Notes on Privacy

Notes on data protection:

Thank you for visiting our website and for your interest in our company and our products. In order for you to feel safe and comfortable when visiting our website, we would like to inform you below about the handling of your data. The following privacy policy is intended to inform you about our processing of personal data.

This declaration on data protection only applies to the website of the Utimaco group of companies as further explained under point I. of this privacy policy. Please note that it does not apply to websites of other providers to which we refer through links.

I. Name and Address of Controller

Date: May 2022

The controller within the meaning of the General Data Protection Regulation (GDPR), other national data protection legislation of the Member States and other data protection provisions is

Utimaco Management GmbH
Germanusstrasse 4
52080 Aachen
Germany

Tel.: +49 241 1696-200
Fax: +49 241 1696-199

E-mail: info@utimaco.com
Website: https://www.utimaco.com

in its own name and in the name of the subsidiaries consisting of Utimaco GmbH, Utimaco IS GmbH, Utimaco TS GmbH, Utimaco Inc., Utimaco IS PTE Ltd., Utimaco TS Srl and Utimaco TS UK Ltd.

 

II. Contact details of the data protection coordinator and the data protection officer of the joint controllers

Utimaco GmbH
- Data Protection Officer -
Germanusstraße 4
52080 Aachen
Germany
Phone: 0049 241 16960
E-Mail: dataprotection@utimaco.com

 

III. General Information on Data Processing

1. What are personal data?

Personal data within the meaning of the GDPR include all information relating to the personal or material circumstances of an identified or identifiable natural person (see Art. 4(1) GDPR). Such information will regularly include not only a person’s name and (e-mail) address, for example, but also the IP address and any other information that could permit identification of that person.

2. Scope of Processing of Personal Data

In principle, we process personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The processing of personal data of our users takes place regularly only if the processing of the data is permitted by legal regulations or with the consent of the user.

3. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) EU General Data Protection Regulation (GDPR) serves as the legal basis.

For the processing of personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR constitutes the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures or steps prior to entering into a contract.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.

In the event that the vital interests of the data subject or another natural person require the processing of personal data, the legal basis is Art. 6 (1) (d) GDPR.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

4. Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

 

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

  • Date and time of access
  • Browser type, Browser version, Browser language
  • City/Region/Country
  • IP address of the user
  • User's system used

The data is stored in the log files of our system. IP addresses are only stored anonymously. This is done by storing the IP addresses in the log files by default by replacing the last three digits, which are selected randomly. The creation of a personal reference is no longer possible.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6 (1) (f) GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

The storage in log files takes place in order to ensure the functionality of the website and to ensure the technical administration of the network infrastructure. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems and we use the data to create and evaluate internal statistics. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 (1) (f) GDPR.

4. Duration of storage

The data is collected as soon as the website is accessed and deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the data is anonymized so that an assignment to a specific user is no longer possible. Backups are kept in encrypted form for 14 days.

5. Possibility of objection and removal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the use of the website. Consequently, there is no possibility of objection on the part of the user.

 

V. Contact form and e-mail contact

1. Description and scope of data processing

On our website we provide various contact forms for electronic contact as well as for sales, purchase or partner queries. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are:

  • First and last name (required)
  • E-mail address (required)
  • Telephone number
  • Enterprise
  • Country (required)
  • User's question (required, depending on the contact form)
  • Comments
  • Industry (required, depending on the contact form)
  • Product interest (required, depending on the contact form)

At the time of sending the message, the following data is also stored:

  • IP address
  • Date and time the message was sent
  • Utimaco home page URL

Alternatively, it is possible to contact us via the e-mail addresses provided. These are listed here: https://utimaco.com/company/contact-us. In this case, the user's personal data transmitted with the e-mail will be stored.

We process the user's personal data in order to process his or her contact request. If the user wishes to receive information about our products, the answer to his request can also be taken over by one of our sales partners in certain cases. An overview of the sales partners we use can be found on our Partner Locator on the partner website under https://utimaco.com/partners. For this purpose, we forward the user's data in such a case to the responsible partner. Both we and our sales partner have a legitimate interest in contacting you regarding product issues in accordance with Art. 6 (1) (f) GDPR.

In addition, the user can indicate in the contact form that he or she wishes to be informed by us from time to time about our products and services. He or she can give his or her consent to this, regardless of sending the contact form, by activating a check box. In this case, we will inform the user by e-mail and/or telephone about our products and services. In all other respects, the provisions of the newsletter under chapter VII. apply.

