Data protection declaration of F24 AG
We welcome you to our website and appreciate your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with the applicable legal provisions for the protection of personal data, in particular the EU General Data Protection Regulation (EU GDPR) and the country-specific implementation laws applicable to us. With the help of this data protection declaration, we inform you comprehensively about the processing of your personal data by F24 AG and the rights to which you are entitled.
Personal data is the information that makes it possible to identify a natural person. This includes in particular your name, date of birth, address, telephone number, e-mail address but also your IP address. Anonymous data exists if no personal reference to the user can be established.
Responsible body and data protection officer
80339 Munich, Germany
Contact the data protection officer
Your rights as a data subject
First of all, we would like to inform you here about your rights as a person concerned.
These rights are standardised in Articles 15 – 22 of the EU GDPR. This includes:
- The right of access by the data subject (Art. 15 EU GDPR),
- The right to erasure (‘right to be forgotten’) (Art. 17 EU GDPR),
- The right to rectification (Art. 16 EU GDPR),
- The right to data portability (Art. 20 EU GDPR),
- The right to restriction of processing (Art. 18 EU GDPR),
- The right to object to data processing (Art. 21 EU GDPR).
To assert these rights, please contact us: firstname.lastname@example.org. The same applies if you have questions about data processing in our company or would like to revoke a given consent. You also have a right of appeal to a data protection supervisory authority.
Rights of objection
Please note the following in connection with rights of objection: If we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without giving reasons. This also applies to profiling in so far as it is connected with direct advertising.
If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection is free of charge and needs no particular form. If possible, address it to: F24 Marketing.
In the event that we process your data to safeguard legitimate interests, you can object to such processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions.
We will then no longer process your personal data unless we can prove compelling reasons worthy of protection for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.
Purposes and legal bases of data processing
The processing of your personal data complies with the provisions of the EU GDPR and all other applicable data protection regulations. Legal bases for data processing result in particular from Art. 6 EU GDPR. We use your data for business initiation, to fulfil contractual and legal obligations, to execute the contractual relationship, to offer products and services and to strengthen the customer relationship, which may also include analyses for marketing purposes and direct advertising.
Your consent to data processing can also constitute a data protection law permission regulation. Before giving your consent, we will inform you about the purpose of data processing and your right of revocation.
If the consent also refers to the processing of special categories of personal data, we will expressly point this out to you in the consent. Processing of special categories of personal data in accordance with Art. 9 of the EU GDPR only takes place if this is required by legal regulations and there is no reason to assume that your legitimate interest in the exclusion of processing prevails.
Passing data to third parties
Recipients of data / categories of recipients
Within our company, we ensure that only those persons receive your data who need it to fulfil their contractual and legal obligations.
In many cases, service providers support our specialist departments in fulfilling their tasks. The necessary data protection agreements have been concluded with all service providers.
Transfer to a third country / Intention to transfer to a third country
Data will only be transmitted to third countries (outside the European Union or the European Economic Area) if this is necessary for the performance of the contractual obligation, is required by law or you have given us your consent.
We can transfer your data to a service provider or to group companies outside the European Economic Area: Switzerland, USA. Compliance with data protection is ensured by an adequacy decision by the European Commission (Switzerland) or the conclusion of EU standard contractual clauses on data protection based on the model of the European Commission.
Data storage time
We store your data as long as it is needed for the respective processing purpose. Please note that numerous retention periods require that data must be stored longer. This applies in particular to commercial or tax storage obligations (e.g. German Commercial Code, Fiscal Code, etc.).
If there are no further storage obligations, the data will be routinely deleted once the purpose has been achieved. In addition, we may retain data if you have given us permission to do so or if legal disputes arise and we use evidence within statutory limitation periods of up to thirty years; the regular limitation period is three years.
Secure transmission of your data
In order to protect the data stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons, we use appropriate technical and organizational security measures. The security levels are continuously checked in cooperation with security experts and adapted to new security standards. The data exchange from and to our website is always encrypted. We offer HTTPS as the transmission protocol for our website, in each case using the current encryption protocols. In addition, we offer our users content encryption for contact forms and applications. Only we can decrypt this data. It is also possible to use alternative communication channels (e.g. by post).
