Data Privacy Statement of the SMARTCRM GmbH

1. Generalities

1.1 Personal data

The subject matter of the data protection is the personal data (hereinafter also referred as data). Personal data mean all information relating to an identified or identifiable natural person. These concern in particular data such as last name, address, occupation, e-mail address, state of health, income, marital status, genetic characteristics, phone number and possibly user data such as IP address.

1.2 Controller and Data Protection Officer

The controller responsible for the processing of your personal data in connection with the use of the website www.smartcrm.gmbh (hereinafter referred as website) is SMARTCRM GmbH (hereinafter referred as operator or controller). The contact details can be found in the imprint.
You can reach the Data Protection Officer at the following address:
MORGENSTERN consecom GmbH
Große Himmelsgasse 1
67346 Speyer
Germany
Telefon: +49 (0) 6232 – 100119 44

2. Scope and purpose of data processing, legal bases, provision of data and duration of storage

2.1 Access and use of the website

Each time you access the website and its subpages, usage data are transmitted by the respective internet browser and stored in log files (server log files). In this case, the records stored contain the following data:

• Date and time of access
• Name of the accessed web page
• IP address
• Referrer URL (origin URL from which you came to the website)
• Transmitted data volume
• Product and version information of the browser used

The admissibility of this processing is governed by Article 6(1)(b) GDPR (user relationship). The data processed by the operator are required to enable you to access and use the website. This is data that must necessarily be processed during the use of telemedia. Otherwise you will not be able to access the website.
The server log files are evaluated by the operator in anonymous form in order to further improve the website, to make it more user-friendly, to find and fix errors more quickly and to manage server capacities. For instance, this can enable to track the time at which the use of the website is particularly strong, allowing the operator to provide appropriate data volume.
The admissibility of this processing is governed by Article 6(1)(f) GDPR (legitimate interest). The legitimate interest of the operator lies in the provision of a website with information and the offering of services to its customers as well as the optimization of the website operation. The provision of the data is neither legally nor contractually prescribed. The consequence of not providing the data is that it cannot be used to optimize the website.
Your IP address will be deleted or made anonymous upon cessation of use. Anonymizing an IP address means changing it in a way that it can no longer be attributed to a specified or specifiable, respectively identified or identifiable natural person or then only with disproportionate investment of time, cost and efforts.

2.2 Contact form and e-mail with one click

If you wish to contact the operator, you can use the contact form. In the framework of this form, you are required to provide the following data:
• Salutation
• Last name
• Company
• E-mail address

In addition, you may provide additional information:
• First name
• Street
• ZIP code and city
• Phone number

On the website, you also have the option of opening an e-mail directed to the operator in a single click. In doing so the e-mail address linked to your e-mail program is automatically used as the sender. If you do not want your e-mail address to be retrieved this way, you can change this in the settings of your e-mail program.
The admissibility of this processing is governed by Article 6(1)(b) GDPR (contract or pre-contractual measure). The provision of the data is required, otherwise you cannot send a message to the operator.
The personal data processed for communication purposes will be deleted after expiry of the relevant statutory retention periods, unless the controller has a legitimate interest in keeping the data for a longer period. In any event, only data required to achieve the specific purpose will be stored.

2.3 Advertising

The operator uses your data for advertising purposes. The admissibility of this processing is governed by Article 6(1)(f) GDPR (legitimate interest). The use of data for advertising purposes constitutes a legitimate interest of the operator within the meaning of Article 6(1)(f) GDPR. The operator is required to actively present his services to new and existing customers.
As customer of the operator, you also regularly receive product recommendations per e-mail which are based on the products you have already ordered. This way, the operator wishes to keep you informed on its services that might be of interest for you given your last order or booking. The legal basis for this is Article 6(1)(f) GDPR and §7(3) UWG.
The provision of the data is neither legally nor contractually prescribed. The non-provisioning has the consequence that you cannot be addressed promotionally.
The personal data processed for advertisement will be deleted unless the controller has a legitimate interest in keeping the data for a longer period. In any event, only data required to achieve the specific purpose will be stored.

2.4 Use of cookies

The operator uses so-called cookies. They are small data packages consisting of letters and numbers that are usually stored in a browser when you visit certain websites. Cookies allow the website to remember your browser, to track your browser activities through different sections of the website and to identify you when you return to the website. Cookies do not contain any data that may identify you personally. However, the data stored about you by the operator may be assigned to the data retrieved and stored by the cookies.
Information that the operator receives from you through the help of cookies can be used for the following purposes:
• Recognizing the user’s computer when visiting the website
• Tracking the user‘s browsing activities on the site
• Improving the user-friendliness of the site
• Evaluating the use of the website
• Operation of the website
• Preventing fraud and improving the safety of the website
• Individual design of the website taking into account the needs of the user

Cookies do not cause any damage on a browser. They do not contain viruses and do not allow the operator to spy on you. Two types of cookies are used here:
• Temporary cookies are automatically deleted when closing your browser (session cookies).
• Persistent cookies have in contrast a maximal lifespan of up to 20 days. This type of cookies enables the website to remember your information and settings the next time you visit it.

