Contact Data Privacy Team
Fabasoft has a data security team (“Privacy Team”) entrusted with legal data security issues. You can contact the Privacy Team as follows:
Fabasoft AG, c/o Privacy Team, Honauerstrasse 4, 4020 Linz, Austria
A. General Information
A.1. Who is responsible for data processing? - The Group’s Structure
The Fabasoft-company, with which you have a legal relationship, is responsible for your data protection. You will find all Fabasoft companies listed here:
|Fabasoft AG (parent company)||Austria||Honauerstrasse 4
|Fabasoft International Services GmbH||Austria||Honauerstrasse 4
|Fabasoft R&D GmbH||Austria||Honauerstrasse 4
|Fabasoft Austria GmbH||Austria||Honauerstrasse 4
|Fabasoft Deutschland GmbH||Germany||THE SQUAIRE 14, Am Flughafen
60549 Frankfurt am Main
|Fabasoft Schweiz AG||Switzerland||Spitalgasse 36
|Mindbreeze GmbH *||Austria||Honauerstrasse 2
|Mindbreeze Corporation *||USA||180 N. Stetson, Suite 3500
Chicago, IL 60601
*Additional Information: Mindbreeze GmbH and its subsidiary company, the Mindbreeze Corporation, belong to the Fabasoft Group, but they have their own website, available at: www.mindbreeze.com and have their own public corporate design.
The current privacy statement provides information about how Fabasoft handles personal data within its business operations, in particular with regard to the Fabasoft website (www.fabasoft.com). Due to its particular characteristics, there are a number of additional, separate privacy statements for the following areas:
- for products and services offered by Fabasoft, in particular for Fabasoft Cloud Services (https://www.fabasoft.com/data-security, https://www.fabasoft.com/public-cloud/contract)
- for the products and services offered by Mindbreeze.
- for applicants during the application process
- for employees
- for other, specific processing areas, further privacy statements may exist and those affected by this will be notified separately.
With this privacy statement, Fabasoft is informing the data subjects of the nature, scope and purpose of the data they process, as well as informing them of their legal rights with regard to this. Since the technical and legal frameworks for processing personal data undergo continuous and progressive development, Fabasoft is committed to adhering to these changes.
A.2. Which data are processed? Where does the data come from (the data sources)?
Fabasoft processes personal data that has been collected directly from the data subject.
- Fabasoft processes personal data that it obtains through its business relations (with customers, suppliers, partners or support requests) in order to fulfil a contract or to implement pre-contract procedures.
- Fabasoft processes personal data supplied directly by the customers.
- Fabasoft processes personal data that are required in order to fulfil a legal obligation.
- Fabasoft processes personal data for which consent has been granted, for various reasons, by the data subject.
Personal data includes: title, first name(s), surname, email address(es), home address(es), telephone number(s), fax number, date of birth (if provided), contract details (incl. contact details of the contracting parties as well as contact persons), company details, other relevant information (correspondence history and contact details etc).
When you make use of our support, we process data about your support inquiry (problem description, log files, attachments, screenshots, communication, documentation of troubleshooting, contact details of the involved persons).
In addition, Fabasoft processes personal data that is not directly obtained from the data subject. Furthermore, information such as telephone numbers, job titles, gender, company, size of the company, titles, industry, street, post code, locations and country are retrieved from public sources, such as from a company register, land register, business register, the German Federal Gazette, as well as information published by individuals on the company’s website or on social media platforms.
A.3. Why is personal data processed and what is the legal basis for doing this?
- The fulfilment of contractual and pre-contractual obligations.
Processing personal data is important for providing products and services that are appropriate for the required/commissioned scope of the project. The purpose of data processing is strictly aligned with the commissioned product or service.
- The fulfilment of legal obligations.
As far as the processing of personal data is necessary to fulfil a legal obligation that is subject to our company, Art. 6 para. 1 lit. c DSGVO applies as the legal basis for data processing.
- Data processing and consent
If Fabasoft is granted the permission to process personal data, the processing is carried out in accordance with the established objectives. Consent can be withdrawn at any time. Until it is withdrawn, the consequent data processing is considered legal.
