Data protection is of great importance to DSC Software AG.
This data privacy statement explains the method, extent, and aim of the processing of personal data in our online services and related websites, functions, and content (in the following referred to jointly as “online services” or “website”). The data privacy statement applies independently of domains, systems, platforms, and devices (e.g. desktop or mobile) on which the online services are executed.
The data controller in the sense of the General Data Protection Regulation (GDPR), or other data protection laws applicable in the member states of the European Union and other regulations regarding data protection is:
DSC Software AG
Am Sandfeld 17
Tel.: +49 721 9774 100
The data protection officer of the data controller is:
Am Sandfeld 17 a
+49 721 75408840
For questions and suggestions on the subject of data protection, any data subject can refer to our data protection officer anytime.
Our data privacy statement is based on the terminology used by the European Regulatory Body in adoption of the General Data Protection Regulation (GDPR). Our data privacy statement is intended to be easy to read and to understand by the public, our customers, and our business partners.
In order to ensure this, we will explain the terminology used in advance. Terms used, such as “personal data” or its “processing” are defined in Art. 4 of the General Data Protection Regulation (GDPR).
In this data privacy statement, we use, among others, the following terms:
Personal data is defined as all information referring to an identified or identifiable natural person (in the following referred to as the “data subject”). An identifiable person is a natural person who can be identified directly or indirectly, in particular by means of an assignment to a label such as a name, an ID number, location data, an online ID or one or more special features that is an expression of the physical, physiological, genetic, psychic, economic, cultural, or social identity of this natural person.
The data subject is any identified or identifiable natural person whose personal data is processed by the data controller.
Processing is any process or operation carried out with or without the help of automated procedures or any such series of operations in connection with personal data, for example: collecting, recording, organizing, ordering, storing, adapting, or changing, reading, retrieving, using, disclosing through transmission, dissemination or other form of provision, comparing or linking, restricting, deleting, or destroying.
Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.
Profiling is any kind of automated processing of personal data that consists in using such personal data in order to evaluate personal aspects referring to a natural person, in particular to analyze, or predict aspects regarding job performance, economic situation, health, personal preference, interests, reliability, conduct, place of residence, or change of locality of this natural person.
Pseudonymization is the processing of personal data in a way that the personal data can no longer be assigned to a specific data subject without additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.
The data controller is the natural or legal person, authority, institution, or other entity that determines, either alone or jointly with others, the purposes and means of the processing of personal data. If the purposes and means of this processing are controlled by EU law or the laws of EU member states, the data controller – or the specific criteria of his or her nomination – can be determined according to EU law or the laws of EU member states.
The processor is a natural or legal person, authority, institution, or other entity that processes personal data on behalf of the data controller.
The recipient is a natural or legal person, authority, institution, or other entity to whom personal data is disclosed, regardless of whether this is a third party or not. However, authorities that may receive personal data in the course of a particular inquiry in accordance with EU law or the laws of EU member states are not considered recipients.
A third party is a natural or legal person, authority, institution, or other entity (other than the data subject, the data controller, the processor, and the persons who are authorized to process the personal data under the direct responsibility of the data controller or the processor) that is authorized to process the personal data.
Consent is any expression of willingness issued freely for the specific case in an informed manner and unambiguously by the data subject in the form of a declaration or any other clearly affirmative act, with which the data subject makes it clear that they agree with the processing of the personal data.
We generally collect and use the personal data of our users only insofar as it is necessary for maintaining a well-functioning website as well as for our contents and services. The collection and use of personal data of our users takes place regularly only with the prior consent of the users. An exception applies in cases where it is impossible to obtain consent in advance and the processing of the data is permitted by legal regulations.
If we obtain the consent of the data subject for the processing of personal data, Art. 6 Sec. 1 lit. a EU General Data Protection Regulation serves as the legal basis.
In the processing of personal data that is required for fulfilling a contract of which the data subject is a contractual party, Art. 6 Sec. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations required for the implementation of pre-contractual measures.
If the processing of personal data is required for meeting a legal obligation, to which our company is subject, Art. 6 Sec. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or of another natural person require the processing of personal data, Art. 6 Abs. 1 lit. d GDPR serves as the legal basis.
If processing is required for safeguarding a justified interest of our company or a third party, and if the interests, basic rights, and fundamental freedoms of the data subject do not outweigh the first-named interest, Art. 6 Abs. 1 lit. f GDPR serves as the legal basis for the processing.
