Privacy Policy

We take the protection of your personal data very seriously. We would therefore like to use this data protection declaration to inform you about the type, scope and purpose of the personal data we collect, use and process. We would also like to inform you about the rights to which you are entitled.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.

1. Responsible

The person responsible within the meaning of Art. 4 No. 7 GDPR, other data protection laws applicable in the Federal Republic of Germany and the member states of the European Union and other provisions of a data protection nature is:

GAIN Software GmbH
Gruber Straße 6
96185 Schönbrunn
Germany

Managing Director: Peter Schmitt

Email address: info@gain.de
Telephone number: 09549 98 11 91

2. hosting

We host the content of our website with the following provider:
RAIDBOXES
The provider is RAIDBOXES GmbH, Hafenstr. 32, 48151 Münster (hereinafter RAIDBOXES) When you visit our website, RAIDBOXES records various log files including your IP addresses.
Details can be found in the RAIDBOXES data protection declaration: https://raidboxes.io/legal/privacy/.
RAIDBOXES is used on the basis of Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in our website being displayed as reliably as possible. If a corresponding consent was requested, the processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 Para B. for device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

Order processing
We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR.

3. Scope of processing of personal data

In principle, we only process the personal data of the users of these pages to the extent that this is necessary to provide a functional website and our content and services. Our website can usually be used without providing any personal data.

Insofar as personal data (e.g. name, address, e-mail addresses and telephone numbers) is collected, especially when you contact us, it is transmitted to us – as far as possible – on a voluntary basis.

4. Legal basis for the processing of personal data

Insofar as we obtain the consent of the person concerned for the processing of personal data, Art. 6 Para. 1 Sentence 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing based on this consent.

When processing personal data that is required to fulfill a contract to which the data subject is a party, Article 6 (1) sentence 1 lit. b GDPR serves as the legal basis. This justification also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as personal data is to be collected and/or processed due to legal requirements or in the public interest, Art. 6 (1) sentence 1 lit. c or lit. e GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of the WIFU Foundation as the controller, WIFU or another third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the legitimate interest, Art. 6 Para. 1 Sentence 1 lit. f GDPR as the legal basis for processing.

5. Duration of storage

The personal data of affected persons will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

6. Sharing of data

Your personal data will not be transmitted to third parties for purposes other than those listed below.

Your personal data will only be passed on to third parties if you have given your express consent, if there is a legal obligation to do so or if it is necessary for the processing of contractual relationships with you according to Article 6 Paragraph 1 lit. b GDPR.

7. Server log files

When you visit our website, the browser used on your end device automatically sends information to the server used for our website. These are stored in so-called server log files. The stored data is in particular:

– IP address of the end device you are using
– Date and time of server request
– Referrer-Url (ID of the previously visited website)
– Browser type and browser version
– operating system used

This data cannot be assigned to specific persons. The IP address is anonymized after collection. This data is not merged with other data sources. This storage takes place on the legal basis of Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.

We reserve the right to subsequently check this data if we become aware of specific indications of illegal use. The data will be deleted after seven days unless further storage is required for evidentiary purposes. Otherwise, the data is completely or partially excluded from deletion until the final clarification of an incident.

8. SSL or TSL encryption

This site uses SSL or TSL encryption for security reasons. If SSL encryption is activated, the data that you transmit to us cannot be read by third parties.

You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

9. Contact Form

There is a contact form on our website which can be used to contact us electronically. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved. These dates are:

– Your name
– Name of your company
– Your email address
– Your phone number
– Your concern

At the time the message is sent, the user’s IP address and the date and time of transmission of the contact data are also saved.

Your consent will be obtained for the processing of the data during the sending process and reference will be made to this data protection declaration. Alternatively, you can contact us via the email address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

The processing of the personal data from the input mask or an e-mail from you serves us solely to process the contact. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

The legal basis for processing the data is Article 6(1)(a) GDPR if the user has given their consent. The legal basis for the processing of data transmitted in the course of sending an email is Article 6 Paragraph 1 Letter f GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

10. Inquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
This data is processed on the basis of Article 6 (1) (b) GDPR if your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this was queried; the consent can be revoked at any time.

The data you sent to us via contact requests will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

11. Web Analysis

We use a process on our website to create anonymous statistics about the use of our websites, in which we use Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google). We do not use any so-called cookies or comparable technologies and only transmit anonymous data to Google.

Web analysis enables us to statistically evaluate the use of this website by users (e.g. usage time, page views, length of stay, operating systems used, clicks). It is based on our legitimate interest in the needs-based design and continuous optimization of our websites in accordance with Article 6 (1) (f) GDPR.