- Protecting legitimate interests
It is in Fabasoft interests to continuously improve its products and services. In order to receive feedback, Fabasoft invites parties to participate in surveys. A survey may be answered using personal data without notifying the data subjects. Disclosing personal information is voluntary and not a requirement. The results of these surveys contribute to the further improvement of Fabasoft products and services.
In the interest of Fabasoft customers (contractual relationship) and potential customers (pre-contractual measures), it is important for Fabasoft to provide regular information on the ongoing development of their products and services as well as on trends in this sector and topics that are relevant to the market. Fabasoft also hosts their own events, presents the company at events, holds webinars, and provides information by means of e-mail newsletters.
Those data received by Fabasoft in the course of its contractual relationship with the customer, will be processed by Fabasoft in order to send emails, letters or advertising brochures to customers for the purpose of depicting and presenting Fabasoft products (Art. 6 (1)(f) GDPR). The customer has the right to object to this processing of the customer's data for the purpose of direct advertising, said right can be exercised at any time without giving reasons by means of letter to Fabasoft c/o Privacy or email to firstname.lastname@example.org. Fabasoft will process the customer data for this purpose for as long as the customer lodges no objection, however, up to a maximum of 3 years after the last activity. Where other forms of direct advertising are concerned, Fabasoft will only process the customer data if the customer has expressly given its express consent to the processing of its data (Art. 6 (1)(a) GDPR). If the customer has given its consent to the data processing, it can revoke this consent without giving reasons by means of letter to Fabasoft or email to email@example.com. The processing of the personal data of the customer for the purpose of direct advertising is not necessary for the execution of the contractual relationship. The processing performed until objection is made against such processing or until consent is revoked shall remain lawful.
A.4. Who receives the personal data?
Within Fabasoft, the individual employees, departments or Fabasoft companies, that require it in order to fulfil contractual or legal obligations, such as legitimate interests, receive the personal data. Furthermore, if necessary, we will transfer your data to tax consultants and auditors for purposes of tax consultancy and auditing and, in individual cases, to lawyers and courts, if necessary for legal advice or law enforcement purposes. In individual cases, we also forward your data to our data protection officer in Austria or Germany in order to obtain advice on the implementation of data protection regulations, e.g. if you assert claims against us. In addition, Fabasoft employs various sub-contractors, to whom personal data is transferred to enable them to effectively carry out their respective services.
All sub-contractors are required to use the data solely for the purpose of providing the service that has been clearly defined by Fabasoft.
Through contractual agreements, Fabasoft collaborates with the following providers when dealing with marketing and communication:
- CleverReach GmbH & Co. KG, Rastede, Germany
Service: Sending and analysing of e-mail newsletters and e-mail direct mails via the marketing software CleverReach. The data required for the sending of e-mails (such as salutation or e-mail address) are stored on the CleverReach servers in Germany or Ireland. Fabasoft uses CleverReach to analyze the delivered e-mail newsletters and direct emails. This evaluation includes how many recipients have opened an e-mail or how many times a link has been clicked. Conversion tracking also enables the evaluation of whether a recipient has executed a specific action (e.g. registration for a webinar) after clicking on a link in an e-mail newsletter. The processing is based on your consent, which you can revoke at any time by using the unsubscribe feature at the end of each newsletter sent by Fabasoft. The legality of the already completed data processing operations remains unaffected by the revocation.
- LogMeIn. Inc, located in Boston, Massachusetts, USA
Service: Platform for the organisation and implementation of webinars.
Information on compliance with the GDPR: https://www.logmeininc.com/gdpr/gdpr-compliance
Swiss-US-Privacy Shield Framework and EU-US-Privacy Shield Framework:
- Lewis Communications GmbH, located in Düsseldorf, Germany.
Service: The agency provides services for Fabasoft concerning public relations
- Trummer & Team GmbH, located in Vienna, Austria
Service: The agency provides services for Fabasoft concerning public relations
- Fabasoft International Services GmbH
Service: The provision of services for the whole Fabasoft Group
- Fabasoft Austria GmbH
Service: Fabasoft Austria GmbH provides the customer support services for Fabasoft products.
