CADFEM Group Privacy Policy
Version: 11.10.2024; V1.8
For reasons of better readability, the simultaneous use of the language forms male, female and diverse (m/f/d) has been dispensed with. All personal designations apply equally to all genders.
This Privacy Policy provides an overview of the processing of personal data by the companies of the CADFEM Group, described in more detail in Section 2 of this policy, within the scope of the General Data Protection Regulation (GDPR).
In this context, we draw particular attention to the fact that the products and services we sell may be subject to export control regulations. We are therefore obliged to verify the identity of our customers to the extent necessary to prevent the violation of export restrictions. For more information, please refer to Section 11 of this Privacy Policy.
This Privacy Policy serves to inform you about the type and scope of personal data processed by us and the purposes and legal grounds for such processing. Furthermore, we wish to draw your attention to your rights regarding personal data processing by us. Insofar as we use terms that are also used in the GDPR, such as “personal data”, “processing”, “data subject” and “controller”, these terms have the meanings defined in detail in Art. 4 GDPR.
The personal data processed by us, the purposes for which it is processed and the legal grounds upon which it is processed depend on the services you use and/or the agreements you have made with us (e.g. online content, products and/or services ordered or requested). Not all parts of this Privacy Policy will therefore apply to you.
This Privacy Policy does not replace the information that we provide to you separately and in relation to your individual case each time your personal data is collected or when contacting you for the first time. However, it supplements these references.
When processing personal data, we comply with the provisions of the General Data Protection Regulation (GDPR) and, as applicable, with the provisions of other relevant statutory provisions of national legislation on data protection, e.g. in Germany the Federal Data Protection Act (BDSG), and any other legislation, e.g. in Germany the Unfair Competition Act (UWG).
We use binding contractual agreements to protect sensitive non-personal data, e.g. data about products (development status, design data, functional samples, simulation results), which you entrust to us as a customer in the context of the services we offer in the form of support, advice and/or commissioned calculation. Our obligations arising from these agreements extend considerably further than the obligations arising from the statutory provisions (in Germany, for example, from the Act to Protect Business Secrets - GeschGehG).
1. PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
The controllers within the meaning of the GDPR observe the standard principles for processing of personal data set out in Art. 5(1) GDPR. These are lawfulness, fairness, transparency, limitation of purpose, data minimization, correctness, limitation of storage, integrity and confidentiality.
Within the framework of a comprehensive data protection management system, the controllers have put in place the technical and organizational prerequisites that allow demonstration of compliance with these principles, as described in Art. 5(2) GDPR (accountability obligation).
2. NAME AND CONTACT DETAILS OF THE CONTROLLER
The controllers within the meaning of the GDPR are the following legally independent companies of the CADFEM Group.
Insofar as your data is processed in the context of use of the internet addresses (URL) www.cadfem.net and students.cadfem.net, the controller is the company specified below for the respective URL. Please also note the legal notices, the Terms of Use for www.cadfem.net, and the information about the cookies used, which you will find at www.cadfem.net.
For the URL www.cadfem.net/de/, the URL www.cadfem.net/int and the URL students.cadfem.net/
CADFEM Germany GmbH
Am Schammacher Feld 37, 85567 Grafing b. Munich, Germany
Phone: +49 (0)8092-7005-0
info@cadfem.de
For the URL www.cadfem.net/at
CADFEM (Austria) GmbH
Wagenseilgasse 14, 1120 Vienna, Austria
Phone: +43 (0)1-587 70 73
info@cadfem.at
For the URL www.cadfem.net/ch
CADFEM (Suisse) AG
Wittenwilerstrasse 25, 8355 Aadorf, Switzerland
Phone: +41-(0)52-368 01-01
info@cadfem.ch
For the URL www.cadfem.net/fr
CADFEM France SAS
148 Avenue Jean Jaurès, 69007 Lyon, France
Phone: +33 (0)4-83 43 53 9
contact@cadfem.fr
For the URL www.cadfem.net/ie
CADFEM Ireland Ltd. UNIT G3
18 Windsor Pl, Lower Pembroke St, Dublin, D02 PW74, Ireland
Phone: +353 (0)16 522 730
info@cadfem.ie
For the URL www.cadfem.net/gb
CADFEM UK CAE Ltd.
Airport House Business Centre, Purley Way, Croydon, Surrey, England, CR0 0XZ, UK
Phone: +44 (0)208 256 0630
info@cadfem.co.uk
3. CONTACT DETAILS OF THE DATA PROTECTION OFFICER
You can contact our data protection officer at
E-mail: datenschutz@cadfem.de
Phone: +49 8092-7005-10
4. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
Your personal data will only be processed by us if you have consented to its processing for the relevant purpose (Art. 6(1) sentence 1 point (a) GDPR), if processing is necessary for the execution of a contract or for the implementation of pre-contractual measures (Art. 6(1) sentence 1 point (b) GDPR), if we have an overriding interest in its processing (Art. 6(1) sentence 1 point (f) GDPR) or if the GDPR or another law permits or prescribes its processing (Art. 6(1) sentence 1 point (c) GDPR).
5. TARGET GROUP
Personal data of minors (under the age of 16) will not be knowingly collected by us or used in any form. As a rule, we do not know the age of visitors to our website. However, we have not taken any specific measures to protect such data. Persons under the age of 16 may not submit personal data without the explicit consent of their parents or guardians.
