Simulation is more than Software

Directcontact
0
Wishlist
0
Cart
EN

CADFEM GmbH
Privacy policy

Valid from 25/03/2020

This privacy policy provides an overview of personal data processing by CADFEM GmbH. It also applies to other companies in the CADFEM group located within the geographical scope of the General Data Protection Regulation (GDPR).

This privacy policy serves to inform you about the type and scope of personal data processed by us, as well as the purposes and legal grounds. Furthermore, we wish to draw your attention to your rights regarding personal data processing by us. Insofar as we use terms that are also used in the GDPR, such as "personal data", "processing", "data subject" and "controller", these terms have the meanings defined in detail in Art. 4 of the GDPR.

The personal data processed by us, the purposes for which it is processed and the legal grounds upon which is it processed depend on the offers you use and/or the agreements you have made with us (e.g. online content, ordered or requested products and/or services). Therefore, not all parts of this privacy policy will apply to you.

This privacy policy does not replace the information that we provide you separately and in relation to each individual case when personal data is collected or when you contact us for the first time (what data is collected for what purpose on what legal grounds and what rights you have in this context) but it supplements this information.

When processing personal data, we comply with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other legal regulations (e.g. the Act against Unfair Competition (UWG)).

We are, of course, obliged by our contractual agreements for the protection of sensitive non-personal data, e.g. data on products (development status, design data, functional models, simulation results) which is entrusted to us by you as a customer in the context our support, consulting and/or order calculation services. Our obligations resulting from these agreements go far beyond obligations resulting from legal regulations (e.g. from the law for the protection of business secrets - GeschGehG).


1. Principles governing personal data processing

CADFEM GmbH observes the principles of personal data processing as set out in Art. 5 Par. 1 of the GDPR. These are lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality.

CADFEM GmbH has created the technical and organizational prerequisites to be able to prove compliance with these principles as required by Art. 5 Par. 2 of the GDPR (accountability) within a comprehensive data protection management system.


2. Name and contact details of the controller

This privacy policy applies to data processing by

CADFEM GmbH
Marktplatz 2
85567 Grafing b. München
Germany
Phone +49 (0)8092-7005-0
info@cadfem.de


3. Contact details of the data protection officer

You can reach our data protection officer at
E-Mail: datenschutz@cadfem.de
Phone +49 (0)8092-7005-10


4. Legal grounds for personal data processing

Your personal data will only be processed by us if you have consented to its processing for the relevant purpose (Art. 6 Par. 1 S. 1 a) of the GDPR), if processing is necessary for the performance of a contract or for the implementation of pre-contractual measures (Art. 6 Par. 1 S. 1 b) of the GDPR), if we have an overriding interest in its processing (Art. 6 Par. 1 S. 1 f) of the GDPR) or if the GDPR or another law permits or prescribes its processing (Art. 6 Par. 1 S. 1 c) of the GDPR).


5. Target group

CADFEM does not collect the personal data of minors (under 16 years of age) or use it in any way. As a rule, we do not know the age of visitors to our website. However, we have not taken any specific measures to protect such data to a particular extent.

Persons under the age of 16 may not submit personal data without the explicit consent of their parents or guardians.


6. Sources, types and purposes of personal data processed by us

We process personal data that we receive directly from you from the sources listed below.

In connection with the request for your personal data, you will be informed separately and on a case-by-case basis of the purposes for which your data will be processed, the legal grounds on which your data will be processed and your rights in connection with personal data processed by us. You will find detailed information about your rights under Clause 10 of this privacy policy.

In addition, we process personal data which we permissibly obtain from publicly accessible sources (e.g. the press and internet) or which is transferred to us permissibly by other companies of the CADFEM group or by other third parties. In this case, we will provide you with the information referred to in Art. 14 Par. 3 of the GDPR within the deadlines specified there. You will find detailed information on this in Clause 14 of this privacy policy.


a) Our online content

i) Data processing on our websites

Collection of access data and log files

If you access our online content, especially our web service, "www.cadfem.net", we will process data about your access to the server from which we provide our online content. Server log files are created in the process. These files save the names of the web pages and files that are requested, the date and time of the request, the amount of data transferred, confirmations of the successful request, the type of browser you are using including its version, the operating system you are using, the referrer URL (this is the web page that you visited before calling up our web pages and from which you followed a link to our web service), your IP address and the provider through which our online content was requested. The purpose of processing your personal data in this case is to ensure the security of our online content. The legal grounds for processing your personal data is our legitimate interest in the pursuit of this purpose, Art. 6 Par. 1 S. 1 f) of the GDPR. Server log files relating to you will be stored for a maximum of seven days and deleted thereafter unless longer storage is required for evidential purposes.


