Data protection declaration
With the following data protection information, we, fodjan GmbH, Großenhainer Straße 101, 01127 Dresden, as the responsible party within the meaning of the German Data Protection Regulation (GDPR), explain which personal data we process when you visit our website and use our online services.
We reserve the right to adjust our data protection information from time to time so that it always complies with the current legal requirements or to reflect changes in our services. We therefore recommend that you read the data protection information regularly to keep up to date with the protection of the personal data we process.
I. Scope of application and legal basis
(1) This data protection declaration informs you about the type, scope and purpose of the processing of personal data within our online offer and the websites, functions and content connected to it.
(2) With regard to the terms used, such as “personal data” or their “processing”, we refer to the definitions from Art. 4 GDPR.
(3) The term “user” includes all categories of persons affected by the data processing. They include our business partners, customers, interested parties and other visitors to our online offer. The terms used, such as “user”, are to be understood as gender-neutral.
(4) The personal data of users processed within the framework of this online offer includes
(5) The processing of users’ personal data is carried out in particular for the following purposes:
(6) We process users’ personal data only in compliance with the relevant data protection provisions. This means that users’ data are only processed with the consent of the data subject or on another legitimate basis regulated by law. This is particularly the case if the data processing is necessary for the fulfilment of our contractual services (e.g. for the processing of orders and requests) and our online services or is required by law, if the users have given their consent or if it is based on our legitimate interests. Legitimate interests include the analysis, optimisation, security and economic operation of our online services.
(7) We point out that the legal basis of the consents (Art. 6 para. 1 sentence 1 lit. a) and Art. 7 GDPR), the legal basis for the processing for the fulfilment of our services and implementation of contractual measures (Art. 6 para. 1 sentence 1 lit. b) GDPR), the legal basis for processing to fulfil our legal obligations (Art. 6 para. 1 sentence 1 lit. c) GDPR) and the legal basis for processing to protect our legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
II. Security measures
(1) We shall take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. This is intended to protect the data we process in particular against accidental or intentional manipulation, loss, deletion or unauthorised access by third parties. The security measures also include the encrypted transmission of data between your browser and our server.
(2) In addition, we have established procedures to ensure the exercise of data subjects’ rights, the deletion of data and a response to the compromise of data.
III. Disclosure of data to third parties and third-party providers
(1) If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission. This applies, for example, if the data is transferred to third parties (Art. 6 para. 1 sentence 1 lit. b) GDPR), if this is necessary for the performance of a contract, if you have consented (Art. 6 para. 1 sentence 1 lit. a) and Art. 7 GDPR), a legal obligation provides for this (Art. 6 para. 1 sentence 1 lit. c) GDPR) or on the basis of our legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR), e.g. when using agents, web hosts, etc.
(2) If we process data in a third country (i.e. outside the European Union or the European Economic Area) or if this occurs in the context of the use of third-party services or the disclosure or transfer of data to third parties, this will also only take place if the special requirements of Art. 44 et seq. GDPR are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU or in compliance with officially recognised special contractual obligations (so-called “standard data protection clauses”).
(3) If we commission third parties with the processing of data in the sense of a so-called “order processing agreement”, this is done on the basis of Art. 28 GDPR.
IV. Collection of access data and log files
(1) We collect data on every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 Sentence 1 lit. f) GDPR. This data is technically necessary to display the respective website to you and to ensure stability and security. The access data includes, in particular, the name of the website accessed, file, date and time of access, volume of data transferred, notification of successful access, browser type and version, the user’s operating system, the website previously visited and the IP address.
(2) Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.
V. Provision of contractual and pre-contractual services
(1) We process inventory, contact, contract and content data for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 sentence 1 lit b) GDPR. The entries marked as mandatory in online forms are required for the conclusion of a contract, pre-contractual measures or services similar to a contract, such as participation in our workshops.
(2) User data may be stored in our customer relationship management system (CRM system). We use the HubSpot service of the service provider HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA. Hubspot is an integrated software solution that we use to cover various aspects of our online marketing. These include: Contact Management (e.g. user segmentation & CRM), email marketing and contact forms.
