1.1 Personal data
The subject matter of the data protection is the personal data (hereinafter also referred as data). Personal data mean all information relating to an identified or identifiable natural person. These concern in particular data such as last name, address, occupation, e-mail address, state of health, income, marital status, genetic characteristics, phone number and possibly user data such as IP address.
1.2 Controller and Data Protection Officer
The controller responsible for the processing of your personal data in connection with the use of the website www.smartcrm.gmbh (hereinafter referred as website) is SMARTCRM GmbH (hereinafter referred as operator or controller). The contact details can be found in the imprint.
You can reach the Data Protection Officer at the following address:
MORGENSTERN consecom GmbH
Große Himmelsgasse 1
Phone: +49 (0) 6232 – 100119 44
2. Scope and purpose of data processing, legal bases, provision of data and duration of storage
2.1 Access and use of the website
Each time you access the website and its subpages, usage data are transmitted by the respective internet browser and stored in log files (server log files). In this case, the records stored contain the following data:
- Date and time of access
- Name of the accessed web page
- IP address
- Referrer URL (origin URL from which you came to the website)
- Transmitted data volume
- Product and version information of the browser used
The admissibility of this processing is governed by Article 6(1)(b) GDPR (user relationship). The data processed by the operator are required to enable you to access and use the website. This is data that must necessarily be processed during the use of telemedia. Otherwise you will not be able to access the website.
The server log files are evaluated by the operator in anonymous form in order to further improve the website, to make it more user-friendly, to find and fix errors more quickly and to manage server capacities. For instance, this can enable to track the time at which the use of the website is particularly strong, allowing the operator to provide appropriate data volume.
The admissibility of this processing is governed by Article 6(1)(f) GDPR (legitimate interest). The legitimate interest of the operator lies in the provision of a website with information and the offering of services to its customers as well as the optimization of the website operation. The provision of the data is neither legally nor contractually prescribed. The consequence of not providing the data is that it cannot be used to optimize the website.
Your IP address will be deleted or made anonymous upon cessation of use. Anonymizing an IP address means changing it in a way that it can no longer be attributed to a specified or specifiable, respectively identified or identifiable natural person or then only with disproportionate investment of time, cost and efforts.
2.2 Contact form and e-mail with one click
If you wish to contact the operator, you can use the contact form. In the framework of this form, you are required to provide the following data:
- Last name
- E-mail address
In addition, you may provide additional information:
- First name
- ZIP code and city
- Phone number
On the website, you also have the option of opening an e-mail directed to the operator in a single click. In doing so the e-mail address linked to your e-mail program is automatically used as the sender. If you do not want your e-mail address to be retrieved this way, you can change this in the settings of your e-mail program.
The admissibility of this processing is governed by Article 6(1)(b) GDPR (contract or pre-contractual measure). The provision of the data is required, otherwise you cannot send a message to the operator.
The personal data processed for communication purposes will be deleted after expiry of the relevant statutory retention periods, unless the controller has a legitimate interest in keeping the data for a longer period. In any event, only data required to achieve the specific purpose will be stored.
The operator uses your data for advertising purposes. The admissibility of this processing is governed by Article 6(1)(f) GDPR (legitimate interest). The use of data for advertising purposes constitutes a legitimate interest of the operator within the meaning of Article 6(1)(f) GDPR. The operator is required to actively present his services to new and existing customers.
As customer of the operator, you also regularly receive product recommendations per e-mail which are based on the products you have already ordered. This way, the operator wishes to keep you informed on its services that might be of interest for you given your last order or booking. The legal basis for this is Article 6(1)(f) GDPR and §7(3) UWG.
The provision of the data is neither legally nor contractually prescribed. The non-provisioning has the consequence that you cannot be addressed promotionally.
The personal data processed for advertisement will be deleted unless the controller has a legitimate interest in keeping the data for a longer period. In any event, only data required to achieve the specific purpose will be stored.