Cookies

Our websites use cookies. These serve to make our web service more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are "session cookies". Detailed information on the cookies we use can be found in the separate cookie information at the end of each page of our web services. They are automatically deleted at the end of your visit. Cookies do not damage your computer and do not contain viruses.


Google Analytics

We use Google Analytics on our webpages, which is a web analytics service provided by Google LLC ("Google"). Google Analytics uses cookies. These are text files which are stored on your computer and enable an analysis of your use of our websites. The data generated by cookies regarding your use of these websites is transferred to a Google server and stored there. The IP address used when visiting our website is only saved in an anonymized form (by a non-reversible shortening of the IP address).

You may reject data processing by Google Analytics cookies and data processing related to your use of our website (including your IP address) to Google and prevent this data from being processed by Google Analytics by downloading and installing the browser plug-in available at the following address: http://tools.google.com/dlpage/gaoptout.

You may also prevent Google Analytics from collecting this information by clicking on the following link. This rejection is realized with an opt-out cookie, which prevents future collection of your data when visiting our websites on the current browser: Disable Google Analytics data collection for this websitePlease note that this rejection is only effective as long as the opt-out cookie is set. If your cookies are deleted or you are using another browser, the rejection is no longer effective.


Google Ads

We use Google Ireland Limited’s online advertising system, Google Ads. We use conversion tracking in connection with this, and we use remarketing in connection with Google Analytics (see above).


Google Ads Conversion Tracking

An individual cookie will be stored on your device if you click on a Google Ads advertisement placed by us on the website of another provider (Google itself or a provider commissioned by Google). This cookie enables Google to recognize that you have clicked on our advertisement and that your visit to our website came from your click on the advertisement. A unique cookie ID, the number of ad impressions per placement, the last impression and your opt-out information are stored in connection with this cookie (conversion tracking). We do not collect or process any personal data in connection with conversion tracking. We only receive statistical evaluations from Google, which enable us to evaluate the effectiveness of our advertising measures. It is therefore not possible for us to identify you. You may opt-out of participating in Google Ads conversion tracking by disabling the Google conversion tracking cookie in your web browser under "Settings".


Google Ads Remarketing

Google Ads remarketing allows Google to show you ads on other websites that are part of the Google advertising network that Google believes match your interests (personalized ads). The prediction is based on an analysis of your browsing behavior. To do this, Google places a cookie on your device, which enables Google to identify the web browser you are using on the device you are using. Insofar as you have consented to this, Google will connect your browsing history with your Google Account and display personalized ads on all devices where you are signed in with your Google Account. We do not collect or process any personal data in connection with Google Ads remarketing. You can prevent remarketing by setting your browser software accordingly. You can permanently opt-out of cross-device remarketing by deactivating personalized advertising in your Google Account, following this link https://www.google.com/settings/ads/onweb/. Further information can be found in the Google privacy policy under https://policies.google.com/technologies/ads.


Newsletter subscription

You can register for our newsletter on our websites. If you agree to receive our newsletter by means of the double opt-in process that we use (confirmation of the wish to receive the newsletter through an e-mail confirmation), we will process your e-mail address and, if applicable, your name, which may be provided optionally, for the purpose of sending our newsletter to you. Your personal data will be stored in our customer relationship management system ("CRM system”) for this purpose, stating the date of entry, purpose of use and legal grounds. We will evaluate your use of the newsletter with regards to your interest in our products and services for the purpose of sending you relevant information about our products and services.

Your consent is the legal grounds for processing your personal data for the purpose of sending individually tailored newsletters (Art. 6 Par. 1 S. 1 a) of the GDPR).

You can revoke your consent to receive our newsletter at any time with future effect in accordance with Art. 21 Par. 2 of the GDPR, e.g. by unsubscribing from the newsletter on our website. The link to the unsubscribe page can be found at the end of every newsletter. Any user data collected will be deleted upon unsubscribing.