Cookies allow the operator to track your browsing activities for the aforementioned purposes and to the appropriate extent. They are used to provide an optimized browsing experience on the operator’s website. The operator also collects these data in anonymous form. The admissibility of this processing is governed by Article 6(1)(f) GDPR (legitimate interest). The legitimate interest of the operator lies in the optimized presentation of their website.
The provision of the data is required in order to correctly use the website of the operator. Please note that if you choose not to accept cookies or to delete cookies that have already been stored, this may limit the functions offered by the website.

2.5 Newsletter

In order to receive additional information concerning the services of the operator, you can also subscribe to an e-mail newsletter. For the sending of the newsletter, the so-called double opt-in process is used, which means that you will receive the newsletter per e-mail only if you have expressly confirmed that the newsletter service should be activated. After having activated the newsletter, you will receive a notification e-mail with an activation link. Only by clicking on this link, you will receive the newsletter. You can unsubscribe at any time. To this end, contact the operator or use the unsubscribe link inserted in all newsletter.

For the newsletter dispatch, you have the possibility to use also the variant of the newsletter with tracking. This involves the use of web beacons or so-called tracking pixel. These are attached to the newsletter and can record personal data of the user (such as IP address, time of retrieval, details of the e-mail program). Thereby, the e-mail contains a picture file that is downloaded by the e-mail program of the recipient. The name of the picture file is individualized and provided with an ID, so that the e-mail recipients who have opened the newsletter can be determined. Concerning the newsletter tracking, the service of the provider Inxmail Gmbh, Wentzingerstr. 17, 79106 Freiburg, Germany, is used and the data is transmitted to it for this purpose.

The provision of the data is neither legally nor contractually prescribed. However, it is required to receive the newsletter.
The admissibility of this processing is governed by Article 6(1)(a) GDPR (consent). The provision of your data is optional but required to receive the newsletter.
Your data will be deleted after the withdrawal of your consent, unless the controller has a legitimate interest in keeping the data for a longer period. This can be the case when the controller must record your data pursuant to a contract. In any event, only data required to achieve the specific purpose will be stored.

2.6 Registration to training

On the website, you have the opportunity to sign up for training. The following data are then required:
• Salutation
• Last name
• Company
• E-mail address
• Phone number
• Names of the people to be registered (first and last name)

In addition, you can make the following voluntary disclosures:
• First name
• Whether you have any question
The operator uses your data in order to make the registrations for the training.

The provision of the data is contractually prescribed. The non-provisioning has the consequence that no registration can be made.
The admissibility of this processing is governed under the Article 6(1)(b) GDPR (contract or pre-contractual measure). The registration of the data subject takes place as a pre-contractual measure for training.
The personal data processed for registration to training will be deleted after expiry of the relevant statutory retention periods unless the controller has a legitimate interest in keeping the data for a longer period. In any event, only data required to achieve the specific purpose will be stored. Personal data are made anonymous to the possible extent.

2.7 Appointment for a live demo

On the website, you have the opportunity to make an appointment for a live demo. This requires the entry of the following data:

• Salutation
• Last name
• Company
• E-mail address
Additionally, you can give the following voluntary information.
• First name
• Phone number

The operator uses your data in order to make an appointment with you for an online demo.
The provision of the data is neither legally nor contractually prescribed. The non-provisioning has the consequence that you cannot make any appointment.
The admissibility of this processing is governed under the Article 6(1)(b) GDPR (contract or pre-contractual measure). The scheduling of an appointment is a pre-contractual measure that takes place at the request of the data subject.
The personal data processed for appointment arrangement will be deleted after expiry of the relevant statutory retention periods unless the controller has a legitimate interest in keeping the data for a longer period. In any event, only data required to achieve the specific purpose will be stored. Personal data are made anonymous to the possible extent.

2.8 Google Maps

The operator uses the map service Google Maps. This is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. By using it, information about the use of the website (such as date and time of the access, IP address, etc.) are transmitted to Google server in Ireland and stored. If necessary, data can also be transferred to the USA. For data transfer in the USA, Google has a certification for the Privacy Shield Agreement. For further information on Google, see: https://policies.google.com/privacy?hl=en.
The data will be used by Google for the purposes of advertising market research and / or tailor-made design of its own website. This can also be linked to your user account provided that you are logged in. If this is not what you want, you have to log out before using this service. Google’s terms of use and privacy policies apply here. If you disable or block Java script in your browser settings, you can prevent Google Maps from running. The provision of the data is neither legally prescribed nor contractually required. The non-provisioning has the consequence that you cannot use the function.
The operator employs Google Maps to enable you to use the interactive maps for route determination. The admissibility of this processing is governed under the Article 6(1)(f) GDPR (legitimate interest). The use of data for the purposes of the providing maps for route determination constitutes a legitimate interest of the operator within the of Article 6(1)(f) GDPR. Hereby the access to the operator’s registered office is facilitated.
The operator does not store personal data via the integration of Google Maps. Personal data collected by Google will be deleted unless Google has a legitimate interest in keeping the data for a longer period. In any event, only data required to achieve the specific purpose will be stored. Personal data are made anonymous to the possible extent. The data are stored by Google according to its own privacy policy. For more information, see the Google privacy policy and terms of use.

