Privacy Policy
The protection of your personal data is of particular concern to us. We therefore process your data exclusively on the basis of the statutory provisions and in compliance with the relevant data protection regulations. In this data protection declaration, we inform you about the data processing within the framework of our website www.isystem.com.
1. Data Controller
Responsible authority:
iSYSTEM AG für Informatiksysteme
Carl-Zeiss-Str. 1
85247 Schwabhausen
Germany
Tel.: +49 (8138) 6971-0
Fax: +49 (8138) 6971-46
www.isystem.com
info@isystem.com
You can reach our data protection officer at:
Data Business Services GmbH & Co. KG
Nördliche Münchner Straße 47
82031 Grünwald
E-Mail: privacy@isystem.com
2. Processing of data
2.1 General, deletion
Personal data is any data that makes you identifiable as a person, such as name, address, e-mail addresses and online identifiers.
The personal data of our users is used as follows:
- the execution of our services
- the guarantee of technical support.
We only transfer the personal data to third parties if this is done on the basis of your consent, if this is necessary for billing purposes (carrying out bank transactions), the delivery of goods (delivery by postal service providers) or otherwise necessary to fulfil our contractual obligations towards you.
Personal data will be deleted as soon as they have fulfilled their purpose and the deletion does not conflict with any retention obligations.
2.2 Informational use of our website
When using the website for information purposes only, i.e. if you do not log in to use the website, register or otherwise provide us with information, we do not collect any personal data, with the exception of the data that your browser transmits to enable you to visit the website. These are:
- The IP address
- The date and time of request
- Time zone difference
- Content of the request (specific page)
- Access status/HTTP status code
- The quantity of any data transferred
- The website from which the request comes
- The browser
- The operating system and its interface
- The language and version of the browser software.
We store this data in the form of log files for a limited period of time in order to be able to analyze and rectify any technical problems. The legal basis for this is Article 6 (1) (f) GDPR. Due to the nature of the internet, this data is necessarily processed on a range of servers, before your request reaches our web server. Consequently, the collection and use are also possible in "third countries" (e.g. in the USA). Our company has no influence on this process. Apart from these technical constraints, the provider of this website does not transmit any personal data to countries outside the scope of the EU Data Protection Regulation or without an adequate level of data protection.
In addition to the pure informational use of our website, we offer various services that you can use if you are interested. To do so, you usually have to provide further personal data that we use to provide the respective service. If additional voluntary information is possible, it will be marked accordingly. We do not automatically pass on your data to third parties or third countries/third countries. In the following, you will learn more about the individual data processing in the respective context of use.
2.3 Contact by e-mail and contact form
If you contact us by contact form or e-mail, your e-mail address, your name, if applicable, your address and telephone number will be stored in order to answer your questions. The mandatory fields are marked with *.
Please briefly describe your request in the request form. This helps us to quickly assign the right contact person and to process it purposefully. Limit your information to what is necessary and, if possible, refrain from providing personal data.
If you contact us through a form on our website, the content of the form will be forwarded to sales@isystem.com by e-mail.
The messages are sent via the web server of the company 1&1 IONOS SE. We have concluded an order processing contract with our partner to be able to guarantee a very high level of data protection here as well.
Data entered as part of a form is cached for a limited time. This is done for the purpose of functional testing and troubleshooting.
Your data will only be processed for correspondence with you and for the purpose for which you have provided us with the data in the context of this communication, e.g., to process your request and post-processing. The data is usually automatically deleted after your request has been finally processed by us and there are no reasons for further storage. (e.g., subsequent product order or other fulfilment of (pre-)contractual measures and purposes).
We use your e-mail address exclusively to answer your (pre-)contractual questions and concerns. The same applies in the event that further exchange of information is subsequently desired or necessary within the framework of the conclusion of the contract. Any other use, in particular for advertising purposes or a transfer to third parties, does not take place, unless you consent to this separately.
Data processing is carried out based on the statutory provisions of Art. 6 para. 1 lit. b of the GDPR. The processing of the data serves the fulfilment of (pre-)contractual purposes.