Online forms requesting personal data

Several of our websites have the option of providing us personal data for specific purposes (opening a customer account, contact form, registering for seminars, etc.). Insofar as you provide us with your data for the above-mentioned purposes, it will be processed for the purposes stated on our website (or by you yourself in the case of the contact form) on the legal grounds of your consent (Art. 6 Par. 1 S. 1 a) of the GDPR) and, if applicable, also for the performance of contractual obligations or for the implementation of pre-contractual measures (Art. 6 Par. 1 S. 1 b) of the GDPR). Your personal data will be stored in our customer relationship management system ("CRM system”) for this purpose, stating the date of entry, purpose of use and legal grounds. In connection with the request for your personal data, you will be informed separately and on a case-by-case basis of the purposes for which your data will be processed, the legal grounds on which your data will be processed and your rights in connection with personal data processed by us. Insofar as the processing of your data for direct advertising purposes is based on the legal grounds of your consent, you can revoke this consent at any time with future effect in accordance with Art. 21 Par. 2 of the GDPR. Any data collected will be deleted upon revocation of consent.


Google Maps

We offer the services of Google Maps from Google LLC on our websites. By using this service, you agree to the collection, processing and use of data collected automatically by Google LLC, its agents and third parties. The terms of use of Google Maps can be found under "Nutzungsbedingungen von Google Maps".


Geolocation

The site location menu that appears when you access our web content allows us to offer the best providers for your location. The providers we suggest are based on the geolocation of the IP address you use. Lists on our server allow us to geolocate your IP address. We receive these lists from a third-party provider. However, your data will not be passed on to the third party provider for validation.


ii) Use of "myAccount" CADFEM customer account

Insofar as you use the "myAccount" customer account we provide, the related personal data processing is carried out for the purpose of performing the contractual relationship concluded with us in this respect (Art. 6 Par. 1 S. 1 b) of the GDPR). Your personal data will be stored in our customer relationship management system ("CRM system”) for this purpose, stating the date of entry, purpose of use and legal grounds.


iii) Use of "myCADFEM" CADFEM customer portal

Insofar as you use our customer portal "myCADFEM", the related personal data processing is carried out for the purpose of performing the contractual relationship concluded with us in this respect (Art. 6 Par. 1 S. 1 b) of the GDPR). Your personal data will be stored in our customer relationship management system ("CRM system") for this purpose, stating the date of entry, purpose of use and legal grounds.


iv) Use of our eCADFEM service

Insofar as you use the eCADFEM service we provide, the related personal data processing is carried out for the purpose of performing the contractual relationship concluded with us in this respect (Art. 6 Par. 1 S. 1 b) of the GDPR). Your personal data will be stored in our customer relationship management system ("CRM system”) for this purpose, stating the date of entry, purpose of use and legal grounds.


v) Use of the CADFEM Engineering Cloud

Insofar as you use the CADFEM Engineering Cloud we provide, the related personal data processing is carried out for the purpose of performing the contractual relationship concluded with us in this respect (Art. 6 Par. 1 S. 1 b) of the GDPR). Your personal data will be stored in our customer relationship management system ("CRM system”) for this purpose, stating the date of entry, purpose of use and legal grounds.


vi) Use of the CADFEM e-learning portal

Insofar as you use the e-learning further training programs we provide, the related personal data processing is carried out for the purpose of performing the contractual relationship concluded with us in this respect (Art. 6 Par. 1 S. 1 b) of the GDPR). Your personal data will be stored in our customer relationship management system ("CRM system”) for this purpose, stating the date of entry, purpose of use and legal grounds.

For the provision of e-learning services, we use the Adobe Captivate Prime learning management system from Adobe Inc. Adobe Inc. processes data on our behalf on an Adobe Inc. server in Germany. A customer account with Abode Inc. must be opened to use our e-learning services. Use of Adobe Captivate Prime is subject to Adobe Inc.’s privacy policy and terms of use.

We evaluate the use of our e-learning training program for the improvement and development purposes.


vii) Online presence on social media

We maintain online presences on social networks and platforms, in particular Facebook, Twitter, YouTube, LinkedIn and Xing in order to communicate with customers, potential users and existing users who are active there and to be able to inform them of our services. When accessing the respective networks and platforms, the terms and conditions and data processing regulations of the respective providers apply.


viii) Microsoft Teams

Microsoft Teams is a Microsoft Corporation service for teamwork in Office 365 that can be used with a guest account. A Microsoft account is required for active use of guest access, which is quick and easy to set up. The use of Microsoft Teams is subject to Microsoft’s terms of use and privacy policy.

The Microsoft Corporation's terms of use and privacy policy apply when participating in a Microsoft Teams session provided by us.