Provided that personal data is sent to the USA, Fabasoft can ensure that there is a suitable level of data protection in place.
A.5. For how long is data stored?
Fabasoft stores personal data for as long as is necessary for the duration of the business relationship, from the initiation, to the execution and until the termination of the contract. In addition, it complies with the records management, retention and disposal policy, which stems from the legal business and fiscal retention requirement (usually a period of 10 years) or from the limitation periods outlined in the German Civil Code (up to 30 years).
Personal information (for example for a newsletter, announcement, webinar etc) that is submitted to Fabasoft with consent will be stored for a maximum of three years after its last activity, provided that it is not withdrawn before this period ends.
A.6. Where is the data stored?
Fabasoft stores data on its own hardware in highly secure, external data centres in Germany, Austria and Switzerland.
A.7. What are the data subject’s data protection rights?
You have the right to disclosure, correction, removal or restriction in the processing of the stored information. You have the right to object to the use of your personal information as well as the right to data portability in accordance with the requirements of the data protection law.
In the event that you withdraw consent to use your personal information, Fabasoft will immediately stop using this data, provided that the use of this data is solely based on your consent. Exceptions arise as a result of legal or contractual obligations, which render storing data necessary, but this is only in the event of the aforementioned obligations. The legitimacy of the processing, for which consent was granted, remains intact until the consent is withdrawn.
All Fabasoft companies may demand any of the rights outlined above through the following channels.
By email: firstname.lastname@example.org
By post: Fabasoft AG, c/o Privacy, Honauerstraße 4, 4020 Linz, Austria
All queries about rights should be addressed to Fabasoft in writing. In order to prevent any unauthorized persons from abusing these rights, you must prove your identity to Fabasoft in an appropriate manner. Everyone has the right to information.
Fabasoft may make further use of relevant personal information, provided that it is anonymized in advance and that it is not possible to relate this information to a particular or identifiable individual.
Complaints should be directed to the Austrian Data Protection Authority or to another data protection authority within the European Union or Switzerland, preferably where you live or work.
A.8. Contact with Data Protection Officers
Fabasoft has a data security team at its disposal that is dedicated to data protection issues (“Privacy Team”) The contact details for this privacy team are available at: https://www.fabasoft.com/privacy. The privacy team can be contacted at: email@example.com
As far as the GDPR, or rather national regulations, require, Fabasoft will appoint a data protection officer. The contact details of this data protection officer are available at: https://www.fabasoft.com/privacy
A.9. Compulsory provision of personal information
In the context of the business contract or pre-contractual procedures, personal data necessary for the execution of the business contract, and to which Fabasoft is legally obliged to collect, must be provided. If this information is not provided, the delivery of products and service, for example, will not be possible.
B. Additional Information About the Fabasoft Website
B.1. Data collection
The Fabasoft website collects general information with every visit. Such information includes, for example: the IP address, the type of browser used, the language, the login pages, the device used, the volume of data transmitted, the browsing history as well as the HTTP referrer.
Fabasoft does not use this data to draw any conclusions about the data subject. This information will be needed in order to successfully deliver the content of the website, to guarantee the website is always functioning or to provide relevant information to the authorities.
In addition, the Fabasoft website offers many opportunities to register your personal information or to get in contact with the company through the email addresses provided. The following Fabasoft companies are responsible for your data protection for the purposes listed in the tabular below:
- For Germany: Fabasoft Deutschland GmbH
- For Switzerland: Fabasoft Schweiz AG
- For Austria and all other countries: Fabasoft Austria GmbH
For a better overview, the ways in which you can register will be outlined separately:
Ways to register
|The purpose of data collection|
|To register for the newsletter “Fabasoft Times”||To send information about the product Fabasoft Cloud, as well as information on the issue of digitalisation, approx. 1x/month|
|To register for the newsletter “eGov”||To send information about Fabasoft’s product eGove-Suite, as well as information on the issue of E-Documents/E-Government, approx. 1x/quarter|
|Register for webinars||To send information about webinars, access details for webinar participants, check the status of registrations, as well as progress reports, and information about similar webinars or events (via the "Fabasoft Times" newsletter or a personal letter)|
|Register for Fabasoft events||To send information about events, communicate the status of registrations, as well as progress reports and to distribute information about similar events or webinars (via the "Fabasoft Times" newsletter or a personal letter)|
|Register for blog articles||Information about new blog articles available on the Fabasoft website, approx. 2x/month|
|Register to download resources
Selected documents such as whitepapers and case studies are made available here after registration.