As part of our contact form, we use a so-called marketing automation tool called Pardot.Further information can be found in this privacy policy under chapter X.

2. Legal basis for data processing

The legal basis for the processing of data in the context of establishing contact is Art. 6 (1) (f) GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR.

If the user declares his or her consent to receive information about our products and services, the legal basis for this is Art. 6 (1) (a) GDPR. In all other respects, our regulations for receiving the newsletter in accordance with chapter VII. of this Privacy Policy apply.

3. Purpose of data processing

The processing of personal data in the context of establishing contact serves us on the one hand to process such contact requests. The personal data processed during the sending process from the input mask also serves to prevent misuse of the contact form and to ensure the security of our information technology systems. On the other hand, we process personal data of the user in the context of our marketing activities. This is our legitimate interest in data processing.

4. Duration of storage

The data is collected as soon as it has been transmitted via contact form or message and will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been conclusively clarified and no communication between us and the user is to be expected. This is the case no later than 18 months after the last contact by us or the user. In addition, we may retain data if you have given us permission to do so or if legal disputes arise and we use evidence under legal statutes of limitations, which can be up to thirty years; the regular statute of limitations is three years.

5. Possibility of objection and removal

The user has the possibility to object to the processing of personal data at any time. In such a case, the conversation cannot be continued. The objection can be declared to us by sending an e-mail to dataprotection@utimaco.com.

In addition, the user has the possibility at any time to revoke his or her consent to receive information about our products and services for the future. The revocation can be declared to us by sending an e-mail to dataprotection@utimaco.com or by activating the unsubscribe link contained in each newsletter.

In this case, the user's data will be deleted immediately, unless the deletion is contrary to reasons grounds from the law. More information can be found under chapter XI.

 

VI. Downloads

1. Description and scope of data processing

In our download area on our website https://utimaco.com/de/downloads "Downloads" there is the possibility to download various documents or to receive a download link. This is done by providing a few personal data. If the user provides his or her data, the processing of the data takes place with the consent of the user. The user will be informed of this before submitting any data and his or her consent will be obtained by activating a check box. In addition, cookies are used when initiating downloads (more on this in our Cookie Policy, see chapter IX.).

If the user enters his or her data in the input mask provided for this purpose, the following data will be collected:

  • First and last name (required)
  • E-mail address (required)
  • Company (required)
  • Country (required)
  • Branch of industry (required)
  • Interest (required)

In addition, the following data is processed:

  • IP address
  • Time zone
  • Date and time of download
  • Validity of the user's domain

Subject to a positive result of the verification of the country entry and the domain carried out by us, the user will receive an e-mail with the download link and the information on the revocation of his consent.

As part of our download section, we use the marketing automation tool called Pardot. Further information can be found in this privacy policy under chapter X.

2. Legal basis for data processing

The legal basis for the processing of the data with the consent of the user is Art. 6 (1) (a) GDPR.

The consent given also refers to the transfer of at least part of the personal data to the United States as a third country in accordance with Art. 49 (1) (a) GDPR. In the opinion of the European Court of Justice, there is currently no level of protection in the United States that is essentially equivalent to the GDPR. In addition, the legal remedies guaranteed to EU citizens by the Charter of Fundamental Rights of the European Union are limited. This applies in particular to legal protection options against the processing of personal data. There is a risk that the user's personal data may be processed by US authorities for control and monitoring purposes without the possibility of a legal remedy.

Inaddition, we may process personal data of the user in the context of our marketing activities based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR, provided the conditions are met.

The legal basis for the processing of data in compliance with our legal obligations in this context is Article 6 (1) (c) GDPR.

3. Purpose of data processing

By collecting the data, we can constantly optimize and continuously improve the offers on our website. In addition, we can identify which users are interested in our download content and better adapt it to demand.

The personal data processed during the sending process from the input mask also serve to prevent misuse of the download option and to ensure the security of our information technology systems. This is also our legitimate interest in data processing.

The country information is also checked for the purpose of fulfilling our legal obligations.

4. Duration of storage

The data will be collected and deleted upon transmission as soon as they are no longer required to achieve the purpose for which they were collected.

5. Possibility of objection and removal

The user can at any time object to the data processing in an e-mail to dataprotection@utimaco.com as described under chapter XI. and to revoke a consent given by him or her for the future. In this case, the user's data will be deleted immediately, unless the deletion is contrary to grounds arising from the law (see chapter XI.).

If the data is required to fulfil legal obligations, premature deletion of the data is only possible unless contractual or legal obligations prevent deletion.

