Privacy policy

Privacy policy of work4all GmbH

Preamble

We take the protection of personal data very seriously. The following data protection information provides an overview of the survey and suppliers. We want to provide a comprehensive overview of how we protect your data. It goes without saying that we comply with all legal provisions on the subject of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSD-neu).

This privacy policy applies both to our website www.work4all.de as well as the corresponding sub-pages, as well as for the administrative processing steps in our company.

In principle, we only collect and use personal data insofar as this is necessary to carry out the purposes specified later.

Stakeholders

  1. Name and contact details of the person responsible

The controller is the body that is responsible for processing your personal data and decides on the purpose and means of processing.

In this case, the responsible person is:

work4all GmbH
Max-Planck-Straße 6-8
50858 Köln, Germany
Phone +49-2234-6903-0
info@work4all.de

  1. Data protection officer

Our internal data protection officer is Mrs. Maria Keller. You can contact them at any time if you have any questions relating to data protection. Preferably by sending an email to datenschutz@work4all.de or in writing to work4all GmbH, Max-Planck-Str. 6-8, 50858 Cologne.

  1. Our employees

Commitment to confidentiality

Although the new GDPR no longer requires employees to have an explicit commitment to confidentiality (“A provision comparable to § 5 BDSG is not directly included in the GDPR.” Bavarian State Office for Data Protection, Activity Report 2015/16), we maintain a formal agreement with our employees on this point. On request, we can provide our customers with this sample letter.

Teaching/training/continuing education

Our employees are in constant contact with our internal data protection officer and are informed and informed on an ongoing basis. The induction of new employees includes appropriate training components.

  1. Competent authority

The authority responsible for us is as follows: The State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestrasse 2-4, 40213 Düsseldorf
0211 38424 — 0 poststelle@ldi.nrw.de http://www.ldi.nrw.de If you would like to exercise your rights as a data subject, you can contact this office directly using the contact details provided.

  1. Subcontractor

Our company does not hire subcontractors to carry out customer orders. Should this be necessary in individual cases, we obtain approval from the client and oblige the subcontractor to a sufficient extent with regard to data protection. The corresponding regulations are part of the AVV (contract data processing contract). Processing your data When, why and how we collect your data Our company develops, sells, trains and maintains our commercial software work4all (we are called our product). As part of this economic activity, personal data is collected in various situations. Below, we list in detail all current situations in which such data is generated and for what purpose it is stored. Personal data is information from which we can directly or indirectly infer who you are. For example, your first or last name, birthday, or email address. Please only provide us with data that you think we really need. In order to work efficiently, we use our own work4all software to carry out storage and further processing. In the following overview, you will find all of our current categories of processing processes:

  1. Initiating a business relationship in marketing/sales

If you are interested in the work4all software, you can usually contact us by telephone or, for example (according to customer recommendations), by e-mail or via our contact form on the homepage www.work4all.de. If you agree to the privacy policy listed there, you will be contacted from our side by telephone, by e-mail at info@work4all.de and possibly also by sending information material by post. The data entered in the contact form is stored in the work4all corporate solution:

  • Full company address including telephone number, homepage and email address
  • First and last name of the contact person with extension or mobile number and e-mail address.
  • The message left in the contact form with subsequent communication (letters, emails, telephone notes).

work4all GmbH never sends newsletters or serial emails to interested parties. The data will not be passed on to third parties. If you no longer agree to the storage of this data, it will be deleted (see separate “Rights” section).

The address with the personal data provided to us by the contact person will then be kept by us as an active interested party to provide further information and offers until further notice. In case of revocation or request, the data will be deleted.

  1. Presentation of work4all software via TeamViewer

In the case of an online presentation, the interested party is directed to the work4all GmbH workplace PC in Cologne, where the work4all software is presented using an installation with fictitious sample data; no data exchange takes place.

In some cases, it makes sense to present our own processes and data in an organization-oriented presentation. Here, the interested party sees internal projects, article data, booking accounts and individual cost documents. The customer and employee data collected in the program is anonymized using an automated process.

The address with the personal data provided to us by the contact person will then be kept by us as an active interested party to provide further information and offers until further notice. In case of revocation or request, the data will be deleted.

