Privacy Statement
To ensure that you feel safe, secure, and comfortable when visiting our websites, we have put together the information below regarding how your data is handled.
1. Controller
The controller responsible for the processing of personal data that is collected when you visit this website is SoftwareONE AG, Corporate Headquarters, Riedenmatt 4, CH-6370 Stans, email: info@softwareone.com, phone: +41 44 832 41 69.
2. Usage Data for Statistical Purposes
When you visit our websites, our web server temporarily analyzes so-called usage data for statistical purposes as a protocol in order to improve the quality of our websites. This data set consists of the following:
- the name and the address of the content requested,
- the date and time of the query,
- the volume of data transmitted,
- the access status (content transferred, content not found),
- the description of the type of web browser and operating system used,
- the referral link that indicates from which website you arrived at our website
- the IP address of the requesting computer, which is abridged in such a way that it is no more possible to trace it back to a person.
The protocol data are only analyzed in an anonymized manner.
3. Data Protection
We take technical and organizational measures to protect your data against unauthorized access as comprehensively as possible. We use an encryption method on our websites. In this process, your information is transmitted between your computer and our server and vice versa via the Internet using TLS encryption. You can generally see this because the lock symbol in your browser’s status bar is closed, and the address line starts with https://.
4. Required Cookies
We use cookies on our websites that are required for using our websites.
Cookies are small text files that can be stored and read on your end device. A distinction is made between session cookies that are deleted again as soon as you close your browser and permanent cookies that are stored beyond the individual session.
We do not use these required cookies for analysis, tracking or advertising purposes.
Some of these cookies only contain information about certain settings and do not pertain to a particular person. They may also be required to facilitate the user guidance, security and implementation of the website.
We use these cookies on the basis of Art. 6(1f) of the General Data Protection Regulation (GDPR).
You can adjust your browser settings so that the browser informs you when cookies are placed. This keeps you informed of the use of cookies. You are furthermore able to delete cookies at any time via the corresponding browser setting and prevent the placement of new cookies. Please note that if you do so, you may not be able to display our website and some functions may technically no longer be available.
5. Google Analytics
We use the web analysis tool "Google Analytics" for the appropriate design of our websites. Google Analytics generates usage files on the basis of pseudonyms. To this purpose, permanent cookies are stored on your end terminal and read by us. This enables us to identify returning visitors and to count them as such.
The data are processed on the basis of your consent in accordance with Art 6(1a) GDPR if you gave your consent via our banner.
You may withdraw your consent at any time. To do so, please click on this link and select the corresponding settings via our banner.
Google supports us within the context of Google Analytics in its capacity as a contract processor in accordance with Art. 28 GDPR. Data may be processed outside of the EU and/or the EEA. With respect to Google, it can be assumed that the participation in the Privacy Shield in accordance with Art. 45(1) GDPR and the use of EU standard contractual clauses in accordance with Art. 46(2c) GDPR ensures an appropriate protection of the data.
6. Website Analysis
We use web analysis tools for the appropriate design of our websites. These tools generate usage files on the basis of pseudonyms. To this purpose, permanent cookies are stored on your end terminal and read by us. In addition, it is possible that we retrieve recognition characteristics for your browser or your end terminal (such as a so-called browser fingerprint or your unabridged IP address). This enables us to identify returning visitors and to count them as such.
We also use the following functions to quantify the traffic:
- We enrich the pseudonymous data with other data provided by third-party providers. This enables us to capture the demographic characteristics of our visitors, for example information about their age, sex and place of residence.
- We use retargeting for website visitors so that we can display targeted advertising outside of our website with the help of these data without identifying the member.
The data are processed on the basis of your consent in accordance with Art 6(1a) GDPR if you gave your consent via our banner.
Which third-party providers do we use in this context?
