1. Introduction

PlanRadar GmbH, FN 400573d, HG Vienna, Kärntner Ring 5-7, Top 201, 1010 Vienna, (hereinafter referred to as “PlanRadar”) develops, sells and manages software for construction documentation and defect management.

These General Terms and Conditions govern the rights and obligations between PlanRadar and PlanRadar’s customers. PlanRadar’s customers are business owners/entrepreneurs as defined within Section 1 (2) KSchG (Austrian Consumer Protection Act).

2. Scope of application

2.1 These General Terms and Conditions govern the business relationship between PlanRadar and PlanRadar’s customers, whether for payment or not (e.g during trial phases). PlanRadar provides services exclusively based on these General Terms and Conditions. Any use of PlanRadar services by the customer shall have the effect that these General Terms and Conditions will form the basis of such business relationship.

2.2 In addition to these General Terms and Conditions, the current PlanRadar price lists (see www.planradar.com), as well as any other contract terms to the extent that these have been individually agreed in writing, shall apply.

2.3 If the customer has its own terms and conditions, by using any services of PlanRadar, the customer agrees and confirms that only PlanRadar’s General Terms and Conditions shall apply to the contractual relationship between PlanRadar and the customer to the exclusion of any terms and conditions of the customer. Any terms and conditions of the customer will only apply if PlanRadar expressly confirms this in writing.

2.4 Individual agreements must be made in writing (and must be signed by the parties). Any informal statements and declarations made by PlanRadar (including those made by email) are not binding.

2.5 PlanRadar is entitled to unilaterally change these General Terms and Conditions at any time. The customer will be notified of such changes via email at least two months before they will take effect. The customer will be entitled to object to such change in writing within four weeks from receipt of the email. The change will be deemed accepted and binding, if either the customer has consented to the change or if the user has not objected to this change within the four-week period. PlanRadar will separately point out these legal consequences and the option to object in the notification e-mail. In the event of an objection, PlanRadar is entitled to terminate the contracts concluded with the customer under the old General Terms and Conditions for good cause, subject to a one-month notice period. If PlanRadar does not terminate one or more such contracts in the event of an objection, the old General Terms and Conditions shall continue to apply to such contract or contracts.

3. PlanRadar’s Services

3.1 PlanRadar provides the customer with a system (potentially) consisting of several modules for construction documentation and defect management as software-as-a-service (“SaaS”) in the respective current version for use via the Internet, an app as client software as well as the possibility to store data (hereinafter referred to as “Software”).

3.2 Additional services, such as adapting the Software to the individual requirements of the customer, require a separate agreement.

3.3 PlanRadar reserves the right to further develop and change the Software and all specifications of the Software at any time (e.g. by using newer or different technologies, systems, processes or standards). The customer benefits from such ongoing Software development and accordingly acknowledges in return, that there may be times when temporary maintenance takes place in connection with any updates and upgrades. PlanRadar will notify the customer in good time if there will be any significant changes in service performance. If the customer experiences unacceptable disadvantages as a result of the service changes, the customer will be entitled to terminate the contract extraordinarily within 14 days of receipt of the notification of the service changes with such termination taking effect on the date on which the changes will become effective.

3.4 The customer has the option of using the Software free of charge for a period of 30 days after registration (test phase). Before the end of this free trial phase, PlanRadar will contact the customer and inform the customer of the option to take out a contract in return for payment to continue to use the Software. If the customer does not take up this option, the customer’s user account will be locked and then deleted after 30 days at the earliest.

3.5 PlanRadar is only responsible for the services that PlanRadar itself provides. The customer may not raise any claims against PlanRadar for any Software malfunctions caused by the customer or a third party intervention.

3.6 The place of PlanRadar’s service provision is the router exit to the Internet located at the data center used by PlanRadar. The customer’s end devices and the Internet connection are not part of PlanRadar’s service.

4. The Customer’s Duties

4.1 The customer undertakes to only use the Software according to these General Terms and Conditions as well as according to any individual agreements. The customer must ensure that all of its users (employees or other third parties attributable to the customer) also comply with the relevant terms. The customer is liable to PlanRadar for all damages resulting from the violation of the customer’s or its user’s obligations, in particular in the case of any illegal use of the Software.

4.2 The customer shall only use the software for its intended purpose and shall not misuse it, in particular not use it to store or distribute unlawful content. The customer further undertakes not to use any technical equipment, software systems or other data that could impair the Software or systems of PlanRadar.

4.3 The customer is not permitted to make changes to the Software or to have such changes carried out by third parties.

4.4 The customer must maintain the IT infrastructure that is required to use the Software at its own expense and own risk.

