Simulation is more than Software

Directcontact
0
Wishlist
0 0
Cart
EN

CADFEM Group Privacy Policy

Version: 01.04.2022; V1.2

 

This Privacy Policy provides an overview of the processing of personal data by the companies of the CADFEM Group, described in more detail in Section 2 of this policy, within the scope of the General Data Protection Regulation (GDPR).

This Privacy Policy serves to inform you about the type and scope of personal data processed by us and the purposes and legal grounds for such processing. Furthermore, we wish to draw your attention to your rights regarding personal data processing by us. Insofar as we use terms that are also used in the GDPR, such as “personal data”, “processing”, “data subject” and “controller”, these terms have the meanings defined in detail in Art. 4 GDPR.

The personal data processed by us, the purposes for which it is processed and the legal grounds upon which it is processed depend on the services you use and/or the agreements you have made with us (e.g. online content, products and/or services ordered or requested). Not all parts of this Privacy Policy will therefore apply to you.

This Privacy Policy does not replace the information that we provide to you separately and in relation to your individual case each time your personal data is collected or when contacting you for the first time.

When processing personal data, we comply with the provisions of the General Data Protection Regulation (GDPR) and, as applicable, with the provisions of other relevant statutory provisions of national legislation on data protection, e.g. in Germany the Federal Data Protection Act (BDSG), and any other legislation, e.g. in Germany the Unfair Competition Act (UWG).

We use binding contractual agreements to protect sensitive non-personal data, e.g. data about products (development status, design data, functional samples, simulation results), which you entrust to us as a customer in the context of the services we offer in the form of support, advice and/or commissioned calculation. Our obligations arising from these agreements extend considerably further than the obligations arising from the statutory provisions (in Germany, for example, from the Act to Protect Business Secrets - GeschGehG).


1. PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA

The controllers within the meaning of the GDPR observe the standard principles for processing of personal data set out in Art. 5(1) GDPR. These are lawfulness, fairness, transparency, limitation of purpose, data minimization, correctness, limitation of storage, integrity and confidentiality.

Within the framework of a comprehensive data protection management system, the controllers have put in place the technical and organizational prerequisites that allow demonstration of compliance with these principles, as described in Art. 5(2) GDPR (accountability obligation).


2. NAME AND CONTACT DETAILS OF THE CONTROLLER

The controllers within the meaning of the GDPR are the following legally independent companies of the CADFEM Group.

Insofar as your data is processed in the context of use of the internet addresses (URL) www.cadfem.net and students.cadfem.net, the controller is the company specified below for the respective URL. Please also note the legal notices, the Terms of Use for www.cadfem.net, and the information about the cookies used, which you will find at www.cadfem.net.

For the URL www.cadfem.net/de/, the URL www.cadfem.net/int and the URL students.cadfem.net/de/
CADFEM Germany GmbH
Am Schammacher Feld 37, 85567 Grafing b. Munich, Germany
Phone: +49 (0)8092-7005-0
info@cadfem.de

For the URL www.cadfem.net/at
CADFEM (Austria) GmbH
Wagenseilgasse 14, 1120 Vienna, Austria
Phone: +43 (0)1-587 70 73
info@cadfem.at

For the URL www.cadfem.net/ch
CADFEM (Suisse) AG
Wittenwilerstrasse 25, 8355 Aadorf, Switzerland
Phone: +41-(0)52-368 01-01
info@cadfem.ch

For the URL www.cadfem.net/fr
CADFEM France SAS
148 Avenue Jean Jaurès, 69007 Lyon, France
Phone: +33 (0)4-83 43 53 9
contact@cadfem.fr

For the URL www.cadfem.net/ie/en
CADFEM Ireland Ltd. UNIT G3
The Stockyard, The Steelworks, Foley Street, Dublin 1, D01 YW42, Ireland
Phone: +353 (0)16 522 730
info@cadfem.ie

For the URL www.cadfem.net/gb/en
CADFEM UK CAE Ltd.
Airport House Business Centre, Purley Way, Croydon, Surrey, England, CR0 0XZ, UK
Phone: +44 (0)208 256 0630
info@cadfem.co.uk