2.4 Newsletter
If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data will not be collected or will only be collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
To subscribe to our newsletter, we use the so-called double opt-in procedure. This means that after your registration we will send you an e-mail, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
The processing of the data entered in the newsletter registration form takes place exclusively based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address, and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter or via the post address and e-mail address given in the imprint. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
The provided data for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after unsubscribing from the newsletter. Data stored by us for other purposes remain unaffected by this.
2.5 Newsletter dispatch via CleverReach
Our e-mail newsletters are sent via the technical service provider CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede ("CleverReach"), to whom we pass on your data provided when registering for the newsletter. This transfer takes place in accordance with Art. 6 para. 1 lit. f GDPR and serves our legitimate interest in the use of an advertising-effective, secure, and user-friendly newsletter system. The data entered by you for the purpose of subscribing to the newsletter (e.g., name, e-mail address) will be stored on the servers of CleverReach in Germany or Ireland.
CleverReach uses this information to send and statistically evaluate the newsletter on our behalf. For the evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which represent one-pixel image files that are stored on our website. In this way, it can be determined whether a newsletter message has been opened and which links have been clicked, if any. With the help of so-called conversion tracking, it can also be analyzed whether a predefined action has taken place after clicking on the link in the newsletter. In addition, technical information is collected (e.g., time of retrieval, IP address, browser type and operating system). The data is collected exclusively pseudonymized and is not linked to your other personal data, a direct personal connection is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
If you wish to object to data analysis for statistical evaluation purposes, you must revoke the newsletter subscription and unsubscribe. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
We have concluded an order processing contract with CleverReach, in which we oblige CleverReach to protect the data of our customers and not to pass them on to third parties.
Further information on CleverReach’s data analysis can be found here:
https://www.cleverreach.com/de/funktionen/reporting-und-tracking/
The privacy policy of CleverReach can be viewed here:
https://www.cleverreach.com/de/datenschutz/
2.6 Transfer within the iSYSTEM Group
The transmission of personal data within the companies of the iSYSTEM Group takes place for internal administrative purposes of central customer service and order processing. This means that a transmission only takes place if you place an order or are in customer contact with us, for example by e-mail. The recipient of the personal data for processing is the company iSYSTEM Labs d.o.o. in Slovenia. The iSYSTEM Group obliges its affiliated companies through internal guidelines to implement technical-organizational measures to ensure the security of processing.
2.7 Data protection for applications and during the application process
We collect and process the personal data of applicants for the purpose of processing the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents electronically, for example by e-mail. If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be deleted six months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
2.8 Use of winIDEA and winIDEA Community Edition
Our products winIDEA and winIDEA Community Edition are free of charge, downloadable without registration and valid indefinitely. Depending on the product, usage scenario or used functions, licensing may exceptionally be necessary, which necessarily goes hand in hand with the processing of personal data (surname, first name, contact details, company).
Such data processing takes place based on the statutory provisions of Article 6(1)(f) GDPR. b of the GDPR. The processing of the data serves exclusively the fulfillment of (pre-)contractual purposes in connection with the license management in order to prevent illegal use of software.
2.9 Download Link
For some of our downloads, a personalized download link must be requested to be able to provide you with the documents and software. The e-mail address will only be used to send the personalized download link as part of our (pre-)contractual measures. Any other use, in particular for advertising purposes or a transfer to third parties, does not take place, unless you consent to this separately.
The Download Link are sent via the web server of the company 1&1 IONOS SE. We have concluded an order processing contract with our partner to be able to guarantee a very high level of data protection here as well. Data processing is carried out based on the statutory provisions of Article 6(1)(f) GDPR. b of the GDPR. The processing of the data serves exclusively the fulfillment of (pre-)contractual purposes and will be deleted 1 year after delivery of the link.
2.10 Data protection information for webinars using Livestorm
We offer webinars and use the software solution "Livestorm" of the webinar technology provider Livestorm SAS. The webinar planning, performing, and moderating are executed via the Livestorm website. In this respect, they take place computer/software-supported via an encrypted connection on the Internet. You can participate in one of our "live webinars" if you have previously registered for it.