  1. Installing work4all on a prospective customer's server (for testing) or customer installations

3.1 Test installation at the prospective customer

As part of initiating a business relationship, the interested party may wish to have a test installation on a workstation PC or its server. It involves the installation of the original software (with the exception of a few modules) in the presence of the interested party's system administrator or the interested party himself, who grants server access. In addition to the software installation, there is no exchange of other data, no installation log is created, and work4all GmbH does not have passwords at any time.

3.2 Installing the work4all software

If the work4all software is purchased, the original software is completely installed on the server and a client is installed for demonstration purposes with the presence of the customer's system administrator, who grants access to the individual computers. Data exchange does not take place without an additional contract for order processing. An installation report is created in which the individual installation steps are entered depending on the module configuration. The log can be viewed at work4all GmbH at any time.

3.3 Installing the work4all modules for mobile data processing: APP

When installing the work4all app, the customer's mobile devices only access the customer server and load the data from the customer database from there. work4all GmbH has no access options here either, passwords are never known.

The following is a summary of all information that we store about the app from the customer and explains the process:

The work4all license database generally does not store user names, email addresses or other personal data.

Log in to your work4all app with your email address. Based on the domain of the email address (the part behind the @), your server address is determined.

For this purpose, the domain (one or more, depending on the customer's request) is linked to your work4all customer number. As a result, our license server returns the server address of your Work4all API. For this so-called Autodiscover service, only the back part of the email address is used, which means that no personal data is used.

Access to the data in the work4all database via the work4all API is then only possible with a valid combination of email address and password. If a user does not have a password, you can log in with the work4all Microsoft Windows client, but the API denies access without a password. After installation, work4all GmbH no longer has access to the customer system (see point 3.2). The only exception is remote access or maintenance mode, which is granted in the presence of the customer and must first be activated in work4all by an administrator. When this access is activated, a message appears that it must be deactivated by the customer after the support case has ended.

To collect telemetric data: Telemetric data is stored in work4all applications exclusively without personal data, i.e. without names and without e-mail addresses.

3.4 Installing the work4all modules for mobile data processing: Exchange Connector

If the work4all Exchange Connector is installed, the customer's mobile devices only access the customer server and load the data from the customer database from there. work4all GmbH has no access options here either, passwords are never known.

In work4all, the contact details of employees can be entered, among other things. By synchronizing with Outlook, both business and private data (address, mobile number, etc.) can be transferred to Outlook if the appropriate settings are set. If this behavior is not desired, the “Do not consider private data” function can be activated.

The feature in Exchange Connector is as follows:

cid:image002.png @01D3F7F3 .26139ED0

3.5 Moving the work4all software - server or database relocations

In the event of database or server relocations carried out by the customer, no personal data is known. In the presence of the customer or the customer's system administrator, entire files are migrated from A to B, and passwords and data are not visible or known at any time.

Following the customer installation, the address with the personal data provided to us will be kept by us as an active customer to provide further information regarding the work4all software until further notice. In case of revocation or request, the data will be deleted.

  1. Saving contact person data in connection with the entry of a ticket

For maintenance and support in connection with the work4all software, work4all uses an in-house ticket system. The customer sends all concerns by e-mail to a mailbox called support@work4all.de. The emails received here are created in the work4all software and assigned a ticket number to the contact person. The history of his personal data and associated processes can be traced and extracted at any time.

  1. Data backup of work4all's SQL database

work4all GmbH does not offer any system engineering, network or system administration services. The system requirements are always updated in the form of a PDF document in the SERVICE — DOWNLOAD section on the homepage, which the system administrator of the interested party or customer can use as a guide. Proper and regular data backup is the responsibility of the customer or his system administrator, both in terms of content and physics.

  1. Remote maintenance as part of support

With regard to maintenance and review of support cases in our customers' systems via TeamViewer or remote maintenance, we generally follow the recommendations of Bitkom, Federal Association of Information Technology, Telecommunications and New Media e.V. in Berlin. Accordingly, a contract for order processing is not necessarily required for this purpose alone.

“Orders for maintenance or testing of IT systems do not represent order processing unless the subject of the contract is data processing, but is aimed solely at providing support. Although it cannot be ruled out that personal data may also be taken note of by the IT service provider as a result of the system audit, according to the GDPR, there is no need to conclude regulations that comply with ADV requirements, as in accordance with Section 11 (5) BDSG.”

https://www.bitkom.org/NP-Themen/NP-Vertrauen-Sicherheit/Datenschutz/EU-DSG/170515-LF-Auftragsverarbeitung-online.pdf

The subject of the maintenance or testing of work4all at the customer's site is not data processing, but solely a support service aimed at how the work4all product works.

