Data protection declaration

OUR DATA PROTECTION DECLARATION

1. Introduction

We are pleased that you are visiting our website and thank you for your interest. With the following information, we would like to give you as the "person affected" an overview of the processing of your personal data by us and your rights under data protection laws.

The use of our internet pages is generally possible without entering personal data. However, if you wish to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.

Personal data, such as your name, address or e-mail address, is always processed in accordance with the European General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to ERSAsoft GmbH. This data will not be passed on to third parties without your express consent. By means of this data protection declaration, we would like to inform you about the scope and purpose of the personal data collected, used and processed by us.

As the persons responsible for data processing, we have implemented numerous technical and organizational measures to ensure the most complete possible protection of the personal data processed via this website. Nevertheless, Internet-based data transmissions can be subject to security gaps, so that absolute protection cannot be guaranteed. For this reason, you are also free to transmit personal data to us by alternative means, for example by telephone or mail.


2. Responsible entity

Responsible entity within the scope of the GDPR is:

ERSAsoft GmbH
Krokusstr. 33, D-82216 Maisach, Germany
Register Court: Munich
Commercial Register No: HRB 223971
VAT ID No: DE305343616

Phone: +49 8141 509 12-300
Fax: +49 8141 509 12-309
E-Mail: datenschutz@ersasoft.de

Head of the responsible entity: Rüdiger Specht


3. Data protection officer

We would like to point out that no data protection officer must be appointed.

Contact person for data protection: Rüdiger Specht

Phone: +49 8141 509 12-300
Fax: +49 8141 509 12-309
E-Mail: datenschutz@ersasoft.de


4. Purpose and legal basis of the processing

As a software manufacturer, we offer our customers specialized software solutions. In this way, we support our customers and their employees in making SAP as easy and convenient to use as possible. Our customers are active worldwide.
Our expertise lies in the following areas:

  • SAP
  • Software development
  • Sales

The collection, processing and use of personal data is carried out to fulfil the activities listed above. We process the aforementioned personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):

Art. 6 para. 1 lit. a GDPR serves our company as legal basis for processing activities for which we obtain consent for a specific purpose.

If the processing of personal data is required for the performance of a contract to which you are a party, as is the case, for example, with processing activities that are necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 para. 1 lit. b GDPR. The same shall apply to such processing activities that are required to carry out pre-contractual measures, for example in cases of inquiries regarding our products or services.

If our company is subject to a legal obligation which requires the processing of personal data, for example to fulfil tax obligations, the processing is based on Art. 6 para. 1 lit. c GDPR.

In rare cases, the processing of personal data may become necessary to protect the vital interests of the person affected or of another natural person. For example, if a visitor to our facility is injured and his or her name, age, health insurance information, or other vital information needs to be shared with a physician, hospital, or other third party. In this case, the processing would be based on Art. 6 para. 1 lit. d GDPR.

Finally, processing activities can be based on Art. 6 para. 1 lit. f GDPR. Processing activities that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and fundamental freedoms of the person affected do not prevail. Such processing operations are permitted to us in particular because they have been specifically mentioned by the European legislator. In this respect, he was of the opinion that a legitimate interest could be assumed if you are a customer of our company (recital 47 sentence 2 GDPR).


5. Groups of persons affected

  • Prospective customers
  • Customers
  • Service providers
  • Partners
  • Suppliers
  • Employees & Applicants


6. Data or data categories

We process personal data that we receive from you in your function as a representative/authorized representative of the legal entity (prospective customer and/or customer, service provider, partner, supplier, applicant).

On the other hand, we process personal data which we have obtained and are permitted to process from publicly accessible sources (e.g. commercial register, chamber of commerce data, press, media, Internet or notice board). Relevant personal data of the authorized representative/authorized representative can be:

  • Name, address, other contact data (telephone, e-mail address), legitimation data (e.g. commercial register excerpt), tax ID, bank details
  • Date and place of birth, sex, nationality, marital status (if applicable)
  • Furthermore customer and prospective customer data, address data, data for personnel administration and control, for communication, sales as well as for settlement and controlling


7. Recipients or categories of recipients to whom data may be communicated

Internal departments involved in the execution of the respective business processes such as purchasing, order processing, service provision, sales and marketing, accounting and human resources management.