We have concluded a commissioned processing agreement with the service providers in accordance with Art. 28
GDPR. In addition, in the event of data transfer to third countries subject to data protection law, suitable guarantees exist for the protection of data subjects as defined in Art. 46 (2) (c) GDPR by concluding standard data protection clauses and including the performance of a data transfer impact assessment. In this regard, we would like to expressly point out any risks, for example the more difficult enforcement of data subject rights under data protection law. Further information regarding data processing by HubSpot is available in the company’s data protection information.
(3) Users who make use of our software service must register and create a user account in which they can, among other things, view the licence they have booked and their invoices. If you register for our product or other offers, we will provide you with the required mandatory information as part of the registration process. As part of the further registration process, we ask you to agree to our General Terms and Conditions and to read our data protection declaration. The data collected by us in this process will be used exclusively for the provision of the product. The processing of the required mandatory data is carried out for the purpose of providing our product for the fulfilment of the contract or for the processing of pre-contractual measures in accordance with Art. 6 Para. 1 Sentence 1 lit. b) GDPR.
(4) Within the scope of the use of our functions of registration and renewed registrations as well as the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests according to Art. 6 para. 1 sentence 1 lit. f) GDPR, as well as those of the users in protection against misuse and other unauthorised use. As a matter of principle, this data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so. The data is automatically deleted after 7 days.
(5) The registration data collected will be deleted as soon as processing is no longer necessary. This usually happens when you no longer use our offered product. In this case, however, we must observe retention periods under tax and commercial law. A deletion of data for the provision of contractual services takes place after the expiry of legal warranty and comparable obligations. In the case of legal archiving obligations, deletion takes place after their expiry (end of commercial law (6 years) and tax law (10 years) retention obligation). The information in the customer account remains until it is deleted.
VI. Blogs and publication media
We operate a blog or comparable means of online communication and publication (hereinafter “publication medium”) via our website. Readers’ data are processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers or for security reasons.
When contacting us by e-mail, the user’s details are processed for the purpose of handling the contact enquiry and its processing in accordance with Art. 6 Para. 1 Sentence 1 lit. b) GDPR. We delete the data accruing in this context after storage is no longer necessary or – in the case of statutory retention obligations – restrict processing.
(2) Contact form
If you contact us via our contact form, your e-mail address, your IP address and the date and time of contact are collected. This data is stored and used for the purpose of answering your request or for contacting you and the associated technical administration, as well as for prosecution in the event of misuse of our contact form.
In addition, we process the data you voluntarily provide in the free text field. This can be, for example, your master data (names, addresses), contact data (e-mail, telephone numbers) or other content data (text entries). The data is processed to answer your enquiries and to communicate with you.
We process your data for the fulfilment of the contract or for the execution of pre-contractual measures according to Art. 6 para. 1 sentence 1 lit. b) GDPR, or due to our legitimate interest according to Art. 6 para. 1 sentence 1 lit. f) GDPR to respond to your enquiry.
Your data will be deleted after your enquiry has been processed, provided that there are no legal obligations to retain data.
(1) On our website you have the possibility to register for our topic-related newsletters and mailings. In order to register, it is sufficient to provide your e-mail address. To enable us to address you personally, we ask you to enter your first and/or last name. The personal data that will also be transmitted to us can be seen from the input mask used for this purpose. If the contents are specifically described in the context of a registration, they are decisive for the user’s consent. By subscribing to our newsletter, you agree to receive it and to the procedures described.
(2) The newsletter and e-mails are sent on the basis of your consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a) GDPR (possibly in conjunction with § 7 Para. 2 No. 3 UWG) or, if consent is not required, on the basis of our legitimate interests in direct marketing in accordance with Art. 6 Para. 1 Sentence 1 lit. f) GDPR. lit. f) GDPR in conjunction with. § Section 7 (3) UWG, if and to the extent that this is permitted by law, e.g. in the case of existing customer advertising.
(3) We use the HubSpot service of the service provider HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA to send e-mails. We have concluded an order processing agreement with the service provider in accordance with Art. 28 GDPR. In addition, in the event of data transfer to third countries subject to data protection law, suitable guarantees exist for the protection of data subjects within the meaning of Art. 46 (1) GDPR through the conclusion of standard data protection clauses and including the performance of a data transfer impact assessment pursuant to Art. 46 (2) (c) GDPR. In this regard, we would like to expressly point out any risks, for example the more difficult enforcement of data subject rights under data protection law. Further information regarding data processing by HubSpot can be found in the company’s data protection information.