For the URL www.cadfem.net/in/en
CADFEM India Private Limited
6-3-902/A, 2nd Floor, Right Wing, Central Plaza, Raj Bhavan Road, Somajiguda, Hyderabad 500082, Telangana, India
Phone: +91 (40) 49481000
info@cadfem.in

For the URL www.cadfem.net/sg/en
CADFEM SEA Pte. Ltd.
2 Venture Dr, #06-17 Vision Exchange, Singapore 608526
Phone: (65) 6572 8886
info@cadfem-sea.com


3. CONTACT DETAILS OF THE DATA PROTECTION OFFICER

You can contact our data protection officer at
E-mail: datenschutz@cadfem.de
Phone: +49 8092-7005-10


4. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

Your personal data will only be processed by us if you have consented to its processing for the relevant purpose (Art. 6(1) sentence 1 point (a) GDPR), if processing is necessary for the execution of a contract or for the implementation of pre-contractual measures (Art. 6(1) sentence 1 point (b) GDPR), if we have an overriding interest in its processing (Art. 6(1) sentence 1 point (f) GDPR) or if the GDPR or another law permits or prescribes its processing (Art. 6(1) sentence 1 point (c) GDPR).


5. TARGET GROUP

Personal data of minors (under the age of 16) will not be knowingly collected by us or used in any form. As a rule, we do not know the age of visitors to our website. However, we have not taken any specific measures to protect such data. Persons under the age of 16 may not submit personal data without the explicit consent of their parents or guardians.


6. SOURCES, TYPES AND PURPOSES OF PERSONAL DATA PROCESSED BY US

We process personal data that we receive directly from you from the sources listed below.

In connection with the request for your personal data, you will be informed separately and on a case-by-case basis of the purposes for which your data is processed, the legal grounds on which your data is processed and your rights in connection with personal data processed by us. Detailed information about your rights can be found in Section 10 of this Privacy Policy.

In addition, we process personal data that we lawfully obtain from publicly accessible sources (e.g. the press or the internet) or that is lawfully transmitted to us by other companies of the CADFEM Group or by other third parties. In this case, we provide you with the information specified in Art. 14(3) GDPR within the deadlines specified there. Detailed information can be found in Section 14 of this Privacy Policy.


A) OUR WEBSITE

I) DATA PROCESSING ON OUR WEBSITES

a) Collection of access data and log files

When you access our website, in particular our web service "www.cadfem.net“, we process data about your access to the server on which we provide our site. Server log files are created in the process. The information stored includes the names of the web pages and files accessed, the date and time of access, the volume of data transferred, confirmation of successful access, the browser type you are using including its version, the operating system you are using, the so-called referrer URL (this is the website you visited before accessing our website and from which you followed a link to our web service), your IP address and the provider through which our website was accessed. The purpose of processing your personal data in this case is to ensure the security of our website. The legal basis for processing your personal data is our legitimate interest in pursuing this purpose, Art. 6(1) sentence 1 point (f) GDPR. Server log files relating to you are stored for a maximum of seven days and deleted thereafter, unless longer storage is required for evidential purposes.


b) Cookies

Our web services use so-called cookies. These serve to make our web service more user-friendly, effective and secure. Cookies are small text files that are set on your computer and saved by your browser. Most of the cookies we use are so-called “session cookies” and are therefore automatically deleted at the end of your visit to our website. Detailed information about the cookies we use (in particular their names, providers - with a link to their privacy policy - purpose, expiration/storage period and type) can be found in the separate cookie information at the end of each page of our web services. Cookies do not damage your computer and do not contain viruses.


c) Data transfers to a country outside the European Economic Area

If you have given your consent, your personal data may be transmitted to servers of a third-party provider (e.g. Google, LinkedIn, etc.) whose servers are located in the USA or another third country (i.e. a country outside the European Economic Area (EEA)). We would like to point out that the level of data protection in the USA and other third countries is not comparable to the EU. You are therefore at risk of access to this data by a government agency. This risk may also exist with regard to other third countries. The admissibility of these data transfers to the USA and other affected third countries is based on your express consent, which you have given after being informed of the risks, pursuant to Art. 49(1) sentence 1 point (a) GDPR.


d) Google Analytics

We use Google Analytics in our web services. This is a web analytics service provided by Google LLC (“Google”). The responsible service provider in the EU and Switzerland is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called cookies. These are text files that are stored on your computer and that allow an analysis of the use of our web services by you. The data generated by the cookies about your use of our web services is transmitted to a Google server and stored there. The IP address you use when visiting our web services is only stored in anonymous form (via an irreversible truncation of the IP address). You can prevent collection of the data generated by the cookies of Google Analytics and related to your use of our web services (including your IP address) and processing of that data by Google Analytics by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout.