Obligation to provide the data
Various personal data are necessary for the establishment, execution and termination of the obligation and the fulfilment of the associated contractual and legal obligations. The same applies to the use of our website and the various functions it provides.
We have summarised the details for you in the above point. In certain cases, data must also be collected or made available on the basis of legal regulations. Please note that it is not possible to process your request or to perform the underlying obligation without providing this data.
Categories, sources and origin of data
The context determines which data we process: This depends on whether you place an order online or enter an enquiry in our contact form, whether you send us an application or submit a complaint. Please note that we may also make information available separately at a suitable location for special processing situations, e.g. when uploading application documents or making a contact request.
When you visit our website, we collect and process the following data:
- Name of the Internet service provider
- Information about the website from which you are visiting us
- Web browser and operating system used
- The IP address assigned by your Internet Service Provider
- Requested files, transferred data volume, downloads/file export
- information about the websites you visit on our site, including date and time
- For reasons of technical security (in particular to prevent attempts to attack our web server)
these data are stored in accordance with Art. 6 paragraph 1 letter F EU GDPR.
In addition, we can use your IP address to collect your location, which, however, due to the collection of your IP address in abbreviated form does not reveal your exact geographical location, but only the country from which you retrieve our offer.
In the context of a contact inquiry we collect and process the following data:
- Salutation – Title
- Surname, first name
- Contact details
- Contact message
In the context of a demo inquiry we collect and process the following data:
- Salutation – Title
- Surname, first name
- Contact details
In the context of a support request we collect and process the following data:
- Salutation – Title
- Surname, first name
- Org. ID
- Contractual partner
- Contact details
- Contact message
In the context of a user report download we collect and process the following data:
- Surname, first name
- Contact details
In the context of a whitepaper download we collect and process the following data:
- Surname, first name
- Contact details
In the context of a web seminar form we collect and process the following data:
- Surname, first name
- Contact details
In the context of a event form we collect and process the following data:
- Surname, first name
- e-mail address
- Phone number
When registering for F24 News, we collect and process the following data:
- Surname, first name
- e-mail address
In the context of administration communication in FACT24, we can collect and process the following data:
- Surname, first name
- e-mail address
When booking an appointment with our experts via Calendly, we may process the following data:
- Name, first name
- email address
- A telephone number
- Your country code
- Your request
Automated individual decisions
We do not use purely automated processing processes to bring about a decision.
Links to other providers
Our website also contains – clearly recognisable – links to the websites of other companies. As far as there are links to websites of other providers, we have no influence on their contents. Therefore, no guarantee and liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the contents of these pages. At the time of linking, the linked pages were checked for possible legal infringements and recognisable infringements. Illegal contents were not recognizable at the time of linking. However, permanent monitoring of the content of the linked pages is unreasonable without concrete evidence of a violation of the law. Upon notification of violations of the law, such links will be removed immediately.
Cookies / User profiles / Web tracking procedures (Art. 6 para. 1 lit. f EU GDPR / Art. 6 para. 1 lit. a EU GDPR with consent)
When you visit this website information is collected. This information can be used to identify your computer and its browser program or mobile devices that you use to surf the Internet. This is ensured by the installation of text files, so-called “cookies”.
Our Internet pages use so-called cookies in several places. They serve to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser (locally on your hard drive). These cookies enable us to analyse how users use our websites. In this way we can design the website content according to the visitor’s needs. In addition, cookies enable us to measure the effectiveness of a particular ad and to have it placed depending, for example, on the user’s thematic interests. Most of the cookies we use are so-called “session cookies”. These are automatically deleted after your visit. Permanent cookies are automatically deleted from your computer after they expire (usually after six months) or if you delete them yourself before they expire. Most web browsers automatically accept cookies. However, you can usually change the settings of your browser if you prefer not to send the information. You can still use the offers on our website without restrictions (exception: configurators).