The following data is required for the registration and implementation of your participation in the webinar as well as for follow-up and is requested accordingly: surname, first name, e-mail address. By confirming the registration button, the data will be provided to us for the following use:
You will receive a personalized registration confirmation, reminders for the webinar and possible date changes via the e-mail address provided. You can easily cancel or deselect your registration for the webinar itself and this service in each e-mail by clicking on the corresponding links at the bottom of the e-mail.
The legal basis for the processing of your data in connection with the webinar, also via the "Livestorm" platform, is Art. 6 para. 1 lit.b) GDPR. In cases where no contract for participation in a webinar has been concluded with you, Art. 6 para. 1 lit. f) GDPR represents the necessary basis, whereby the legitimate interest is then justified in the implementation of the webinar. In addition to the implementation of webinars, this also includes the follow-up of statistical participation data for further customer support or the expansion of the user experience. This means that during and after the webinar is held, statistical data is determined and stored.
The processing of your data via the platform of the service provider and processor Livestorm SAS (as our processor) for our own purposes takes place based on Art. 28 GDPR. The data will be processed to the extent permitted by law in Germany, the European Union and, if Livestorm uses subcontractors, possibly in the USA. An adequate level of data protection is guaranteed by various measures:
This includes, among other things, the fulfillment of the requirement of Art. 44 et seq. GDPR, to which Livestorm has contractually committed itself to us. We have concluded an order processing agreement with Livestorm. In this context, please also note the data protection information of the company Livestorm SAS.
By registering for a webinar, you will transmit your details to us for the purpose of participation at and performing the webinar in general as well as execution follow-up activities afterward. We will only use the data for any purpose other than those mentioned above or transfer it to other third parties if this is permitted by law or if the user has expressly consented to this. In addition, our other data protection notices apply.
2.11 Integration of YouTube videos
Videos from the external video platform YouTube are integrated into our website. By default, only images without a direct link to YouTube are embedded, which do not establish an automated connection to YouTube's servers. This means that the operator does not receive any data from the user when accessing the websites.
Only when you start the video with pressing the button "Play Video", the necessary data (including the Internet address of the current page and your IP address) is transmitted to the operator with your consent. Only in this case the necessary session cookie is set, which will be deleted immediately when you leave the page.
YouTube is an offer of YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, a subsidiary of Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA. Further information on the purpose and scope of data processing (also outside the European Union and outside the USA) as well as information on setting options to protect your privacy can be found in the data protection declaration: policies.google.com/privacy.
2.12 Support Portal
The iSYSTEM Support portal offers helpdesk services, which are used to send support requests to iSYSTEM and to track the process of and communicate about existing support requests.
Creating An Account
To use the iSYSTEM Support portal, you will first need to create a user account using your work email address, surname, first name, company details and time zone. You will need to confirm the registration to prove that you have access to the provided email address.
Legal Basis For Your Personal Data
Your email address and the contact information which you provide contain personal data. The legal basis for the processing of your data is Art. 6 para. 1 lit. b) GDPR.
Data Storage
iSYSTEM is using Google Cloud platform Germany, Europe, for hosting services. Further information on Google Data processing and security terms can be found here: https://cloud.google.com/terms/data-processing-terms?skip_cache=true. All containers are encrypted and not disclosed to Google or any other 3rd party by any means. We ensure the security by regular audits and tests executed by the company’s Information Security Management System (see certificate). iSYSTEM may only process and transfer personal data within the iSYSTEM Group (https://www.isystem.com/contact.html).
Deleting Your Account
Registered accounts can be deleted at any time. For more information, please refer to the User Manual. You are also automatically removed from any support cases, participating as a “watcher”. The historical data of posted support requests are immediately anonymized.
Watchers
“Watchers” are an effective method for following the progress of a support case (comparable with a cc in an email). The “watcher” may be invited by authorized users by adding the email address to participate as an unregistered user. In this case, the “watcher” will receive notifications about the ticket progress but will not be able to participate in the conversation until registering with the necessary information described above. If these email notifications should no longer be received, one can unsubscribe by using the “unsubscribe” link provided in each email, which will remove the email address from the list of “watchers” on the given ticket and emails, related to this topic, will no longer be received. The personal data (e-mail address) is deleted immediately.