4.5 The customer must take appropriate technical steps to secure its system and must regularly backup its data.

4.6 The customer must secure its login details to the Software and not make them accessible to third parties.

4.7 PlanRadar may block the customer’s access to the Software in the event of a breach of these General Terms and Conditions or of any individual agreements, particularly if the customer defaults on payment. This does not affect the customer’s duty to continue paying the contractual fee for use. In addition, the customer must reimburse PlanRadar for any costs incurred in connection with the blocking of the customer’s access.

4.8 The customer agrees that PlanRadar may name it as reference customer in its public appearance. PlanRadar will agree with the customer the use of customer logos, project data, etc. before publication.

5. Rights of use

5.1 All rights to the Software belong to PlanRadar. The customer is only granted the non-exclusive, non-transferable and non-sublicensable right to use the software to the agreed extent during the contract period. In particular, the customer may only duplicate the Software to the extent necessary for the intended use of the Software (e.g. loading into the main memory of the various terminals). The customer is not permitted to reproduce, sell, rent or lend the Software or parts of it in any other way or to transfer it to third parties or to grant them sublicenses. The customer is allowed to temporarily assign subcontractor access in accordance with the product description of the Software.

5.2 Unless otherwise agreed, no further rights to the Software are granted to the customer. In particular, the customer shall not acquire any rights whatsoever in the Software, and in particular no copyright, no trademark, patent, or other intellectual property rights.

5.3 For third-party software products provided to the customer by PlanRadar, the respective license terms of the manufacturer of these software products shall take precedence over the provisions of this section 5. With regard to the license terms of the third-party software products used within the scope of the software, we expressly refer to point 13.

5.4 The Customer is not entitled to reverse engineer, decompile or disassemble the Software unless (and only to the extent that) applicable law expressly and compulsorily permits it, notwithstanding this limitation.

5.5 Points 5.1 and 5.2 apply mutatis mutandis to all documents provided by PlanRadar to the customer, in particular, to the Software documentation.

6. Warranty, liability and malfunctions

6.1 PlanRadar provides the Software to the customer according to principles of “reasonable best efforts”. PlanRadar will therefore make every economically reasonable effort to ensure that the use of the Software is as uninterrupted as possible and will correct software errors that restrict the use of the software.

6.2 PlanRadar assumes no warranty or liability for the permanent availability of the Software or that the Software will be free from errors. The customer expressly acknowledges that, according to the current state of technology, it is not possible to completely exclude all errors from the Software. Connection errors or necessary maintenance work by PlanRadar can also result in temporary malfunctions. Insofar as for individual cases the liability cannot be effectively excluded, improvement shall take priority over a price reduction or cancellation of the contract.

6.3 PlanRadar shall not be liable for any direct or indirect damage to the customer or third parties caused by malfunctions or for damage to the customer’s end devices. Compensation for consequential damage such as loss of earnings or lost profits is excluded, as is liability for damages to the customer due to project delays. Likewise, PlanRadar is not liable for any loss of savings or for damages resulting from third-party claims.

6.4 PlanRadar is only liable in the event of intent and crass gross negligence. In addition, PlanRadar’s liability for each damage causing event, even if there are multiple injured parties, is limited to a total of 10,000 Euros. If the total damage is higher, claims for damages by the individual injured parties will be reduced proportionately.

6.5 PlanRadar cannot exclude the possibility of data loss or other impairments, in particular due to impairments in the customer’s internet connections in the course of synchronization processes. PlanRadar assumes no liability for this either.

6.6 PlanRadar is not liable for damage and defects that are due to improper operation, changed operating system components, interfaces and parameters, changes to the necessary system settings, use of unsuitable organisational means or simple application errors. Likewise, PlanRadar is not liable for disruptions in the public communication networks or inadequate system requirements for the customer (current system requirements for using the software can be found at www.planradar.com.)

6.7 The customer will immediately inform PlanRadar of any malfunctions and, if possible, with a comprehensible description of the error so a correction can be made as soon as possible. The customer will free of charge assist PlanRadar to remedy any malfunctions. Any rectification of malfunctions by PlanRadar requires in any case that the customer has fully met its payment obligations.

6.8 High-risk environments: The software may contain components that react negatively to errors or in which contained errors are only detected later and corrected in the course of the usual patches. The software is not designed to be used in a hazardous environment that requires fail-safe (fault-tolerant) performance or in any other application where failure of the Software could directly result in death, injury, serious property damage or environmental damage.

6.9 To the extent and as far as obligations relating to the Software are affected due to force majeure, including war, terrorism, natural disasters, fire, strike, lockout, embargo, governmental intervention, epidemic or pandemic, power supply failure, transport failure, telecommunication network or data lines, or legislative changes effected after conclusion of the contract or other unavailability of the Software cannot be rectified on time or not in a proper manner, this does not constitute a breach of contract and does not entitle the customer to any claims against PlanRadar.