(4) Registration for our newsletter only takes place after prior registration via form. This means that after registration you will receive an e-mail in which you will be informed of your registration and, if you have not registered yourself, you will also find a link to reject the registration. Please therefore also check your spam folder after registering, should our message have been placed there by your provider. Registrations for the newsletter are stored in order to be able to prove the registration process in accordance with legal requirements. This includes the storage of the registration and confirmation time as well as the e-mail address and, if applicable, the name and self-entered information in the form.
The registration process is recorded on the basis of our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR. The registration procedure is recorded for the purpose of proving that it has been carried out properly
(5) You can revoke your consent to receive our newsletters or emails at any time with future effect by confirming the unsubscribe link at the end of each email.
(6) We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove consent formerly given. The processing of this data is limited to the purpose of a possible defence against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the event of obligations to permanently observe objections, we reserve the right to store the e-mail address in a blacklist for this purpose alone.
IX. Newsletter and e-mail tracking
(1) Our newsletters and mailings contain a so-called “web beacon”, i.e. a pixel-sized file which is retrieved from the server of our dispatch service provider when the e-mail is opened. Within the scope of this retrieval, technical information such as information on the browser and your system, as well as your IP address and the time of the retrieval, are initially collected.
(2) This information is used for the technical improvement of our newsletter and our mailing based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or the access times. This analysis also includes determining whether the emails are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual recipients. However, it is neither our intention nor, if used, that of the dispatch service provider to observe individual users. Rather, we use the analyses to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
(3) For the analysis, we use the HubSpot service of the service provider HubSpot, Inc., 25 First St., 2nd floor, Cambridge, Massachusetts 02141. We have concluded an agreement on commissioned processing with the service provider in accordance with Art. 28 GDPR. In addition, in the event of data transfer to third countries subject to data protection law, suitable guarantees exist for the protection of data subjects within the meaning of Art. 46 (1) GDPR through the conclusion of standard data protection clauses and including the performance of a data transfer impact assessment pursuant to Art. 46 (2) (c) GDPR. In this regard, we would like to expressly point out any risks, for example the more difficult enforcement of data subject rights under data protection law. Further information regarding data processing by HubSpot can be found in the company’s data protection information.
(4) The evaluation of the newsletter and the measurement of success are carried out, subject to the express consent of the users within the meaning of Art. 6 (1) sentence 1 a) GDPR, on the basis of our legitimate interests pursuant to Art. 6 (1) sentence 1 f) GDPR for the purpose of using a user-friendly and secure newsletter system that both serves our business interests and meets the expectations of the users.
(5) Unfortunately, a separate revocation of the performance measurement is not possible; in this case, the entire subscription to the newsletter must be cancelled or revoked.
X. Google Fonts
We use Google Fonts, a service of Google Ireland Limited (“Google”), for the uniform display of fonts in different browsers of our website visitors and for the technically secure, maintenance-free and efficient use of fonts, as well as taking into account possible restrictions under licensing law for their integration. The legal basis is our legitimate interest according to Art. 6 para. 1 sentence 1 lit. f) GDPR.
The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for fonts are made separately from all other Google services. According to Google, it only restricts itself to providing fonts and only evaluates the visitors’ data in aggregated form. This means that the sum of all data is only used to create statistics (e.g. which font is used how often). For this purpose, usage data (e.g. interest in content) as well as meta and communication data (e.g. device information and IP addresses) are processed, aggregated according to Google.
XI. Google SiteSearch (Google AJAX Search API)
XII. Cookies Settings
Click here to update cookie settings:
(1) We use the technology of cookies for our online offer. Cookies are small text files that are stored on your terminal device assigned to the browser you are using and through which certain information flows to the body that sets the cookie (in this case by us). Cookies cannot execute programmes or transfer viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.
(3) You can delete the cookies in the security settings of your browser at any time. In addition, you can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may then not be able to use all the functions of our online offer.
XIII. Google Analytics
(1 On the basis of your consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR and with regard to the setting of cookies pursuant to § 25 para. 1 TTDSG in conjunction with Art. 4 no. 11, Art. 7 GDPR. Art. 4 No. 11, Art. 7 GDPR, we use Google Analytics, a web analytics service provided by Google Ireland Limited (“Google”). For this purpose, an order processing contract has been concluded with Google in accordance with Art. 28 GDPR. In addition, in the event of data transfer to the parent company Google LLC – based in the USA – suitable guarantees exist for the protection of data subjects within the meaning of Article 46 (1) GDPR through the conclusion of standard data protection clauses in accordance with Article 46 (2) (c) GDPR. Your declaration of consent also expressly includes the possible global transfer and processing of data by other group companies of Google LLC. In this regard, we would like to expressly point out any risks, for example, the more difficult enforcement of data protection rights.