6. SOURCES, TYPES AND PURPOSES OF PERSONAL DATA PROCESSED BY US
We process personal data that we receive directly from you from the sources listed below.
In connection with the request for your personal data, you will be informed separately and on a case-by-case basis of the purposes for which your data is processed, the legal grounds on which your data is processed and your rights in connection with personal data processed by us. Detailed information about your rights can be found in Section 10 of this Privacy Policy.
In addition, we process personal data that we lawfully obtain from publicly accessible sources (e.g. the press or the internet) or that is lawfully transmitted to us by other companies of the CADFEM Group or by other third parties. In this case, we provide you with the information specified in Art. 14(3) GDPR within the deadlines specified there. Detailed information can be found in Section 14 of this Privacy Policy.
A) OUR WEBSITE
I) DATA PROCESSING ON OUR WEBSITES
a) Collection of access data and log files
When you access our website, in particular our web service "www.cadfem.net", we process data about your access to the server on which we provide our site. Server log files are created in the process. The information stored includes the names of the web pages and files accessed, the date and time of access, the volume of data transferred, confirmation of successful access, the browser type you are using including its version, the operating system you are using, the so-called referrer URL (this is the website you visited before accessing our website and from which you followed a link to our web service), your IP address and the provider through which our website was accessed. The purpose of processing your personal data in this case is to ensure the security of our website. The legal basis for processing your personal data is our legitimate interest in pursuing this purpose, Art. 6(1) sentence 1 point (f) GDPR. Server log files relating to you are stored for a maximum of seven days and deleted thereafter, unless longer storage is required for evidential purposes.
b) cookies
Our web services use so-called cookies. These serve to make our web service more user-friendly, effective and secure. Cookies are small text files that are set on your computer and saved by your browser. Most of the cookies we use are so-called “session cookies” and are therefore automatically deleted at the end of your visit to our website. Detailed information about the cookies we use (in particular their names, providers - with a link to their privacy policy - purpose, expiration/storage period and type) can be found in the separate cookie information at the end of each page of our web services. Cookies do not damage your computer and do not contain viruses.
c) Data transfers to a country outside the European Economic Area
If you have given your consent, your personal data may be transmitted to servers of a third-party provider (e.g. Google, LinkedIn, etc.) whose servers are located in the USA or another third country (i.e. a country outside the European Economic Area (EEA)). We would like to point out that the level of data protection in the USA and other third countries is not comparable to the EU. You are therefore at risk of access to this data by a government agency. This risk may also exist with regard to other third countries. The admissibility of these data transfers to the USA and other affected third countries is based on your express consent, which you have given after being informed of the risks, pursuant to Art. 49(1) sentence 1 point (a) GDPR.
d) Google Analytics
We use Google Analytics in our web services. This is a web analytics service provided by Google LLC ("Google"). The responsible service provider in the EU and Switzerland is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called cookies. These are text files that are stored on your computer and that allow an analysis of the use of our web services by you. The data generated by the cookies about your use of our web services is transmitted to a Google server and stored there. The IP address you use when visiting our web services is only stored in anonymous form (via an irreversible truncation of the IP address). You can prevent collection of the data generated by the cookies of Google Analytics and related to your use of our web services (including your IP address) and processing of that data by Google Analytics by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout.
You can also prevent collection by Google Analytics by clicking on the following link. Your objection will then be implemented by an opt-out cookie, which prevents future collection of your data when using the current browser to visit our web services: disable collection of data by Google Analytics for this website.
Please note that this objection is only effective as long as the opt-out cookie is set. If your cookies are deleted or you use another browser, the objection is no longer effective.
Your personal data is transferred to the USA, where the level of data protection is not comparable to the EU. You are therefore at risk of access to this data by a government agency.
The legal basis for data processing is Art. 6(1) sentence 1 point (a) GDPR in conjunction with Art. 49(1) sentence 1 point (a) GDPR.
e) Google Ads
We use the online advertising system Google Ads of Google LLC. (“Google”). The responsible service provider in the EU and Switzerland is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). We use so-called conversion tracking in this connection and so-called remarketing in connection with Google Analytics (see above).
f) Google Ads Conversion Tracking
An individual cookie is stored on your device if you click on a Google Ads advertisement placed by us on the website of another provider (Google itself or a provider commissioned by Google). This cookie enables Google to recognize that you have clicked on our advertisement and that your visit to our website came from your click on the advertisement. A unique cookie ID, the number of ad impressions per placement, the last impression and your opt-out information are stored in connection with this cookie (conversion tracking). We do not collect or process any personal data in connection with conversion tracking. We only receive statistical evaluations from Google, which enable us to evaluate the effectiveness of our advertising campaigns. It is not therefore possible for us to identify you.
You may opt-out of participating in Google Ads conversion tracking by disabling the Google conversion tracking cookie in your web browser under "Settings".
Your personal data is transferred to the USA, where the level of data protection is not comparable to the EU. You are therefore at risk of access to this data by a government agency.