The personal data of the data subject is deleted or blocked as soon as the purpose of storage is no longer valid. Storage can also happen if stipulated by European or national legislation in EU regulations, laws, or other rules to which the data controller is subject.
The data can also be blocked or deleted if a storage period prescribed by the mentioned standards expires – unless it is necessary to store the data for the purposes of the conclusion or fulfillment of a contract.
Every time our website is called, our system automatically records data and information of the computer system of the calling computer.
The following data is collected:
- Information about the browser type and the version used
- User’s operating system
- User’s IP address
- Date and time of access
- Websites from which the user’s system accesses our website
- Session cookie for identifying the logged-in user
- Date and time of the user login
- Storage of failed login attempts
- Date and time of the creation of the user
- Storage of denied accesses (403)
- Storage of sites not found (404)
- User’s acceptance of cookie policies
The data is stored in the log files of our system. This data is not stored together with other personal data of the user.
The legal framework for the temporary storage of data and log files is Art. 6 Sec. 1 lit. f GDPR.
The temporary storage of the IP address by the system is necessary to enable the website to be sent to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
Data is stored in log files in order to ensure the correct functioning of the website. The data also serves to optimize the website and to ensure the security of our information technology systems. In this context, there is no evaluation of the data for marketing purposes.
These aims also include our justified interest in data processing according to Art. 6 Sec. 1 lit. f GDPR.
The data is deleted as soon as it is no longer required for achieving the purpose of its collection. In case of a data collection for the provision of the website, this applies when the respective session ends.
If the data is stored in log files, this applies after a maximum of seven days. Longer storage is possible. In this case, the users‘ IP addresses are deleted or distorted so that the calling client can no longer be identified.
The recording of data for providing the website and the storage of the data in log files is mandatory for the operation of the website. Therefore, the user has no possibility of objection.
Due to our justified interest, we use so-called cookies on this website. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. If a user calls a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string that enables a unique identification of the browser when the website is called again.
The following data is stored and transmitted in the cookies:
- Cookies for improving usability (status of pop-up menus)
- Analysis cookies for analyzing and improving site accesses
- When users are logged in, it contains a session cookie to identify the user. The corresponding information of the user is stored.
The legal framework for the processing of personal data using technically necessary cookies is Art. 6 Sec. 1 lit. f GDPR.
User data collected by technically necessary cookies is not used for the creation of user profiles.
We need cookies for the following applications:
- Consent to cookie disclaimer
- Toolbar opened
- Authentication of user in logged-in state to the website
- Request limitation
- Tracker version
- User identification
- Toolbar opened
Analysis cookies are used for improving the quality of our website and its contents. The analysis cookies tell us how the website is used, so we can continuously optimize our services.
In the cookie, an ID is stored linking the user with the data sent.
These aims also include our justified interest in the processing of personal data according to Art. 6 Abs. 1 lit. f GDPR.
On the basis of our justified interests, on this website we use a contact form that can be used for the electronic first contact and for the upload of documents. If a user uses this contact form, the data entered in the input mask is transferred to us and stored.
This data is required for mandatory fields:
- First and last name
- E-mail address
All other entries that are not mandatory but are filled in anyway, are also transmitted and stored.
The following data is also stored at the time of registration:
- IP address of the calling computer
- Date and time of registration
- E-mail address
- Documents that are uploaded
During this process, your consent is obtained and you are referred to this data privacy statement.
Alternatively, an initial contact is possible by means of the e-mail address provided. In this case, the user’s personal data that is sent with the e-mail is stored.
In this context, no data is passed on to third parties. The data is used exclusively for processing the conversation.
The legal framework for the processing of the data if the user consents is Art. 6 Sec. 1 lit. a GDPR.
The legal framework for processing data transmitted via e-mail is Art. 6 Sec. 1 lit. f GDPR. If the aim of the e-mail contact is to conclude a contract, an additional legal framework for the processing is Art. 6 Sec. 1 lit. b GDPR.
We need to process personal data from the input mask only for dealing with the initial contact. If this contact is made via e-mail, there is also a justified interest in the processing of the data.
The other data processed during the transmission procedure serves to prevent a misuse of the contact form and to ensure the security of our information technology systems.
The data is deleted as soon as it is no longer required for achieving the purpose of its collection. For personal data provided via the input mask of the contact form, and the data sent by e-mail, this is the case when the respective conversation with the user ends. The conversation ends when it can be inferred from circumstances that the situation concerned has been clarified finally.
