Your personal data is collected and processed in compliance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR).
Responsible for the collection, processing and use of your personal data within the meaning of Art. 4 No. 7 DSGVO is:
Emmeram von Braun, Barbara Münch
The Controller alone or together with others decides on the purposes and means of processing personal data (e.g. names, contact data, etc.).
2. Granting consent / Revocation of your consent to data processing
Consent pursuant to Art. 6 para. 1 lit. a) GDPR is usually obtained by us in writing. In the case of electronic consent, this is done by placing a tick in the corresponding field to document the granting of consent; the content of the declaration of consent is logged electronically. Some data processing operations are only possible with your express consent. You can revoke your consent at any time. For the revocation, an informal communication by e-mail to the contact address stated in the imprint is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Please note that once you have given your consent – regardless of whether this is based on Article 6 para. 1 lit (a) or Article 9 para. 2 lit (a) GDPR – it can be revoked at any time with effect for the future – in full or in part; the lawfulness of the processing carried out on the basis of the consent up to the revocation remains unaffected by this.
3. Right to complain to the competent supervisory authority As a data subject, you have the right to complain to the competent supervisory authority in the event of a breach of data protection law. The competent supervisory authority for our company with regard to data protection issues is the Bavarian State Office for Data Protection Supervision (Bavarian DPA).
4. Right to data portability (Art. 20 GDPR)
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to third parties. The data will be provided in a machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done insofar as it is technically feasible.
5. Right of access, to rectification, erasure (Art. 15 – 17 GDPR)
You have the right to free information about your stored personal data, the origin of the data, its recipients and the purpose of data processing and, if necessary, a right to rectification or erasure of this data at any time within the scope of the applicable legal provisions. In this regard and also for further questions on the subject of personal data, you can contact us at any time via the contact options listed in the imprint.
6. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 para. 1 lit. (e) GDPR (data processing in the public interest) and/or Article 6 para. 1 lit. (f) GDPR (data processing in the context of legitimate interests); this also applies to profiling based on this provision within the meaning of Article 4 para. 4 GDPR and to direct marketing as defined in Article 21 para. 2 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate statutory legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. In principle, the objection can be made without any formalities. To exercise the right to object, you can contact the Controller as stipulated in section 1. above.
7. Data protection officer
You can contact our data protection officer at the following address:
CAPCAD Systems AG
Phone: +49 89 991 52 21 7
8. Communication via email
8.1. Processing of personal data and general principles
The processing of data is carried out to provide our services within the framework of the implementation of our service agreements with our customers or in order to carry out pre-contractual measures which take place upon request. The purposes of the data processing primarily depend on the specific services. We also use your personal data for administrative purposes, such as sending invoices and making payments. We also use your personal data to provide and administer our services. The legal basis for processing data in these cases is article 6 para.1 lit. (b) GDPR.
If processing is carried out to fulfil a legal obligation, Article 6 para. 1 lit. (c) GDPR is the legal basis.
Beyond the fulfilment of a contract, we also process your data to protect legitimate interests of us or third parties (Article 6 para. 1 lit. (f) GDPR). This comprises the following cases:
Insofar as the processing of personal data is not based on one of the aforementioned legal bases, the processing is permissible on the basis of consent granted by the data subject in accordance with Article 6 para. 1 lit. (a) GDPR.
If personal data is processed for purposes other than originally planned, the legal basis is Article 6 para. 4 GDPR.
8.2. Categories of Personal Data
We process the data that we have received from you in the course of initiating or processing a service relationship and on the basis of your consent. These are e.g.
Your master/contact data, this includes e.g.
In addition, we also process the following other personal data:
8.3. Processing of Supplier Data / Service Provider Data
We process data of suppliers and/or service providers (hereinafter uniformly referred to as "Suppliers"), who are or employ natural persons and whose services we request and/or use on a contractual basis, exclusively for the purpose of fulfilling or executing the contract. This may involve the data mentioned above. The legal basis for such data processing is Article 6 para. 1 lit. (b) GDPR (contract performance / implementation of pre-contractual measures). Section 8.1. (data processing for the enforcement of claims / compliance with legal provisions) above applies accordingly.
8.4. Persons Authorised to Access / Possible Recipients of Data
Within the aforementioned limits, we reserve the right to involve third party service providers (e.g. data processing centres, IT service providers, printing service providers, waste disposal companies, legal advisors and auditors) in the contractual relationship with our customers, who act on our behalf and according to instructions within the framework of the provision of services (“Processors”). These service providers may receive personal data or come into contact with personal data in the course of providing the service and constitute third parties or recipients within the meaning of the GDPR. In such a case, we ensure that our service providers provide sufficient guarantees that appropriate technical and organisational measures are in place and that processing operations are carried out in such a way that they comply with the requirements of the GDPR and ensure the protection of the rights of the data subject (Article 28 GDPR). Insofar as personal data is transferred to third parties and/or recipients outside of commissioned processing, we ensure that this is done exclusively in accordance with the legal requirements (GDPR, BDSG) and only if there is a corresponding legal basis or if consent is required for this purpose.