The legal basis for data processing is Art. 6(1) sentence 1 point (a) GDPR in conjunction with Art. 49(1) sentence 1 point (a) GDPR.
g) Google Ads Remarketing
Google Ads remarketing allows Google to show you ads on other websites that are part of the Google advertising network and that Google believes match your interests (personalized ads). The prediction is based on an analysis of your browsing behavior. To do this, Google places a cookie on your device, which enables Google to identify the web browser you are using on the device you are using. Insofar as you have consented to this, Google will link your browsing history with your Google Account and display personalized ads on all devices where you are signed in with your Google Account. We do not collect or process any personal data in connection with Google Ads Remarketing.
You can prevent remarketing by setting your browser software accordingly. You can permanently object to cross-device remarketing by deactivating personalized advertising in your Google account; follow this link: https://www.google.com/settings/ads/onweb/.
Further information can be found in Google’s privacy policy at: https://policies.google.com/technologies/ads.
The legal basis for data processing is Art. 6(1) sentence 1 point (a) GDPR in conjunction with Art. 49(1) sentence 1 point (a) GDPR.
h) Facebook pixel
We use the Facebook pixel of Meta Platforms, Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. For users based in the EU, the provider is Meta Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we insert small, transparent image files or lines of code into our web services. By accessing a pixel from your browser, Facebook can recognize whether an advertisement was successful. We do not collect or process any personal data in connection with the use of Facebook pixels. We only receive statistical evaluations from Meta, which enable us to evaluate the effectiveness of our advertising campaigns. It is not therefore possible for us to identify you. The Facebook pixel can be disabled by deactivating the cookie for the Facebook pixel. You will find information about the procedure for this in our cookie information.
Further information can be found in Meta’s privacy policy at https://www.facebook.com/policy.php.
Your personal data is transferred to the USA, where the level of data protection is not comparable to the EU. You are therefore at risk of access to this data by a government agency.
The legal basis for data processing is Art. 6(1) sentence 1 point (a) GDPR in conjunction with Art. 49(1) sentence 1 point (a) GDPR.
i) LinkedIn
We use the LinkedIn Insight Tag of the LinkedIn Corporation, 2029 Stierlein Court, Mountain View, CA 94043, USA. The responsible service provider in the EU and Switzerland is LinkedIn Ireland Unlimited, Wilton Place, Dublin 2, Ireland. The LinkedIn Insight Tag is a simple JavaScript tag that collects metadata such as IP address, time stamp and page events (e.g. page views) and thus enables so-called conversion tracking. The Insight Tag is integrated into our web services and activates the functions of LinkedIn Marketing Solutions. We do not collect or process any personal data in connection with the use of LinkedIn Insight Tag. We only receive statistical evaluations from LinkedIn, which enable us to evaluate the effectiveness of our advertising campaigns. It is not therefore possible for us to identify you.
You can object to the use of the LinkedIn Insight Tag by deactivating the Insight Tag cookie. Instructions on how to do this can be found at https://www.linkedin.com/mypreferences/g/guest-cookies.
Further information can be found in LinkedIn’s privacy policy at https://de.linkedin.com/legal/privacy-policy
Your personal data is transferred to the USA, where the level of data protection is not comparable to the EU. You are therefore at risk of access to this data by a government agency.
The legal basis for data processing is Art. 6(1) sentence 1 point (a) GDPR in conjunction with Art. 49(1) sentence 1 point (a) GDPR.
j) Hubspot
We use the Marketing Hub of HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. HubSpot uses cookies that enable an analysis of the use of our web services. HubSpot evaluates the information collected (e.g. IP address, geographical location, type of browser, duration of visit and pages viewed) on our behalf and thereby enables us to optimize our online offering with regard to marketing and customer communication. In addition, HubSpot provides various lead generation (customer acquisition) functions for our website. These include, in particular, contact forms and newsletter registration. This enables the automation of our marketing with the aim of improving the customer experience.
The data generated by means of the cookies about your use of our web services is transmitted to a server of HubSpot and stored there. You can prevent the collection of the data generated by HubSpot's cookies and related to your use of our web services (including your IP address) to HubSpot as well as the processing of this data by HubSpot by refusing to consent to the use of HubSpot's cookies in our cookie banner. Please note that not all functions of our website will then be available to you.
For more information, please see HubSpot's privacy policy at https://legal.hubspot.com/de/privacy-policy.
HubSpot stores your data in a data center located in the EU. However, HubSpot reserves the right to transfer personal data to partner companies in countries, in particular in the USA, where there is no adequate level of data protection comparable to that in the EU. In this context, HubSpot assures to comply with a comparable level of data protection through contractual agreements. Nevertheless, there is a risk for you of governmental access to this data.
The legal basis for data processing is Art. 6 para. 1 p. 1 a) GDPR in conjunction with Art. 49 para. 1 p. 1 a) GDPR.
k) Newsletter registration
You can register for our newsletter on our website. If you consent to receiving our newsletter by means of the double opt-in procedure used by us (confirmation of the newsletter order by confirming an order notification e-mail sent to the e-mail address provided when subscribing), we will process your e-mail address and your name, if you provide it voluntarily, for the purpose of sending our newsletter to you. For this purpose, your personal data will be stored in a customer relationship management system (“CRM system”), specifying the date of entry, purpose of use and legal basis. We evaluate your use of the newsletter with regard to your interest in our products and services for the purpose of sending you relevant information about our products and services.
Your consent is the legal grounds for processing your personal data for the purpose of sending individually tailored newsletters (Art. 6(1) sentence 1 point (a) GDPR).
