In the following, we inform you about the processing of personal data when using
Personal data is any data that can be related to a specific natural person, e.g., their name or their IP address.
Controller according to Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is softwarenaut GmbH, Max-Planck-Straße 4, 85609 Dornach near Munich, Germany, Email: info@softwarenaut.de. We are legally represented by Bahadur Shah and Daniel Wolf.
Our data protection officer is heyData GmbH, Gormannstr. 14, 10119 Berlin, www.heydata.eu, Email: info@heydata.de.
We detail the scope of data processing, purposes of processing, and legal bases further below. The following legal bases generally apply for data processing:
To the extent that we transfer data to service providers or other third parties outside the EEA, we guarantee the security of the data during transfer, provided that adequacy decisions of the EU Commission are in place (e.g., for the United Kingdom, Canada, and Israel) according to Art. 45 para. 3 GDPR.
If no adequacy decision exists (e.g., for the USA), the legal basis for data transfer is generally, unless otherwise stated, standard contractual clauses. These are a set of rules adopted by the EU Commission and form part of the contract with the respective third party. According to Art. 46 para. 2 lit. b GDPR, they ensure the security of data transfer. Many providers have provided contractual guarantees beyond the standard contractual clauses, which protect the data beyond the standard clauses, such as guarantees regarding data encryption or a duty of the third party to inform data subjects if law enforcement agencies wish to access the data.
Unless explicitly stated otherwise in this privacy policy, the data stored by us will be deleted once it is no longer necessary for its intended purpose and there are no statutory retention obligations opposing deletion. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted, i.e., the data will be blocked and not processed for other purposes. This applies, for example, to data that we must retain for commercial or tax reasons.
Data subjects have the following rights regarding their personal data:
Data subjects also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of their personal data.
Customers, prospects, or third parties are only required to provide us with those personal data that are necessary for the establishment, execution, and termination of the business relationship or any other relationship or for which we are legally obliged to collect them. Without this data, we will generally have to refuse the conclusion of a contract or the provision of a service or will no longer be able to carry out an existing contract or other relationship.
Mandatory fields are marked as such.
For establishing and conducting a business relationship or any other relationship, we generally do not use fully automated decision-making according to Article 22 GDPR. Should we use such procedures in individual cases, we will inform you separately, provided that this is legally required.
When contacting us, e.g., via email or phone, the data you provide to us (e.g., names and email addresses) will be stored by us to answer questions. The legal basis for processing is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) to respond to inquiries directed to us. The data generated in this context will be deleted after the storage is no longer necessary, or processing will be restricted if legal retention obligations exist.
We reserve the right to inform customers who have already used our services or purchased goods from us from time to time by email or electronically in another way about our offers, provided they have not objected to this. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in direct marketing (Recital 47 GDPR). Customers can object to the use of their email address for advertising purposes at any time without additional costs, for example via the link at the end of each email or by emailing our above-mentioned email address.
Prospects have the option to subscribe to a free newsletter. We process the data provided during registration solely for the purpose of sending the newsletter. Registration is done by selecting the appropriate field on our website, by checking the appropriate field in a paper document, or by another clear action through which prospects indicate their consent to the processing of their data, so the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. Consent can be withdrawn at any time, e.g., by clicking the corresponding link in the newsletter or notifying our above-mentioned email address. The processing of data until the withdrawal remains lawful even if consent is withdrawn.
Based on the recipients' consent (Art. 6 para. 1 sentence 1 lit. a GDPR), we also measure the open and click rates of our newsletters to understand which content is relevant to our recipients.
When using the website informatively, i.e., when site visitors do not transmit information to us separately, we collect the personal data that the browser transmits to our server to ensure the stability and security of our website. This is our legitimate interest, so the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.
This data includes:
This data is also stored in log files. They are deleted when their storage is no longer necessary, at the latest after 14 days.
Our website is hosted based on a data processing agreement (Art. 28 GDPR) with 1&1 IONOS SE, lgendorfer Str. 57, 56410 Montabaur (Privacy Policy: https://www.ionos.de/terms-gtc/terms-privacy). The provider processes the personal data transmitted via the website, e.g., content, usage, meta/communication data, or contact data. Our legitimate interest is to provide a website, so the legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
When contacting us via the contact form on our website, we store the data requested there and the content of the message.
The legal basis for processing is our legitimate interest to respond to inquiries directed to us. Therefore, the legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
The data generated in this context will be deleted after the storage is no longer necessary, or processing will be restricted if legal retention obligations exist.
We publish job vacancies available in our company on our website, on pages connected to the website, or on third-party websites.