Your personal data is generally processed within the Federal Republic of Germany. If personal data is processed outside the Federal Republic of Germany in other EU member states or in states of the European Economic Area ("EEA") – e.g. by service providers – this is done in compliance with the relevant provisions of the GDPR and the BDSG.
A data transfer to third countries (countries outside the EEA) only takes place if this is necessary for the execution of a service relationship with a customer, if you have given us your consent to do so or if this is otherwise legally permissible. In this case, we take measures to ensure the protection of your data, for example through contractual regulations. We only transfer data to recipients who ensure the protection of your data in accordance with the provisions of the GDPR for transfers to third countries (Articles 44 to 49 GDPR).
8.5. Data Erasure Principles and Storage Period
Personal data will be erased if the data is no longer required for the purposes of implementing a service agreement with a customer.
Instead of erasure, the data may be stored under restriction of processing if this is provided for by the European or national legislator in EU regulations, laws or other provisions, in particular, for example, to comply with statutory retention obligations e.g. the German Fiscal Code (AO) or the German Commercial Code (HGB), currently between 2 to 10 years), and/or if there are legitimate interests in storing the data (e.g. during the course of limitation periods for the purpose of a possible legal defence (Sections 195 ff BGB), currently between 3 to 30 years).
The data will be deleted at the latest when a storage period prescribed by the aforementioned provisions expires, unless there is a need for further storage of the data for the conclusion of a contract or for other purposes or you have consented to longer storage (Article 6 para. 1 lit (a) GDPR).
9. Server log files
In server log files, the web server on which this Internet offer is provided collects and stores information that your browser automatically transmits to us. These are:
10. Contact form
Data transmitted via the contact form, including your contact data, will be stored in order to be able to process your inquiry or to be available for follow-up questions. This data will not be passed on without your consent. The data entered in the contact form will be processed exclusively on the basis of your consent (Article 6 para. 1 lit. (a) GDPR). A revocation of your already given consent is possible at any time. An informal notification by e-mail is sufficient for the revocation. The lawfulness of the personal data processing operations carried out up to the revocation remains unaffected by the revocation. Data transmitted via the contact form will remain with us until you request deletion, revoke your consent to storage or until there is no longer any need for data storage. Mandatory statutory provisions – in particular retention periods – remain unaffected.
11. Processing by third parties
In some cases, personal data may also be processed by third parties. Please refer to the following information for details.
|Name cookies||Purpose||Storage period||Type of cookie|
|User_consent||Consent site visitors||3 months||AssetMetrix|
|Visitor_id*||Marketing||10 years||Pardot (Salesforce)|
The processing is based on our legitimate interest pursuant to Article 6 para. 1 lit. (f) GDPR.
This website uses the web analysis service software Matomo (www.matomo.org), a service provided by InnoCraft Ltd., 7 Waterloo Quay PO625, 6140 Wellington, New Zealand ("Mataomo"), to collect and store data based on our legitimate interest in statistical analysis of user behaviour for optimisation and marketing purposes in accordance with Art. 6 para. 1 lit. f GDPR. From this data, pseudonymised user profiles can be created and evaluated for the same purpose. Cookies can be used for this purpose. Cookies are small text files that are stored locally in the cache of the Internet browser of the page visitor. The cookies enable, among other things, the recognition of the Internet browser. The data collected using Matomo technology (including your pseudonymised IP address) is processed on our servers. The information generated by the cookie in the pseudonymous user profile is not used to personally identify the visitor to this website and is not merged with personal data about the bearer of the pseudonym. If you do not agree with the storage and evaluation of this data from your visit, you may object to its storage and use at any time by clicking on here. In this case, a so-called Opt-Out-Cookie is stored in your browser, which means that Matomo does not collect any session data. Please note that the complete deletion of your cookies means that the opt-out cookie is also deleted and may have to be reactivated by you.
16. Google Ads und Google Conversion Tracking
17. Google Web Fonts
18. Links to other websites
Our website contains links to other websites. We have no influence on whether their operators comply with the data protection regulations.
19. Protection of the privacy of persons under 16 on the internet
Personal data of minors (under 16 years of age) is not knowingly collected or used by us in any form. As a rule, we do not learn the age of visitors to our website. However, we have not taken any specific measures to protect such data to any particular extent. No personal data may be transmitted to persons under the age of 16 without the express consent of their parents or guardians.
20. The security of your data
The data you provide to AssetMetrix GmbH is protected by appropriate technical and organisational measures with the aim of securing your data against – whether accidental or intentional – unlawful processing, loss, destruction, access by unauthorised persons or unauthorised disclosure to third parties. Our security measures are continuously monitored and improved in accordance with technological developments and organisational possibilities.