You can revoke your consent to receive our newsletter at any time with effect for the future, e.g. by unsubscribing from the newsletter on our website. The link to the unsubscribe page can be found at the end of every newsletter. Any user data collected will be deleted when you unsubscribe.
l) Online forms with collection of personal data
On several of our websites, we offer you the opportunity to provide us with personal data for certain purposes (opening a customer account, contact form, registration for seminars, etc.). If you provide us with your data for the purposes mentioned, it is processed for the purposes stated on our website (or in the case of the contact form, by yourself) for the fulfilment of contractual obligations or for implementation of pre-contractual measures (Art. 6(1) sentence 1 point (a) GDPR). For this purpose, your personal data is stored in a customer relationship management system (“CRM system”), specifying the date of entry, purpose of use and legal basis. In connection with the request for your personal data, you will be informed separately and on a case-by-case basis of the purposes for which your data is processed, the legal grounds on which your data is processed and your rights in connection with personal data processed by us.
m) Online appointment booking - Microsoft Bookings
We offer you the opportunity to book appointments with our employees on our web portal. For this purpose, we use the "Microsoft Bookings" service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. The connection to the service is only established if you access it via a correspondingly labeled button on our web portal. If you do not wish to use the service, we also offer you other options for making appointments.
The use of Microsoft Bookings is subject to Microsoft's terms of use and privacy policy. Microsoft transmits, stores and processes data outside the territorial scope of the GDPR, in particular also in countries without equivalent data protection (e.g. USA). Microsoft ensures data protection in these countries with standard contractual clauses. We have also concluded an order processing agreement with Microsoft. Nevertheless, there is a risk of government access to your data. You can find Microsoft's privacy policy at https://privacy.microsoft.com/de-de/privacystatement.
If you provide us with your data via Microsoft Bookings, it will be processed for the purpose of coordinating appointments. If you contact us in the context of existing contractual relationships (support request) or due to your interest in our products and services, the appointment is made to fulfill contractual obligations or to carry out pre-contractual measures. The legal basis for processing in this respect is Art. 6 para. 1 sentence 1 b) GDPR. If you contact us for other reasons, the legal basis for processing is your consent (Art. 6 para. 1 sentence 1 a) GDPR).
We offer Google Maps services from Google LLC (“Google”) on our website. The responsible service provider in the EU and Switzerland is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). By using this service, you agree to the collection, processing and use of data collected automatically by Google LLC, its agents and third parties. The terms of use of Google Maps can be found under “Terms of Use of Google Maps”.
The legal basis for data processing is Art. 6(1) sentence 1 point (a) GDPR in conjunction with Art. 49(1) sentence 1 point (a) GDPR.
o) Geolocation
We support you in choosing the most suitable company of the CADFEM Group for you by means of a location selection window that opens when you access our website. Our suggestion is based on geolocation of the IP address you are using. Lists saved on our server allow us to use geolocation for your IP address. We obtain these lists from a third-party provider. However, your data is not be passed on to the third-party provider for validation.
II) USE OF THE CADFEM “MYACCOUNT” CUSTOMER ACCOUNT
If you use the “myAccount” customer account offered by us, the related processing of your personal data is carried out for the purpose of executing the contractual relationship concluded with us (Art. 6(1) sentence 1 point (b) GDPR). For this purpose, your personal data will be stored in a customer relationship management system (“CRM system”), specifying the date of entry, purpose of use and legal basis.
III) USE OF THE CADFEM ELEARNING PORTAL
If you use the offers provided on our learning portal (eLearning training offers and training materials for other training offers), your personal data is processed in connection with this for the purpose of implementing the contractual relationship concluded with us (Art. 6 (1) sentence 1 b) GDPR). For this purpose, your personal data will be stored in a customer relationship management system ("CRM system"), indicating the date of entry, the purpose of use and the legal basis.
For the provision of eLearning services and the provision of training materials for other training offers, we use the learning management system Adobe Learning Manager (formerly "Adobe Captivate Prime") of Adobe Inc. The data processing by Adobe Inc. takes place on our behalf on a server of Adobe Inc. in Germany. The use of our learning portal requires the opening of a CADFEM customer account myAccount. Use of Adobe Learning Manager is subject to the terms of use and privacy policy of Adobe Inc. If you reside outside of North America, Adobe Systems Software Ireland Limited (Adobe Ireland) is your contractual partner and as such is responsible for processing your personal information collected by Adobe.
The Adobe Inc. privacy policy can be found at: https://www.adobe.com/de/privacy/policy.html.
We evaluate the use of our Learning Portal for the purpose of improving and developing it.
IV) ONLINE PRESENCE ON SOCIAL MEDIA
We maintain online presences on social networks and platforms, in particular Facebook, X (Twitter), YouTube, LinkedIn and Xing, in order to communicate with customers and potential and existing users who are active there and to inform them about our services.
Insofar as we offer you the possibility within the framework of these online presences to provide us with personal data for specific purposes (e.g. to request further information) and you provide us with your data for the aforementioned purposes, it will be processed for the respective purposes stated. For this purpose, your personal data will be stored in a customer relationship management system ("CRM system"), indicating the date of entry, the purpose of use and the legal basis. In connection with the retrieval of your personal data, you will be informed separately and on a case-by-case basis of the purposes for which your data are processed, the legal basis on which the processing takes place and your rights in connection with the processing of your personal data by us.