You can also prevent collection by Google Analytics by clicking on the following link. Your objection will then be implemented by an opt-out cookie, which prevents future collection of your data when using the current browser to visit our web services: disable collection of data by Google Analytics for this website.

Please note that this objection is only effective as long as the opt-out cookie is set. If your cookies are deleted or you use another browser, the objection is no longer effective.

Your personal data is transferred to the USA, where the level of data protection is not comparable to the EU. You are therefore at risk of access to this data by a government agency.

The legal basis for data processing is Art. 6(1) sentence 1 point (a) GDPR in conjunction with Art. 49(1) sentence 1 point (a) GDPR.


e) Google Ads

We use the online advertising system Google Ads of Google LLC. (“Google”). The responsible service provider in the EU and Switzerland is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). We use so-called conversion tracking in this connection and so-called remarketing in connection with Google Analytics (see above).


f) Google Ads Conversion Tracking

An individual cookie is stored on your device if you click on a Google Ads advertisement placed by us on the website of another provider (Google itself or a provider commissioned by Google). This cookie enables Google to recognize that you have clicked on our advertisement and that your visit to our website came from your click on the advertisement. A unique cookie ID, the number of ad impressions per placement, the last impression and your opt-out information are stored in connection with this cookie (conversion tracking). We do not collect or process any personal data in connection with conversion tracking. We only receive statistical evaluations from Google, which enable us to evaluate the effectiveness of our advertising campaigns. It is not therefore possible for us to identify you.

You may opt-out of participating in Google Ads conversion tracking by disabling the Google conversion tracking cookie in your web browser under “Settings”.

Your personal data is transferred to the USA, where the level of data protection is not comparable to the EU. You are therefore at risk of access to this data by a government agency.

The legal basis for data processing is Art. 6(1) sentence 1 point (a) GDPR in conjunction with Art. 49(1) sentence 1 point (a) GDPR.


g) Google Ads Remarketing

Google Ads remarketing allows Google to show you ads on other websites that are part of the Google advertising network and that Google believes match your interests (personalized ads). The prediction is based on an analysis of your browsing behavior. To do this, Google places a cookie on your device, which enables Google to identify the web browser you are using on the device you are using. Insofar as you have consented to this, Google will link your browsing history with your Google Account and display personalized ads on all devices where you are signed in with your Google Account. We do not collect or process any personal data in connection with Google Ads Remarketing.

You can prevent remarketing by setting your browser software accordingly. You can permanently object to cross-device remarketing by deactivating personalized advertising in your Google account; follow this link: https://www.google.com/settings/ads/onweb/.

Further information can be found in Google’s privacy policy at: https://policies.google.com/technologies/ads.

The legal basis for data processing is Art. 6(1) sentence 1 point (a) GDPR in conjunction with Art. 49(1) sentence 1 point (a) GDPR.


h) Facebook pixel

We use the Facebook pixel of Meta Platforms, Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. For users based in the EU, the provider is Meta Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we insert small, transparent image files or lines of code into our web services. By accessing a pixel from your browser, Facebook can recognize whether an advertisement was successful. We do not collect or process any personal data in connection with the use of Facebook pixels. We only receive statistical evaluations from Meta, which enable us to evaluate the effectiveness of our advertising campaigns. It is not therefore possible for us to identify you. The Facebook pixel can be disabled by deactivating the cookie for the Facebook pixel. You will find information about the procedure for this in our cookie information.

Further information can be found in Meta’s privacy policy at https://www.facebook.com/policy.php.

Your personal data is transferred to the USA, where the level of data protection is not comparable to the EU. You are therefore at risk of access to this data by a government agency.