Below, please find the third-party providers with which we collaborate in order to quantify the traffic. If the respective data are processed outside of the EUR or the EEA, we will provide information on the appropriate data protection level. You will also be instructed on how to revoke your consent:
| Tool | Third-party provider | Appropriate data protection level |
|---|---|---|
| LinkedIn Insight Tag | LinkedIn (USA) | Privacy Shield Agreement (Art. 45(1) GDPR). |
7. Tracking Technologies from Third-Party Provider for Advertising Purposes
We use cross-device tracking technologies so we can display to you targeted advertising on other websites on the basis of your visit and determine how effective our advertising was. The data are processed on the basis of your consent in accordance with Art 6(1a) GDPR if you gave your consent via our banner. Your consent is voluntary and can be revoked at any time.
How does the tracking work?
When you visit our websites, it is possible that the third-party providers listed below access your browser or your end terminal (for example a so-called browser fingerprint), analyze your IP address, store and/or read recognition characteristics on your end terminal (such as cookies) or gain access to individual tracking pixels.
The third-party providers may use the individual characteristics to recognize your end terminal on other websites. We can instruct the respective third-party providers to display advertising that depends on the websites you visited.
What does cross-device tracking mean?
If you register with the third-party provider using your own user data, the respective recognition characteristics of different browsers and end devices can be lined with each other. If the third-party provider generated a separate characteristic for the laptop, desktop or the Smartphone or tablet you use, these individual characteristics can be associated with each other as soon as you use a service of the third-party provider with your login information. This way, the third-party provider can effectively manage our advertising campaigns across different end terminals.
Which third-party providers do we use in this context?
Below, please find a list of the third-party providers with which we collaborate for advertising purposes. If the respective data are processed outside of the EUR or the EEA, we will provide information on the appropriate data protection level. You will also be instructed on how to revoke your consent:
| Tool | Third-party provider | Appropriate data protection level |
|---|---|---|
| Google Ads, Google Ads Conversion, Google Ads Remarketing, DoubleClick | Google (USA) | Privacy Shield Agreement (Art. 45(1) GDPR). |
| Facebook Pixel, Facebook Custom Audience, Facebook Connect | Facebook Inc. | Privacy Shield Agreement (Art. 45(1) GDPR). |
| LinkedIn Ads | LinkedIn (USA) | Privacy Shield Agreement (Art. 45(1) GDPR). |
| Xing (Germany) | Processing only within the EU/EEA | |
| Marketo | Adobe (USA) | Privacy Shield Agreement (Art. 45(1) GDPR). |
8. Google Tag Manager
We use the Google Tag manager to organize our website analysis tools. No cookies are used in this regard, and no personal data are processed in connection with the Google Tag Manager.
9. Map Services
We embed map services into our websites that are not stored on our servers. For example, you can find out the exact location of a SoftwareONE entity. To ensure that access to our websites with embedded map services does not automatically cause the content of the third-party provider to be loaded as well, we first only display locally stored thumbnails of the maps. This does not provide the third-party provider with any information.
Content from third-party providers is only loaded when you give your consent. In that case, the third-party provider receives the information that you accessed our website as well as the usage data that are required in this regard for their service. We have no influence on the further data processing performed by the third-party provider. With your consent, you allow us to load the third-party provider content.
Maps are embedded on the basis of your consent in accordance with Art 6(1a) GDPR which is given by your clicking on the thumbnail.
| Tool | Third-party provider | Appropriate data protection level |
|---|---|---|
| Google Maps | Google (USA) | Privacy Shield Agreement (Art. 45(1) GDPR). |
10. Embedded Videos
We embed videos into our websites that are not stored on our servers. To ensure that access to our websites with embedded videos does not automatically cause the content of the third-party provider to be loaded as well, we first only display locally stored thumbnails of the videos. This does not provide the third-party provider with any information.
The third-party provider content is only loaded when you give your consent on the thumbnail. In that case, the third-party provider receives the information that you accessed our website as well as the usage data required for accessing the videos. We have no influence on the further data processing performed by the third-party provider. With your consent, you allow us to load the third-party provider content.