In addition, the data you provide is automatically transferred to our marketing hub Hubspot, see section 6. A. I. j) of this privacy policy. For this purpose, we use the Make tool from Celonis Inc, One World Trade Center, 87th Floor, New York, NY, 10007 USA. We have concluded a data processing agreement with Make, according to which Make processes the data on our behalf as the controller. Make stores your data in a data center located in the EU. However, Make reserves the right to transfer personal data to countries in exceptional cases, in particular to the USA, where there is no adequate level of data protection comparable to that in the EU. Make guarantees that it will maintain a comparable level of data protection through contractual agreements. Nevertheless, there is a risk of access to this data by government authorities. Further information can be found in Make's privacy policy at https://www.make.com/en/privacy-notice.
The legal basis for data processing is Art. 6 para. 1 p. 1 a) GDPR in conjunction with Art. 49 para. 1 p. 1 a) GDPR.
When accessing these networks and platforms, the terms and conditions and data processing regulations of the respective provider apply. We would like to point out that you use our pages and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. posting, sharing, rating).
When you visit our online presence, the operators of the respective social networks and platforms record your IP address and other information that is available on your PC in the form of cookies. The data collected about you in this context is processed by the respective social networks and platforms and, if necessary, transferred to countries outside the European Union, where the level of data protection is not comparable to the EU. You are therefore at risk of access to this data by a government agency. We have no control over the type and extent of the data processed, the type of processing or the use or transmission of the data to third parties. We also have no effective control options in this respect. The information collected is also used to provide us, with statistical information about the use of our respective online presence.
Detailed information about data processing by the operators of the social networks and platforms can be found in their data usage guidelines.
The guidelines of Meta (formerly Facebook) Ireland Ltd. can be found at https://facebook.com/privacy/explanation/.
The guidelines of Twitter International Unlimited Company, based in Dublin, Ireland, and X Corp., based in San Francisco, USA, respectively, can be found at https://twitter.com/en/privacy
The guidelines for the use of YouTube can be found in the privacy policy of Google Ireland Limited at https://policies.google.com/privacy.
The guidelines of the LinkedIn Ireland Unlimited Company (“LinkedIn Ireland”) can be found at https://www.linkedin.com/legal/privacy-policy
The guidelines for the use of Xing can be found in the data protection declaration of New Work SE, at https://privacy.xing.com/en.
V) THIRD-PARTY SOCIAL MEDIA PLUGINS
On our web pages, we offer you the opportunity to share our content with users of social networks run by various third-party providers by means of simple clicks on so-called social media buttons. In doing so, we prevent so-called. “user tracking” by these third-party providers. We use the c't project Shariff for this. Direct contact between the respective third-party provider and you will therefore only be established when you click on a social media button. In this case, the hardware you use transmits personal data such as your IP address and your visit to our website directly to the third-party provider. If you are logged in to your account with the third-party provider, they will also link your visit to our website to your account. We ourselves do not transmit any of your personal data to the third-party providers and have no control over the data transmitted by you directly to them.
Your personal data may be transferred to countries outside the European Union where the level of data protection comparable to the EU. You are therefore at risk of access to this data by a government agency.
The legal basis for data processing is Art. 6(1) sentence 1 point (a) GDPR in conjunction with Art. 49(1) sentence 1 point (a) GDPR. You have the option at any time to revoke your consent in the settings of the cookie banner.
Information about the scope of the data collected by the third-party providers and further handling of that data can be found in the privacy policies of the third-party providers.
VI) VIDEO PLATFORMS VIMEO and YouTube
We offer you the opportunity to watch videos on our website. For this we use the services of the video platforms Vimeo and YouTube. The platform Vimeo is operated by the company Vimeo, LLC with its headquarters at 555 West 18th Street, New York, New York 10011, USA. The platform YouTube is operated by the company YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, which has been a subsidiary of Google, LLC since 2006. When you access a video on our website, a connection to the servers oft he respective platform is established and the plugin required for viewing the video is displayed. In addition, various cookies are downloaded to your hardware from servers of the respective platform. Among other things, the respective platform is able to determine which of our web pages you have visited. If you have an account with the respective platform and are logged into it, the platform assigns this information to your account. In this case, the platform will also assign the fact that you are actually watching a video to your account.
Your personal data may be transferred to the USA, where the level of data protection is not comparable to the EU. You are therefore at risk of access to this data by a government agency.
Information about the scope of the data collected by Vimeo and the further handling of that data can be found in Vimeo’s privacy policy. You will find this at https://vimeo.com/privacy.
Information about the scope of the data collected by YouTube and the further handling of that data can be found in the privacy policy of Google, LLC. You will find this at https://policies.google.com/privacy.
The legal basis for data processing is your consent pursuant to Art. 6(1) sentence 1 point (a) GDPR in conjunction with Art. 49(1) sentence 1 point (a) GDPR. In particular, we use a so-called two-click solution, in which cookies of the platforms are not set immediately when the page containing them is called up, but only after a second click, with which you declare your consent to the data transfer. You have the option at any time to revoke your consent in the settings of the cookie banner.