Public authorities such as social insurance carriers and tax authorities in the case of overriding legal regulations.

External contractors (service providers) in accordance with § 11 BDSG (German Federal Data Protection Act) for the fulfilment of the above-mentioned purposes or in accordance with the grounds of permission of the BDSG (§§ 28 et seq. BDSG).

7.1 Transfer to third parties

Your data will generally not be transmitted to third parties. A transfer to third parties other than those named in the declaration of consent will only take place with your consent and to the extent that these recipients have committed themselves to comply with the applicable data protection provisions to us. A passing on of your data by sales, renting or exchange does not take place. Insofar as we pass on data to external service providers for the fulfilment of the order (so-called order data processing), these are bound to the regulations of the GDPR, the German Federal Data Protection Act (BDSG) as well as other applicable legal regulations on data protection.

As far as we are obliged by law or court order to do so, we will transmit your data to state and private bodies entitled to receive information after careful examination of the situation. Furthermore, we reserve the right to transfer your personal data to third parties without your consent if this should be required in order to defend ourselves against attacks that constitute criminal offences or that are likely to prevent or impair the functionality of our Internet offering.

7.2 Data transfer to a third country

A transfer to third countries outside of the EU does not take place and is not planned.


8. Technology

8.1 SSL/TLS Encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us in our function as operator. You can recognize an encrypted connection by the fact that there is an "https://" displayed in the address line of the browser instead of an "http://" and by the lock symbol in your browser bar.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

8.2 Data acquisition when visiting the website

If you only use our website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (in so-called "server log files"). Our website collects a range of general data and information each time a page is called up by you or an automated system. This general data and information is stored in the log files of the server. The following can be recorded:

  1. browser types and versions used,
  2. the operating system used by the accessing system,
  3. the website from which an accessing system reaches our website (so-called referrer),
  4. the sub-websites which are accessed on our website via an accessing system,
  5. the date and time of access to the website,
  6. a shortened Internet Protocol address (anonymized IP address),
  7. the Internet service provider of the accessing system.

When using this general data and information, we do not draw any conclusions about your person. This data will not be merged with other data sources. We reserve the right to retroactively check this data if we become aware of concrete indications of illegal use. Rather, this information is required in order to

  1. deliver the contents of our website correctly,
  2. optimize the content of our website and the promotion of it,
  3. ensure the long-term operability of our IT systems and the technology of our website, and
  4. provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack.

The data and information collected is therefore evaluated by us both statistically and with the aim of increasing data protection and data security in our company in order to ensure an optimum level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by the person affected.

The legal basis for data processing is Art. 6 para. 1 s. 1 lit. f GDPR. Our legitimate interest is derived from the purposes of data collection listed above.

8.3 Automated decision-making

No automated decision-making or profiling is taking place.

8.4 Cookies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your device and do not contain viruses, trojans or other malicious software.

In the cookie, information is stored that arises in connection with the specific device used. However, this does not mean that we will immediately become aware of your identity.

The use of cookies serves on the one hand to make the use of our website more convenient for you. For example, we use so-called session cookies to recognize that you have already visited particular pages on our website. These are automatically deleted after leaving our site.

Furthermore, in order to optimize user friendliness, we also use temporary cookies that are stored on your device for a specified period of time. If you visit our site again in order to use our services, it is automatically recognized that you have already been with us and which inputs and settings you have made so that you do not have to repeat them.

On the other hand, we use cookies in order to statistically record the use of our website and to evaluate it for the purpose of optimizing our services for you. These cookies enable us to automatically recognize that you have already visited our site when you visit it again. These cookies are automatically deleted after a defined period of time.