Videos are embedded on the basis of your consent in accordance with Art 6(1a) GDPR which is given by your clicking on the thumbnail.
| Third-party provider | Appropriate data protection level | Consent revocation |
|---|---|---|
| YouTube / Google (USA) | Privacy Shield Agreement (Art. 45(1) GDPR). | Once you have clicked on a thumbnail, the third-party provider content is loaded immediately. If you do not desire such loading on other websites, please do not click on the thumbnails. |
| Vimeo (USA) | Privacy Shield Agreement (Art. 45(1) GDPR). | Once you have clicked on a thumbnail, the third-party provider content is loaded immediately. If you do not desire such loading on other websites, please do not click on the thumbnails. |
11. Newsletter
You can sign up for our free newsletter on our website. The newsletter provides you with information about current trends and event highlights in the IT industry, special offers, new products, services and important dates for IT decision makers. We require your email address for the registration. We will use the email to send the newsletter to you.
You will receive a confirmation email from us after you have completed the application form. The application is not activated until you have clicked on the link in the confirmation email. You can unsubscribe from the newsletter at any time. Simply use the unsubscribe link which is found at the end of every email or send an email to info.global@softwareone.com. Your email address will then be deleted from the distribution system. The legal basis for data processing is Art. 6(1b) GDPR (consent). You may withdraw your consent at any time.
12. PyraCloud Customer Account
If you, as one of our customers, would like to use the access-protected PyraCloud area, you must set up an account first. PyraCloud is a central platform with which you can manage software licenses and Cloud subscriptions, display your entire On-Premises and current Cloud software and, at the same time, use a combined view of your technology platforms and commercial agreements. We only collect data in this context that are required for the registration. The data are processed on the basis of Art 6(1b) GDPR (contractual fulfillment) to provide you with the services and the information of the PyraCloud area.
13. COMPAREXonline Customer Account
We provide our customers with the opportunity to set up a customer account for the COMPAREXonline customer portal. There, you may buy software or integrate product and pricing information in your purchasing system at any time. In addition, you are provided with an overview of the products and licenses you purchased as well as information about their term. It also allows you to generate offers and orders. The legal basis for data processing is Art. 6(1b) GDPR (contractual fulfillment).
14. Academy (Seminars, Training Sessions, and Webinars)
You can register for one of our courses. To do so, you will be taken to a separate website where you can learn about our range of products and services and register for the courses offered by the academy. The legal basis for data processing is Art. 6(1b) GDPR (contractual fulfillment). Please observe the respective data protection notice.
15. Activities and Events
You can register for activities and events on our website. The legal basis for data processing is Art. 6(1b) GDPR (contractual fulfillment). We use the information provided by you to prepare and carry out activities and events.
16. Online Application
You can apply for a position with SoftwareONE online. To this purpose, we make an online application system available on our website. Your data and the files attached to the application are transmitted in an encrypted manner. Your application data are received by the Human Resources Department and forwarded to the department for which the position was posted and/or individuals responsible for filling a position. The legal basis for this data processing is Sec. 26(1) clause 1 of the German Federal Data Protection Act (decision on the establishment of an employment relationship). All parties involved will treat your application records with due diligence and in a confidential manner. Once the selection process has ended, the information and the documents provided by you for the respective selection process will be deleted after six months, unless we concluded an employment contract with you. We use a software solution for the online application system that is offered by iCIMS, Inc., a company based in the United States. That company assists us as a processor. We signed an order processing agreement with iCIMS in accordance with Art. 28 GDPR. The data processing performed by the company iCIMS, Inc. is also subject to the Privacy Shield. This way, an appropriate data protection level is ensured.
17. Contact Form
You can contact us by using our contact forms. To use our contact forms, we first need from you the data that are entered in the fields marked as required. We use this data on the basis of Art. 6(1f) GDPR. We have a justified interest to contact the users of our website and to answer questions and respond to queries. In addition, you can decide yourself whether you want to provide us with further information. Said information is provided voluntarily and is not mandatory for contacting us. Your data will only be used to answer your inquiry. We will delete your data as soon as it is no longer required and is not subject to statutory retention obligations. You may object to the processing of your data at any time. To do so, please use the email address provided together with the company details.