We would like to tailor the content of our websites as precisely as possible to your interests and in this way improve our offer for you. In order to identify usage preferences and particularly popular areas of the websites, we use the following analysis tool(s):
These cookies are closely related to the visit of the website and guarantee a normal use of the website. Among other things, these allow you to measure your settings (language choice or size of font used), detect the computer or mobile device when a new connection is established, and manage a browser session (a continuous connection to the area through your computer Login data is protected for the entire duration of the browser session). They are also used for statistical purposes to improve the service and use of the website by the user.
These cookies by third parties are installed on the website. This category includes cookies from Google Analytics, which are used for statistical purposes in an aggregated and anonymous form in order to analyze visits and the progress of users on the website.
Google Analytics Universal
This website uses Google Analytics, a web analysis service by Google Inc. (“Google”). Google Analytics uses “cookies”, text files that are saved on your computer and allow your use of the website to be analysed. The information about your visit collected by the cookie is generally transferred to a Google server in the USA and saved there. If this website has activated IP anonymisation, Google first abbreviates your IP address within member states of the European Union or in other signatory states of the Agreement on the European Economic Area. The full IP address will only be transferred to a Google server in the USA and abbreviated there in exceptional cases. Google will use the information collected on behalf of the website operator to evaluate your use of the website, to compile reports about your activities within this site and to provide further services for the website operator related to use of the website and Internet use. Google will under no circumstances associate the IP address transmitted by your browser within the operations of Google Analytics with other Google data. You can prevent cookies from being installed by entering the corresponding settings in your browser software. However, please note that in this case you may not be able to use the complete range of functions of this website to their full extent. You can also prevent Google from recording and processing the data related to your website visit (including your IP address) generated by the cookies by downloading and installing the browser plugin from the following link. The current link is http://tools.google.com/dlpage/gaoptout?hl=de.
Cookies used for marketing purposes
These are cookies that are installed on the website to provide you with content and offers tailored to those preferences that can be inferred from the information on the websites visited (for example, a visit to a page on this website).
Google Google Ads
On the basis of our legitimate interest we use the Google Marketing Services online advertising programme “Google Ads”.
Our website uses Google Conversion Tracking. If you have reached our website via an advertisement sent by Google, Google Ads will set a cookie on your computer. The conversion tracking cookie is set when a user clicks on a Google-served ad. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages on our website and the cookie has not expired, we and Google may recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies can not be tracked through the websites of advertisers. The information gathered using the conversion cookie is used to generate conversion statistics for Ads advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive any information that personally identifies users.
Our website integrates features of Google Ads. Google Ads allows us to show ads on both Google and Google Network search engine results. Google Ads sets certain keywords that will display an ad on Google’s search engine results only when the search engine performs a keyword-related search. In the Google Network, the ads are distributed through an algorithm to the keyword relevant Internet pages. Provider of Google Ads is the Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
If you do not want to participate in the tracking, you can refuse the required setting of a cookie – for example, via a browser setting that generally deactivates the automatic setting of cookies or set your browser to block cookies from the domain “googleleadservices.com”. Please note that you are not allowed to delete opt-out cookies as long as you do not want to record measurement data. If you have deleted all your cookies in the browser, you must set the respective opt-out cookie again.
Google’s remarketing feature will reach people who have already visited our site. This allows us to present our advertising to target groups who are already interested in our products or services.
Google Tag Manager
In addition to this, we use the “Google Tag Manager” to integrate Google analysis and marketing services into our website and to manage these services. Google’s Tag Manager is a solution which allows us to manage website tags via a user interface. The Tag Manager tool, which implements the tag, is a cookie-less domain and does not gather personal data. The tool does, however, trigger other tags which can, in certain circumstances, gather data. Google Tag Manager does not, itself, access this data. If domain- or cookie-level deactivation has been carried out, then this will apply to all tracking tags implemented by Google Tag Manager. For more information see the service’s use guidelines.