 

VII. Newsletter

1. Description and scope of data processing

On our website it is possible to subscribe to a free newsletter. When registering for the newsletter, the following data from the input mask is transmitted to us:

  • First and last name (required)
  • E-mail address (required)
  • Company (required)
  • Country (required)

In addition, the following data is collected during registration:

  • IP address (anonymized)
  • Time zone/date and time of registration

Our newsletters also contain so-called tracking pixels (web bugs), on the basis of which we can recognize whether and when an e-mail was opened and which links in the e-mail the recipient has followed (so-called newsletter tracking).

For the dispatch of newsletters by the marketing automation tool Pardot, a transfer to the service provider Salesforce takes place. Further information on the newsletter dispatch by Pardot can be found under section 5 in chapter VII.

For the processing of the data, the user's consent is obtained during the registration process and via a subsequent confirmation e-mail and reference is made to this privacy policy (so-called double opt-in).

In addition, cookies are used as part of the registration process (more on this in our Cookie Policy, see chapter IX.).

The personal data processed during the sending process from the input mask also serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

2. Legal basis for data processing

The legal basis for the processing of data in the context of the newsletter subscription is the consent of the user in accordance with Art. 6 (1) (a) GDPR.

The consent given also refers to the transfer of at least part of the personal data to the United States as a third country in accordance with Art. 49 (1) (a) GDPR. In the opinion of the European Court of Justice, there is currently no level of protection in the United States that is essentially equivalent to the GDPR. In addition, the legal remedies guaranteed to EU citizens by the Charter of Fundamental Rights of the European Union are limited. This applies in particular to legal protection options against the processing of personal data. There is a risk that the user's personal data may be processed by US authorities for control and monitoring purposes without the possibility of a legal remedy.

The consent given also extends to the above under section VII.1. described so-called newsletter tracking.

We also process personal data of the user to prevent misuse of the service or email address in accordance with Art. 6 (1) (f) GDPR.

3. Purpose of data processing

The collection of the user's e-mail address serves to deliver the newsletter. The other data regarding newsletter tracking is processed by us so that we can optimally align our newsletters to the wishes and interests of our subscribers. This allows us to send personalized newsletters to the respective recipient.

Insofar as personal data is processed as part of the registration process for the purpose of preventing misuse of the services or the e-mail address used, this is our legitimate interest in data processing.

4. Duration of storage

The data from the input mask will be collected and stored and deleted when it is transmitted as soon as it is no longer necessary to achieve the purpose for which it was collected. If a user unsubscribes from the subscription, his or her data will be stored for the purpose that no newsletter may be sent to him. In addition, the user is shown that he or she has unsubscribed from the subscription at an earlier point in time and that he or she can order the newsletter again.

5. Newsletter dispatch via Pardot

We use our marketing automation tool Pardot to send our newsletters. The operating company is salesforce.com Germany GmbH, Erika-Mann-Straße 31-37, 80636 Munich, Germany. The data stored during the newsletter registration (e-mail address, name, company, IP address, country, time zone/date as well as the time of your registration) will be transmitted to a server of the company salesforce.com Germany GmbH in Germany and stored there. The e-mail address is initially stored only for the purpose of sending the user an e-mail in which he or she can confirm the inclusion in the e-mail list ("double opt-in"). If the e-mail address has been confirmed, it will be stored permanently in Pardot until the e-mail address is deleted by its owner by revocation or by us manually.

Further information on data protection at Pardot and a transfer to so-called third countries can be found in this privacy policy under section 4 in chapter X.

6. Possibility of objection and removal

The user can unsubscribe from the newsletter at any time by revoking his or her consent for the future. Details can be found in the confirmation e-mail as well as in each individual newsletter. Each newsletter contains an unsubscribe link corresponding to this purpose. In addition, the user can unsubscribe from the newsletter by e-mail to dataprotection@utimaco.com. In this case, the user's data will be stored for the purpose that the user may no longer be sent a newsletter, that he or she will be informed of this and that he or she can order the newsletter again. In addition, the deletion may be precluded by grounds arising from the law. More information can be found in chapter XI.

If the data is required to fulfil legal obligations, premature deletion of the data is only possible unless contractual or legal obligations prevent deletion.

 

VIII. Registration in the Utimaco Portal

1. Description and scope of data processing

On our website https://utimaco.com/downloads/free-simulators-and-sdks, we offer users the opportunity to register by providing personal data in order to test the Utimaco SecurityServer HSM simulator free of charge. The data is entered into an input mask during registration and transmitted to us and stored. The data will not be passed on to third parties. Subject to a positive result of the export law review carried out by us, the user will be activated with his or her registered data in the Utimaco portal.