18. Blog with Comment Function
You are able to comment on the blog entries on our websites. Your comment will be published on our website. Please note that we may still manually review your comment before it is published, which means that comments may be posted with a delay. If you provide a name (which may be a pseudonym as well), this name will be published next to your comment. We use these data on the basis of Art. 6(1f) GDPR. We have a justified interest to contact the users of our website and to respond to blog comments.
19. Geo-Localization and Website Protection via IPstack
We use your IP address to forward you to the respective country website of SoftwareONE. To do so, we use the IP geo-localization API Ipstack. Using the API, information about the country where our website visitors are located can be obtained in real time. This way, the language version of the website can be matched with the IP address of the country of origin. Even when the user later returns to our website, a cookie will store the last language version that was visited and return the user there again. This also makes it possible to detect any threats posed by risky IP addresses in a more efficient manner. If a harmful address uses our website, the quick identification by ipstack will ensure that you are protected. The data are processed on the basis of Art. 6(1f) GDPR. We have a justified interest in displaying the language version as well as the content of your country's website to you and to protect our website against harmful addresses.
20. Storage Period
Unless we have not already provided specific information about the storage period, we will delete personal data when it they no longer required for the aforementioned processing purposes, but only if not prevented from doing so by statutory retention periods.
21. Other Processors
We forward your data for processing purposes to other service providers in accordance with Art. 28 GDPR that assist us with the operation of our websites and related processes. These are hosting service providers, for example. Our service providers are subject to strict confidentiality obligations and have signed the respective agreements.
Below, please find a list of the processors with which we cooperate, if these were not already listed in the text of the Privacy Statement above. If data are transferred to a country outside the EU or the EEA, we will provide information on the appropriate data protection level.
| Processors | Purpose | Appropriate data protection level |
|---|---|---|
| LH.pl Sp. z o.o. (Poland) | Web hosting and support | Processing only within the EU/EEA |
| iCIMS, Inc. (USA) | Online applicant management and support | Privacy Shield Agreement (Art. 45(1) GDPR). |
22. Your Rights as a Data Subject
Right of Access (Art. 15 GDPR)
You have the right to obtain a confirmation about whether personal data concerning you are being processed; if that is the case, you have a right of access to the personal data and the information listed in detail in Art. 15.
Right to Rectification (Art. 16 GDPR)
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and, if applicable, to have incomplete data completed.
Right to Erasure (Art. 17 GDPR)
You have the right to demand from us the erasure of personal data concerning you without undue delay provided one of the grounds specified in Art. 17 GDPR applies.
Right to Restriction of Processing (Art. 18 GDPR)
You have the right for the duration of the verification by the controller to demand the restriction of processing if one of the conditions specified in Art. 18 GDPR applies, e.g. if you have objected to the processing.
Right to Data Portability (Art. 20 GDPR)
In certain cases specified in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and to have these data transmitted to a third party.
Right to Object (Art. 21 GDPR)
If data are collected on the basis of Art. 6(1f) of the GDPR (processing necessary for the purposes of legitimate interests) or on the basis of Art. 6(1e) GDPR (data processing in the public interest or in the exercise of official authority), you have the right to object to this processing, on grounds relating to your particular situation, at any time. We will no longer process the personal data unless there are demonstrable compelling legitimate grounds for this processing which override your interests, rights and freedoms or which serve in the establishment, exercise or defense of legal claims.
Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)
Pursuant to Art. 77 GDPR, you have the right to complain to a supervisory authority if you feel that the processing of your data has infringed the provisions of data protection law. In particular, the complaint may be lodged with a supervisory authority in the Member State in which you generally live or work or the Member State in which the alleged infringement occurred.
23. The contact details for the data protection officer
Our data protection officer for EU countries would be pleased to assist you with requests for information on the subject of data protection and privacy. Please use the following contact information:
Mr. Peter Suhren
FIRST PRIVACY GmbH
Konsul-Smidt-Str. 88
28217 Bremen
Germany
data-protection.eu@softwareone.com
Fon: +49.341.2568.000