The legal basis for data processing is Art. 6(1) sentence 1 point (a) GDPR in conjunction with Art. 49(1) sentence 1 point (a) GDPR.


i) LinkedIn

We use the LinkedIn Insight Tag of the LinkedIn Corporation, 2029 Stierlein Court, Mountain View, CA 94043, USA. The responsible service provider in the EU and Switzerland is LinkedIn Ireland Unlimited, Wilton Place, Dublin 2, Ireland. The LinkedIn Insight Tag is a simple JavaScript tag that collects metadata such as IP address, time stamp and page events (e.g. page views) and thus enables so-called conversion tracking. The Insight Tag is integrated into our web services and activates the functions of LinkedIn Marketing Solutions. We do not collect or process any personal data in connection with the use of LinkedIn Insight Tag. We only receive statistical evaluations from Meta, which enable us to evaluate the effectiveness of our advertising campaigns. It is not therefore possible for us to identify you.

The Facebook pixel can be disabled by deactivating the cookie for the Facebook pixel. You will find information about the procedure for this in our cookie information.

Further information can be found in LinkedIn’s privacy policy at https://de.linkedin.com/legal/privacy-policy

Your personal data is transferred to the USA, where the level of data protection is not comparable to the EU. You are therefore at risk of access to this data by a government agency.

The legal basis for data processing is Art. 6(1) sentence 1 point (a) GDPR in conjunction with Art. 49(1) sentence 1 point (a) GDPR.


j) Newsletter registration

You can register for our newsletter on our website. If you consent to receiving our newsletter by means of the double opt-in procedure used by us (confirmation of the newsletter order by confirming an order notification e-mail sent to the e-mail address provided when subscribing), we will process your e-mail address and your name, if you provide it voluntarily, for the purpose of sending our newsletter to you. For this purpose, your personal data will be stored in a customer relationship management system (“CRM system”), specifying the date of entry, purpose of use and legal basis. We evaluate your use of the newsletter with regard to your interest in our products and services for the purpose of sending you relevant information about our products and services.

Your consent is the legal grounds for processing your personal data for the purpose of sending individually tailored newsletters (Art. 6(1) sentence 1 point (a) GDPR).

You can revoke your consent to receive our newsletter at any time with effect for the future, e.g. by unsubscribing from the newsletter on our website. The link to the unsubscribe page can be found at the end of every newsletter. Any user data collected will be deleted when you unsubscribe.


k) Online forms with collection of personal data

On several of our websites, we offer you the opportunity to provide us with personal data for certain purposes (opening a customer account, contact form, registration for seminars, etc.). If you provide us with your data for the purposes mentioned, it is processed for the purposes stated on our website (or in the case of the contact form, by yourself) for the fulfilment of contractual obligations or for implementation of pre-contractual measures (Art. 6(1) sentence 1 point (a) GDPR). For this purpose, your personal data is stored in a customer relationship management system (“CRM system”), specifying the date of entry, purpose of use and legal basis. In connection with the request for your personal data, you will be informed separately and on a case-by-case basis of the purposes for which your data is processed, the legal grounds on which your data is processed and your rights in connection with personal data processed by us.


l) Google Maps

We offer Google Maps services from Google LLC (“Google”) on our website. The responsible service provider in the EU and Switzerland is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). By using this service, you agree to the collection, processing and use of data collected automatically by Google LLC, its agents and third parties. The terms of use of Google Maps can be found under “Terms of Use of Google Maps”.

The legal basis for data processing is Art. 6(1) sentence 1 point (a) GDPR in conjunction with Art. 49(1) sentence 1 point (a) GDPR.


m) Geolocation

We support you in choosing the most suitable company of the CADFEM Group for you by means of a location selection window that opens when you access our website. Our suggestion is based on geolocation of the IP address you are using. Lists saved on our server allow us to use geolocation for your IP address. We obtain these lists from a third-party provider. However, your data is not be passed on to the third-party provider for validation.


II) USE OF THE CADFEM “MYACCOUNT” CUSTOMER ACCOUNT

If you use the “myAccount” customer account offered by us, the related processing of your personal data is carried out for the purpose of executing the contractual relationship concluded with us (Art. 6(1) sentence 1 point (b) GDPR). For this purpose, your personal data will be stored in a customer relationship management system (“CRM system”), specifying the date of entry, purpose of use and legal basis.