7. Data protection

7.1 As a user of the software, the customer is the person responsible for data protection, PlanRadar is merely a processor. For this purpose, a separate contract for processing will be concluded; in the absence of an individually agreed contract for processing, the standard contract for processing by PlanRadar will apply.

7.2 As the person responsible, the customer is in charge of compliance with the provisions of the General Data Protection Regulation – GDPR and the Austrian Data Protection Act – DSG. Insofar as the customer processes personal data when using the software (e.g. enters, processes, stores or transmits personal data to PlanRadar), it guarantees that it is entitled to do so in accordance with the applicable data protection regulations.

8. Confidentiality

8.1 The customer and PlanRadar mutually undertake to treat all business and trade secrets of the respective other party obtained in connection with this contract and its execution as such as confidential and not to make them accessible to third parties, unless they are generally known, or were already known to the recipient beforehand without an obligation to secrecy, or are communicated or provided to the recipient by a third party without an obligation to secrecy, or have demonstrably been developed independently by the recipient, or are to be disclosed due to a legally binding official or judicial decision. This obligation shall apply for an unlimited period of time after the end of the contractual relationship.

8.2 Subcontractors engaged by PlanRadar for the fulfilment of the contract are not considered third parties if they are subject to a confidentiality obligation corresponding to this point.

9. Duration and termination

9.1 The term of the contract is specified in the individual agreement with the customer; if there is no such stipulation, contracts are concluded for an indefinite period.

9.2 Both PlanRadar and the customer can terminate unlimited contracts at the end of the respective accounting period (12 months, unless expressly agreed otherwise) by giving one month’s notice. Also, the deletion of the account by the customer shall be considered as termination at the end of the respective accounting period, and the deletion must be made at least one month before the end of the respective accounting period.

9.3 Fixed-term contracts may be terminated by either contracting party by giving one month’s notice before the end of the respective contract period. If they are not terminated, they are automatically extended by a further year in each case. Deletion of an account by the customer shall also be deemed to be a termination of the contract at the end of the respective contract period, and the deletion must take place at the latest one month before the end of the respective contract period.

9.4 Termination must take place in writing or via the PlanRadar platform by an administrator appointed and authorised by the customer.

9.5 An extraordinary termination by PlanRadar with immediate effect is possible in particular under the following conditions:

9.5.1 If the customer provides incomplete or incorrect information or fails to provide required proofs.

9.5.2 If the customer is in default of payment during 30 days; the granting of a grace period is not required.

9.5.3 If there is reasonable suspicion that the Software is being misused.

9.6 The customer is responsible for backing up his data in good time before termination of the contract. 30 days after the expiry of the contract, the customer can no longer access his data.

10. Information requirements

10.1 The customer must immediately inform PlanRadar of any changes in his address. If the customer has failed to do so, PlanRadar’s declarations are deemed to have been delivered if delivery was made to the last valid address provided by the customer for communication.

10.2 The customer accepts that PlanRadar can also send legally meaningful declarations to the customer by email or other electronic media (this also applies to invoices, which may be electronically signed to comply with the provisions of the sales tax law (Umsatzsteuergesetz)). Declarations are deemed to have been received as soon as the customer can access them or take note of them under normal circumstances.

11. Terms of payment and other financial terms

11.1 All amounts (unless otherwise stated) are exclusive of the currently applicable sales tax and other charges. A cash discount is not provided or granted.

11.2 User fees are generally charged in advance for the accounting period in question.

11.3 When ordering via the PlanRadar website, payment claims are due in accordance with the conditions of the payment provider Fastspring (http://www.fastspring.com/) – unless stated otherwise.

11.4 The customer shall bear all bank charges and other expenses associated with the transfer.

11.5 In the event of late payments, the customer will be charged interest on arrears at 10% p/a of the outstanding amount, plus reasonable reminder fees. The customer must bear all necessary and appropriate costs incurred for the intervention of lawyers and collection agencies.

11.6 Payments by the customer are initially offset against any costs or interest on arrears. Then, they are offset against the oldest debt.

11.7 PlanRadar is entitled to unilaterally increase the prices of the Software and will notify the customer in good time, at least 1 month in advance. For an unlimited contract, the price change takes effect at the beginning of the next accounting period, in the case of a fixed-term contract at the beginning of the next contract year.

11.8 Invoices are considered to be accepted if no objection has been raised in writing within 3 months after the invoice has been issued.

11.9 The customer cannot offset its own claims against PlanRadar’s claims. The customer’s right of retention is also excluded.