Although it cannot be ruled out that personal data by employees of work4all GmbH may also be taken note of as a result of the system audit, there are therefore no regulations that comply with ADV requirements, such as in Section 11 (5) BDSG.

Maintenance and testing are organized in such a way that the data is adequately protected in accordance with the duties of the person responsible set out in Article 24.

As part of the provision of services, employees of work4all GmbH ensure that the maintenance or testing activities are not abandoned. A confidentiality policy in the event that they nevertheless become aware of personal data in the course of remote maintenance is signed by our employees in the case of permanent employment.

  1. Applications

Applicants send their documents by post or email to the responsible person specified in the job advertisement at work4all GmbH. Once the application has been received, it will only be kept by this person: paper applications in a lockable cabinet, e-mail applications in a local e-mail box from the examiner (s). All communication only takes place via this mailbox or by telephone. The address data is never recorded in the corporate solution. After completion of the application process, the data submitted to us will be deleted.

  1. Employee data

In the work4all corporate solution, employee data is only stored with information relating to the company. Private addresses appear in supplier data for accounting processing of travel expense reports. Your rights If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis our company:

  1. Right to information

You can request confirmation from us as to whether personal data concerning you is being processed by us. If there is such processing, you can request information about the following information: (1) the purposes for which the personal data is processed; (2) the categories of personal data that are processed; (3) the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed; (4) the planned period of storage of personal data concerning you or, if specific information is not possible, criteria for which Determination of the storage period; (5) the existence of a right to correct or delete personal data concerning you, a right to restrict processing by the controller or a right to object to such processing; (6) the existence of a right of appeal to a supervisory authority; (7) all available information about the origin of the data if the personal data is not collected from the data subject; (8) the existence of automated decision-making, including profiling in accordance with Article 22 (1) and (4) GDPR and — at least in these cases — meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is being transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees in accordance with Article 46 GDPR in connection with the transfer.

  1. Right to rectification

You have the right to correct and/or complete the personal data concerning you if the processed personal data relating to you is incorrect or incomplete. We must make the correction immediately.

  1. Right to restrict processing

You can request that the processing of personal data concerning you be restricted under the following conditions:

(1) if you dispute the accuracy of the personal data concerning you for a period of time that enables us to verify the accuracy of the personal data;

(2) the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;

(3) the person responsible no longer needs the personal data for processing purposes, but you need them to assert, exercise or defend legal claims, or

(4) if you have filed an objection to processing in accordance with Article 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data — apart from storage — may only be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, we will inform you before the restriction is lifted.

  1. Right to delete

Obligation to delete

You can request that we delete the personal data relating to you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:

(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

(2) You withdraw your consent on which processing was based in accordance with Article 6 (1) (a) or Article 9 (2) (a) GDPR, and there is no other legal basis for processing.

(3) You object to processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate reasons for processing, or you object to processing in accordance with Article 21 (2) GDPR.

(4) The personal data concerning you was processed unlawfully.

(5) The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the person responsible is subject.

(6) The personal data concerning you was collected in relation to information society services offered in accordance with Article 8 (1) GDPR.

Information to third parties

If the person responsible has made the personal data concerning you public and is obliged to delete it in accordance with Article 17 (1) GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform data controllers who process the personal data that you, as a data subject, have deleted all links to this personal data or copies or replications of this personal data from them have requested personal data.

exemptions

The right to deletion does not exist insofar as processing is necessary

(1) to exercise the right to freedom of expression and information;

(2) to fulfill a legal obligation which requires processing under Union or Member State law to which the controller is subject, or to perform a task which is in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) GDPR, insofar as the right referred to in section a) is likely to make impossible or seriously impair the achievement of the objectives of this processing, or

(5) to assert, exercise or defend legal claims.

  1. Right to be informed

If you have asserted the right to correct, delete or restrict processing against us, we are obliged to notify all recipients to whom the personal data concerning you has been disclosed of this correction or deletion of the data or restriction of processing, unless this proves impossible or involves disproportionate effort.

You have the right to be informed by us about these recipients.