|To forward the download link to the necessary documents via email
To send additional supporting information about the products or services via email
|Register for Fabasoft Cloud (Test access)||https://www.fabasoft.com/cloudservices/data-security
|Register for the Fabasoft Cloud as an existing customer or guest||https://www.fabasoft.com/cloudservices/data-security|
|Online application||See separate privacy statement “Data protection for applicants during the application process”|
|Request help from sales or support team||Contact the sales or support team|
|Fabasoft Shop (order Fabasoft Cloud)||https://www.fabasoft.com/public-cloud/contract
|Sign up for fee-based trainings||To send information about training, communicate the registration status, and to send information about similar trainings
|Providing information about products and services||To receive information about the technical advancements of products such as Release Notes, Software Product Information (SPI), Knowledge Base on a regular basis|
When registering for one or more of the purposes mentioned above, personal data will only be collected in the form of first name(s), surname(s), email address, company, job title, gender, telephone number, street, postcode, location and country. This information contributes to providing an efficient service and will be processed if consent is granted.
B.2. Sending requests to general email addresses
On the Fabasoft website, to contact Fabasoft additional general email addresses will be provided. When you send us an email, it is automatically directed to the relevant person so that you query can be processed.
|_ga||Google analytics cookie|
|_gid||Google analytics cookie|
|_gat||Google analytics cookie|
|JSESSIONID||Session ID for Mindbreeze search engine|
The two main types of cookies are session cookies and permanent cookies, which are separated into first-party and third-party cookies.
Session cookies are deleted at the end of the session (when you close your browser). They record navigation through the website so that the website “remembers” your entries. These session cookies are normally used to temporarily save the user’s entries when filling in online forms that span several pages or to temporarily save the information entered by the user when adding items to online shopping baskets. Examples of typical entries could be: Entering information when ordering online, choosing currency, whether the user is registered or simply when navigating the site.
Permanent cookies remain after the browser is closed and are automatically deleted 2 years after their last use at the latest. The information gathered by these cookies is still available to you after your session has ended, if you return to this website. In this instance, the information is related to language settings, layout preferences, login settings and preferred settings.
First-party cookies are the cookies set by Fabasoft and will only be used by Fabasoft, or you. Fabasoft mainly uses session cookies; meaning cookies that are deleted after 1 month at the latest. On the other hand, third-party cookies are not used directly by Fabasoft, but by third-parties. These can help third-parties track your overall navigation of the website and calculate the number of visits to and the length of time spent on the website.
B.4. The use of analytics services
Internet analytics service Google Analytics
We only use Google Analytics when IP anonymization is in place. This means that, within other European Union Member States or countries in the European Economic Area, Google will ensure that only part of the user’s IP address is shown. Only in exceptional circumstances will the full IP address be sent to a Google server in the USA, where it is shortened. The IP address of the user’s browser will not be merged with other information collected by Google.
You can prevent cookies from being stored by changing the settings on your internet browser. In addition, you can prevent Google from collecting or processing information from your cookies and about your use of online offers by downloading and installing the following browser plugin at this link: http://tools.google.com/dlpage/gaoptout?hl=de.
You can learn more about Google’s use of data for advertising purposes, the different ways to adjust your settings or to oppose the use of this information on Google’s website: https://www.google.com/intl/de/policies/privacy/partners (“Google’s use of the data collected from your visits to partner websites or Apps”), http://www.google.com/policies/technologies/ads (Using data for advertisement purposes”), http://www.google.de/settings/ads (“Managing the information that Google uses to show you advertisements”) and http://www.google.com/ads/preferences (“Determine which advertisements Google shows you”).