12. Other provisions

12.1 Should one or more provisions of these General Terms and Conditions be or become ineffective or unenforceable in full or in part, the validity of the remaining provisions will not be affected. The ineffective or unenforceable provision is to be replaced by a corresponding valid regulation as close as possible to the economic purpose of the ineffective or unenforceable clause.

12.2 The right to claim a reduction by more than half (laesio enormis) is excluded.

12.3 Any transfer by the customer of the rights or obligations based on the contract requires the prior written consent of PlanRadar. However, PlanRadar is entitled to transfer the contract to a third party in full or in part without the customer’s consent.

12.4 PlanRadar is entitled to use third parties in full or in part to fulfil its obligations.

12.5 Austrian law applies exclusively, even if the software is used outside Austria or there is any other international connection. The reference standards provided for in Austrian law and the United Nations Convention on Contracts for the International Sale of Goods do not apply.

12.6 Any disputes shall be subject to the exclusive jurisdiction of the competent court in Vienna Inner City. The place of performance is also Vienna Inner City.

13. Third party license agreements

> Download “Third party license agreements”

1. General

PlanRadar securely and sensitively handles your personal data in accordance with all applicable data protection provisions, in particular the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG). Personal data is all information that pertains to identified or identifiable natural persons, for example name, address, email addresses or IP addresses.

As a provider of cloud-based Software as a Service (SaaS) products, in particular the PlanRadar solution for construction documentation, task and defect management, PlanRadar primarily acts as a processor for users of its products within the meaning of Article 4 (8) GDPR. Independently of this, PlanRadar also processes personal data under its own responsibility and thus acts as a Controller within the meaning of Article 4 (7) GDPR.

This privacy policy concerns the processing in which PlanRadar GmbH (Kärntner Ring 5-7, Top 201, 1010 Vienna, Austria, registered under company number (FN) 400573d at the Vienna Commercial Court) is the Controller within the meaning of Article 4 (7) GDPR (hereafter called the “Controller” or “we”).

The Controller’s Data Protection Officer can be reached at the above-mentioned address and via email at [email protected].

As Controller, PlanRadar processes personal data in various ways and for various purposes:

2. Data processing of website visitors and those interested in our products

By only visiting our website or using our products (e.g. installing our apps), without registering or providing other information, we process only the personal data that your device transfers to our servers. This includes IP addresses, technical information on the browser and operating system, the approximate place of residence and possible error messages (e.g. crash notifications).

The legal basis for this processing is for the purposes of our legitimate interests (Article 6 (1) (f) GDPR), specifically the analysis and guaranteed operation of our websites and our products.

This data is not transferred to third parties.

Providing the listed information is not a statutory requirement but is required for the operation of our website or use of our products.

3. Data processing by using cookies and analysis methods

We use our own cookies and the cookies of selected partners during website visits. In addition, we also use various tools for analysis and optimisation (e.g. web and app tracking, performance tracking) when our websites are visited and our products are used. Cookies and these optimisation/analysis tools are used only if and to the extent that your consent has been obtained, unless they are required for the functionality or guaranteed safe operation of our websites or our products. You can find more information on the cookies and analysis tools used here.

If you have granted us your consent to do so, we also use these tools to process your IP address and technical information about your browser and operating system, the approximate place of your residence, demographic information, the source of our website visitors and activity data such as clicks and page views to improve the user experience and our range of information, and to analyse and optimise the operation of our websites and our products, including the optimisation of our marketing activities.

The legal basis for this processing is your explicit consent (Article 6 (1) (a) GDPR) and for the purposes of our legitimate interests (Article 6 (1) (f) GDPR), specifically the analysis and guaranteed operation of our websites and our products. You can partially withdraw (limit) or fully withdraw your consent to the use of cookies and the mentioned analysis tools at any time via this link.

We may disclose your data to the recipients listed under Point 14 to achieve the purposes listed above.

Providing the listed data is not a statutory requirement but is, in some cases, required to provide particular functionalities of our websites or products. If this data is not provided or is partially provided, you may be unable to use or have restricted use of certain functions of our websites or our products. There are no negative consequences to refraining from providing data for optimisation and analysis purposes.

4. Data processing in conjunction with the use of additional functions of our websites and products

If you do not only use our websites for information purposes but make use of additional functions and services that our websites and products offer (e.g. the contact form, chat, webinar) or would like to participate in information campaigns, as a rule you must provide us with additional personal data for us to process your enquiries and make the provided functions available. This typically includes information that we require to contact you, for example first name, surname, email address, telephone number and company master data. We process this data together with the data collected in connection with visiting our website and using our products (see Point 2 ), in particular the IP addresses collected and the activity data associated therewith (e.g. clicks, page call-ups, etc.). Furthermore, we process the data made available to us by transferring it to our CRM system (see Point 9 ).