The extra data collected during the sending process is deleted after a maximum period of seven days.
At all times, users can withdraw their consent to the processing of their personal data. If users contact us by e-mail, they can object to the storage of their personal data at any time. In this case, the conversation cannot be continued.
The withdrawal of consent and the objection to storage must be sent in writing to the data protection officer.
In this case, all personal data stored during the contact is deleted.
On the basis of our justified interests, we use the Google Fonts service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
Google Fonts provides an intuitive and robust directory of open-source designer web fonts. With a comprehensive catalog, typography can be integrated seamlessly in any design project.
This service is used to integrate web fonts in our websites. The integration of the Google fonts takes place with a server call to Google, regularly via the URL https://fonts.google.com. The fonts are supplied by various designers and are open-source.
When a user accesses our online services, a request is usually transmitted to a Google server in the USA, where it is stored and processed.
Technically, the fonts embedded in our website are stored on a Google server and loaded from there when the site is being called. By using the Google fonts, the Google server sends a corresponding file to each user, based on the technologies supported by the user’s browser.
Google is certified under the Privacy Shield Agreement, which means it offers a guarantee to comply with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
The connection to Google Fonts is not authenticated. During a visit to our online services, no cookies or login information is sent to Google. Corresponding queries to Google Fonts servers are sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com, so that requirements for fonts are generally separated from login information, which otherwise is sent to Google domains such as google.com or google.de, where it can be authenticated.
Google Fonts logs records of the CSS and the font file requirements. For statistical purposes, Google assigns aggregated usage numbers showing how popular font families are, and publishes these results on an Analytics website (https://fonts.google.com/analytics).
For further information on the Google Fonts service, see https://developers.google.com/fonts/faq.
The legal framework for the processing of users’ personal data is Art. 6 Sec. 1 lit. f GDPR.
Data is processed out of interest in the analysis, optimization, and economic operation of the online services in order to integrate content or service offers from third parties or their contents and services.
We use Google Fonts to make our website independent of the fonts installed by the user, the so-called system fonts, and to ensure a consistent display on different systems.
The data is deleted as soon as it is no longer required for our recording purposes.
On the basis of our justified interests, we use components of the YouTube service, operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, (“YouTube”).
YouTube is an Internet video portal that enables video publishers to post video clips free of charge, and other users to view, rate, and comment on these clips, also free of charge. YouTube permits the publication of all kinds of videos, which is why both whole film and TV programs, but also music videos, trailers, or videos made by the users themselves, can be retrieved via the internet portal.
After every call of one of the individual pages of this website, which is operated by those responsible for processing and on which a YouTube component (YouTube video) is integrated, the Internet browser on the information-technology system of the person concerned is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information on YouTube can be retrieved under https://www.youtube.com/yt/about/de/. Within the framework of this technical procedure, YouTube and Google receive knowledge about the actual subpage of our website that is being visited by the person concerned.
If the person concerned is simultaneously logged into YouTube, YouTube can see from the retrieval of a subpage containing a YouTube video the actual subpage of our website that is being visited by the person concerned. This information is collected by YouTube and Google and assigned to the respective YouTube account of the person concerned.
Via the YouTube component, YouTube and Google always receive information that the person concerned has visited our website if the person concerned is simultaneously logged into YouTube at the time our website is retrieved; this takes place irrespective of whether the person concerned clicks a YouTube video or not. If such a communication of this information to YouTube and Google is not desired by the person concerned, he or she can prevent the communication by logging out of the YouTube account before visiting our website.
The legal basis for the processing of users’ personal data is Art. 6 Sec. 1 lit. f GDPR.
The data are processed in the interests of analysis, optimization, and economic operation of the online offer.
For the purpose and scope of data collection and further processing and use of the data by YouTube, see the YouTube data privacy statement under https://www.google.de/intl/de/policies/privacy/.
The data are deleted as soon as it is no longer required for achieving the purpose of its collection.
If a user is simultaneously a user of YouTube services and wants to prevent YouTube from collecting (via this online offer) data about him or her and linking it to his or her user data stored by YouTube, he or she must log out from YouTube before using our online offer, and delete his or her cookies.
YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. It may therefore be necessary for the user to log off from any possible Google user account and delete all related cookies.
Under https://www.google.de/settings/ads/authenticated, YouTube offers the option of forbidding targeted advertising.