III) USE OF THE CADFEM “MYCADFEM” CUSTOMER PORTAL

If you use our “myCADFEM” customer portal, the related processing of your personal data is carried out for the purpose of executing the contractual relationship concluded with us (Art. 6(1) sentence 1 point (b) GDPR). For this purpose, your personal data will be stored in a customer relationship management system (“CRM system”), specifying the date of entry, purpose of use and legal basis.


IV) USE OF OUR eCADFEM SERVICE

Insofar as you use the eCADFEM service we provide, the related personal data processing is carried out for the purpose of executing the contractual relationship concluded with us in this respect (Art. 6(1) sentence 1 point (b) GDPR). For this purpose, your personal data will be stored in a customer relationship management system (“CRM system”), specifying the date of entry, purpose of use and legal basis.


V) USE OF THE CADFEM ENGINEERING CLOUD

Insofar as you use the CADFEM Engineering Cloud we provide, the related personal data processing is carried out for the purpose of executing the contractual relationship concluded with us in this respect (Art. 6(1) sentence 1 point (b) GDPR). For this purpose, your personal data will be stored in a customer relationship management system (“CRM system”), specifying the date of entry, purpose of use and legal basis.


VI) USE OF THE CADFEM ELEARNING PORTAL

Insofar as you use the e-learning training courses we provide, the related personal data processing is carried out for the purpose of executing the contractual relationship concluded with us in this respect (Art. 6(1) sentence 1 point (b) GDPR). For this purpose, your personal data will be stored in a customer relationship management system (“CRM system”), specifying the date of entry, purpose of use and legal basis.

For the provision of e-learning services, we use the Adobe Captivate Prime learning management system from Adobe Inc. Adobe Inc. processes data on our behalf on an Adobe Inc. server in Germany. A customer account with Abode Inc. must be opened to use our e-learning services. Use of Adobe Captivate Prime is subject to Adobe Inc.’s privacy policy and terms of use. If you reside outside North America, Adobe Systems Software Ireland Limited (Adobe Ireland) is your contractual partner and as such is responsible for processing the personal information about you collected by Adobe.

The privacy policy of Adobe Inc. can be found at: https://www.adobe.com/privacy.html.

We evaluate the use of our e-learning training program for improvement and development purposes.


VII) ONLINE PRESENCE ON SOCIAL MEDIA

We maintain online presences on social networks and platforms, in particular Facebook, Twitter, YouTube, LinkedIn and Xing, in order to communicate with customers and potential and existing users who are active there and to inform them about our services. When accessing these networks and platforms, the terms and conditions and data processing regulations of the respective provider apply. We would like to point out that you use our pages and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. posting, sharing, rating).

When you visit our online presence, the operators of the respective social networks and platforms record your IP address and other information that is available on your PC in the form of cookies. The data collected about you in this context is processed by the respective social networks and platforms and, if necessary, transferred to countries outside the European Union, where the level of data protection is not comparable to the EU. You are therefore at risk of access to this data by a government agency. We have no control over the type and extent of the data processed, the type of processing or the use or transmission of the data to third parties. We also have no effective control options in this respect. The information collected is also used to provide us, as the operator, with statistical information about the use of our respective online presence.

Detailed information about data processing by the operators of the social networks and platforms can be found in their data usage guidelines.

The guidelines of Meta (formerly Facebook) Ireland Ltd. can be found at https://facebook.com/privacy/explanation/.

The guidelines of Twitter, Inc. can be found at https://twitter.com/en/privacy

The guidelines for the use of YouTube can be found in the privacy policy of Google Ireland Limited at https://policies.google.com/privacy.

The guidelines of the LinkedIn Ireland Unlimited Company (“LinkedIn Ireland”) can be found at https://www.linkedin.com/legal/privacy-policy

The guidelines for the use of Xing can be found in the data protection declaration of New Work SE, at https://privacy.xing.com/en.