The legal basis for this processing is your express consent (Article 6 (1) (a) GDPR), to take steps prior to entering into a contract or to fulfil our contractual obligations (Article 6 (1) (b) GDPR) and for the purposes of our legitimate interests (Article 6 (1) (f) GDPR), specifically the analysis and guaranteed operation of our websites and products, continuous improvement of our products and optimisation of our marketing activities. In some instances, we complete data sets processed by us with the use of data enrichment solutions to obtain a full data set about you (Data Enrichment, see Point 7).

We may disclose your data to the recipients listed under Point 14 to achieve the purposes listed above.

Providing the listed data is not a statutory requirement but is required to contact you and to use the provided functions of our websites and products. If this data is not provided or is partially provided, you may be unable to use certain functions of our websites and products or have limited use of these, or we may not be able to contact you. There are no negative consequences to refraining from providing data for optimisation and analysis purposes.

5. Data processing after personal contact

If you contact us at trade fairs or exhibitions, for example, and provide your data to us, by handing us business cards or completing a form for example, we process the data made available to us by transferring it to our CRM system (see Point 9). This typically includes information that we require to contact you, for example first name, surname, email address, telephone number and company master data.

The legal basis for this processing is to take steps prior to entering into a contract (Article 6 (1) (b) GDPR) and for the purposes of our legitimate interests (Article 6 (1) (f) GDPR), specifically establishing a business relationship and maintaining our business contacts (CRM). In some cases, we also supplement the data by collecting data from third parties (Data Enrichment, see Point 7).

Providing the listed data is not legally stipulated but is required to contact you. If this data is not provided or partially provided, we may not be able to contact you and enter into a business relationship with you.

6. Data processing when you subscribe to our marketing newsletter

If you subscribe to our newsletter, we process your contact details, in particular your email address, first name, surname, title and IP address to send our marketing newsletter. We also process information on which newsletter we have sent you, whether and when you have opened this, whether it could be delivered, whether you have subscribed or unsubscribed to the newsletter and if you have clicked on links in the newsletters, which and how many. In particular, we process the data made available to us by transferring it to our CRM system (see Point 9).

The legal basis for this processing is your express consent (Article 6 (1) (a) GDPR). You can withdraw your consent to receiving the marketing newsletter at any time. To do this, you can unsubscribe from the marketing newsletter at any time by using the link within the newsletter or by emailing [email protected].

We may disclose your data to the recipients listed under Point 14 to achieve the purposes listed above.

Providing the listed data is not a statutory requirement but is required for our marketing newsletter to be sent. If this data is not provided or is partially provided, we may not be able to send you our marketing newsletter.

7. Data processing for data collected by third parties (Data Enrichment)

In general, we collect personal data directly from you, so that as a rule you can decide on making your personal data available to us. However, in some cases we may obtain personal data from other sources.

These other sources are primarily the internet, from which we obtain publicly available information. In addition, we also obtain information from data enrichment providers. In individual cases, we also obtain information from third parties (e.g. credit agencies).

This personal data is typically limited to contact information (first name, surname, email address, telephone number, postal address) as well as information on your work for a specific company, the company headquarters, the company industry and your role in this company.

If you apply to work with us, we may also process information from publicly available sources on your educational and professional background.

The legal basis for this processing is our legitimate interest (Article 6 (1) (f) GDPR) in a complete data set about you, which is required for professional communication and the establishment of a business relationship or the application process. In general, the recipients and storage duration of this data comply with the respective processing for which the data was collected.

We may disclose your data to the recipients listed under Point 14 to achieve the purposes listed above.

8. Data processing of PlanRadar product users

If you create a (test) account to use our products, we process (i) information that we assign to you as a (test) Account Owner and require to contact you. This includes your first name, surname, email address, telephone number (ii), company master data (e.g. company name, postal address, email addresses, telephone numbers, contact person, role), (iii) information on the type and content of our contractual relationship (e.g. number, type and duration of activated licences and information on the requested and created offers), (iv) marketing-relevant information such as industry and target group as well as information on the origin and history of (test) accounts (e.g. responsible sales partners, date of last contact, clicked adverts).

In terms of individual users of our products who are assigned to a specific (test) account, we process information that we require to contact and uniquely assign the user. This includes contact details such as first name, surname, email address, telephone numbers and company details as well as information that we require to manage the user account (e.g. the (test) account that the user is assigned to, licence number, date on which the account was created, account type, whether the account is active/inactive).

In addition, we also process information on the activities of our users in our products, in particular activity data such as the number of projects created, number of tickets created and the device used.