Due to our legitimate interest, we use the open-source tool Yourls, https://yourls.org/. This tool allows shortening links to create short URLs. Yourls analyses the IP address, browser settings, and browser information to identify where the request comes from.
Yourls is hosted on servers of DSC Software AG. DSC Software AG exclusively carries out the collection and statistical analysis of the data.
The legal framework for the processing of the users’ personal data is Art. 6 Sec. 1 lit. f GDPR.
Data is processed out of interest in the analysis, optimization, and economic operation of the online offer.
The data is deleted as soon as it is no longer necessary for our recording purposes.
There is no possibility of objection and disposal.
If your personal data is being processed, you are the data subject in the sense of the General Data Protection Regulation (GDPR) and you have the following rights against the data controller:
From the data controller, you can demand confirmation about whether personal data concerning you is processed by us.
If your data is being processed, you can demand information from the data controller about the following:
- The reason why the personal data is being processed;
- The categories of personal data that are being processed;
- The recipients or categories of recipients to whom your personal data has been or will be disclosed;
- The planned duration of storage of your personal data or, if nothing concrete can be specified here, criteria for defining the duration of storage;
- A right of rectification or erasure of your personal data, a right to restrict processing by the data controller, or a right of objection to this processing;
- The right to complain to a supervisory authority;
- All available information about the origin of the data if the personal data is not collected for the data subject;
- The existence of an automated decision-making process including profiling in accordance with Art. 22 Sec. 1 and 4 GDPR and – in these cases at least – meaningful information concerning the logic involved as well as the scope and the intended effects of such processing for the data subject.
You have the right to demand information about whether your personal data is transmitted to a third country or an international organization. In this context, you can demand to be informed about suitable guarantees acc. to Art. 46 GDPR in connection with the transmission.
This right to information can be restricted if it is foreseeable that it will make the realization of research or statistics purposes impossible or extremely difficult and if the restriction is necessary for fulfilling research and statistics purposes.
You have a right to correction and/or completion against the data controller if your processed personal data is incorrect or incomplete. The data controller has to make the correction immediately.
Your right to correction can be restricted if it is foreseeable that it will make the realization of research or statistics purposes impossible or extremely difficult and if the restriction is necessary for fulfilling research and statistics purposes.
You can demand restriction of processing of your personal data under the following conditions:
- If you dispute the correctness of your personal data for a duration that enables the data controller to check the correctness of your personal data;
- Processing is illegal and you reject the deletion of your personal data and instead demand the restriction of the use of your personal data;
- The data controller no longer requires the personal data for purposes of processing, but you require it for the assertion, enforcement or defense of your legal rights;
- You have objected to the processing in accordance with Art. 21 Sec. 1 GDPR and it is not yet certain whether the justified reasons of the data controller outweigh your reasons.
If processing of your personal data has been restricted, this data – apart from its storage – may only be processed with your consent or for the assertion, enforcement or defense of your legal rights or to protect the rights of another natural or legal person or for reasons of an important public interest of the EU or a member state.
If restriction of processing is limited to the conditions listed above, you will be informed of this by the data controller before the restriction is lifted.
Your right to restriction of processing can be restricted if it is foreseeable that it will make the realization of research or statistics purposes impossible or extremely difficult and if the restriction is necessary for fulfilling research and statistics purposes.
You can demand from the data controller that your personal data be deleted immediately, and the data controller is obliged to delete this data immediately if one of the following reasons applies:
- Your personal data is no longer required for the purposes for which it was collected or otherwise processed.
- You withdraw your consent on the basis of which processing was carried out in accordance with Art. 6 Sec. 1 lit. a or Art. 9 Sec. 2 lit. a GDPR, and there exists no other legal basis for processing.
- You object to processing in accordance with Art. 21 Sec. 1 GDPR and there exist no overriding justified reasons for processing, or you object to processing in accordance with Art. 21 Sec. 2 GDPR.
- Your personal data concerned was unlawfully processed.
- The deletion of your personal data is necessary for the fulfillment of a legal obligation according to EU law or the laws of a member state to which the data controller is subject.
- Your personal data was collected with regard to services offered by information society in accordance with Art. 8 Sec. 1 GDPR.
If the data controller has published your personal data and is legally obliged to delete it in accordance with Art. 17 Sec. 1 GDPR, he or she must take appropriate (including technical) measures with regard to the available technology and the implementation costs to inform the data controller who also process your personal data that you as the data subject have demanded the deletion of all links to this personal data or of copies or replications of this personal data.