During registration, the following data from the input mask is transmitted to us:

  • E-mail address (required)
  • Salutation (optional)
  • First name (required)
  • Last name (required)
  • Company (required)
  • Job title (optional)
  • Company website (required)
  • Street (required)
  • Country (required)
  • Region (optional)
  • City and postal code (required)
  • Telephone number (required)
  • Password (required)

At the time of registration, the following data is also stored:

  • IP address of the user
  • Date and time of registration

During the use of the portal, the following data is stored:

  • Customer
  • Newsletter (yes/no)
  • Password
  • Roles (access permission in the portal)
  • MAC Address
  • Username
  • URL access to portal
  • File name and path of information being accessed
  • Company name
  • IP address

As part of the registration for our portal, the user also has the opportunity to subscribe to our newsletter. For this purpose, the regulations for the newsletter in chapter VII. apply.

2. Legal basis for data processing

The legal basis for the processing of data for the use of our portal is Art. 6 (1) (f) GDPR.

If the registration serves the fulfilment of a contract to which the user is a party or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) (b) GDPR.

If the user makes a download of goods controlled by export law, Utimaco is legally obliged, if it is a download to a server outside the European Union, to report this download to the Federal Office of Economics and Export Control (BAFA). Its legal basis is the obligation in the General Authorization No. 16 (Telecommunications and Information Security) issued by the BAFA from and in the General Export Permit No. EU 001. The legal basis for the processing of the data in this context is Art. 6 (1) (c) GDPR.

3. Purpose of data processing

Upon completion of the registration, the user receives direct access to the download files provided by us. The processed data is required by us in order to enable the download and to ensure the provision of the respective software or other documents to the user. In addition, we process data of users who log into the portal in order to constantly optimize and continuously improve it.

The user's registration is required for export control checks and then for the fulfilment of a contract with the user or for the implementation of pre-contractual measures. If the user downloads goods controlled by export law outside the European Union, the data will also be processed for the purpose of being able to make the legally required reports to the BAFA described above. These purposes also constitute our legitimate interest in data processing.

4. Duration of storage

The data is collected as soon as the registration in the portal takes place and deleted as soon as it is no longer necessary to achieve the purpose for which it was collected.

This is the case for the data processed during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures if they are no longer necessary for the execution of the contract or the pre-contractual measures. Even after conclusion of the contract, there may be a need to store personal data of the contractual partner in order to comply with contractual or legal obligations, such as in particular to make the legally required export reports to the BAFA and to keep this documentation within the statutory retention periods.

5. Possibility of objection and removal

The user can object to the data processing at any time by e-mail to dataprotection@utimaco.com. In this case, the user's data will be deleted immediately, unless the deletion is contrary to grounds arising from the law. Further information can be found in chapter XI. The use of the portal is then no longer possible.

If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible unless contractual or legal obligations prevent deletion.

 

IX. Use of cookies

Information about the cookies we use and their functions can be found in our Cookie Policy. There you will also find information on how to change the cookie settings in your browser.

 

X. Use of website analysis services

1. Google-Analytics

On our website we use Google Analytics, a web analysis service provided by Google Inc. ("Google"), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses cookies that are stored on the user's computer and enable an analysis of the use of the website. The information generated by the cookies (including the user's IP address) is transmitted to a Google server in the United States and stored there. For more information on the use of cookies, please see our Cookie Policy (see chapter IX.).

The legal basis for the processing of personal data is § 25 para. 2 no. 2 TTDSG and Art. 6 para. 1 lit. f) DSGVO for necessary cookies. For cookies for analysis purposes (marketing and statistics cookies) in the presence of a relevant consent the legal basis is § 25 para 1 TTDSG and Art. 6 para 1 lit. a) DSGVO. For more information, please see our Cookie Policy

The following data is processed by Google Analytics:

  • Date and time of access
  • Length of stay per visitor and page
  • Visitor type and history (in terms of distinction between new and returning visitors)
  • Name and URL of the retrieved files and pages
  • Website from which access was made (origin page)
  • Websites accessed by the user's system via our website
  • The search term (from search engine input)
  • Entry and exit pages
  • Frequency of page views
  • Click Paths
  • Browser type, Browser version, Browser language
  • Operating system, screen resolution
  • City/Region/Country
  • Internet service provider of the user
  • connection speed
  • IP address of the user

Google uses this information to evaluate the use of the website by the user, to compile reports on website activity for website operators and to provide other services related to website activity and internet usage. In addition, Google may transfer this information to third parties if required to do so by law or if third parties process this data on behalf of Google. According to its own statement, Google will not associate the user's IP address with other Google data.