The legal basis for this processing is to take steps prior to entering into a contract or to fulfil our contractual obligations (Article 6 (1) (b) GDPR) and for the purposes of our legitimate interests (Article 6 (1) (f) GDPR), specifically the analysis and guaranteed operation of our websites and products, continuous improvement of our products and optimisation of our marketing activities.

If we have received the respective consent, we also process the contact details of users of our products together with their activity data to (i) interactively support new users with the use of our products and facilitate their use of our products (Onboarding, see Point 10) and (ii) to provide information on (new) product functions or updates/upgrades and, if applicable, the status of the account and to (iii) hold customer surveys on improving service quality. For these purposes, we may also contact you via email, phone, video conference and/or by notifications in our products (e.g. pop-up windows, push-notifications). If you have given us your consent for this, we may also list you as a reference customer on our websites.

The legal basis for this processing is your express consent (Article 6 (1) (a) GDPR). You can withdraw this consent at any time, for example by emailing [email protected] or simply deactivating this in your individual profile settings.

If you activate a paid account with us, we process payment information in addition to the above-mentioned data. Payment information includes invoice recipients, invoice addresses, invoice numbers, invoice period, due date, bank details, payment conditions, contact person for invoices, VAT ID, etc.

The legal basis for this processing is to fulfil our contractual obligations (Article 6 (1) (b) GDPR), to fulfil our legal obligations (Article 6 (1) (c) GDPR) and for the purposes of our legitimate interests (Article 6 (1) (f) GDPR), specifically the optimisation of our accounting processes and for liquidity management purposes.

We specifically process the listed data by transferring it to our CRM system (see Point 9).

If you activate the functions of PlanRadar Connect, we process the respective package information (e.g. Workato-ID, company name, task quota and term of the package) and the information from technical protocols required for operating PlanRadar Connect (e.g. workflow-logfiles, possible error messages) in addition to the above-mentioned data.

The legal basis for this processing is to fulfil our contractual obligations (Article 6 (1) (b) GDPR), to fulfil our legal obligations (Article 6 (1) (c) GDPR) and for the purposes of our legitimate interests (Article 6 (1) (f) GDPR), specifically the analysis and guaranteed operation of our products.

PlanRadar Connect is hosted and provided by Workato, Inc (“Workato”). Workato is a provider headquartered in the USA. We have concluded a contract with Workato in accordance with standard contract clauses within the meaning of Article 46 (2) GDPR, in which Workato is obliged to process user data only in accordance with our instructions and to comply with EU data protection levels. You can obtain more information on this here: Workato Services Privacy Policy

We may also disclose your data to the recipients listed under Point 14 to achieve the purposes listed above.

Providing the listed data is not a statutory requirement but is required to initiate, maintain and fulfil the business relationship and to meet our legal obligations. If this data is not provided or partially provided, we may not be able to conclude a contract with you or support you when you use our products.

9. Use of CRM systems

We use the services of Hubspot. Hubspot is a Customer Relationship Management (CRM) subscription and marketing automation system from Hubspot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA) with subsidiaries in Ireland (Ground Floor, Two Dockland Central, Guild Street, Dublin 1) and Germany (Am Postbahnhof 17, 10243 Berlin).

We use Hubspot for contact management, email marketing (newsletters and automated mailings), providing product information such as new functions or updates/upgrades), reporting (traffic sources, access, etc.), landing pages and contact forms.

If you create a test account to use our products, activate a paid account or are invited to create an account by an account owner, or disclose to us contact information and other demographic information in another way (e.g. in a contact form on our website), we may transfer this information and any content retrieved from our website or in our products, to Hubspot Hubspot’s services help us to subsequently contact website visitors, interested parties and users of our products and, additionally, to answer their enquiries and to determine which of our company services would be of interest to them. What’s more, Hubspot’s services also improve the efficiency when working with our products and help to generally improve user experience and service quality when one uses our products and visits our websites.

If you have granted us consent to this, we also process your contact details such as email address, first name, surname, title and IP address for email marketing and to provide product information such as new functions, unused functions or updates/upgrades and, if applicable, information on account status. You can withdraw your consent at any time, by emailing [email protected] or simply deactivating this in your individual profile settings.

The legal basis for this processing is your express consent (Article 6 (1) (a) GDPR) and for the purposes of our legitimate interests (Article 6 (1) (f) GDPR), specifically improving user experience and service quality when our products are used or our websites are visited (e.g. quick and efficient processing of enquiries).