VIII) THIRD-PARTY SOCIAL MEDIA PLUGINS

On our web pages, we offer you the opportunity to share our content with users of social networks run by various third-party providers by means of simple clicks on so-called social media buttons. In doing so, we prevent so-called. “user tracking” by these third-party providers. We use the c't project Shariff for this. Direct contact between the respective third-party provider and you will therefore only be established when you click on a social media button. In this case, the hardware you use transmits personal data such as your IP address and your visit to our website directly to the third-party provider. If you are logged in to your account with the third-party provider, they will also link your visit to our website to your account. We ourselves do not transmit any of your personal data to the third-party providers and have no control over the data transmitted by you directly to them.

Your personal data may be transferred to countries outside the European Union where the level of data protection comparable to the EU. You are therefore at risk of access to this data by a government agency.

The legal basis for data processing is Art. 6(1) sentence 1 point (a) GDPR in conjunction with Art. 49(1) sentence 1 point (a) GDPR. You have the option at any time to revoke your consent in the settings of the cookie banner. 

Information about the scope of the data collected by the third-party providers and further handling of that data can be found in the privacy policies of the third-party providers.

 

IX) VIMEO VIDEO PLATFORM https://vimeo.com/terms

We offer you the opportunity to watch videos on our website. For this we use the services of the Vimeo video platform. This is operated by the company Vimeo, LLC with its headquarters at 555 West 18th Street, New York, New York 10011, USA. When you access a video on our website, a connection to the Vimeo servers is established and the plugin required for viewing the video is displayed. In addition, various cookies are downloaded to your hardware from Vimeo’s servers. Among other things, Vimeo is able to determine which of our web pages you have visited. If you have an account with Vimeo and are logged into it, Vimeo assigns this information to your account. In this case, Vimeo will also assign the fact that you are actually watching a video to your account.

Your personal data may be transferred to the USA, where the level of data protection is not comparable to the EU. You are therefore at risk of access to this data by a government agency.

Information about the scope of the data collected by Vimeo and the further handling of that data can be found in Vimeo’s privacy policy. You will find this at https://vimeo.com/privacy.  

The legal basis for data processing is Art. 6(1) sentence 1 point (a) GDPR in conjunction with Art. 49(1) sentence 1 point (a) GDPR. You have the option at any time to revoke your consent in the settings of the cookie banner.


X) MICROSOFT TEAMS

Microsoft Teams is a Microsoft Corporation service for teamwork in Office 365. It can be used with a guest account. A Microsoft account is required for active use of guest access, but this is quick and easy to set up. The use of Microsoft Teams is subject to Microsoft’s terms of use and privacy policy. The Microsoft Corporation's terms of use and privacy policy apply when participating in a Microsoft Teams session provided by us.

Microsoft Teams transmits, stores and processes data outside the territorial scope of the GDPR, including in particular countries without equivalent data protection (e.g. USA). Microsoft uses standard contractual clauses to ensure privacy in these countries. We have also concluded a commissioned data processing agreement with Microsoft Teams.

The legal basis for the use of Microsoft Teams and the associated third-country processing is Art. 6(1) sentence 1 point (a) GDPR in conjunction with Art. 49(1) sentence 1 point (b) GDPR.


XI) WEBEX

Cisco WebEx provides video conferencing, IP telephone services, instant messaging, file transfer and screen sharing. All products and services provided by WebEx for business-to-business collaboration are part of the Cisco Collaboration Portfolio and are delivered by Cisco Systems as Software as a Service (SaaS).

Cisco WebEx’s terms of use and privacy policy apply when participating in a WebEx session provided by us. You will find these at https://www.cisco.com/c/en/us/about/legal/privacy-full.html

The legal basis for data processing is Art. 6(1) sentence 1 point (b) GDPR.


B) CONTACTING US BY E-MAIL AND TELEPHONE

If you contact us by phone or by e-mail, the personal data you transmit to us (telephone number/e-mail address) is used to process your inquiry and respond to it. The legal grounds for this is the consent you have given in accordance with Art. 6(1) sentence 1 point (a) GDPR and, insofar as you request pre-contractual measures to be taken, also Art. 6(1) sentence 1 point (b) GDPR. Your personal data will be stored in a customer relationship management system (“CRM system”), specifying the date of entry, purpose of use and legal basis. When your inquiry has been dealt with, we will delete your personal data, provided that no further contractual relationship exists with you and that further storage is not required under Art. 17(3) GDPR.


