article 6(1)(b) GDPR (user relationship). The data processed by the operator are required to enable you to access and use the website. These are data that must necessarily be processed during the use of telemedia. Otherwise, you will not be able to access the website.
The log files are evaluated by the operator in anonymized form in to further improve the website and make it more user-friendly, to find and rectify errors more quickly and to control server capacities. For example, it is possible to see when the website is particularly popular, and the operator can make the corresponding data volume available.
The admissibility of this processing is governed by Article 6(1)(f) GDPR (legitimate interest). The legitimate interest of the operator lies in the provision of a website with information and the offering of services to its customers as well as the optimization of the website operation. The provision of the data is neither legally nor contractually required. Failure to provide the data means that the data cannot be used to optimize the website.
Your IP address will be deleted or made anonymous upon cessation of use. Anonymizing an IP address means changing it in a way that it can no longer be attributed to a specified or specifiable, respectively identified, or identifiable natural person or then only with disproportionate investment of time, cost and efforts.

2.2 Contact form and e-mail with one click

If you wish to contact the operator, you can use the contact form. You must provide the following information in this form:

  • Salutations
  • Last name
  • Company
  • E-mail address

In addition, you may provide additional information:

  • First name
  • Street
  • ZIP code and city
  • Phone number

On the website, you also have the option of opening an e-mail directed to the operator in a single click. In doing so the e-mail address linked to your e-mail program is automatically used as the sender. If you do not want your e-mail address to be retrieved this way, you can change this in the settings of your e-mail program.
The admissibility of this processing is governed by Article 6(1)(b) GDPR (contract or pre-contractual measure). The provision of the data is required, otherwise you cannot send a message to the operator.
The personal data processed for communication purposes will be deleted after expiry of the relevant statutory retention periods unless the controller has a legitimate interest in keeping the data for a longer period. In any event, only data required to achieve the specific purpose will be stored.

2.3 Application

On the website, you have the option of opening an e-mail addressed to the operator for the purpose of applying with just one click.
The operator processes your data for the purpose of carrying out the application procedure. The permissibility of this processing is based on Section 26 (1) BDSG and Article 6(1)(b) GDPR, insofar as this is necessary for the decision on the establishment of an employment relationship.
The admissibility of the processing may also be based on the legitimate interest of the operator in assessing your performance and qualifications, the digitization of documents and the optimization of the work processes taking place overall (Article 6(1)(f) GDPR).
We do not require the disclosure of special categories of personal data such as racial or ethnic origin, religious or philosophical beliefs or health data as part of the application process. If such information is nevertheless provided, this is done on a voluntary basis and has no effect on the selection decision.
Your data will be stored for the first time upon receipt of your application. The duration depends primarily on the statutory retention obligations and the legitimate interest of the operator in further storage. Your application documents and data provided will be stored for a maximum of 6 months after rejection.
If you are hired, your data will be stored for the purpose of implementing the employment relationship and processed as employee data.

2.4 Advertising 

The operator uses your data for advertising purposes. The admissibility of this processing is governed by Article 6(1)(f) GDPR (legitimate interest). The use of data for advertising purposes constitutes a legitimate interest of the operator within the meaning of Article 6(1)(f) GDPR. The operator is required to actively present his services to new and existing customers.
As customer of the operator, you also regularly receive product recommendations per e-mail which are based on the products you have already ordered. This way, the operator wishes to keep you informed on its services that might be of interest for you given your last order or booking. The legal basis for this is Article 6(1)(f) GDPR and §7(3) UWG.
The provision of data is neither contractually nor legally required. Failure to provide the data means that you cannot be contacted for advertising purposes.
The personal data processed for the purpose of advertising will be deleted unless the controller has a legitimate interest in further storage. In any event, only the data that is necessary to achieve the relevant purpose will continue to be stored.

 

2.5 Use of Cookies

The operator uses so-called cookies. These are small data packets, usually consisting of letters and numbers, which are stored on a browser when you visit certain websites. Cookies allow the website to recognize your browser, to follow you as you browse through various sections of the website and to identify you when you return to the website. Cookies do not contain any data that identifies you personally, but the information about you stored by the operator can be assigned to the data obtained from and stored in the cookies.
Information that the operator receives from you through the help of cookies can be used for the following purposes:

  • Recognition the user’s computer when visiting the website
  • Tracking the user‘s browsing activities on the site
  • Improving the user-friendliness of the site
  • Evaluating the use of the website
  • Operation of the website
  • Preventing fraud and improving the safety of the website
  • Customization of the website taking into account the needs of the user

Cookies do not cause any damage on a browser. They do not contain viruses and do not allow the operator to spy on you. Two types of cookies are used here:

  • Temporary cookies are automatically deleted when closing your browser (session cookies).
  • Persistent cookies have in contrast a maximal lifespan of up to 20 days. This type of cookies enables the website to remember your information and settings the next time you visit it.