ReCAPTCHA
This website uses reCAPTCHA v2 to determine whether a human being or a computer is entering a certain input on web forms. reCAPTCHA v2 is a service of Google and used on the following landing pages of the Support Portal only:
The legal basis for the usage and data processing is Art. 6 para. 1 lit. f GDPR. iSYSTEM has a legitimate interest in this data processing to ensure the security of the two landing pages and to protect them from automated inputs (attacks). Every time you visit one of these two landing pages (that uses reCAPTCHA v2), a direct connection is established between your browser and a Google server in the United States. The information that you have visited this site with your IP address is transmitted directly from your browser to the Google server and stored there. Google uses the following data to determine whether you are a human being or a computer:
- IP address of the terminal device used.
- Address of the website you are visiting and where the captcha is embedded.
- Date and duration of the visit.
- Identification data of the browser and operating system type used.
- Google Account, if you are logged in at Google.
- Mouse movements on the reCAPTCHA surfaces and tasks where you have to identify images.
The service is subject to the different privacy policies of Google Inc. For further information on the privacy policies of Google Inc. please visit https://policies.google.com/privacy?hl=en. (By using one of these two pages mentioned above, you agree to the collection, processing and usage of the data collected about you by Google in the manner and for the purposes described above.)
3. Cookies
This website uses so-called cookies. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and stored by your browser.
This website uses cookies to the following extent:
- Transient cookies (temporary use)
- Persistent cookies (temporary use),
Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to the website. The session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
This stored information is stored separately from any further data provided by us. In particular, the data of the cookies are not linked to your other data.
You can deactivate the storage of cookies in your browser or delete stored cookies, but this may lead to limited functionality, delays or unusability of certain parts of the website.
Detailed information on the specific use of cookies can be found in our Cookie Policy and settings for these cookies can be adjusted here.
4. Use of Matomo
This website uses the privacy-friendly open-source web analysis service Matomo as an alternative to Google Analytics. We use the service exclusively for statistical purposes with the aim of optimizing our Internet offer. The analysis required for this is carried out on the basis of a so-called log file analysis. Matomo does not collect its data itself but uses the database of the web server. By default, each web server (Apache, nginx, lighttpd, IIS) writes a log file in which various information about a visit (see also above under 2.2.) To be filed:
- The domain that is being accessed.
- The IP address of the requesting computer.
- Date and time of access.
- What kind of HTTP request it is.
- The called URL.
- The HTTP status code.
- Website from which access is made (referrer URL).
- Browser used and, if applicable, the operating system of your computer (user agent).
The Log File analysis differs from the tracking in particular by the fact that no cookies must be used. Instead, only code sequences are implemented on our website without your personal data being stored. Also, the software is only operated on our own servers. The statistical results generated in this way with the help of Matomo enable us to carry out a purely anonymous analysis of the use of our website. It is not possible to draw conclusions about a specific person, as IP addresses, among other things, are anonymized immediately before they are stored. For this purpose, our web server shortens each requesting IP address before it is stored in the log file without the possibility of returning this process. The IP address transmitted by your browser will also not be merged with other data collected by us.
Due to all these measures, Matomo cannot create user profiles from the data that is read from the log file due to a lack of identification features that make a clear assignment possible.
Further information on the privacy settings of the Matomo software can be found under the following link: https://matomo.org/docs/privacy/ .
Under https://matomo.org/docs/log-analytics-tool-how-to/ you can find out more about log file analysis.
The legal basis for the use of Matomo is the legitimate interest in the analysis to improve the experience on our website in accordance with Art. 6 para. 1 lit.f) GDPR.
5. Social Media
We use the following social media platforms for company presentation and communication. For this purpose, our website contains simple (and non-embedded!) links to LinkedIn and YouTube. The links to the websites of the social media platforms can be recognized by the respective company logo. When you click on the symbols, no data is processed, but you are redirected to the company appearance of iSYSTEM AG on the respective social media platform. Only then will data be processed from the respective provider in its own responsibility. Information on the processing of your personal data when using the provider's website can be found here or in the information on data protection of the respective provider. The following linked data protection information and opt-out options are expressly referred to. We have no influence on the fact that the providers of the social media platforms comply with the data protection regulations.