You can prevent Google Analytics from collecting information by clicking on the following link. An opt-out cookie will be available, which prevents the collection of further information when visiting the website. Deactivate Google Analytics
Fabasoft has integrated Google AdWords into its website. Google AdWords is an internet advertising service that permits advertisers to change the advertisements both on Google’s search engine results page and on Google’s Display Network. Google AdWords enables advertisers to specify certain key words in advance that will trigger the display of specific advertisements on Google’s search engine page if the user searches for a relevant key word in the search engine. On Google’s Display Network, advertisements are filtered by an automatic algorithm and taking into account key words that have been entered on similar internet sites.
The operating company that provides the Google AdWords service is Google Ireland Limited („Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of using Google AdWords is to advertise our website by placing interesting and relevant advertisements on third-party companies’ websites, onto Google’s search engine results page and to display third-party advertisements on our own website.
If one of Google’s advertisements succeeds in directing someone to our website, Google will file a so-called conversion cookie on this person’s device. Cookies have already been defined above.
A conversion cookie expires after thirty days and does not serve to identify the data subject. Provided that it has not yet expired, conversion cookies can be used to establish whether certain sub-sites, for example the basket in online shopping systems, are visited on our website.
Through conversion cookies, both we and Google can establish whether a data subject, who is directed to our website via an AdWords advertisement, generates revenue, for example by making purchases in the basket or if they cancel them.
Google uses the data and information collected by conversion cookies in order to generate statistics on the number of visits to our website.
On the other hand, we use these statistics to determine the total number of people using our website and how many of them are directed to us by AdWords advertisements. Therefore, we use this information to evaluate how successful various AdWords advertisements are at directing people to our site and in order to streamline our AdWords advertisements in the future. Neither our company nor Google AdWords’ other advertisement customers receive information from Google that would enable a data subject to be identified.
Through conversion cookies, personal information, for example internet sites visited by the data subject, will be stored. With each visit to our website, personal information will therefore be sent to Google in the USA, including the IP address of the data subject’s Internet connection. This personal information will be stored by Google in the USA. Google will pass on the personal information collected through online activity to third-parties if necessary.
This setting on the internet browser would also prevent Google from creating a conversion cookie on the data subject’s computer system. In addition, cookies that have been already established by Google AdWords can be deleted via the internet browser, or other software programmes, at any time.
Furthermore, the data subject may reject personalised advertising from Google. To do so, the data subject must use the following link to remove the internet browsers they used and to set their desired settings: https://www.google.de/settings/ads
This page uses the Google Maps map service via an API. The provider is Google Ireland Limited („Google”), Gordon House, Barrow Street, Dublin 4, Ireland. It is necessary to save your IP address in order to use the functions of Google Maps. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. Google Maps is used in the interest of presenting our online offers in an appealing manner and making it easier to find the locations we have indicated on the website. This constitutes a legitimate interest within the context of Art. 6 (1) (f) GDPR. You can find more information on the handling of user data in Google's data protection declaration: https://www.google.de/intl/de/policies/privacy
B.5. Social Media Icons
Fabasoft also provides links on this website to the following social media sites: Twitter, Facebook, YouTube, Xing, LinkedIn, Google+. Some of these links are displayed as icons. When you click on these social media icons (links) you will be subsequently redirected from the Fabasoft website to the respective social media site.
When you click on one of these links, you will be redirected to the respective website and are thus allowing the respective site operator to access your personal information. This collection of data is the sole responsibility of the respective provider and not of Fabasoft.
C. Data protection information for visitors to our Facebook Fan Page
If you visit our Fan Page (https://www.facebook.com/fabasoft and https://www.facebook.com/RoboterProgrammieren) on Facebook, we will process personal data in connection with this visit, regardless of whether you are registered on Facebook or whether you are logged in or not. Fan Pages are user accounts that can be set up by private individuals or companies on Facebook. This Fan Page allows us to present our company to Facebook users and individuals who visit our Fan Page, and also to communicate with these people.