Hubspot is a provider headquartered in the USA. We have therefore concluded a contract with HubSpot in accordance with standard contract clauses within the meaning of Article 46 (2) GDPR, in which HubSpot is obliged to process user data only in accordance with our instructions and to comply with EU data protection levels. You can obtain more information on this here: https://legal.hubspot.com/de/dpa and here (German): https://legal.hubspot.com/de/privacy-policy

Furthermore, we use the customer relationship management system Zoho CRM from Zoho Corporation, 4141 Hacienda Drive Pleasanton, CA 94588, USA to store and efficiently manage our contact details.

Zoho is a provider headquartered in the USA. We have therefore concluded a contract with Zoho in accordance with standard contract clauses within the meaning of Article 46 (2) GDPR, in which Zoho is obliged to process user data only in accordance with our instructions and to comply with EU data protection levels.

You can view more information on Zoho’s website here: https://www.zoho.com/gdpr.html

The legal basis for this processing is for the purposes of our legitimate interests (Article 6 (1) (f) GDPR), specifically establishing a business relationship and maintaining our business contacts (CRM).

We use various tools to process data stored in our CRM system. This includes the sales platform SalesLoft that we use to improve organisation of our sales processes. To do this, SalesLoft accesses some of the customer details contained in our CRM systems (contact information and company information) and merges this with information on interactions with us (e.g. telephone calls, communication via email and/or social networks). This information helps us to centrally coordinate our sales activities and to always communicate with our customers authentically, with up-to-date information.

SalesLoft is a provider headquartered in the USA. We have therefore concluded a contract with SalesLoft in accordance with standard contract clauses within the meaning of Article 46 (2) GDPR, in which SalesLoft is obliged to process user data only in accordance with our instructions and to comply with EU data protection levels.

The legal basis for this processing is for the purposes of our legitimate interests (Article 6 (1) (f) GDPR), specifically the continuous optimisation of our sales processes.

10. Interactive Support (Digital Adoption)

If such consent has been obtained, we process the contact details of our product users together with the activity data in our products to interactively support (new) users when using our products and to facilitate their use of our products (onboarding). For this purpose, we use the services of the following providers:

A) Pendo, 150 Fayetteville Street Suite #1400, Raleigh, NC, 27601 USA.

If Pendo’s service is used, information is collected on which walk-thrus have been completed within our products and which Pendo widgets have been opened within our products. Pendo does not collect any personal data except for IP addresses and the approximate geolocation of the user (country and city in which they are located). Pendo assigns the collected metadata to anonymous random GUIDs.

Pendo is a provider headquartered in the USA. We have concluded a contract with Pendo in accordance with standard contract clauses within the meaning of Article 46 (2) GDPR, in which Pendo is obliged to process user data only in accordance with our instructions and to comply with EU data protection levels. You can find additional information on data privacy at Pendo here: https://www.pendo.io/legal/privacy-policy/.

The legal basis for this processing is your express consent (Article 6 (1) (a) GDPR). You can withdraw your consent at any time, by emailing [email protected] or simply deactivating this in your individual profile settings.

We may disclose your data to the recipients listed under Point 14 to achieve the purposes listed above.

11. Data processing for business partners and suppliers

If you are our business partner or supplier or would like to become one, we process (i) information that we require to contact you (e.g. first name, surname, email address, telephone number) (ii) company master data (e.g. company name, company register number, postal addresses, email addresses, telephone numbers, contact people, role) as well as (iii) payment information (e.g. invoice recipients, invoice addresses, invoice numbers, invoice period, bank details, contact person for invoices, VAT ID, etc.) to initiate, maintain and fulfil our goods and services contracts and to conduct the ongoing business of our company.

The legal basis for this processing is to take steps prior to entering into a contract or to fulfil our contractual obligations (Article 6 (1) (b) GDPR), to fulfil our legal obligations (Article 6 (1) (c) GDPR), and for the purposes of our legitimate interests (Article 6 (1) (f) GDPR), specifically the optimisation of our accounting processes and for the purposes of liquidity management.

We may disclose your data to the recipients listed under Point 14 to achieve the purposes listed above.

Providing the listed data is not a statutory requirement but is required to initiate, maintain and fulfil the business relationship and to meet our legal obligations. If this data is not provided or partially provided, we may not be able to conclude a contract with you.

12. Applicant data processing

If you submit a job application to us, we process all the data that you provide in your application (CV, cover letter, other documents such as school certificates and recommendation letters). These typically include personal data (name, date and place of birth, nationality), contact details (email and postal address, telephone number, social media profiles), and other information (photo, training/skills/knowledge/official assessments/certificates/experience, professional experience, hobbies and interests, family members). We ask you to refrain from communicating any special categories of personal data in your application. This includes information indicating your racial and ethnic background, political opinions, religious or philosophical beliefs or trade union membership, as well as health data or data on your sexual life or orientation. Such information is automatically saved together with your other data and is not processed separately.