VII) MICROSOFT TEAMS AND MICROSOFT TEAMS MEETINGS (TEAMS TOWNHALL)
Microsoft Teams is a Microsoft Corporation service for teamwork in Office 365. It can be used with a guest account. A Microsoft account is required for active use of guest access, but this is quick and easy to set up. The use of Microsoft Teams is subject to Microsoft’s terms of use and privacy policy. The Microsoft Corporation's terms of use and privacy policy apply when participating in a Microsoft Teams session provided by us.
With the Microsoft Teams functions for meetings, events with many participants can be held, with advanced functions enabling the structured integration of participants. No Microsoft account is required to participate in Teams Meetings. When you use our offerings based on Teams Meetings, various types of data are processed. The scope of this data depends on which data you transmit before or during participation. Please note that if you are logged into your Microsoft account while using Teams Meetings, the data stored in this account (first name, surname, email address) will be transmitted even if you do not consciously re-enter it when using Teams Meetings.
Microsoft Teams transmits, stores and processes data outside the territorial scope of the GDPR, including in particular countries without equivalent data protection (e.g. USA). Microsoft uses standard contractual clauses to ensure privacy in these countries. We have also concluded a commissioned data processing agreement with Microsoft Teams.
The legal basis for the use of Microsoft Teams and the associated third-country processing is Art. 6(1) sentence 1 point (a) GDPR in conjunction with Art. 49(1) sentence 1 point (b) GDPR.
B) CONTACTING US BY E-MAIL AND TELEPHONE
If you contact us by phone or by e-mail, the personal data you transmit to us (telephone number/e-mail address) is used to process your inquiry and respond to it. The legal grounds for this is the consent you have given in accordance with Art. 6(1) sentence 1 point (a) GDPR and, insofar as you request pre-contractual measures to be taken, also Art. 6(1) sentence 1 point (b) GDPR. Your personal data will be stored in a customer relationship management system (“CRM system”), specifying the date of entry, purpose of use and legal basis. When your inquiry has been dealt with, we will delete your personal data, provided that no further contractual relationship exists with you and that further storage is not required under Art. 17(3) GDPR.
C) PARTICIPATION IN CUSTOMER SATISFACTION SURVEYS
Participation in our customer satisfaction surveys is voluntary. If you participate in such surveys, your personal data will be processed on the basis of the information provided by you in accordance with Art. 6(1) sentence 1 point (a) GDPR. Your personal data will be stored in a customer relationship management system (“CRM system”), specifying the date of entry, purpose of use and legal basis.
D) REGISTRATION FOR CADFEM EVENTS
If you provide us with your personal data for the purpose of registering for events held by us (e.g. seminars, CADFEM ANSYS Simulation Conference, webinars, OpenHouse, etc.), it is processed for the purpose of running the event in question and thus for the fulfillment of contractual obligations (Art. 6(1) sentence 1 point (b) GDPR). For this purpose, your personal data will be stored in a customer relationship management system (“CRM system”), specifying the date of entry, purpose of use and legal basis.
Please note that we make film and image recordings of individual events for corporate communication purposes. This applies in particular to the CADFEM Conference. Insofar as individual participants are recognizable on the recordings, the legal basis for this is our overriding interest (Art. 6(1) sentence 1 point (b) GDPR). In weighing this up, we take into account the values of the GDPR and other legal bases, in Germany in particular the Act on Copyright in Works of Fine Arts and Photography. In particular, we only use photographs taken by experienced companies that do not selectively or unflatteringly portray individual participants.
E) PURCHASE OF PRODUCTS AND ORDERING OF SERVICES
If you have provided us with your personal data for the purpose of purchasing products or ordering services, this data is processed for the purpose of executing the contracts concluded in this regard and thus for the fulfillment of contractual obligations (Art. 6(1) sentence 1 point (b) GDPR). For this purpose, your personal data will be stored in a customer relationship management system (“CRM system”), specifying the date of entry, purpose of use and legal basis.
F) REMOTE MAINTENANCE
To the extent that you grant us access to your IT for the purpose of providing support or IT services (remote maintenance), this requires that such remote maintenance does not provide access to personal data. If remote maintenance by us is not possible without granting access to personal data, remote maintenance requires the prior conclusion of a data processing agreement (Art. 28 GDPR).
7. RECIPIENTS AND CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Your personal data is stored in customer relationship management systems (“CRM system”) with details of the legitimate purpose and the legal basis for processing. CADFEM Germany GmbH, CADFEM (Austria) GmbH, CADFEM (Suisse) AG and CADFEM France SAS use a common CRM system. Data that you provide to one of these companies and that is stored in a CRM system according to this Privacy Policy is therefore passed on by that company to the other companies mentioned. The legal basis for this is Art. 6(1) sentence 1 point (f) GDPR (legitimate interest). In accordance with Art. 6(1) sentence 1 point (f) GDPR, consideration has been given to the fact that CADFEM only processes personal “business” data of customers and also that it benefits customers if the combined expertise of the aforementioned companies of the CADFEM Group can be made available to them. In the view of the supervisory authorities, several companies belonging to the same group of companies which maintain a common customer database are joint controllers within the meaning of Art. 26 GDPR. The aforementioned companies have therefore concluded an agreement on joint processing of customer data. The essential content of this agreement is that CADFEM Germany GmbH provides the technical infrastructure for the CRM system and serves as a contact point for data subjects who want to exercise their rights in connection with processing of their data. Please note, however, that data subjects may assert their rights in accordance with Art. 26 GDPR with and against each of the companies mentioned.