The IP address of your end device is anonymized by us and a non-resolvable, unique hash value (client ID) is generated from it. It is therefore not possible for us or Google to recognize the website visitor beyond our website. Google has no way of linking the transmitted data with other data from you.

Google stores and processes the data for statistical evaluation by Google Analytics on servers in the USA. Due to the existing legal provisions in the USA, according to the ECJ, the level of protection for personal data in the USA cannot be considered comparable to that under the European GDPR. In this case, a transmission of personal data is only permitted in accordance with Art. 46 GDPR if suitable guarantees are in place.

However, due to the chosen method, we do not transmit any personal data to Google. If, contrary to our assessment, this should be assessed differently, transmission to the USA would still be permissible in accordance with the EDPB’s Recommendation 01/2020 due to the existence of suitable guarantees, since Google has included the standard data protection clauses issued by the EU Commission in its contracts (https://business.safety.google/adsprocessorterms/) and the transmitted client ID result in a for Google as the data recipient represents non-resolvable encryption.

11.1 Opt Out

You can object to the collection and processing of your usage data for web analysis purposes by clicking on the following link: OptOut Web Analytics. An opt-out cookie will be set to prevent your data from being collected on future visits to this website in your current browser. If this cookie were to be deleted, you would have to declare your objection again.

11.2 Shared Responsibility

Taking into account the case law of the ECJ and in the opinion of the DSK, Google and the person responsible, as Google Analytics users, are to be regarded as jointly responsible for data processing within the framework of Google Analytics. There is a corresponding agreement on joint responsibility between the person responsible and Google in accordance with Art. 26 DSGVO, which you can access at https://privacy .google.com/businesses/gdprcontrollerterms/. Information about what data is collected by Google, what this data is used for and what rights you have can be found at https ://www.google.com/intl/de/policies/privacy/.

12. Note on data transfer to the USA and other third countries

Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data can be transferred to these third countries and processed there. We would like to point out that in these countries no level of data protection comparable to that of the EU can be guaranteed.
For example, US companies are obliged to release personal data to security authorities without you as the person concerned being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. secret services) will process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.

Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent that you have already given at any time. The legality of the data processing that took place up until the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)
IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH A PROCESSING IS BASED CAN BE FOUND IN THIS DATA PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR CONCERNED PERSONAL DATA UNLESS WE CAN PROVE COMPREHENSIVE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOM OBJECTION ACCORDING TO ARTICLE 21 (1) GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH ADVERTISING PURPOSES; THIS ALSO APPLIES TO PROFILING TO THE EXTENT RELATED TO SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION ACCORDING TO ART. 21 (2) GDPR).

13. Data collection on this website

Cookies

Our website uses so-called “cookies”. Cookies are small data packages and do not damage your end device. They are stored on your end device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third-party companies can also be stored on your end device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services). Cookies have different functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or to display advertising.
Cookies that are required to carry out the electronic communication process, to provide certain functions you want (e.g. for the shopping cart function) or to optimize the website (e.g. cookies for measuring web audience) (necessary cookies). stored on the basis of Article 6 (1) (f) GDPR, unless another legal basis is specified.
The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies was requested, processing takes place exclusively on the basis of this consent (Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TTDSG); the consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.
If cookies are used by third-party companies or for analysis purposes, we will inform you of this separately in this data protection declaration and, if necessary, ask for your consent.

Consent with Usercentrics

This website uses Usercentrics’ consent technology to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document this in compliance with data protection regulations. The provider of this technology is the

Usercentrics GmbH
Sendlingerstrasse 7
80331 Munich
Website: https://usercentrics.com/de/ (hereinafter “Usercentrics”).

When you enter our website, the following personal data is transferred to Usercentrics:

Your consent(s) or withdrawal of your consent(s)
Your IP address
Information about your browser
Information about your device
Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to allocate the given consent or its revocation to you. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself, or the purpose for storing the data no longer applies. Mandatory statutory retention requirements remain unaffected.
Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Article 6 (1) (c) GDPR.

Order processing

We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR.

14. Your rights

You have a right to information from the person responsible about your personal data processed by him and further information about the processing carried out in relation to your personal data.

Next is you with regard to the personal data concerning you

– a right to rectification,
– a right to erasure,
– a right to restriction of processing,
– a right to object to the processing,
– a right to data portability as well
– a right of appeal to a supervisory authority.

If you have given your consent to the processing of your personal data in accordance with Article 6 Paragraph 1 Clause 1 Letter a in conjunction with Article 4 No. 11 GDPR, you have the right to revoke this consent at any time.

If you would like to assert one of the rights mentioned, please contact the person responsible directly using the contact details given above (info@gain.de).