Facebook provides the “Facebook Insights” function to Fan Page administrators. This function allows us to collect anonymised statistical data about the users and visitors to our Fan Page. This data is gathered using cookies. These are small text files that are saved by Facebook onto the hard drive of the visitor’s end device (for example computer, notebook, tablet, smartphone, etc.) via your internet browser. This information may be called up again during subsequent visits to the website and enables the website to recognise your device. The information stored in these cookies is received, recorded and processed by Facebook in a personalised form.
The purpose of using cookies is partly to improve Facebook’s marketing systems, but it also allows Facebook to provide us with statistics which we can use to manage and improve the commercialisation of our activities.
By creating the Fan Page, we are contributing to the processing of personal data belonging to visitors to our Fan Page, regardless of whether these visitors are registered with Facebook or not. Although Facebook provides the data collected using cookies to us solely in an anonymised form, the production of these statistics relies on the prior processing of personal data. For this reason, we, as administrators of the Fan Page, are involved in deciding the purposes and means of processing the personal data of visitors to our Fan Page, and as such, we are joint data controllers with Facebook as defined by Article 26 of the GDPR with regard to this processing. The main content of the agreement between the joint controllers is provided by Facebook Ireland.
Cookies placed by Facebook are stored for up to two years after being placed or updated. Cookies that are already being stored can be deleted at any time. In addition to this, you can prevent installation of cookies using your browser settings.
We have no access to the data stored in cookies in a personalised form and can therefore also not transfer this to third parties in a personalised form. Please find information about any possible recipients or any possible transfers of your data by Facebook to third countries in Facebook’s Data Policy (https://www.facebook.com/privacy/explanation) and Facebook’s cookie guidelines (https://www.facebook.com/policies/cookies).
In particular, we receive the following data categories from Facebook in an anonymised form:
Information about individuals:
- Individuals who “Like” our Fan Page: Gender, age, location and language,
- Individuals reached: Individuals for whom our post has been activated in the last 28 days,
- Interacting individuals: Individuals who have “Liked”, commented, shared or otherwise interacted with our posts in the last 28 days.
Information about “Likes”:
- Total number of “Likes” for the Fan Page,
- Number of new “Likes”,
- Breakdown of “Likes” according to origin (country, city/town), gender, age and language.
- Reach of posts: Number of individuals for whom our posts are made available, broken down according to paid and organic reach,
- Positive interactions: Details about “Likes”, comments, shared content and recommendations,
- Negative interactions: Posts hidden from timelines, marked as spam, “Disliked”,
- Number of Fan Page subscribers,
- Total reach: Number of individuals who are shown any action on our page.
Information about visits:
- Page and tab clicks: Information on how often each tab and each button (e.g. website, phone number, plan route buttons) on our Fan Page is viewed or clicked,
- Visitor behaviour: Information on whether the visitor hovers over the name or profile picture on the Fan Page to see a preview of the page content and information on whether visitors to the Fan Page are using a computer or a mobile device,
- External links: Information on how frequently individuals are directed to our Fan Page via a link on a website outside Facebook.
Information about posts:
- Online behaviour of our “fans”: Information about when the individuals who “Like” our page are on Facebook,
- Types of post: Information about the success of individual types of post, based on the average reach and interaction,
- Most popular posts from pages on our list of pages to watch: Display of interactions with posts on pages on our list of pages to watch.
Information about videos:
- Video views: Information about how often the videos on our Fan Page are viewed for more than three seconds,
- 30 second views: Information about how often the videos on our Fan Page are viewed for more than 30 seconds. If our video is less than 30 seconds long, individuals who watch at least 95% of the video will be counted,
- Top videos: Information about the videos on our Fan Page that are most frequently viewed for at least three seconds.
For requests to exercise your rights as data subject, or to withdraw your consent, please use the form linked in Facebook’s Data Policy for Page Insights Data (https://www.facebook.com/legal/terms/information_about_page_insights_data) or contact Facebook Ireland by post at Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.