For more information on Google data use for marketing purposes, visit the following site map: www.google.com/policies/technologies/ads. Google’s data protection declaration can be viewed at www.google.com/policies/privacy
If you would like to object to interest-related advertising by Google Marketing Services, then use the setting and opt-out options provided by Google at: http://www.google.com/ads/preferences.
Pardot Marketing Automation System (“Pardot MAS”)
(If you are interested in Pardot MAS and how it can support our administrator communication in FACT24, please see the section on this later in this privacy statement).
We use the Pardot Marketing Automation System (“Pardot MAS”), a special software for collecting and evaluating the use of a website by website visitors and for sending advertising-newsletters.
When visiting this website, the Pardot MAS captures your click path and creates an individual usage profile using a pseudonym. For this purpose, cookies are used, which allow recognition of your browser. The legal basis is your consent, Art. 6 I 1 a DS-GVO.
However, you can deactivate the creation of pseudonymised user profiles at any time by configuring your Internet browser so that cookies of the domain “pardot.com” are not accepted. However, this may result in some limitations in the features and usability of our offering. In order to provide you with an offer or product information that is as interesting as possible and to the extent your consent to it, it is possible to merge your personal data with the data of a pseudonymised user profile via the set cookies, if you – for example by ordering an advertising-newsletter or completing a form – provide personal information. You may opt-out to this use of your personal information, such as name and address information, in writing or by e-mail at email@example.com at any time. You can revoke your consent at any time with effect for the future.
Avertising-newsletters sent with Pardot MAS contain so-called web beacons. These are smallest graphics that allow user behavior, such as opening and reading emails and clicking links to analyze. This allows us to make our content offered more relevant and interesting to you.
Social plugins for social networks
We use social media plugins on our website. Plugins are small programmes or programme packages which can be used to edit and expand software in line with personal needs.
The basic versions of applications such as web browsers, programs for processing graphic content or programs for playing media help to ensure that functions needed by the user can be executed.
Our website includes links to our social media profiles on the following social media networks:
- Twitter Inc.,1355 Market Street, Suite 900, San Francisco, CA 94103, USA
- YouTube, a Google Inc. service, 1600 Amphitheatre, Parkway, Mountain View, CA 94043, USA
- Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA,
- LinkedIn Inc., 2029 Stierlin Ct, Mountain View, CA 94043, USA
- Xing SE, Dammtorstrasse 30, 20354 Hamburg, Germany
- Google+, a Google Inc. service, 1600 Amphitheatre, Parkway, Mountain View, CA 94043, USA
When you visit our website and use one of the social plugins included on the site, your browser will establish a direct connection to the social media network’s server. This provides the network with the information that you have visited our website using your IP address and clicked the link. If you click a link to a network while logged on to your account with that network, then our site content can be linked to your profile with the network. This means that the network can directly assign your visit to our website to your user account, thus providing us with your personal data such as name, email, location, list of friends and profile picture. This data allows us to offer certain features on our site. If you would like to prevent this, then you should log off before you click any such links. An assignment will definitely take place if you log on to the relevant network after clicking the link.
If you are logged on to a social network via your user account when visiting our website, then the relevant provider can also assign the visit to the site to your user account. If you interact with a plugin the corresponding information will also be sent directly to the relevant operator’s servicer in the USA, where it will be stored. The information will also be published on the relevant social network via your user account and shown to your contacts.
Even if you are not logged on to plugin provider’s network when visiting our website, the data gathered by the plugins may, in certain circumstances, be assigned to your corresponding user account. Plugins install a cookie with an identifier every time the website is visited. Since your browser transmits this cookie unrequested to the relevant provider’s server every time you connect to the server, the social networks could, in theory, use this information to create a profile which shows which website the user to whom the identifier applies visited. It could then be possible to subsequently assign the identifier – for example when the user later logs on with the provider – to an individual.
Over and above this, you can use the “Block third-party cookies” option in your browser settings to prevent your browser from sending cookies to the relevant social network server. If you use this setting it may, under circumstances, be the case that not only the plugin no longer functions but also other cross-site features of other providers.