  1. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the person responsible, in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that

(1) processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract in accordance with Article 6 (1) (b) GDPR, and

(2) processing is carried out using automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected as a result.

The right to data portability does not apply to processing of personal data that is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible.

  1. Right to object

For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data concerning you, which is carried out on the basis of Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.

The controller will no longer process your personal data unless he can prove compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

Notwithstanding Directive 2002/58/EC, you have the option to exercise your right of objection in connection with the use of information society services by means of automated procedures using technical specifications.

  1. Right to withdraw the declaration of consent under data protection law

You have the right to withdraw your data protection consent at any time. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the withdrawal.

  1. Automated decision on a case-by-case basis, including profiling

You have the right not to be subject to a decision based exclusively on automated processing — including profiling — which has legal effect on you or significantly affects you in a similar way. This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the person responsible,

(2) is permitted by Union or Member State legislation to which the controller is subject and that legislation contains appropriate measures to protect your rights and freedoms and your legitimate interests, or

(3) is made with your express consent.

However, these decisions must not be based on special categories of personal data under Article 9 (1) GDPR, unless Article 9 (2) lit. a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to protect the rights and freedoms and your legitimate interests, including at least the right to obtain the action of a person from the controller, to express his own position and to challenge the decision.

  1. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

webpage

  1. cookies

Some of our websites use so-called cookies. Cookies do not cause any damage to your computer and do not contain any viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called “session cookies.” They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit. You can set your browser so that you are informed when cookies are set and only allow cookies in individual cases, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of this website may be limited.

  1. server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • operating system used
  • referrer URL
  • host name of the accessing computer
  • Time of server request

This data cannot be attributed to specific persons. This data is not combined with other data sources. We reserve the right to check this data retrospectively if we become aware of concrete evidence of illegal use.

  1. Google Analytics

Our website uses features of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies.” These are text files that are stored on your computer and allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Browser plugin You can prevent cookies from being saved by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to fully use all functions of our website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de Objection to data collection

You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie is set to prevent your data from being collected when you visit this website in the future: Deactivate Google Analytics

More information about how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

  1. Salesviewer

On this website, SalesViewer® technology from SalesViewer® GmbH collects and stores data for marketing, market research and optimization purposes in our legitimate interest (Art. 6 para. 1 lit. f DSGVO).

For this purpose, Javascript-based code is used, which is used to collect company-related data and use it accordingly. The data collected using this technology is encrypted using a non-recoverable one-way function (so-called hashing). The data is immediately pseudonymized and is not used to personally identify visitors to this website.

The data stored as part of Salesviewer is deleted as soon as it is no longer required for its purpose and the deletion does not conflict with any legal storage requirements.

You can object to the collection and storage of data at any time with effect for the future by clicking this link https://www.salesviewer.com/opt-out Click to prevent SalesViewer® from collecting data within this website in the future. An opt-out cookie for this website is stored on your device. If you delete your cookies in this browser, you must click on this link again.

5. Meta Pixel

Our website uses the conversion tool “Meta Pixel (Facebook Custom Audiences)” from Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand CanalHarbour, Dublin 2, Ireland. With the help of the meta pixel, Facebook/Instagram is able to identify you as a visitor to our website as a target group for displaying ads on Facebook and Instagram. For this purpose, Meta compares your user data (IP address, user ID) with the data from your Facebook/Instagram account. The data collected by Meta is anonymous to us and is deleted after 30 days. However, Meta stores and processes the data so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes, in accordance with the Facebook data usage policy (https://de-de.facebook.com/about/privacy/). As the site operator, we cannot influence this use of data.

We use the meta pixel to track the effectiveness of the ads by seeing whether users were redirected to our website after clicking on a Facebook/Instagram ad (so-called “conversion”). For more information on data protection at Meta, please see the Meta Privacy Policy. You can check your ad preferences on Facebook/Instagram at any time and adjust them yourself.

5. Email communication

By default, we communicate by e-mail with our customers, suppliers and interested parties as soon as the transaction has been initiated. By responding to our emails, you agree that the personal data and information contained in your email may be used and further processed for the purposes specified by us.

Your personal and content data will not be passed on to third parties without your consent, unless a legal provision makes this transfer necessary.

6. Reservation of amendment

We reserve the right to amend this privacy policy in accordance with legal requirements. Of course, we will inform you of any adjustments, such as changes in purpose or new processing instructions.