You can prevent the processing of your data by Google Analytics by means of a so-called opt-out cookie. This cookie is set when you download the following browser add-on to deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=en

We would like to point out that IP addresses are only processed in abbreviated form on this website. By using Google Analytics with the extension "_anonymizeIp()", a personal reference of the collected data is excluded.

The terms of use and privacy policy of Google and Google Analytics are available under https://marketingplatform.google.com/about/analytics/terms/us/ or under https://policies.google.com/.

Google Analytics is also used to evaluate data from Google AdWords for statistical purposes.

2. Google AdWords

For our online marketing, we use the AdWords function of Google. If the user reaches our website via a Google ad, a cookie is stored on the user's computer.

The legal basis for the processing of personal data is § 25 para. 2 no. 2 TTDSG and Art. 6 para. 1 lit. f) DSGVO for necessary cookies. For cookies for analysis purposes (marketing and statistics cookies) in the presence of a relevant consent the legal basis is § 25 para 1 TTDSG and Art. 6 para 1 lit. a) DSGVO. For more information, please see our Cookie Policy

These so-called "conversion cookies" are no longer active after 90 days and are not used to personally identify the user. If the user visits certain pages of our website while the cookie is still active, we and Google know that the user has been clicked on ads on Google and redirected to our website. Google uses the information obtained through "conversion cookies" to compile statistics for our website. These statistics show us the total number of users who clicked on our ad, as well as the pages of our website viewed by each user. However, neither we nor other advertisers who use "Google Adwords" receive information that can be used to personally identify users. The installation of "conversion cookies" can be prevented via the settings of the browser, e.g. by setting the browser to disable the automatic placement of cookies or by blocking cookies from the domain "googleadservices.com". For more information on the use of cookies, please see our Cookie Policy (see chapter IX.).

More information can be found at https://policies.google.com/technologies/ads?hl=en.

Further information on data protection at Google can be found at https://policies.google.com/privacy?hl=en.

3. Google Tag Manager

On our website we use Google Tag Manager, an organization tool of Google Inc. ("Google"), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA., to control advertisements. Tags are small sections of code that record your activities on our website.

Google Tag Manager is a solution that allows website tags to be centrally integrated and managed via a user interface. The Tag Manager itself, which implements the tags, is a cookie-less domain and does not collect any personal data. The Tag Manager triggers other tags, which in turn may collect data, but does not access this data itself. If you have opted out at the domain or cookie level, it will remain in place for all tracking tags implemented with Google Tag Manager.

4. Pardot

For our marketing activities as well as our marketing automation tool, we use the services of Pardot. The operating company is salesforce.com Germany GmbH, Erika-Mann-Straße 31-37, 80636 Munich, Germany.

Pardot is a software cloud solution that collects and stores data and, depending on the intended use, enables its use. The data collected is stored on Salesforce's servers in Frankfurt, Germany. In addition, a data transfer to the USA, a so-called third country, can take place.

Pardot is certified under the terms of APEC Privacy Recognition for Processors (PRP) (http://cbprs.org/compliance-directory/prp/) and ISO 27001/27017/27018 and is subject to TRUSTe's Privacy Seal (https://privacy.truste.com/privacy-seal/validation?rid=0a5802d6-2a9a-4865-9fe9-70e1140cf3b6). In addition, in accordance with Art. 28 GDPR, a data processing agreement has been concluded with salesforce.com Germany GmbH, which contains further suitable guarantees for data transfer to third countries in the form of standard data protection clauses. Salesforce has also taken additional measures to achieve an adequate level of data protection, in particular when dealing with government inquiries, which can be viewed on Salesforce data protection pages under https://www.salesforce.com/eu/company/privacy/.

Pardot uses so-called cookies, which are stored on the user's computer and enable an analysis of the use of the website. For more information on the use of cookies and a list of the cookies used by Pardot, please refer to our Cookie Policy (see chapter IX.).

The following personal data is collected:

  • IP address
  • Geographical location
  • Type of browser
  • Duration of the visit
  • Pages viewed

Furthermore, Pardot collects the data entered by the user if the user

  • fills out the contact form (see chapter V. Contact form and e-mail contact),
  • uses our download area (see chapter VI. Downloads), or
  • subscribes to our newsletter (see chapter VII. Newsletter).