The right to deletion does not exist if processing is necessary:
- For exercising the right to freedom of expression and information
- For fulfilling a legal obligation that requires processing according to EU law or the laws of the member states to which the data controller is subject, or performing a task that is in the public interest or in the exercise of official authority that is assigned to the data controller
- For reasons of public interest in the area of public health in accordance with Art. 9 Sec. 2 lit. h and i as well as Art. 9 Sec. 3 GDPR
- For archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes in accordance with Art. 89 Sec. 1 GDPR, provided the right named under Section 1. will foreseeably make the realization of the aims of processing impossible or extremely difficult
- For the assertion, enforcement or defense of legal rights.
If you have enforced you right to correction, deletion or restriction against data controller, this person is legally obliged to inform all recipients to whom your personal data was disclosed about this correction or deletion of the data or restriction of processing unless this proves to be impossible or is connected with disproportionate effort.
You have the right against the data controller to be informed about these recipients.
You have the right to receive the personal data that you have provided to the data controller in a structured, common, and machine-readable format. You also have the right to transfer this data to another data controller without hindrance by the data controller to whom the personal data was provided, if:
- Processing is based on consent in accordance with Art. 6 Sec. 1 lit. a GDPR or Art. 9 Sec. 2 lit. a GDPR or on a contract in accordance with Art. 6 Sec. 1 lit. b GDPR and
- Processing takes place with the aid of automated procedures.
In enforcing this right, you also have the right to ensure that your personal data is transferred directly from one data controller to another data controller as far as this is technically possible. The freedom and rights of other persons may not be impaired by this.
The right to data portability does not apply to the processing of personal data that is required for performing a task that is in the public interest or in the exercise of an official authority that was assigned to the data controller.
You have the right for reasons applying to your particular situation, to object at any time to processing of your personal data that takes place on the basis of Art. 6 Sec. 1 lit. e or f GDPR; this also applies to profiling based on these regulations.
The data controller no longer processes your personal data unless he or she can provide compelling legitimate reasons for processing that outweigh your interest, rights and freedoms, or the processing serves the assertion, enforcement, or defense of your legal rights.
If your personal data is processed to pursue direct advertising, you have the right to object at any time to processing of your personal data for the purposes of such advertising; this also applies to profiling, if this is related to such direct advertising.
If you object to processing for the purposes of direct advertising, your personal data is no longer processed for these purposes.
In connection with the use of information society services – irrespective of Regulation 2002/58/EG – you can exercise your right of objection using automated procedures for which technical specifications are used.
You also have the right for reasons applying to your particular situation to object to processing of your personal data conducted for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Sec. 1 GDPR.
Your right of objection can be restricted if it is foreseeable that it will make the realization of research or statistics purposes impossible or extremely difficult and if the restriction is necessary for fulfilling research and statistics purposes.
You have the right at any time to withdraw your consent concerning data privacy. Through the withdrawal of consent, the legitimacy of the processing carried out on the basis of your consent up to its withdrawal is not affected.
You have the right not to be subjected to a decision based exclusively on automated processing including profiling, a decision that has a legal effect on you or that considerably adversely affects you. This does not apply if the decision:
- is necessary for the conclusion or fulfillment of a contract between you and the data controller
- is permissible on the basis of legal regulations of the EU or the member states to which the data controller is subject and these legal regulations include appropriate measures for preserving your rights and freedoms as well as your justified interests, or
- is made with your express consent.
However, these decisions may not be based on special categories of personal data in accordance with Art. 9 Sec. 1 GDPR, as long as Art. 9 Sec. 2 lit. a or g GDPR does not apply and appropriate measures have been taken to protect your rights and freedoms as well as your justified interests.
With regard to the cases named in (1) and (3), the data controller takes appropriate measures to protect your rights and freedoms as well as your justified interests, to which at least belongs the right to obtain the intervention of a person on the part of the data controller, to present one’s own position, and to challenge the decision.
Irrespective of any other regulatory or legal remedy, you have the right to complain to a supervisory authority, in particular in the member state of your place of residence, your workplace, or the place of the alleged violation if you are of the opinion that the processing of your personal data violates the General Data Protection Regulation (GDPR).
The supervisory authority to which the complaint is submitted informs the complainant about the state and results of the complaint including the possibility of a legal remedy in accordance with Art. 78 of the General Data Protection Regulation (GDPR).