1. YouTube: Provider = Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, Headquarter: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy policy: https://policies.google.com/privacy; Privacy Shield (ensuring a level of data protection when processing data in the USA):
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Possibility of opposition (Opt-Out): Opt-Out-Plugin:
http://tools.google.com/dlpage/gaoptout?hl=de
Settings for the display of advertisements: https://adssettings.google.com/authenticated.
2. LinkedIn: Provider = LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Privacy Policy:
https://www.linkedin.com/legal/privacy-policy;
Privacy Shield (ensuring a level of data protection when processing data in the USA):
https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active
Possibility of opposition (Opt-Out):
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
These social media platforms may process personal data outside the EU. In this respect, we refer to the above data protection notices of the social media platforms. The respective social media platforms may be able to create user profiles and store cookies on your computer from your usage behavior and the resulting interests and activities on your part. If you have an account on the respective social media platform and are logged in, your usage behavior can even be stored independently of the device. Your usage profile can be used, for example, to place advertisements that are presumed to be in your interests. If you log out before pressing the link, you can at least partially avoid data processing.
We process the personal data exclusively for communication with you via the social media platform you have chosen and for optimizing our online presence. We make sure that no interests on your part are affected here, which outweigh this legitimate interest on our part (Art. 6 I p. 1 f GDPR). Thus, as you have already given effective consent about the corresponding data processing to the respective provider of the social media platform, the processing of your personal data also takes place on the basis of this consent (Art. 6 I p. 1 a GDPR).
6. Your rights You have the right to:
a) To request information about the categories of processed data, the processing purposes, any recipients of the data, the planned storage period (Art. 15 GDPR);
b) to request the correction or completion of incorrect or incomplete data (Art. 16 GDPR);
c) to revoke a given consent at any time with effect for the future (Art. 7 para. 3 GDPR);
d) to reject the data processing that is to be carried out on the basis of a legitimate interest for reasonsarising from your particular situation (Article 21(1) GDPR);
e) in certain cases, to request the deletion of data within the framework of Art. 17 GDPR - in particular if the data is no longer required for the intended purpose or is processed unlawfully, or you revoke your consent in accordance with above (c) or have declared an objection in accordance with above (d);
f) to demand the restriction of data under certain conditions, insofar as deletion is not possible or the deletion obligation is disputed (Art. 18 GDPR);
g) on data portability, i.e. You can receive your data that you have provided to us in a commonly used machine-readable format, such as CSV and when necessary, transmit it to others (Art. 20 GDPR).
h) If you have given your consent to the use of data, you can revoke it at any time with effect for the future.
All requests for information, deletion and correction, requests for information, requests for data portability, objections to data processing, etc. should be sent by e-mail to privacy@isystem.com.
If you are of the opinion that the processing of your data violates data protection rights, or your data protection claims have otherwise been violated in any way, you can also contact the responsible data protection supervisory authority, https://www.lda.bayern.de/de/index.html.
7. Indicative time-limit for the deletion and blocking of personal data
Your personal data will only be stored for as long as it is necessary to achieve the storage purpose or if this is ordered or provided for by legal regulations. If the purpose of storage no longer applies or if a storage period prescribed by law expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
8. Data security (security measures)
In accordance with the legal requirements, considering the state of the art, the implementation costs, scope, circumstances, and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.
Measures shall include ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, ensuring availability and their separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to the threat to the data. Furthermore, we consider the protection of personal data already during the development or selection of hardware, software, and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
Shortening of the IP address: If IP addresses are processed by us or by the service providers and technologies used and the processing of a complete IP address is not required, the IP address will be shortened (also referred to as "IP masking"). The last two digits, or the last part of the IP address after a period, are removed or replaced by placeholders. The shortening of the IP address is intended to prevent or make it much more difficult to identify a person based on their IP address.
SSL encryption (https): To protect your data transmitted via our online offer, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.
9. Changes to the Privacy Policy
We reserve the right to change the data protection information to adapt it to changed legal situation or changes to our offers. Therefore, please look at the information on a regular basis and inform yourself about the latest information on data processing and contact details before using our services and when contacting us.
Status: 03/2022