C) PARTICIPATION IN CUSTOMER SATISFACTION SURVEYS

Participation in our customer satisfaction surveys is voluntary. If you participate in such surveys, your personal data will be processed on the basis of the information provided by you in accordance with Art. 6(1) sentence 1 point (a) GDPR. Your personal data will be stored in a customer relationship management system (“CRM system”), specifying the date of entry, purpose of use and legal basis.


D) REGISTRATION FOR CADFEM EVENTS

If you provide us with your personal data for the purpose of registering for events held by us (e.g. seminars, CADFEM ANSYS Simulation Conference, webinars, OpenHouse, etc.), it is processed for the purpose of running the event in question and thus for the fulfillment of contractual obligations (Art. 6(1) sentence 1 point (b) GDPR). For this purpose, your personal data will be stored in a customer relationship management system (“CRM system”), specifying the date of entry, purpose of use and legal basis.


E) PURCHASE OF PRODUCTS AND ORDERING OF SERVICES

If you have provided us with your personal data for the purpose of purchasing products or ordering services, this data is processed for the purpose of executing the contracts concluded in this regard and thus for the fulfillment of contractual obligations (Art. 6(1) sentence 1 point (b) GDPR). For this purpose, your personal data will be stored in a customer relationship management system (“CRM system”), specifying the date of entry, purpose of use and legal basis.


7. RECIPIENTS AND CATEGORIES OF RECIPIENTS OF PERSONAL DATA

Your personal data is stored in customer relationship management systems (“CRM system”) with details of the legitimate purpose and the legal basis for processing. CADFEM Germany GmbH, CADFEM (Austria) GmbH, CADFEM (Suisse) AG and CADFEM France SAS use a common CRM system. Data that you provide to one of these companies and that is stored in a CRM system according to this Privacy Policy is therefore passed on by that company to the other companies mentioned. The legal basis for this is Art. 6(1) sentence 1 point (f) GDPR (legitimate interest). In accordance with Art. 6(1) sentence 1 point (f) GDPR, consideration has been given to the fact that CADFEM only processes personal “business” data of customers and also that it benefits customers if the combined expertise of the aforementioned companies of the CADFEM Group can be made available to them. In the view of the supervisory authorities, several companies belonging to the same group of companies which maintain a common customer database are joint controllers within the meaning of Art. 26 GDPR. The aforementioned companies have therefore concluded an agreement on joint processing of customer data. The essential content of this agreement is that CADFEM Germany GmbH provides the technical infrastructure for the CRM system and serves as a contact point for data subjects who want to exercise their rights in connection with processing of their data. Please note, however, that data subjects may assert their rights in accordance with Art. 26 GDPR with and against each of the companies mentioned.

Apart from the management and system administrators, only those employees who need personal data to fulfill the purpose of processing are given access to personal data. External persons only have access to the personal data they need to support us in the execution of the business relationship. These include employees of companies in the categories of printing services, shipping services and telecommunications as well as suppliers, especially licensors of purchased software products.


8. TRANSFER OF DATA TO THIRD COUNTRIES

We transfer your personal data to bodies in countries outside the European Union (so-called third countries) that are not so-called secure third countries pursuant to Art. 45 GDPR in the following cases:

-  The transmission is necessary for the execution of contracts concluded with you. This is regularly the case when ordering software products for which the licensor is based in a non-EU or third country.
-  The transmission is necessary to prevent violation of export regulations.

In these cases, the data is normally transferred to the USA.

In all of these cases, we will obtain your explicit consent in advance for the transfer of your personal data to non-EU or third countries.


9. DURATION OF STORAGE AND CRITERIA FOR DETERMINING THAT DURATION

We store personal data for as long as is necessary to fulfill business relationships and the contractual and legal obligations resulting from them. Personal data that is no longer required to fulfill business relationships is deleted at regular intervals. We check the data that we have stored every four years to determine whether it is still needed.

We are subject to the retention requirements of commercial and tax law. The period of retention for personal data covered by this is usually ten years.

We would also like to point out that, for example, the rules on limitation periods set out in Sections 195 et seq. of the German Civil Code (BGB) provide for a normal limitation period of 3 years, which begins at the end of the year in which the claim arose. In addition, special limitation periods can be up to 30 years and thus, in individual cases, lead to a correspondingly longer period of retention.