For more information about the purpose and scope of data gathering and about further processing and use of your personal data see the relevant provider’s privacy information. It also includes more detailed information on your corresponding rights and settings options to protect your privacy as well as on your rights to object to the creation of user profiles:
Contact form / Contact by e-mail (Art. 6 par. 1 lit. a, b EU GDPR)
There is a contact form on our website which can be used for electronic contact. If you write to us using the contact form, we will process the information you provide in the contact form to contact you and answer your questions and requests. Here, the principle of data economy and data avoidance is observed, in that you only have to provide the data that we absolutely need to contact you. These are your e-mail address and the message field itself. In addition, your IP address is processed for technical reasons and for legal protection. All other data are voluntary fields and can be entered optionally (e.g. for more individual answers to your questions).
If you contact us by e-mail, we will process the personal data provided in the e-mail solely for the purpose of processing your inquiry. If you do not use the offered forms to contact us, no further data will be collected.
Newsletter / F24 News (Art. 6 para. 1 lit. a EU GDPR)
You can subscribe to a free newsletter on our website (F24 News). The e-mail address and your name provided with the newsletter registration will be used for sending the personalised newsletter. The principle of data economy and data avoidance is observed here, as only the e-mail address (if applicable name for personalised newsletters) is marked as a mandatory field. For technical reasons and for legal protection, your IP address is also processed when ordering the newsletter. We use the double opt-in procedure for sending newsletters by e-mail. This means that you will only receive advertising by e-mail if you have expressly confirmed beforehand that we should activate the newsletter service. This is done by sending you a notification e-mail and asking you to confirm that you would like to receive our newsletter to this e-mail address by clicking on a link contained in this e-mail.
Of course, you can cancel your subscription at any time via the unsubscription option provided in the newsletter and thus revoke your consent. Furthermore, it is also possible to unsubscribe directly from the newsletter mailing at any time via our website.
Administration communication in FACT24
In the FACT24 Administrator Console, it is possible to subscribe to a newsletter (communication on maintenance work or technical innovations) specifically addressed to FACT24 administrators. For this e-mail-based communication with administrators on maintenance work or technical innovations (no advertising content) in FACT24 Pardot MAS, we use a special software for recording and evaluating interactions with our newsletters. Pardot is used in the concrete basic configuration to track the general open rate of our administrator communication (i.e. what percentage of recipients opened the newsletter) by means of web beacons, i.e. small graphics embedded in the administrator messages. Based on this information, we can optimize the relevance of our messages and identify possible needs to open new communication channels. We have excluded personal data collection technically and also organizationally via internal instructions. Neither personal tracking nor profiling takes place. You can also configure your Internet browser so that cookies from the domain “pardot.com ” are not accepted. If you do not want to contribute to the described determination of a general opening rate, you can also unsubscribe from our administrator communication. Unless an administrator signs up for e-mail-based communication of maintenance work, technical faults and new features in FACT24, or unsubscribes at a later date, he has the option of finding out about selected processes via the FACT24 Help Portal and the product interface, which we use to disseminate information specifically for FACT24 administrators. Personal notification by e-mail does not then take place.
Demo Request, Support Request, User Report & Whitepaper Download, Event form, Web seminar form
On our website we offer you the opportunity to send us a demo request or a support request, to download our reports or whitepapers or to send you web seminar documentations. The data entered for carrying out the respective action will be processed solely for the purpose of carrying out the respective action initiated by you. In doing so, we take into account the principle of data minimization by only obligingly requesting from you the data absolutely necessary for carrying out the respective action. For technical reasons as well as for legal protection, your IP address will always be processed during the respective actions. Unless you and the mandatory information required, we can not perform the action unfortunately. In this way our alternative communication channels are at your disposal. If you only provide us with the mandatory information, you will not suffer any legal disadvantages.
Making an appointment with the online scheduling software Calendly
On our website you have the possibility to make an appointment with one of our experts in order to receive further information about our SaaS solutions.