Microsoft Teams transmits, stores and processes data outside the geographical scope of the GDPR, and in countries without equivalent data protection (e.g. the USA). Microsoft uses standard contractual clauses to ensure privacy in these countries. Furthermore, Microsoft is EU-USA Privacy Shield Framework certified (www.privacyshield.gov/welcome).


ix) WebEx

Cisco WebEx provides video conferencing, IP telephone services, instant messaging, file transfer and screen sharing. All products and services rendered by WebEx for business-to-business collaboration are part of the Cisco Collaboration Portfolio and are rendered by Cisco Systems as Software as a Service (SaaS).

Cisco WebEx’s terms of use and privacy policy apply when participating in a WebEx session provided by us.


b) E-mail and telephone contact, particularly for use of support services

If you contact us by telephone or e-mail, the personal data you give us (telephone number/email address) will be processed for the purpose of processing and handling your enquiry. The legal grounds for this is the consent you have given under Art. 6 Par. 1 S. 1 a) of the GDPR and, insofar as you wish for pre-contractual measures to be taken, also Art. 6 Par. 1 S. 1 b) of the GDPR. Your personal data will be stored in our customer relationship management system ("CRM system"), stating the date of entry, purpose of use and legal grounds.

After processing your enquiry, we will delete your personal data, provided that no further contractual relationship exists with you and that further storage is not required under Art. 17 Par. 3 of the GDPR.


c) Participation in customer satisfaction surveys

Participation in our customer satisfaction surveys is voluntary. If you participate in such surveys, your personal data will be processed on the basis of the consent you have given in accordance with Art. 6 Par. 1 S. 1 a) of the GDPR. Your personal data will be stored in our customer relationship management system ("CRM system"), stating the date of entry, purpose of use and legal grounds.


d) Registering for CADFEM events

If you provide us with your personal data for the purpose of registering for events organized by us (e.g. seminars, CADFEM ANSYS Simulation Conference, webinars, OpenHouse, etc.), your data will be processed for the purpose of holding the respective event and thus for the fulfillment of contractual obligations (Art. 6 Par. 1 S. 1 b) of the GDPR. Your personal data will be stored in our customer relationship management system ("CRM system”) for this purpose, stating the date of entry, purpose of use and legal grounds.


e) Purchasing products and ordering services

If you have provided us with your personal data for the purpose of purchasing products or ordering services, this data is processed for the purpose of performing the respective contracts concluded in this regard and thus for the fulfillment of contractual obligations (Art. 6 Par. 1 S. 1 b) of the GDPR). Your personal data will be stored in our customer relationship management system ("CRM system”) for this purpose, stating the date of entry, purpose of use and legal grounds.


7. Recipients or categories of recipients of personal data

Your personal data will be stored in our customer relationship management system ("CRM system"), stating the permissible purpose of use and the legal grounds of its processing. Apart from management and system administrators, access to your personal data is only granted our employees who need it in order to fulfil its intended purpose.

External persons are only granted access to personal data if it is required to support us in rendering the business relationship. These include, among others, employees of companies in the categories of printing services, shipping services and telecommunications as well as suppliers, especially licensors of purchased software products.


8. Transfer of data to non-EU or "third" countries

We shall transfer your personal data to locations in countries outside the European Union (also called third countries) in the following cases:

- The transfer is necessary to fulfill contracts concluded with you. This is regularly the case when ordering software products for which the licensor is based in a non-EU or third country.
- The transfer is necessary to prevent the violation of export regulations.

In these cases, the data is normally transferred to the USA.
In all of these cases, we will obtain your explicit consent in advance for the transfer of your personal data to non-EU or third countries.


9. Duration of storage or criteria for determining duration

We store personal data for as long as is necessary to fulfil business relationships and the contractual and legal obligations resulting from them.

Personal data that is no longer required to fulfill business relationships is deleted at regular intervals. We check the data that we have stored every four years to see whether it is still needed.

We are subject to commercial and tax law retention requirements. The period of retention of personal data affected by this is usually ten years.

We would also like to point out that the regulations regarding standard limitation in Sections 195 ff. of the German Civil Code (BGB) state a standard limitation period of three years, beginning at the end of the year in which the claim arose. In addition, special limitation periods can be up to 30 years and thus, in individual cases, lead to a correspondingly long period of retention.


10. Your rights as a data subject

The data subject has the right to obtain confirmation from the controller as to whether personal data relating to him/her is being processed; if this is the case, he/she has the right to be informed of this personal data and to receive the information specified in Art. 15 of the GDPR.