10. YOUR RIGHTS AS A DATA SUBJECT

Data subjects have the right to request confirmation from the controller as to whether personal data concerning them is being processed; if this is the case, they have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR.

Data subjects have the right to demand from the controller the rectification of inaccurate personal data concerning them and, if necessary, the completion of incomplete personal data without undue delay (Art. 16 GDPR).

Data subjects have the right to demand from the controller that personal data concerning them be erased immediately if one of the reasons listed in detail in Article 17 of the GDPR applies, e.g. if the data is no longer needed for the purposes pursued (right to deletion).

Data subjects have the right to request the controller to restrict processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if the data subject has objected to the processing, for the duration of consideration of the case by the controller.

Data subjects have the right to be informed of the recipients of their personal data. The controller shall inform all recipients of any correction or erasure of personal data or restriction of processing in accordance with Articles 16, 17(1) and 18 of the GDPR, unless this proves impossible or involves disproportionate effort (Art. 19 GDPR).

Data subjects have the right to obtain the personal data concerning them which they have supplied to a controller in a structured, commonly-used and machine-readable format. Furthermore, they have the right, if technically feasible, to arrange for the transfer of that data to another controller (Art. 20 GDPR).

Data subjects have the right to object to the processing of personal data concerning them at any time, for reasons relating to their particular situation. The controller will then no longer process the personal data, unless it can prove compelling, legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims (Art. 21 GDPR).

Without prejudice to any other administrative or judicial remedy, all data subjects have the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data concerning them infringes the GDPR (Art. 77 GDPR). Data subjects may exercise this right with a supervisory authority in the Member State of their place of residence, their place of work or the place of the alleged infringement.

The responsible supervisory authority for Bavaria is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany, postal address: P.O. Box 1349, 91504 Ansbach, Germany, telephone: +49 (0) 981 180093-0, fax: +49 (0) 981 180093-800, e-mail: poststelle@lda.bayern.de.


11. OBLIGATIONS TO PROVIDE DATA

We require our customers to provide the personal data necessary for the conclusion, performance and completion of contracts concluded with us. We also require our customers to provide the personal data that we are legally obliged to collect. In this connection, we would like to point out that we offer products that may be subject to export restrictions. We are therefore obliged to check the identity of our customers to the extent necessary to prevent the violation of export restrictions. We will not enter into a business relationship with potential customers who do not provide us with the necessary data.

The data to be provided by you when using our website is set out in section A of this privacy policy.


12. AUTOMATED DECISION-MAKING, INCLUDING PROFILING

We currently do not use methods of automated decision-making as per Art. 22(1) GDPR. If we make exceptions to this principle in future, we will obtain your express consent in advance.

We apply the method of profiling to some of the personal data you provide to us in order to evaluate which of our products and other offers you might be interested in. The aim is to be able to provide you with relevant information about products and services.


13. CHANGE OF PURPOSE

According to Art. 6(4) GDPR, the processing of your personal data for a purpose other than that for which the personal data was collected is permissible, subject to certain strict limits, even without your consent. We do not exercise this right. If the use of your personal data for a purpose other than that for which it was collected is not justified by a legal basis other than Art. 6(4) GDPR, we will obtain your express consent before changing the purpose and will only use your data for other purposes on the basis of such consent.


14. COLLECTION OF DATA OTHER THAN FROM THE DATA SUBJECT

If we do not collect your personal data directly from you, we will inform you of this within a reasonable period of time after obtaining your personal data, at the latest within one month. If we use your personal data to communicate with you, we will provide this information at the latest you when we first contact you. If we intend to disclose your personal data to another recipient, we will notify you no later than the time of first disclosure.

The notification includes the following information:

-  the source from which the personal data originates;
-  whether the data comes from publicly available sources;
-  the categories of personal data that are processed;
- where applicable, the recipients or categories of recipients of the personal data.


15. APPLICATIONS FOR JOB VACANCIES VIA ONLINE RECRUITMENT PORTALS

Insofar as we offer job applicants the opportunity to use an online application portal, special conditions apply to the processing of personal data collected by us in this way, details of which we provide to you in a separate privacy policy that can be viewed on the applicant portal. This privacy policy supplements the present policy.