(2) The cookies set by Google Analytics or comparable technologies are used to process usage data (e.g. web pages visited, access times) and communication data (e.g. IP addresses, device information) on our behalf in order to evaluate the use of our online offering, compile reports on the activities within our online offering and provide other services associated with the use of our online offering. In this context, it is also possible to create pseudonymised user profiles.
(4) We use Google Analytics in order to display the ads placed within Google’s advertising services and those of its partners only to users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited), which we transmit to Google (so-called “Remarketing Audiences” or “Google Analytics Audiences”). With the help of Remarketing Audiences, we also want to ensure that our ads correspond to the potential interest of the users and do not have a harassing effect.
XIV. Google Re/Marketing Services
(1) We use the marketing and remarketing services (in short “Google marketing services”) of Google Ireland Limited (“Google”) on the basis of your consent in accordance with Art. 6 Para. 1 Sentence 1 lit a.) GDPR and with regard to the setting of cookies in accordance with § 25 Para. 1 TTDSG i.V.m. Art. 4 No. 11, Art. 7 GDPR the marketing and remarketing services (in short “Google marketing services”) of Google Ireland Limited (“Google”). For this purpose, a contract for commissioned processing has been concluded with Google in accordance with Art. 28 GDPR. In addition, in the event of data transfer to the parent company Google LLC – based in the USA – suitable guarantees exist for the protection of data subjects within the meaning of Article 46 (1) GDPR through the conclusion of standard data protection clauses in accordance with Article 46 (2) (c) GDPR. Your declaration of consent also expressly includes the possible global transfer and processing of data by other group companies of Google LLC. In this regard, we would like to expressly point out any risks, for example, the more difficult enforcement of data protection rights.
(2) The Google marketing services allow us to display advertisements for and on our website in a more targeted manner in order to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products in which he or she has shown interest on other websites, this is referred to as “remarketing”. For these purposes, when our website and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, which content he or she is interested in and which offers he or she has clicked on, as well as technical information on the browser and operating system, referring websites, time of visit and other information on the use of the online offer. The IP address of the user is also recorded, whereby we inform Google Analytics that the IP address is shortened within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area and only in exceptional cases is transmitted in full to a Google server in the USA and shortened there. The IP address will not be merged with user data within other Google offerings. The aforementioned information may also be combined by Google with such information from other sources. If the user subsequently visits other websites, he or she may be shown ads tailored to his or her interests.
(3) The user’s data will be processed pseudonymously as part of the Google marketing services. This means that Google does not store and process the name or e-mail address of the user, for example, but processes the relevant data on a cookie basis within pseudonymous user profiles. I.e. from Google’s perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymisation. The information collected about users by Google marketing services is transmitted to Google and stored on Google’s servers in the USA.
(4) The Google marketing services we use include the online advertising programme “Google AdWords”. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies can therefore not be tracked via the websites of AdWords customers. The information obtained with the help of the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. The AdWords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.
XV. Google Tag Manager
XVI. Rights of users
Data subjects may at any time request information about the personal data concerning them and, if necessary, request correction or deletion or restriction of processing, or object to processing. They also have the right to data portability. Furthermore, if the data processing is carried out on the basis of consent, this can be revoked at any time for the future. To exercise your rights, please contact our data protection officer, RA Alexander Weidenhammer, Dresdner Institut für Datenschutz at datenschutz[at]fodjan.de (further contact details at www.dids.de). In addition, pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority if it is suspected that the processing of personal data is unlawful.
XVII Deletion of data
(1) The data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. If the user data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for reasons of commercial or tax law.
(2) In accordance with legal requirements, data is retained for 6 years pursuant to § 257 para. 1 HGB (e.g. for commercial and business letters) and for 10 years pursuant to § 147 para. 1 AO (e.g. for commercial books and accounting vouchers).
XVIII. Right of objection
Users may object to the future processing of their personal data in accordance with the statutory provisions at any time. The objection can be made in particular against the processing for purposes of direct advertising.