For Salesforce's Privacy Policy, see https://www.salesforce.com/eu/company/privacy/

5. Purpose of data processing

We use these services to analyze the use of our website so that we can constantly optimize it and make it more user-friendly.

In addition, Pardot is an integrated software solution with which we cover various aspects of our online marketing. These include content management (website), e-mail marketing (newsletters and automated mailings, e.g. to provide downloads), social media publishing & reporting, reporting (e.g. traffic sources, accesses, etc.), contact management (e.g. user segmentation), landing pages and contact forms.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 (1) (f) GDPR.

6. Legal basis

The legal basis for the processing of the data is Art. 6 (1) (f) GDPR or, if the user has given his consent , Art. 25 (1) and Art. 6 (1) (a) GDPR.

We would like to point out that the consent you have given also applies to the transfer of at least part of your personal data to the United States as a third country in accordance with Article 49 (1) (a) GDPR. In the opinion of the European Court of Justice, there is no level of protection in the United States that is essentially equivalent to the GDPR. In addition, the legal remedies guaranteed to EU citizens by the Charter of Fundamental Rights of the European Union are limited. This applies in particular to legal protection options against the processing of personal data. There is a risk that your data will be processed by US authorities for control and monitoring purposes without you being granted any means of legal remedy. For this reason, the transmission of your data therefore takes place on the basis of the consent given by you.

7. Duration of storage

The data is collected as soon as the website is visited or as soon as a corresponding consent of the user has been given and deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In addition, we refer to the following points of this Privacy Policy as well as to our Cookie Policy:

  • V. Contact form and e-mail contact,
  • VI. Downloads and
  • VII. Newsletter.

8. Possibility of objection and removal

If the collection of personal data by website analysis services is generally not desired, the user can manage the use of cookies himself at any time and block or delete them through his/her browser settings. In addition, he/she can at any time object to the data processing in an e-mail to dataprotection@utimaco.com as described under chapter XI. and revoke any consent given by him or her for the future. In this case, the user's data will be deleted immediately, unless the deletion is contrary to grounds arising from the law.

XI. Use of Plugins

Information about the cookies we use and their functions can be found in our Cookie Policy. There you will also find information on how to change the cookie settings in your browser.

1. YouTube

YouTube is a video portal of YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (hereinafter "YouTube"). We have integrated at least one plug-in from YouTube in our online services. When you activate the PlugIn, your browser establishes a direct connection with the YouTube servers. This transmits the information to YouTube that your browser has visited the corresponding page of our online services, even if you do not have a YouTube account or are not logged into your account. This information is transmitted by your browser directly to a YouTube server in the USA and stored there.

If you are logged into your YouTube account at the same time, it is also possible to assign the page view to your YouTube account and you would enable YouTube to assign your surfing behavior directly to your personal profile.

If you wish to prevent this transmission and storage of your data and your behavior on our online services by YouTube, you must log out of YouTube before visiting our website and delete any cookies placed by YouTube.

For more information on the collection and use of your data by YouTube, please refer to their privacy policy at https://www.YouTube.com/static?template=privacy_guidelines and Google's privacy policy at https://www.google.com/policies/privacy/.

The legal basis for the processing of data is § 25 (1) TTDSG and Art. 6 (1) a DSGVO.

We would like to point out that the consent you have given also relates to the transfer of at least parts of your personal data to the US being a third country pursuant to Art. 49 (1) a) DSGVO. In the opinion of the European Court of Justice, there is no level of protection in the USA that is essentially equivalent to the one provided by the GDPR. In addition, the legal protection options guaranteed to EU citizens by the Charter of Fundamental Rights of the European Union are limited. This concerns in particular legal protection options against the processing of personal data. There is a risk that your data will be processed by US authorities, for control and for monitoring purposes, without you being granted legal remedies. For this reason, the transfer of your data is therefore based on the consent you have given.

2. Google Maps

On our website, we use Google Maps (API) from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") on the basis of your consent (Art. 6 para. 1 lit. a DSGVO, § 25 para. 1 TTDSG).

Google Maps is a web service for displaying interactive maps in order to visually present geographical information. By using this service, our location is displayed to you and it is easier for you to contact us. For example, you can display specialist dealers in your vicinity or plan a journey quickly and easily.

When accessing those sub-pages in which the map of Google Maps is integrated, information about your use of our website (such as your IP address) would be transmitted to Google servers in the USA and stored there in the event that you give us your consent for the integration of Google Maps via the Consent Banner. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account.