The processing of data provided during the application process takes place for the purpose of conducting the application procedure. If these are required for our decision to establish an employment relationship, the legal basis is Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 BDSG. The data required to conduct the application process have been marked accordingly or indicated. If applicants do not provide this data, we cannot process the application.
Additional data is voluntary and not required for an application. If applicants provide additional information, the basis is their consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
We ask applicants to refrain from providing information about political opinions, religious beliefs, and similarly sensitive data in their resumes and cover letters. These are not required for an application. If applicants nevertheless provide such information, we cannot prevent their processing as part of processing the resume or cover letter. Their processing then also relies on the applicants' consent (Art. 9 para. 2 lit. a GDPR).
Finally, we process applicants' data for further application procedures if they have given us their consent to do so. In this case, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
We pass the applicants' data on to the responsible personnel department employees, our data processors in the recruiting area, and other employees involved in the application process.
If we enter into an employment relationship with the applicant following the application process, we delete the data only after the termination of the employment relationship. Otherwise, we delete the data no later than six months after rejecting an applicant.
If applicants have given us their consent to use their data for further application procedures, we delete their data only one year after receiving the application.
Site visitors can book appointments with us on our website. For this, in addition to the entered data, we process meta or communication data. We have a legitimate interest in providing prospects with a user-friendly way to schedule appointments. Therefore, the legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR.
We offer services via our website. The processing of data takes place to provide the contract concluded with the respective site visitor (Art. 6 para. 1 sentence 1 lit. b GDPR).
We are present on social media networks to showcase our company and our services. The operators of these networks regularly process user data for advertising purposes. Among other things, they create user profiles based on online behavior, which, for example, are used to display advertisements on the networks' sites and elsewhere on the internet that match the users' interests. For this purpose, the network operators store information about user behavior in cookies on the users' computers. It is also possible that the operators combine this information with other data. Further information and instructions on how users can object to the processing by the site operators can be found in the privacy policies of the respective operators listed below. It may also be the case that the operators or their servers are located in non-EU countries, so they process data there. This may pose risks for users, e.g., because enforcing their rights is more difficult or state authorities have access to the data.
If users of the networks contact us through our profiles, we process the data they provide to answer their inquiries. This is our legitimate interest, so the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.
We maintain a profile on Facebook. The operator is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy can be accessed here: https://www.facebook.com/policy.php. One way to object to data processing is through ad settings: https://www.facebook.com/settings?tab=ads.
We are jointly responsible with Facebook for the processing of visitors' profile data based on an agreement in accordance with Art. 26 GDPR. Facebook explains exactly which data is processed at https://www.facebook.com/legal/terms/information_about_page_insights_data. Data subjects can exercise their rights both with us and with Facebook. However, according to our agreement with Facebook, we are obliged to forward inquiries to Facebook. Therefore, data subjects receive a quicker response if they contact Facebook directly.
We maintain a profile on Instagram. The operator is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy can be accessed here: https://help.instagram.com/519522125107875.
We maintain a profile on TikTok. The operator is musical.ly Inc., 10351 Santa Monica Blvd #310, Los Angeles, CA 90025 USA. The privacy policy can be accessed here: https://www.tiktok.com/de/privacy-policy.
We maintain a profile on Twitter. The operator is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The privacy policy can be accessed here: https://twitter.com/de/privacy. One way to object to data processing is through ad settings: https://twitter.com/personalization.
We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy can be accessed here: https://de.linkedin.com/legal/privacy-policy. One way to object to data processing is through ad settings: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
We maintain a profile on Xing. The operator is New Work SE, Dammtorstraße 29-32, 20354 Hamburg. The privacy policy can be accessed here: https://privacy.xing.com/de/datenschutzerklaerung.
We use "CookieYes" on our website to inform you about the use of cookies and to manage your consents. CookieYes is a service provided by CookieYes Limited that allows us to offer you a user-friendly cookie notification and to store your preferences regarding cookies.
By using CookieYes, we ensure that our website complies with legal requirements regarding the collection and documentation of cookie consents. CookieYes securely stores the cookie settings you have selected and helps us manage and monitor these consents efficiently.
The legal basis for processing your data in connection with the use of CookieYes is Article 6(1)(f) of the GDPR, where our legitimate interest lies in legal compliance and proper management of cookie consents.
For more information on how CookieYes processes data, please refer to their privacy policy here.
We reserve the right to change this privacy policy with effect for the future. The current version is always available here.
For questions or comments regarding this privacy policy, we are happy to assist you via the contact details provided above.