Cookies allow the operator to track your browsing activities for the aforementioned purposes and to the appropriate extent. They are used to provide an optimized browsing experience on the operator’s website. The operator also collects these data in anonymous form. The setting of cookies is permitted by law if the data processing that takes place serves the transmission of messages or the provision of a telemedium (Section 25 (2) TTDSG). Data processing by cookies that process data to analyze user behavior is only permitted with your consent (Section 25 (1) TTDSG). Data processing takes place either automatically or the provision of your personal data is voluntary.

2.6 Newsletter

In order to receive additional information concerning the services of the operator, you can also subscribe to an e-mail newsletter. For the sending of the newsletter, the so-called double opt-in process is used, which means that you will receive the newsletter per e-mail only if you have expressly confirmed that the newsletter service should be activated. After having activated the newsletter, you will receive a notification e-mail with an activation link. Only by clicking on this link, you will receive the newsletter. You can unsubscribe at any time. To this end, contact the operator or use the unsubscribe link inserted in all newsletters.
For the newsletter dispatch, you have the possibility to use also the variant of the newsletter with tracking. This involves the use of web beacons or so-called tracking pixel. These are at-tached to the newsletter and can record personal data of the user (such as IP address, time of retrieval, details of the e-mail program). Thereby, the e-mail contains a picture file that is down-loaded by the e-mail program of the recipient. The name of the picture file is individualized and provided with an ID, so that the e-mail recipients who have opened the newsletter can be de-termined. Concerning the newsletter tracking, the service of the provider Inxmail Gmbh, Wentzingerstr. 17, 79106 Freiburg, Germany, is used and the data are transmitted to it for this purpose.
The provision of the data is neither legally nor contractually prescribed. However, it is required to receive the newsletter.
The admissibility of this processing is governed by Article 6(1)(a) GDPR (consent). The provi-sion of your data is optional but required to receive the newsletter.
Your data will be deleted after the withdrawal of your consent unless the controller has a legit-imate interest in keeping the data for a longer period. This can be the case when the controller must record your data pursuant to a contract. In any event, only data required to achieve the specific purpose will be stored.

2.7 Online trainings, webinars, and online demos

On the website you could register for online training courses and webinars and to make an appointment for an online demo. The following data may be required for this (marked as mandatory fields):

  • Salutation
  • Last name
  • First name
  • Company
  • E-mail address
  • Phone number
  • Names of the people to be registered (first and last name)

In addition, you can also provide voluntary information, such as your questions.
We need your data to register you for the respective online event. If you do not provide your data, you will not be able to register or make an appointment.
The admissibility of the processing is based on Article 6(1)(b) GDPR (contract or pre-contractual measures). The registration of data subjects is carried out as a pre-contractual measure for online training courses and webinars. Making an appointment is also a pre-contractual measure that takes place at the request of the data subject. Furthermore, the admissibility of the processing may be based on Article 6(1)(f) GDPR, regarding voluntary information for instance (legitimate interest). Our legitimate interests lie, for example, in facilitating communication with you and in processing your inquiries more efficiently.
If webinars are held jointly with partners, the participant data will be made available to them in the same way. The respective partners can be found in the webinar announcements.
The personal data collected in the context of registrations and appointments will be deleted after expiry of the statutory retention obligations unless the controller has a legitimate interest in further storage. In any case, only the data that is necessary to achieve the relevant purpose will continue to be stored. Where possible, personal data will be anonymized.

2.8 Use of Google Analytics

The operator uses the web analysis service Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This service uses the cookies described above to collect information such as your operating system, your browser, your IP address, the previously accessed website and the date and time of your visit to the operator’s website.
The information generated by the cookies about the use of the website is transmitted to a Google server in Ireland and stored there. If necessary, the data may also be transferred to the USA (Google LLC). The transfer of data to a third country, such as the USA, is permitted under the conditions of Article 46 GDPR and based on the standard data protection clauses effectively included in the contractual relationship with Google. In addition, Google LLC is certified under the EU-US Data Privacy Framework, which constitutes a secure data recipient (Article 45(1) GDPR).
Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for the website operator and providing other services relating to website activity and internet usage. If this is required by law or if third parties process this data on behalf of Google, Google will also pass this information on to these third parties. This use is anonymized or pseudonymized. You can find more information about this directly at Google https://policies.google.com/privacy?hl=en.