If you do not wish to be associated with your profile at Google, you must log out of Google before giving your consent and calling up a corresponding subpage with Google Maps map. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them.

Such evaluation is carried out in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO on the basis of your consent. Google in turn uses the data to display personalized advertising, market research and / or design its website to meet your needs. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right, as we have no influence over this.

If you do not agree to the future transmission of your data to Google in the context of the use of Google Maps, you also have the option of completely deactivating the Google Maps web service by turning off the JavaScript application in your browser. In this case however, Google Maps and the map display can no longer be used.

You can view Google's terms of use at https://www.google.de/intl/de/policies/terms/regional, the additional terms of use for Google Maps can be found at https://www.google.com/intl/de_US/help/terms_maps.

Detailed information on data protection in connection with the use of Google Maps can be found on the Google website ("Google Privacy Policy"): https://www.google.de/intl/de/policies/privacy.

We would like to point out that the consent you have given also relates to the transfer of at least parts of your personal data to the US being a third country pursuant to Art. 49 (1) a) DSGVO. In the opinion of the European Court of Justice, there is no level of protection in the USA that is essentially equivalent to the one provided by the GDPR. In addition, the legal protection options guaranteed to EU citizens by the Charter of Fundamental Rights of the European Union are limited. This concerns in particular legal protection options against the processing of personal data. There is a risk that your data will be processed by US authorities, for control and for monitoring purposes, without you being granted legal remedies. For this reason, the transfer of your data is therefore based on the consent you have given.

XII. Links to Social Media

On our website you will find links to the social media services of Kununu, Twitter, LinkedIn, Xing and YouTube. You can recognize links to the social media presences by the respective company logo. If you follow these links, you will reach the respective Utimaco social media company presence. When you click on one of the links, a connection to the servers of the social media service is established. This transmits to these servers that you have visited our website. In addition, further data is transmitted to the provider of the corresponding service. These are for example:

  • Address of the web page on which the activated link is located
  • Date and time when the website was accessed or the link was activated
  • Information about the browser and operating system used
  • IP address

If you are already logged in to the corresponding social media service at the time the link is activated, the provider may be able to determine your user name and possibly even your real name from the transmitted data and assign this information to your personal user account with the social media service. You can exclude this possibility of assignment to your personal user account if you log out of your user account beforehand.

The servers of the social media services are located in the US and other countries outside the European Union. The data may therefore be processed by the provider of the social media service in countries outside the European Union. Please note that companies in these countries are subject to data protection laws that do not generally protect personal data to the same extent as they do in the member states of the European Union.

Please note that we have no influence on the scope, type and purpose of the data processing by the respective provider. For more information on the use of your data by the social media services integrated on our website, please refer to the privacy policy of the respective social media service.

XIII. Rights of Data Subjects

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. Right to information

You can request confirmation from the controller as to whether personal data concerning you is being processed by us.

If such processing exists, you can request information from the controller about the following:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data processed;

(3) the recipients or categories of recipients to whom your personal data are or have been disclosed;

(4) the planned period of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;

(5) the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller or a right to object to such processing;

(6) the existence of a right to lodge complaints with a supervisory authority;

(7) all available information on the origin of personal data not obtained from the data subject;

(8) the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to receive information on whether your personal data are transferred to a third country or an international organization. In this context, you can require that we notify you of appropriate safeguards pursuant to Art. 46 GDPR in connection with any such transfer.

2. Right to Rectification

You have the right to require that the controller rectify and/or complete your personal data if the data that are processed are inaccurate or incomplete. The controller must make such changes without undue delay.

3. Right to Restrict Processing

Under the following conditions, you can request the restriction of the processing of your personal data:

(1) if you contest the accuracy of the personal data concerning you for a period of time that enables the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data;

(3) the controller no longer needs the personal data for the purposes of the processing, but you need them to assert, exercise or defend legal claims, or

(4) if you have objected to the processing pursuant to Article 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller override your reasons.

If the processing of your personal data has been restricted, this data may only be processed – apart from its storage – with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a EU Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to Erasure

a) Obligation to erase

You may request from the controller that the personal data concerning you be erased without undue delay and the controller is obliged to erase this data without undue delay if one of the following reasons applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You revoke your consent on which the processing was based in accordance with Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing.

(3) You object to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing in accordance with Art. 21 (2) GDPR.

(4) The personal data concerning you have been unlawfully processed.

(5) The deletion of personal data concerning you is necessary to fulfil a legal obligation under European Union law or the law of the EU Member States to which the controller is subject.