2.9 Use of Google Analytics

The operator utilizes the web analysis service Google Analytics of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses the above-mentioned cookies to collect information about your operating system, your browser, your IP address, the previously visited website as well as the date and time of your visit on the website of the operator. Any information generated by the cookies about the use of the website will be transmitted to and stored by Google on servers in Ireland. If necessary, data can also be transferred to the USA. For data transfer in the USA, Google has a certification for the Privacy Shield Agreement. For further information on Google, see: https://policies.google.com/privacy?hl=en.
Google will use this information to help the operator to evaluate the use of their website, to compile reports on website activity and to provide other services related to website activity and internet usage. As far as this is required by law, or as far as third parties process this data on behalf of Google, Google will also pass this information on to third parties. This is done anonymously or pseudonymously. Detail information can be found directly at Google: https://policies.google.com/privacy?hl=en#information.
When using Google Analytics, no immediate personal information is stored, only the Internet protocol address. This information serves the purpose of automatically recognizing you on your next visit to the website and facilitating navigation.
The admissibility of this processing is governed under the Article 6(1)(a) GDPR (consent).
The personal data collected as part of the use of tracking tools will be deleted, unless the controller has a legitimate interest in further storage. In any case, only those data that are really necessary for achieving the corresponding purpose will be stored. As far as possible, the personal data will be anonymized.
The providing of data is neither legally nor contractually prescribed. If you do not provide them, tracking will not work.

2.10 Chat Tool Zendesk

The operator uses the online chat tool „Zendesk“, a service of Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102 (www.zendesk.com) (hereinafter referred to as “Zendesk”).
The tool allows website visitor to exchange text messages directly with an employee. If no employee is immediately available, you can use Zendesk to send an email to the operator. This requires your first name, last name, e-mail address and company. Zendesk also stores your IP address, click paths and chat history.
The admissibility of this processing is governed under the Article 6(1)(f) GDPR (legitimate interest).
The interest of the operator lies in providing an electronic, uncomplicated means of direct contact.
If processing by the chat tool is carried out on the basis of pre-contractual measures (e.g. request for a quotation) or to exchange information for the performance of the contract (e.g. sending necessary information, support requests, etc.), an additional legal basis for the processing of the data is Article 6(1)(b) GDPR (contract or pre-contractual measure).
When using Zendesk, personal information is transferred to the USA. Zendesk is a certified participant of the “EU-US Privacy Shield Frameworks”. More information concerning Zendesk ‘s Privacy Policy can be found at: https://www.zendesk.com/company/privacy-and-data-protection/
The provision of the data is neither legally nor contractually prescribed. However it is required to use the chat or the contact feature.
The data processed here will be deleted when the purpose for storage has ceased to exist and no storage obligations prevent the deletion.

2.11 Registration for webinars

On the website, you have the opportunity to register for current and complimentary SMARTCRM webinars.

To do this, you must enter the following data:
• Salutation
• Last name
• Company
• E-mail

You can also provide the following voluntary information:
• First name
• Phone number
• Whether you have any questions

The admissibility of this processing is governed by Article 6(1)(b) GDPR (contract or pre-contractual measure). We need the data to be able to conduct the webinar with you. The admissibility of this processing is governed by Article 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in the providing of webinars by means of the following tools. The webinars are conducted using GoToWebinar or TeamViewer.
When using “GoToWebinar” – a service of the LogMeIn, Inc. – data can be transferred to the USA. The service provider is certified under EU-US Privacy Shield. For more information, please visit: https://www.logmeininc.com/legal/privacy-shield
TeamViewer is a service of TeamViewer Germany GmbH. You can find more information under: https://www.teamviewer.com/en-us/privacy-policy/
The data will be stored until the legal obligation to retain data ceases to apply.

3. Right of the data subject

You have the right of access (Article 15 GDPR), right to rectification (Article 16 GDPR), right to erasure (Article 17 GDPR), right to restriction of processing (Article 18 GDPR) as well as the right to data portability (Article 20 GDPR). We make all possible efforts to process inquiries quickly.
If your personal data are processed on the basis of Article 6(1)(f) GDPR, you have the right to object, provided there are reasons for doing so arising from your particular situation or the objection is directed against direct advertising (Article 21 GDPR). If you object to direct advertising, we will no longer send you any advertising messages.
Where you have consented to the processing of your personal data and revoked this consent, the processing carried out until revocation of such consent shall remain unaffected.
You have the right to lodge a complaint with a supervisory authority at any time.

4. Recipients

The data collected during the access and the use of the website and the data you provided from the first contact shall be transmitted to the server of the operator and stored there. Apart from that, your data may be disclosed to the following categories of recipients:
• Computer centers
• IT service providers
• Providers of tracking tools

5. Links to third-party websites

When visiting the website, contents linked to third-party websites may be displayed. The operator shall have no access to the cookies or other features used by third-parties, nor be able to control them. Such third-party websites are not subject to the data protection regulations on the part of the operator.