The operator uses so-called cookies. They are small data packages consisting of letters and numbers that are usually stored in a browser when you visit certain websites. Cookies allow the website to remember your browser, to track your browser activities through different sections of the website and to identify you when you return to the website. Cookies do not contain any data that may identify you personally. However, the data stored about you by the operator may be assigned to the data retrieved and stored by the cookies.
Information that the operator receives from you through the help of cookies can be used for the following purposes:
- Recognizing the user’s computer when visiting the website
- Tracking the user‘s browsing activities on the site
- Improving the user-friendliness of the site
- Evaluating the use of the website
- Operation of the website
- Preventing fraud and improving the safety of the website
- Individual design of the website taking into account the needs of the user
Cookies do not cause any damage on a browser. They do not contain viruses and do not allow the operator to spy on you. Two types of cookies are used here:
- Temporary cookies are automatically deleted when closing your browser (session cookies).
- Persistent cookies have in contrast a maximal lifespan of up to 20 days. This type of cookies enables the website to remember your information and settings the next time you visit it.
Cookies allow the operator to track your browsing activities for the aforementioned purposes and to the appropriate extent. They are used to provide an optimized browsing experience on the operator’s website. The operator also collects these data in anonymous form. The admissibility of this processing is governed by Article 6(1)(f) GDPR (legitimate interest). The legitimate interest of the operator lies in the optimized presentation of their website.
The provision of the data is required in order to correctly use the website of the operator. Please note that if you choose not to accept cookies or to delete cookies that have already been stored, this may limit the functions offered by the website.
In order to receive additional information concerning the services of the operator, you can also subscribe to an e-mail newsletter. For the sending of the newsletter, the so-called double opt-in process is used, which means that you will receive the newsletter per e-mail only if you have expressly confirmed that the newsletter service should be activated. After having activated the newsletter, you will receive a notification e-mail with an activation link. Only by clicking on this link, you will receive the newsletter. You can unsubscribe at any time. To this end, contact the operator or use the unsubscribe link inserted in all newsletter.
For the newsletter dispatch, you have the possibility to use also the variant of the newsletter with tracking. This involves the use of web beacons or so-called tracking pixel. These are attached to the newsletter and can record personal data of the user (such as IP address, time of retrieval, details of the e-mail program). Thereby, the e-mail contains a picture file that is downloaded by the e-mail program of the recipient. The name of the picture file is individualized and provided with an ID, so that the e-mail recipients who have opened the newsletter can be determined. Concerning the newsletter tracking, the service of the provider Inxmail Gmbh, Wentzingerstr. 17, 79106 Freiburg, Germany, is used and the data are transmitted to it for this purpose.
The provision of the data is neither legally nor contractually prescribed. However, it is required to receive the newsletter.
The admissibility of this processing is governed by Article 6(1)(a) GDPR (consent). The provision of your data is optional but required to receive the newsletter. Your data will be deleted after the withdrawal of your consent, unless the controller has a legitimate interest in keeping the data for a longer period. This can be the case when the controller must record your data pursuant to a contract. In any event, only data required to achieve the specific purpose will be stored.
2.6 Online trainings, webinars and online demos
On the website, you have the opportunity to sign up for online trainings and webinars and to schedule an appointment for an online demo. The following may be required for this purpose (each marked as mandatory fields):
- Last name
- First name
- E-mail address
- Phone number
- Persons, who are to be registered (first and last names, e-mail address)
In addition, you can volunteer information, such as providing questions.
We need your data in order to carry out the application and the registration for the respective online event. The non-provisioning will result in no registration or appointment being made.
The admissibility of this processing is governed under the Article 6(1)(b) GDPR (contract or pre-contractual measure). The registration of the data subject takes place as a pre-contractual measure for online trainings as well as webinars.
The agreement of an appointment also represents a pre-contractual measure that takes place at the request of the data subject. Furthermore, the permissibility of processing, in particular of regards to voluntary information, is governed by Article 6(1)(f) GDPR (legitimate interest). Our legitimate interests lie, for instance, in facilitating communication with you and in processing your inquiries more efficiently.
If webinars are held jointly with partners, the participant data will be made available to them in the same way. The respective partners can be found in the webinar announcements.