The person responsible is obliged to comply with your asserted right, unless there are justifiable reasons to the contrary. In addition, he may only comply with your request if he was able to clearly identify you as the person affected by his processing of personal data.

You can assert your right of appeal to the supervisory authority responsible for the person responsible. Their contact details are:

Die Landesbeauftragte
für Datenschutz und Informationsfreiheit NRW (LDI)
Kavalleriestraße 24
40213 Düsseldorf

Phone: +49 (0) 211 – 384240
Email: poststelle@ldi.nrw.de
https://www.ldi.nrw.de/

15 Plugins, Tools and Ads

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager is a tool that we can use to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not save any cookies and does not carry out any independent analyses. It is only used for the administration and display of the tools integrated via it. However, the Google Tag Manager records your IP address, which can also be transmitted to Google’s parent company in the United States.
The Google Tag Manager is used on the basis of Article 6 (1) (f) GDPR. The website operator has a legitimate interest in the quick and easy integration and management of various tools on its website. If a corresponding consent was requested, the processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 Para B. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data (e.g. location data and interests) available from Google (target group targeting). As the website operator, we can evaluate this data quantitatively, for example by analyzing which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks. The use of this service is based on your consent in accordance with Article 6 Paragraph 1 Letter a GDPR and Section 25 Paragraph 1 TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://policies.google.com/privacy/frameworks and
https://privacy.google.com/businesses/controllerterms/mccs/.

Vimeo without tracking (Do Not Track)

This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
If you visit one of our pages equipped with Vimeo videos, a connection to the Vimeo servers will be established. The Vimeo server is informed which of our pages you have visited. In addition, Vimeo obtains your IP address. However, we have set Vimeo so that Vimeo will not track your user activities and will not set cookies.
Vimeo is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 Paragraph 1 Letter f GDPR. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Article 6 Paragraph 1 Letter a GDPR; the consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on “legitimate business interests”. Details can be found here:
https://vimeo.com/privacy.
Further information on handling user data can be found in Vimeo’s data protection declaration at:
https://vimeo.com/privacy.

Google Fonts (local hosting)

This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. The Google Fonts are installed locally. There is no connection to Google servers.
You can find more information about Google Fonts at
https://developers.google.com/fonts/faq and in Google’s privacy policy:
https://policies.google.com/privacy?hl=en.

Wordfence

We have integrated Wordfence on this website. The provider is Defiant Inc., Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter “Wordfence”).
Wordfence is used to protect our website from unwanted access or malicious cyber attacks. For this purpose, our website establishes a permanent connection to the Wordfence servers so that Wordfence can compare and, if necessary, block its databases with the access made to our website.
Wordfence is used on the basis of Art. 6 Para. 1 lit. f GDPR GMO. The website operator has a legitimate interest in protecting its website from cyber attacks as effectively as possible.
If a corresponding consent was requested, the processing takes place exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO and § 25 Para B. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://www.wordfence.com/help/general-data-protection-regulation/.

Contract that ensures that they only process the personal data of our website visitors according to our instructions and in compliance with the GDPR.

Order processing

16 Audio and Video Conferencing

Data processing

We use online conference tools, among other things, to communicate with our customers. The specific tools we use are listed below. If you communicate with us via video or audio conference over the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

The conference tools collect all data that you provide/use to use the tools (e-mail address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” in connection with the communication process (metadata).
Furthermore, the provider of the tool processes all technical data that is required to process online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.

If content is exchanged, uploaded or provided in any other way within the tool, this is also stored on the servers of the tool providers. Such content includes but is not limited to cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the Service.
Please note that we do not have full influence on the data processing operations of the tools used. Our options are largely based on the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, which we have listed below this text.

Purpose and legal basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 Para. 1 lit. b DSGVO). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO). If consent has been requested, the tools in question will be used on the basis of this consent; the consent can be revoked at any time with effect for the future.

Storage period

The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Saved cookies remain on your end device until you delete them. Mandatory statutory retention periods remain unaffected. We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

We use the following conference tools:

TeamViewer

We use TeamViewer. The provider is TeamViewer Germany GmbH, Jahnstr. 30, 73037 Goeppingen.
Details on data processing can be found in the TeamViewer data protection declaration:
https://www.teamviewer.com/de/datenschutzerklaerung/.

Order processing

Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

Details on data processing can be found in the Microsoft Teams data protection declaration:
https://privacy.microsoft.com/de-de/privacystatement.

Order processing

We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is required by data protection law Contract that ensures that they only process the personal data of our website visitors according to our instructions and in compliance with the GDPR.