The data processed by cookies are necessary for the purposes mentioned to safeguard our legitimate interests and those of third parties pursuant to Art. 6 para. 1 s. 1 lit. f GDPR.

Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or that a message always appears before a new cookie is created. However, if you deactivate cookies completely, you may not be able to use all functions of our website. For information on how to delete cookies, please refer to your browser documentation: Chrome, Firefox, Internet Explorer, Safari.


9. Contents of our website

9.1 Establishing contact / Contact form

Personal data is collected within the scope of establishing contact with us (e.g. via contact form or e-mail). Which data is collected in the case of a contact form is apparent from the respective contact form. These data are stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration.

The legal basis for the processing of the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR. If the purpose of your contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after final processing of your enquiry; this is the case if it can be inferred from the circumstances that the matter in question has been conclusively resolved and provided there are no legal obligations to retain data to the contrary. Your data will not be passed on to third parties without your consent.


10. Newsletter distribution

10.1 Newsletter distribution to existing/prospective customers and interested parties

If you have provided us with your e-mail address as part of the contract initiation, contract execution or request for information on our products, we reserve the right to send you information on product updates, special offers and relevant technical information on the use of our products at irregular intervals by e-mail. According to Art. 7 para. 3 UWG (German Law against Unfair Competition), we are not obliged to obtain your separate consent for this purpose. Data processing in this respect takes place solely on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

If you have initially objected to the use of your e-mail address for this purpose, there will be no e-mail dispatch on our part. You are entitled to object to the use of your e-mail address for the aforementioned purpose at any time with effect for the future by notifying the person responsible named at the beginning of this statement. For this purpose, you will only incur transmission costs according to the basic tariffs. Upon receipt of your objection, the use of your e-mail address for information purposes will be ceased immediately.

10.2 Newsletter for subscribers

On our website you have the possibility to subscribe to the newsletter of our company. Which personal data is transmitted to us when subscribing to the newsletter is apparent from the input mask used for this purpose.

We inform our newsletter subscribers at irregular intervals by e-mail about product updates and relevant technical information on the use of our products. The newsletter of our company can only be received by you if

  1. you possess a valid e-mail address and
  2. you have registered for newsletter distribution.

For legal reasons, a confirmation e-mail will be sent to the e-mail address you entered for the newsletter distribution using the double opt-in procedure. This confirmation e-mail is used to check whether you as the owner of the e-mail address have authorized the receipt of the newsletter.

When you register for the newsletter, we also store the IP address of the IT system you are using at the time of registration assigned by your Internet Service Provider (ISP) as well as the date and time of registration. The collection of this data is necessary in order to track the (possible) misuse of your e-mail address at a later point in time and therefore serves our legal protection.

The personal data collected as part of a newsletter registration will only be used to distribute our newsletter. Furthermore, subscribers to the newsletter may be informed by e-mail if this is necessary for the operation of the newsletter service or registration, as might be the case in the event of changes to the newsletter offering or changes to the technical conditions. The personal data collected as part of the newsletter service will not be passed on to third parties.

You may cancel your subscription to our newsletter at any time. The consent to the storage of personal data that you have given us for the newsletter distribution can be revoked at any time. For the purpose of revoking your consent, you will find a corresponding link in every newsletter. You also have the option of unsubscribing from the newsletter at any time directly on our website or by informing us of this in any other way.

The legal basis for data processing for the purpose of newsletter distribution is Art. 6 para. 1 lit. a GDPR.


11. Web analysis

11.1 Google Analytics

On our web pages we use Google Analytics, a web analysis service of Google Inc. (https://about.google/intl/de/) (Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland; hereinafter "Google"). In this context, pseudonymized user profiles are created and cookies (see section 8.4) are used. The information generated by the cookie about your use of this website such as

  1. browser type/version/language,
  2. operating system used,
  3. referrer URL (the previously visited page),
  4. host name of the accessing computer (IP address),
  5. time of the server request,

are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activities and to provide other services related to website and Internet use for market research purposes and to design these Internet pages in line with requirements. This information may also be transferred to third parties if this is required by law or if third parties process this data by order.

Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking). Through the use of Google Analytics with the extension "_anonymizeIp()", a personal reference of the collected data is precluded.

Google is certified for the US-European Data Protection Agreement "Privacy Shield", which ensures compliance with the data protection level applicable in the EU

The use of Google Analytics is in the interest of optimizing and demand-oriented design of our website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

You can prevent the installation of cookies by setting your browser software accordingly; however, we would like to point out that in this case not all functions of this website might be usable to their full extent. For information on how to delete cookies, please refer to your browser documentation: Chrome, Firefox, Internet Explorer, Safari.

You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking the following link: Disable Google Analytics. An opt-out cookie is set to prevent your information from being collected in the future when you visit this website. The opt-out cookie applies only to this browser and only to our website and is placed on your device. If you delete the cookies in this browser, you will need to set the opt-out cookie again.

For more information about data protection in connection with Google Analytics, see for instance the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).
 

12. Plugins and other services

12.2 Google Tag Manager

This website uses Google Tag Manager, a cookie-free domain that does not collect personally identifiable information.

This tool can be used to implement "website tags" (i.e. keywords embedded in HTML elements) and manage them via an interface. By using the Google Tag Manager, we can automatically determine which button, link or personalized image you have actively clicked on and can then determine which content on our website is of particular interest to you.

The tool also triggers other tags that may themselves collect data. Google Tag Manager does not access this data. If you have set a deactivation at the domain or cookie level, it will persist for all tracking tags implemented with Google Tag Manager.

The use of Google Tag Manager is in the interest of a comfortable and easy use of our website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

12.2 Google WebFonts

Our website uses so-called web fonts provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter "Google") for the uniform display of fonts. When you visit a page, your browser loads the web fonts you need into its browser cache to display text and fonts correctly.

For this purpose, the browser you are using has to establish a connection to Google's servers. This will enable Google to know that your IP address has been used to access our website. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Google is certified for the US-European Data Protection Agreement "Privacy Shield", which ensures compliance with the data protection level applicable in the EU.

More information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de

12.3 YouTube (Videos)

We have integrated components from YouTube on this website. YouTube is an internet video portal that allows video publishers to post video clips and other users to view, rate and comment on them free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programmes, but also music videos, trailers or videos made by users themselves can be accessed via the Internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Each time you access one of the individual pages of this website which is operated by us and on which a YouTube component (YouTube video) has been integrated, the Internet browser on your IT system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. More information about YouTube can be found at https://www.youtube.com/intl/en/yt/about/ abgerufen werden.

Normally, when you visit a page with embedded videos, your IP address is sent to YouTube and cookies are installed on your computer. However, we have integrated our YouTube videos with the enhanced data protection mode (in this case, YouTube will still contact Google's Double Click service, but according to Google's privacy policy, personal data will not be evaluated). As a result, YouTube will not process any information about the visitors unless they watch the video.

If you click on the video, your IP address will be transmitted to YouTube and YouTube will know that you watched the video. If you are logged in to YouTube, this information will also be associated with your account (you can prevent this by logging out of YouTube before watching the video). We have no knowledge or control over the then possible collection and use of your information by YouTube.

If are logged in to YouTube at the same time you are calling up a subpage containing a YouTube video, YouTube recognizes which specific subpage of our website you are visiting. This information is collected by YouTube and Google and assigned to your YouTube account.

YouTube and Google receive information through the YouTube component that you have visited our website whenever you are logged into YouTube at the same time as you visit our website, regardless of whether you click on a YouTube video or not. If you do not want this information to be transmitted to YouTube and Google in this way, you can prevent it from being transmitted by logging out of your YouTube account before you visit our website.

The use of YouTube is in the interest of a uniform and appealing presentation of our website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

The privacy policy published by YouTube, which is available at https://policies.google.com/privacy?hl=de, provides information about the collection, processing and use of personal data by YouTube and Google.