To do this, we provide you with a contact form in which you are directed to our appointment booking portal by entering an email address, a telephone number (to determine your geographic location by means of the country code – we need this to match you with the right exeter), your country and a note on how we can be of assistance to you.
As an appointment booking portal, F24 uses the online appointment scheduling software Calendly from Calendly LLC, 3423 Piedmont Road NE, Atlanta, GA 30305-1754, United States.
When you click on the booking button, you will be connected to our account at Calendly. There you select your desired date and enter a name, first name and an e-mail address for sending the appointment confirmation, which you will then receive from Calendly by e-mail.
The processing of your data is based on your consent, Art. 6 I 1 a DS-GVO. Your details will be stored by F24 for the purpose of processing your enquiry and answering any follow-up questions. The data remains stored until you request us to delete it, the purpose for storing the data no longer applies (this is regularly the case when the questions have been conclusively answered) or you revoke your consent to storage. Mandatory legal provisions such as statutory retention obligations remain unaffected.
Calendly processes data in the USA, among other places. There is no level of data protection there comparable to the EU. Therefore, we have agreed so-called standard contractual clauses with Calendly, Art. 46 II, III DS-GVO. With these, Calendly undertakes to guarantee a level of data protection that essentially corresponds to that in the EU. However, due to the legal situation in the USA, despite our efforts to ensure adequate data protection at Calendly and also with the standard contracts, it cannot be ruled out that US authorities may be authorised to access your data at Calendly without you being entitled to (effective) legal protection in this regard. If you want to be sure that such access is excluded in connection with Calendly, please contact us by other means, e.g. by telephone, where we will also be happy to advise you on all questions regarding our services.
Information on how Calendly itself handles personal data is available at https://calendly.com/de/privacy.
Advertising for existing customers (Art. 6 para. 1 lit. f EU GDPR)
F24 AG is interested in maintaining the customer relationship with you and sending you information and offers about our products / services (specifying advertising purposes). Therefore, we process your data in order to send you relevant information and offers by e-mail. If you do not wish to do so, you can object at any time to the use of your personal data for the purpose of direct marketing; this also applies to profiling insofar as it is connected with direct marketing.
If you file an objection, we will no longer process your data for this purpose. The objection can be made free of charge and free of form without giving reasons and should be sent by e-mail to F24 Marketing or by post to F24 AG, Ridlerstrasse, 80339 Munich, Germany.
Supplementary note regarding the data security of our website, our data processing infrastructure and software products: Security principles that do not only concern the processing of personal data via our website
Through our website you also have the opportunity to purchase our products. In this respect, in addition to our product information, we would like to draw your attention to our security principles, which we generally use in the operation of our website as well as our data processing infrastructure and which also apply to our products:
We treat protection of your personal information as a very high priority, and implement appropriate data security measures to protect the security and confidentiality of your information in the most effective way.
We have appropriate technical and organisational security measures in place that protect all stored personal information about our employees, customers and suppliers from accidental or deliberate manipulation, loss or destruction and from access by unauthorised persons. Our security levels are continuously monitored in collaboration with security experts, and updated to incorporate new security standards. Our systems are protected by continuously updated virus scanners and firewalls, and encryption is used to protect all data transmitted to F24 via the Internet.
We guarantee that we have taken all necessary precautions to protect your data from unauthorized access and misuse. The system is secured using anti-virus scanners and firewalls which are continually run and updated. In addition, all information transferred to F24 over the Internet is SSL encrypted. We comply with all internal and external data protection regulations (BDSG, TDG, confidentiality agreements) as well as all separately agreed arrangements.
As an application service provider, we place IT/telecommunications infrastructures and their smooth operation at the focus of our quality management. F24 solutions therefore operate on a comprehensive security and backup strategy; redundancy is the cornerstone of the entire process chain, and is built into all our system components that are involved in alerting and notification processes and into all infrastructure elements. This guarantees that our services have a 99.99% availability rate even where maintenance is required or faults develop, and ensures the high security standards which apply to our operations are fulfilled.