If you give us your consent to this, we also keep you on file as an applicant.

The legal basis for this processing is to take steps prior to entering into a contract (Article 6 (1) (b) GDPR), your consent, if applicable (Article 6 (1) (a) GDPR) and for the purposes of our legitimate interests (Article 6 (1) (f) GDPR), specifically the optimisation of our application processes.

We may disclose your data to the recipients listed under Point 14 to achieve the purposes listed above.

Providing the listed data is not a statutory requirement but is required for the application procedure. If this data is not provided or partially provided, we may not be able to process your application and establish an employment relationship.

13. Data processing when you subscribe to our HR-newsletter

If you subscribe to our HR-newsletter, we process your contact details such as your email address, first name, surname and IP address to send our HR-newsletter. We also process information on which HR-newsletter we have sent you, whether and when you have opened this, whether it could be delivered, whether you have subscribed or unsubscribed to the HR-newsletter and if you have clicked on links in the HR-newsletters, which and how many. In particular, we process the data made available to us by transferring it to our CRM system (see Point 9).

The legal basis for this processing is your express consent (Article 6 (1) (a) GDPR). You can withdraw your consent to receiving the HR-newsletter at any time. To do this, you can unsubscribe from the HR-newsletter at any time by using the link within the HR-newsletter or by emailing [email protected].

We may disclose your data to the recipients listed under Point 14 to achieve the purposes listed above.

Providing the listed data is not a statutory requirement but is required for our HR-newsletter to be sent. If this data is not provided or is partially provided, we may not be able to send you our HR-newsletter.

14. Data recipients

Your data may be transferred by us to the following recipients or categories of recipients in accordance with the processing described above:

15. Storage duration

In general, your data is only kept for as long as required for the respective purpose:

• The storage duration of log data is 3 months
• We delete data that is required for processing enquiries and making contact, within 3 years of the business relationship ending or our last contact with you
• We keep data and contracts that are relevant for our accounting in compliance with company or tax law regulations, in general, this duration is for 7 or 10 years respectively
• In general, we keep data stored on the basis of your consent until consent is withdrawn or the contractual relationship is complete
• Data from unsuccessful job applicants is generally stored for 6 months. Beyond this, we only keep applicant data if consent has been given for this to be kept on file.

Data is then deleted unless such deletion, in some individual cases, conflicts with any of our legitimate interests (e.g. continued storage of data as evidence, or to establish or defend legal claims, taking into consideration the relevant applicable limitation periods).

16. Rights of the data subject

Right of access (Article 15 GDPR): You have the right to obtain confirmation as to whether or not personal data concerning you is processed.

Right to rectification (Article 16 GDPR): If we process your data and this is incorrect or incomplete, you have the right to request its rectification or completion.

Right to erasure (Article 17 GDPR): You have the right to request erasure of your personal data where one of the following grounds applies:

• The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed
• You withdraw consent and there is no other legal ground for the processing
• You object to the processing and there are no overriding legitimate grounds for the processing, or you object to the processing for direct advertising purposes
• The personal data has been unlawfully processed
• The personal data has to be erased for compliance with a legal obligation
• The personal data has been collected in relation to the offer of information society services from a child

As stated above, there may be reasons that preclude immediate deletion, for example in the case of legally prescribed storage obligations.

Right to restriction of processing (Article 18 GDPR): You have the right to request restriction of processing if:

• You contest the accuracy of the personal data, and for a period enabling us to verify the accuracy of the personal data
• The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead
• We no longer need the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims
• You have objected to the data processing

Right to data portability (Article 20 GDPR): You have the right to receive any personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You have the right to transmit this data to another controller if we process this data on the basis of consent that you gave, or to fulfil a contract between us and this processing is carried out by automated means.

Right to object (Article 21 GDPR): If we process your data to perform a task that is carried out in the public interest, or in the exercise of official authority vested in us or on the basis of a legitimate interest, you have the right to object to this data processing. In this case, we shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless this is for the establishment, exercise or defence of legal claims. You can withdraw consent to processing for marketing purposes and the creation of a user profile associated with this, at any time.

Exercise of rights: You can exercise your rights against us at any time. To do this, you can contact us via email at [email protected] or via one of the contact options on our websites.

Withdrawing your consent: Insofar as we process data on the basis of your consent, you have the right to withdraw this at any time by emailing [email protected]. The lawfulness of processing based on the consent until it is withdrawn, remains unaffected by withdrawal.

Right to lodge a complaint: If you think that we have infringed GDPR, you have the right to lodge a complaint with the responsible supervisory authority (in Austria, this is the Data Protection Authority, www.dsb.gv.at).