Apart from the management and system administrators, only those employees who need personal data to fulfill the purpose of processing are given access to personal data. External persons only have access to the personal data they need to support us in the execution of the business relationship. These include employees of companies in the categories of printing services, shipping services and telecommunications as well as suppliers, especially licensors of purchased software products.
8. TRANSFER OF DATA TO THIRD COUNTRIES
We transfer your personal data to bodies in countries outside the European Union (so-called third countries) that are not so-called secure third countries pursuant to Art. 45 GDPR if the transmission is necessary for the execution of contracts concluded with you. This is regularly the case when ordering software products for which the licensor is based in a non-EU or third country.
In this case, the data is normally transferred to the USA.
9. DURATION OF STORAGE AND CRITERIA FOR DETERMINING THAT DURATION
We store personal data for as long as is necessary to fulfill business relationships and the contractual and legal obligations resulting from them. Personal data that is no longer required to fulfill business relationships is deleted at regular intervals. We check the data that we have stored every four years to determine whether it is still needed.
We are subject to the retention requirements of commercial and tax law. The period of retention for personal data covered by this is usually ten years.
We would also like to point out that, for example, the rules on limitation periods set out in Sections 195 et seq. of the German Civil Code (BGB) provide for a normal limitation period of 3 years, which begins at the end of the year in which the claim arose. In addition, special limitation periods can be up to 30 years and thus, in individual cases, lead to a correspondingly longer period of retention.
10. YOUR RIGHTS AS A DATA SUBJECT
Data subjects have the right to request confirmation from the controller as to whether personal data concerning them is being processed; if this is the case, they have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR.
Data subjects have the right to demand from the controller the rectification of inaccurate personal data concerning them and, if necessary, the completion of incomplete personal data without undue delay (Art. 16 GDPR).
Data subjects have the right to demand from the controller that personal data concerning them be erased immediately if one of the reasons listed in detail in Article 17 of the GDPR applies, e.g. if the data is no longer needed for the purposes pursued (right to deletion).
Data subjects have the right to request the controller to restrict processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if the data subject has objected to the processing, for the duration of consideration of the case by the controller.
Data subjects have the right to be informed of the recipients of their personal data. The controller shall inform all recipients of any correction or erasure of personal data or restriction of processing in accordance with Articles 16, 17(1) and 18 of the GDPR, unless this proves impossible or involves disproportionate effort (Art. 19 GDPR).
Data subjects have the right to obtain the personal data concerning them which they have supplied to a controller in a structured, commonly-used and machine-readable format. Furthermore, they have the right, if technically feasible, to arrange for the transfer of that data to another controller (Art. 20 GDPR).
Data subjects have the right to object to the processing of personal data concerning them at any time, for reasons relating to their particular situation. The controller will then no longer process the personal data, unless it can prove compelling, legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims (Art. 21 GDPR).
Without prejudice to any other administrative or judicial remedy, all data subjects have the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data concerning them infringes the GDPR (Art. 77 GDPR). Data subjects may exercise this right with a supervisory authority in the Member State of their place of residence, their place of work or the place of the alleged infringement.
The responsible supervisory authority for Bavaria is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany, postal address: P.O. Box 1349, 91504 Ansbach, Germany, telephone: +49 (0) 981 180093-0, fax: +49 (0) 981 180093-800, e-mail: poststelle@lda.bayern.de.
11. OBLIGATIONS TO PROVIDE DATA / EXPORT CONTROLS
We require our customers to provide the personal data necessary for the conclusion, performance and completion of contracts concluded with us. We also require our customers to provide the personal data that we are legally obliged to collect. In this connection, we would like to point out that we offer products that may be subject to export restrictions. We are therefore obliged to check the identity of our customers to the extent necessary to prevent the violation of export restrictions. We will not enter into a business relationship with potential customers who do not provide us with the necessary data.
We check our customers' data using the AEB Compliance Screening software from AEB SE, Sigmaringer Strasse 109. 70567 Stuttgart, Germany.
The screening includes the comparison of customer data with the consolidated sanctions lists of the EU, the USA, France and Switzerland. In particular, the audit includes the consolidated EU CFSP list (Consolidated list of persons, groups and entities subject to EU financial sanctions) as well as relevant US sanctions lists (Specially Designated Nationals and Blocked Persons (SDN) List, Sectoral Sanctions Identifications (SSI) List, Entity List (EL), Denied Persons List (DPL), Unverified List (UL), Military End User (MEU) List and Nonproliferation Sanctions (NPS)). Data is also cross-checked against France's French Sanctions List and Switzerland's SECO Consolidated Sanctions List. Data matching occurs each time a new customer ("contact") is created in our CRM system, as well as each time a name or contact information change occurs, and for all relevant business events, such as the creation of a quote and/or the receipt of an order, the creation of a support call, and the registration of a seminar participant.
The data to be provided by you when using our website is set out in section A of this privacy policy.
12. AUTOMATED DECISION-MAKING, INCLUDING PROFILING
We currently do not use methods of automated decision-making as per Art. 22(1) GDPR. If we make exceptions to this principle in future, we will obtain your express consent in advance.
We apply the method of profiling to some of the personal data you provide to us in order to evaluate which of our products and other offers you might be interested in. The aim is to be able to provide you with relevant information about products and services.