12.4 TeamViewer

We offer our customers remote maintenance using the TeamViewer software in case of problems. The provider of this software is TeamViewer GmbH, Jahnstr. 30, D-73037 Göppingen (Germany). If you want to make use of remote maintenance, you have to download the TeamViewer software from the provider or from our website using a link provided by us and run it on your computer. For this, solely the privacy policy of TeamViewer GmbH as your contractual partner for the use of the software applies, which can be called up at https://www.teamviewer.com/de/datenschutzerklaerung/

Insofar as we should gain knowledge of personal data within the scope of remote maintenance, this is done solely to provide the service requested by you and not to process the data by your order. We do not store such data and we maintain data secrecy for them. The legal basis for the processing is Art. 6 para. 1 lit. b GDPR. You can cancel remote access at any time by closing the TeamViewer software.


13. Your rights as the person affected

13.1 Right of confirmation

You have the right to request confirmation from us as to whether personal data relating to you are being processed.

13.2 Right of information Article 15 GDPR

You have the right at any time to receive from us cost-free information about the personal data stored about you as well as a copy of this data.

13.3 Right of correction Article 16 GDPR

You have the right to request the correction of incorrect personal data relating to you. Furthermore, the person affected has the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

13.4 Right of deletion Article 17 GDPR

You have the right to demand that we delete your personal data immediately insofar as one of the statutory reasons applies and insofar as processing is not required.

13.5 Right of restriction of processing Article 18 GDPR

You have the right to demand that we restrict processing insofar as one of the statutory requirements is met.

13.6 Right of notification Article 19 GDPR

You have the right for us to notify all recipients, to whom personal data have been disclosed, of any rectification or erasure of the personal data or of any limitation of processing pursuant to Articles 16, 17 para. 1 and 18, unless this proves impossible or involves a disproportionate effort.

13.7 Right of data transferability Article 20 GDPR

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another person responsible to whom the personal data have been provided, without any hindrance on our part, provided that the processing is based on the consent pursuant to Art. 6 para.1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and that the processing is carried out using automated procedures, provided that the processing is not necessary for the performance of a task in the public interest or in the exercise of official authority assigned to us.

Furthermore, when exercising your right of data transferability pursuant to Art. 20 para. 1 GDPR, you have the right to obtain that the personal data be transferred directly from one responsible person to another responsible person, insofar as this is technically feasible and insofar as this does not impair the rights and freedoms of other persons.

13.8 Right of objection Article 21 GDPR

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6 para. 1 lit. e (data processing in the public interest) or f (data processing on the basis of a balancing of interests) of the GDPR.

This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.

If you file an objection, we will no longer process your personal data unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

In addition, for reasons arising from your particular situation, you have the right to object to the processing of personal data relating to you by us for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, unless such processing is necessary for the performance of a task in the public interest.

You are free to exercise your right of objection in the context of the use of services of the information society, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

13.9 Right of revocation of consent under data protection law

You have the right to revoke your consent to the processing of personal data at any time with effect for the future.

13.10 Right of complaint to a supervisory authority

You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.

Competent supervisory authority:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27
D-91522 Ansbach (Germany)

For the right of information and the right of deletion, the restrictions according to §§34 and 35 BSDG (German Federal Data Protection Act) apply.


14. Routine storage, deletion and blocking of personal data

We process and store your personal data only for the period of time necessary to achieve the purpose of storage or as required by the laws to which our company is subject.

If the purpose of storage no longer applies or a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.


15. Duration of storage of personal data

The criterion for the duration of the storage of personal data is the respective legal retention period. After this period has expired, the corresponding data will be routinely deleted unless they are no longer required for contract fulfilment or contract initiation.


16. Timeliness and amendment of the data protection declaration

This data protection declaration is currently valid and is dated July 2019.

Due to the further development of our Internet pages and offers or due to changed legal or official specifications, it may become necessary to amend this data protection declaration. You can call up and print out the current data protection declaration at any time on the website at "https://www.ersasoft.de/en/data-protection-declaration/".

This data protection declaration was created with audatis MANAGER.