(6) The personal data concerning you have been collected in relation to information society services offered in accordance with Art. 8 (1) GDPR.

b) Information to Third Parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17(1) GDPR to erase them, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to them or copies or replications. of such personal data.

c) Exceptions

The right to erasure does not exist if the processing is necessary

(1) to exercise the right to freedom of expression and information;

(2) to comply with a legal obligation requiring processing under European Union or EU Member State law to which the controller is subject, or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the field of public health in accordance with Art. 9 (2) (h) and i as well as Art. 9 (3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the right referred to in Section a) is likely to render impossible or seriously impair the achievement of the objectives of this processing, or

(5) to assert, exercise or defend legal claims.

5. Right to information

If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right vis-à-vis the controller to be informed about these recipients.

6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data have been provided, provided that

(1) the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and

(2) processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct advertising.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

In connection with the use of information society services, you have the possibility – notwithstanding Directive 2002/58/EC – to exercise your right to object by automated means using technical specifications.

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects against you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the controller,

(2) is permitted by European Union or EU Member State law to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or

(3) with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Article 9 (1) GDPR, unless Article 9 (2) (a) or (g) GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.

10. Right to Lodge Complaints with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

XIV. Data protection declaration / information on data protection in social media

We maintain presences in the "social media", presently at Kununu, Twitter YouTube, Xing and LinkedIn. Insofar as we have control over the processing of your data, we ensure that the applicable data protection provisions are complied with.

Following, you will find important information on data protection law with regard to our presence in the social media.

1. Name and address of the controller for the company

In addition to Utimaco Management GmbH, the following companies are acting as controller for Utimaco’s presence in the social media within the meaning of the EU General Data Protection Regulation (GDPR) as well as other provisions of data protection law:

  • Kununu
    (New Work SE, Am Strandkai 1, 20457 Hamburg, Germany)
  • LinkedIn
    (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
  • Twitter
    (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland)
  • Xing
    (New Work SE, Am Strandkai 1, 20457 Hamburg, Germany)
  • Youtube
    Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland)

You will use these platforms and their functions in your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). We would also like to point out that your data may be processed outside the European Union.

2. Purpose and legal basis

We ourselves maintain the websites in order to communicate with the visitors of these pages and to inform them about our product offering.

In addition, we collect data for statistical purposes in order to be able to further develop and optimize the content and to make our offering more attractive. The data required for this purpose (e.g. total number of page views, page activity and data provided by visitors, interactions) is processed by the social media networks and made available to us. We have no influence on data generation and presentation.

In addition, your personal data will be processed by the providers of the social media for market research and advertising purposes. It is possible, for example, that user profiles are created based on your usage behavior and your interests resulting therefrom. This allows, among other things, advertisements to be placed within and outside the platforms that correspond to your interests. Cookies are usually stored on your computer for this purpose. Independently of this, data that is not collected directly on your end devices may also be stored in your user profiles. The storage and analysis also takes place across devices; this applies in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms.

Beyond that, we do not collect or process any personal data. The processing of your personal data by us is based on our legitimate interests in effective information and communication pursuant to Art. 6 para. 1 sentence 1 lit. f. DSGVO.

If you are asked for consent to data processing, i.e. if you declare your consent by confirming a button or similar (opt-in), the legal basis of the processing is Art. 6 para. 1 sentence 1 lit. a., Art. 7 DSGVO.

3. Your rights / option to object

If you are a member of a social media network and do not want the network to collect data about you via our presence and link it to your existing membership data with the respective social media network, you must

  • log out of the respective network before visiting our fan page,
  • delete the cookies stored on your device and
  • close and restart your browser.

After logging in again, however, you will again be recognizable to the social media network as a specific user.

For a detailed description of the respective processing and the opt-out options, please refer to the information linked below:

Overall, you are entitled to the rights listed under XIII regarding the processing of your personal data.

Since we do not have complete access to your personal data, you should contact the providers of the social media platforms directly if you wish to assert your rights, as they each have access to the personal data of their users and can take appropriate measures and provide information. If you still need help, we will of course try to support you. Please contact us at dataprotection@utimaco.com.

4. Information regarding copyright and copyright of art

If you want to publish pictures, texts, plans, videos, music, etc. on our website, you should know that you may thereby assign all rights of use to the network, which could ultimately have legal consequences for you if you are not the author or rights holder yourself.

Data Protection Information Zoom

XII. Further data protection information


Data protection information for online meetings, telephone conferences and webinars via "Zoom":

Data Protection Information Zoom

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.