When Google Analytics is used, no direct personal data is stored, only the Internet Protocol address. This information is used to automatically recognize you the next time you visit the operator’s website and to make navigation easier for you.
The legal basis for the use of Google Analytics with regard to the storage and retrieval of information on your end device is Section 25(1) TTDSG (consent). The admissibility of the evaluation of the usage data (further processing) is based on Article 6(1)(a) GDPR (consent).
The personal data collected as part of the use of tracking tools will be deleted unless the controller has a legitimate interest in further storage. In any case, only the data that is necessary to achieve the relevant purpose will continue to be stored. Where possible, personal data will be anonymized.
The provision of data is neither legally nor contractually required. Google Analytics cannot be used without this provision.

2.9 Use of LeadLab 

The operator uses the pixel-code technology of WiredMinds GmbH (www.wiredminds.de) to analyze visitor behavior. This involves processing the IP address of a visitor. Processing takes place exclusively for the purpose of collecting company-relevant information such as the company name. IP addresses of natural persons are excluded from further use (whitelist procedure). The IP address is not stored in LeadLab under any circumstances. When processing the data, it is in our particular interest to protect the data protection rights of natural persons. The operator’s interest is based on Article 6(1)(f) GDPR. The data collected does not allow any conclusions to be drawn about an identifiable person at any time.
Data processing is carried out on the basis of our legitimate interest pursuant to Article 6(1)(f) GDPR in the optimization of our online offer and our website. WiredMinds GmbH processes the data on our behalf and we have concluded an order processing contract with the provider. Further information and the applicable data protection provisions of WiredMinds GmbH can be found at the following link: https://wiredminds.de/datenschutz/.
WiredMinds GmbH uses this information to create anonymous usage profiles based on the visitor behavior on the operator’s website. The data obtained is not used to personally identify visitors to the website. If IP addresses are collected, they are immediately anonymized by deleting the last block of numbers. The data is deleted as soon as it is no longer required for our recording purposes.

2.10 Chat tool Zendesk

The operator uses the online chat tool „Zendesk“, a service of Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102 (www.zendesk.com) (hereinafter referred to as “Zendesk”).
The tool allows website visitor to exchange text messages directly with an employee. If no employee is immediately available, you can use Zendesk to send an email to the operator. This requires your first name, last name, e-mail address and company. Zendesk also stores your IP address, click paths and chat history.
The admissibility of this processing is governed under the Article 6(1)(f) GDPR (legitimate interest). The interest of the operator lies in providing an electronic, uncomplicated means of direct contact.
If processing by the chat tool is carried out on the basis of pre-contractual measures (e.g. request for a quotation) or to exchange information for the performance of the contract (e.g. sending necessary information, support requests, etc.), an additional legal basis for the processing of the data is Article 6(1)(b) GDPR (contract or pre-contractual measure).
Zendesk is certified in accordance with the EU.U.S. Data Privacy Framework and is therefore a secure data recipient pursuant to Article 45(1) GDPR. Furthermore, Zendesk uses Binding Corporate Rules and standard data protection clauses for the transfer of personal data from the EU. These have been approved by the European Commission and ensure an adequate level of protection of your personal data. For more information concerning Zendesk’s data processing practices, please refer to Zendesk’s Privacy Policy at https://www.zendesk.com/company/privacy-and-data-protection/.
The provision of the data is neither legally nor contractually prescribed. However it is required to use the chat or the contact feature.

 

3. Right of the data subject

You have the right of access (Article 15 GDPR), right to rectification (Article 16 GDPR), right to erasure (Article 17 GDPR), right to restriction of processing (Article 18 GDPR) as well as the right to data portability (Article 20 GDPR). We make all possible efforts to process inquiries quickly.
If your personal data are processed on the basis of Article 6(1)(f) GDPR, you have the right to object, provided there are reasons for doing so arising from your particular situation or the objection is directed against direct advertising (Article 21 GDPR). If you object to direct advertising, we will no longer send you any advertising messages.
Where you have consented to the processing of your personal data and revoked this consent, the processing carried out until revocation of such consent shall remain unaffected.
You have the right to lodge a complaint with a supervisory authority at any time (Article 77 GDPR).

4. Recipients

The data collected during the access and the use of the website and the data you provided from the first contact shall be transmitted to the server of the operator and stored there. Apart from that, your data may be disclosed to the following categories of recipients:

  • Persons at the controller who are involved in the processing (e.g. marketing department, personnel administration, customer service)
  • Processors (e.g. data center, IT service provider, provider of tracking tools)
  • Contractual partners of the operator (e.g. suppliers)

5. Links to third-party websites

When visiting the website, contents linked to third-party websites may be displayed. The operator shall have no access to the cookies or other features used by third-parties, nor be able to control them. Such third-party websites are not subject to the data protection regulations on the part of the operator.