The data subject has the right to demand that the controller immediately rectifies incorrect personal data concerning him or her and, if necessary, completes incomplete personal data (Art. 16 of the GDPR).

The data subject has the right to request that the controller delete personal data relating to him/her without delay if one of the reasons listed in Art. 17 of the GDPR applies, e.g. if the data is no longer required for the purposes pursued (right to erasure).

The data subject has the right to request a restriction of processing from the controller for the duration of the controller’s examination if one of the conditions listed in Art. 18 of the GDPR is met, e.g. if the data subject has lodged an objection to the data processing.

The data subject has the right to be informed of the recipients of personal data. The controller shall notify all recipients of any correction or deletion of personal data or any restriction of its processing under Art. 16, Art. 17 Par. 1 and Art. 18 of the GDPR, unless this proves impossible or involves a disproportionate amount of effort. (Art. 19 of the GDPR)

The data subject shall have the right to obtain the personal data concerning him/her which he/she has supplied to a controller in a structured, commonly-used and machine-readable format. He/she shall also have the right, if technically feasible, to effect the transfer of this data to another controller (Art. 20 of the GDPR).

The data subject shall have the right to object to the processing of personal data concerning her/him at any time, for reasons relating to her/his particular situation. Should this occur, the controller may no longer process the personal data, unless compelling reasons for processing can be demonstrated which are worthy of protection and which outweigh the interests, rights and freedoms of the data subject, or the processing serves to enforce, exercise or defend legal claims (Art. 21 of the GDPR).

Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority if the data subject believes that the processing of personal data relating to him or her is in breach of the GDPR (Art. 77 of the GDPR). The data subject may exercise this right before a supervisory authority in the Member State in which he/she is resident, at his/her place of work or at the place where the suspected infringement was committed.

In Bavaria, the supervisory authority is:

Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 27, 91522 Ansbach, Germany


11. Obligation to provide data

We require our customers to provide the personal data necessary for the conclusion, performance and completion of contracts concluded with us.

We also require our customers to provide the personal data that we are legally obliged to collect. With regards to this, we would like to point out that we offer products that may be subject to export restrictions. We are therefore obliged to check the identity of our customers to the extent necessary to prevent the violation of export restrictions.

We will not enter a business relationship with potential customers who do not provide us with the necessary data. 

The data that must be provided for the use of our online content is described in Clause 6 of this privacy policy.


12. Automated decision-making including profiling

We currently do not use methods of automated decision-making as per Art. 22 Par. 1 of the GDPR.

Should exceptions to this principle occur in the future, we will obtain your explicit consent in advance. In doing so, we will provide meaningful information about the logic involved and the scope and intended effects of such processing for you. In addition, we will take appropriate measures to protect your rights and freedoms and your legitimate interests, including at least the right to effect an intervention of a person acting on our behalf, as well as the right to present your point of view and to challenge a decision. Furthermore, such decisions will not be based on special categories of personal data in accordance with Art. 9 Par. 1 of the GDPR, unless Art. 9 Par. 2 a) or g) of the GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

We apply the method of profiling to parts of the personal data you provide us in order to evaluate which of our products and other offers you might be interested in. The aim is to be able to provide you with relevant information about products and offers.


13. Change of purpose

According to Art. 6 Par. 4 of the GDPR, the processing of your personal data for a purpose other than that for which the personal data was collected is permissible, subject to certain strict limits, even without your consent. We do not exercise this right. We will obtain your explicit consent before changing the purpose unless the use of your personal data for a purpose other than that for which it was collected is covered by legal grounds other than Art. 6 Par. 4 of the GDPR, and will only use your data for other purposes on the basis of this consent.


14. Collection of data other than from the data subject

If we do not collect your personal data directly from you, we will inform you of this within a reasonable period of time after obtaining your personal data, at the latest within one month.
If we use your personal data to communicate with you, we will inform you when we first contact you at the latest.
If we intend to disclose your personal data to another recipient, we will notify you no later than the time of the first disclosure.
The notification shall contain the following information:

- The source of the personal data
- Whether it came from publicly available sources
- The categories of personal data processed
- Where appropriate, the recipients or categories of recipients of the personal data.


15. Validity period

We continuously adapt our privacy policy to changes in the law and our technical and organizational measures. The validity period of this declaration can be inferred from the date inserted under the heading of this policy.