13. CHANGE OF PURPOSE
According to Art. 6(4) GDPR, the processing of your personal data for a purpose other than that for which the personal data was collected is permissible, subject to certain strict limits, even without your consent. We do not exercise this right. If the use of your personal data for a purpose other than that for which it was collected is not justified by a legal basis other than Art. 6(4) GDPR, we will obtain your express consent before changing the purpose and will only use your data for other purposes on the basis of such consent.
14. COLLECTION OF DATA OTHER THAN FROM THE DATA SUBJECT
If we do not collect your personal data directly from you, we will inform you of this within a reasonable period of time after obtaining your personal data, at the latest within one month. If we use your personal data to communicate with you, we will provide this information at the latest you when we first contact you. If we intend to disclose your personal data to another recipient, we will notify you no later than the time of first disclosure.
The notification includes the following information:
- the source from which the personal data originates;
- whether the data comes from publicly available sources;
- the categories of personal data that are processed;
- where applicable, the recipients or categories of recipients of the personal data.
15. APPLICATIONS FOR JOB VACANCIES VIA ONLINE RECRUITMENT PORTALS
Insofar as we offer applicants for job vacancies the option of using an online application portal, the following special conditions apply to the processing of your data collected by us in this way.
For the technical processing and implementation of the collection, transfer and storage of the data transferred to us via our career portal, we use other companies that process this data on our behalf and according to our specifications on the basis of corresponding data processing agreements. These are
a) DPS Business Solutions GmbH, Am Moosfeld 3, 81829 Munich for hosting the data
b) Sage GmbH, Franklinstraße 61-63, 60486 Frankfurt am Main for the Sage software
The data is stored exclusively on servers in countries within the territorial scope of the General Data Protection Regulation.
A) Preliminary remark
In the following, we inform you about how your personal data will be processed if you apply for a position advertised by us.
I) CORRESPONDING VALIDITY OF PRECEDING SECTIONS OF THIS DATA PROTECTION DECLARATION
With regard to "Person in charge", "Data Protection Officer" and your rights, sections 2., 3. and 10. of this Privacy Policy apply accordingly.
However, with respect to responsibility as defined in Section 4 No. 7 of the GDPR, the following additionally applies:
Some companies of the CADFEM Group have agreed that CADFEM Germany GmbH will provide them with your applicant portal for job postings (commissioned processing). If you apply via the CADFEM Germany GmbH applicant portal not for a vacancy of CADFEM Germany GmbH, but for a vacancy of another company of the CADFEM Group, this company is the controller in the sense of the GDPR. In this case, CADFEM Germany GmbH has no access to the data transmitted via the applicant portal. These will be transmitted directly to the personnel manager(s) of the respective company.
II) NATURE AND PURPOSE OF THE PROCESSING OF PERSONAL DATA
We collect and process your personal data in order to offer you vacancies and to be able to carry out the application process.
As part of the selection process, we collect and process the following categories of personal data:
Data provided directly to us by you:
- Contact details in our applicant portal (e.g. first and last name, e-mail address, telephone number).
- Information in your letter of application (e.g. motivation, salary requirements)
- Other application documents (e.g. CV, career development data, qualifications and language skills)
- Testimonials and references
Data collected in other ways:
We also obtain data about potential applicants from other sources, e.g., career-oriented social networks or job boards and other publicly available sources, in order to contact these individuals about job openings.
We process the above personal data solely for the purpose of initiating and establishing an employment relationship.
III) LEGAL BASIS
Providing your personal data as part of the application process is voluntary. However, the provision of your personal data is necessary for the processing of your application or the conclusion of an employment contract with us.
Insofar as we do not collect information about potential applicants directly from them, the legal basis for this is Art. 6 (1) f) GDPR in conjunction with Art. 9 (2) e) GDPR, whereby our legitimate interest is to form a decision-making basis for the establishment of an employment relationship.
Insofar as we process your personal data in order to examine and, if necessary, defend legal claims asserted by you against us from the application process, the legal basis for this is Art. 6 (1) b) and f) GDPR. Our legitimate interest in this case is based on the fulfillment of our obligations to provide evidence, e.g. in proceedings under the General Equal Treatment Act (AGG).
IV) RECIPIENTS OF THE DATA
Insofar as we are subject to legal obligations to release information to authorities or law enforcement bodies acting in accordance with the law, we will comply with these obligations. The legal basis for this is Art. 6 para. 1 c) GDPR.
V) RETENTION PERIOD
We store your personal data for a period of 6 months after the end of the application process for the position for which you have applied, in order to be able to fulfill any obligations to provide evidence in connection with the application process.
If your application is successful, we will store your personal data for the entire duration of your employment.
VI) OBJECTION OR REVOCATION OF YOUR CONSENT TO THE PROCESSING OF YOUR DATA
If you have given your consent (Art. 6 para. 1 a GDPR) to the processing of your data, you may revoke it at any time. Such revocation will affect the permissibility of processing your personal data after you have expressed it to us.
Insofar as we base the processing of your personal data on the legal basis of Art. 6 (1) f GDPR (balancing of interests), you may object to the processing. In this case, we ask you to explain the reasons why we should not process your personal data. In the event of your objection, we will review the merits of the case and either discontinue/adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.