The personal data processed for registrations and appointment agreements will be deleted after expiry of the relevant statutory retention periods unless the controller has a legitimate interest in keeping the data for a longer period. In any event, only data required to achieve the specific purpose will be stored. Personal data are made anonymous to the possible extent.
2.7 Use of Google Analytics
The operator utilizes the web analysis service Google Analytics of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses the above-mentioned cookies to collect information about your operating system, your browser, your IP address, the previously visited website as well as the date and time of your visit on the website of the operator. Any information generated by the cookies about the use of the website will be transmitted to and stored by Google on servers in Ireland. If necessary, data can also be transferred to the USA. The transfer of data to a third country, such as the USA, is permitted under the conditions of Article 46 GDPR and on the basis of standard contractual clauses effectively included in the contractual relationship with Google. These have been approved by the European Commission and guarantee an adequate protection of your personal data. For further information on Google, see: https://policies.google.com/privacy/frameworks?hl=en.
Google will use this information to help the operator to evaluate the use of their website, to compile reports on website activity and to provide other services related to website activity and internet usage. As far as this is required by law, or as far as third parties process this data on behalf of Google, Google will also pass this information on to third parties. This is done anonymously or pseudonymously. Detail information can be found directly at Google: https://policies.google.com/privacy?hl=en.
When using Google Analytics, no immediate personal information is stored, only the Internet protocol address. This information serves the purpose of automatically recognizing you on your next visit to the website and facilitating navigation. The admissibility of this processing is governed under the Article 6(1)(a) GDPR (consent).
The personal data collected as part of the use of tracking tools will be deleted, unless the controller has a legitimate interest in further storage. In any case, only those data that are really necessary for achieving the corresponding purpose will be stored. As far as possible, the personal data will be anonymized.
The provision of data is neither legally nor contractually prescribed. If you do not provide them, tracking will not work.
2.8 Chat tool Zendesk
The operator uses the online chat tool “Zendesk”, a service of Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102 (www.zendesk.com) (hereinafter referred to as “Zendesk”).
The tool allows website visitor to exchange text messages directly with an employee. If no employee is immediately available, you can use Zendesk to send an email to the operator. This requires your first name, last name, e-mail address and company. Zendesk also stores your IP address, click paths and chat history.
The admissibility of this processing is governed under the Article 6(1)(f) GDPR (legitimate interest).
The interest of the operator lies in providing an electronic, uncomplicated means of direct contact.
If processing by the chat tool is carried out on the basis of pre-contractual measures (e.g. request for a quotation) or to exchange information for the performance of the contract (e.g. sending necessary information, support requests, etc.), an additional legal basis for the processing of the data is Article 6(1)(b) GDPR (contract or pre-contractual measure).
The provision of the data is neither legally nor contractually prescribed. However it is required to use the chat or the contact feature.
3. Right of the data subject
You have the right of access (Article 15 GDPR), right to rectification (Article 16 GDPR), right to erasure (Article 17 GDPR), right to restriction of processing (Article 18 GDPR) as well as the right to data portability (Article 20 GDPR). We make all possible efforts to process inquiries quickly.
If your personal data are processed on the basis of Article 6(1)(f) GDPR, you have the right to object, provided there are reasons for doing so arising from your particular situation or the objection is directed against direct advertising (Article 21 GDPR). If you object to direct advertising, we will no longer send you any advertising messages.
Where you have consented to the processing of your personal data and revoked this consent, the processing carried out until revocation of such consent shall remain unaffected.
You have the right to lodge a complaint with a supervisory authority at any time.
The data collected during the access and the use of the website and the data you provided from the first contact shall be transmitted to the server of the operator and stored there. Apart from that, your data may be disclosed to the following categories of recipients:
- Computer centers
- IT service providers
- Providers of tracking tool
5. Links to third-party websites
When visiting the website, contents linked to third-party websites may be displayed. The operator shall have no access to the cookies or other features used by third-parties, nor be able to control them. Such third-party websites are not subject to the data protection regulations on the part of the operator.