I. Data Controller and Contact to our Data Protection Officer
The data controller for the Website as well as for the Services is
Pentland Firth Software GmbH
Baierbrunner Straße 85
81379, Munich, Germany
E-mail: [email protected]
Data Protection Officer
Pentland Firth Software GmbH
Baierbrunner Str. 85
81379, Munich, Germany
Phone: +49 89 - 59 08 37 0
You can also reach our data protection officer at [email protected].
II. Processing of Personal Data
1. data that we process when you call up our services
When you use our services, personal data is processed each time you access them for technical reasons.
As soon as you use our services, your browser or end device sends technical information to our web server, which is stored in server log files. In the process, the following usage and web access data is processed:
the date and time of your visit and the duration of your use of the website;
the IP address of your device;
the referral URL (the website from which you may have been redirected);
the sub-pages of the website visited; and
other information about your device (device type, browser type and version, settings, plug-ins installed, operating system).
This so-called usage data is processed exclusively in pseudonymous form to enable you to use the services and to ensure the functionality of the services. The data is generally not used to identify you as a person. In addition, we process the pseudonymous usage data to analyze the performance of the website, to continuously improve the website and to correct errors or to personalize the content of the website for you. Finally, we also process the usage data to ensure IT security and the operation of our systems and to prevent or detect misuse, in particular fraud. These server log files are deleted after a maximum of 7 days. The legal basis for processing this data is Article 6 (1) lit. f) GDPR, the protection and functionality of the services are legitimate interests in this sense.
2. data we process for the purpose of communication
If you contact us with an inquiry via the contact form provided on our site, we need your contact data and information about what it is about in order to answer your inquiry. Data processing for the purpose of contacting us is carried out in response to your request and on the basis of Article 6 (1) p. 1 lit. b GDPR to carry out pre-contractual measures or to protect our legitimate interests pursuant to Article 6 (1) p. 1 lit. f GDPR. Our legitimate interest is to be able to respond to requests and thus ensure a functioning customer service.
3. data we process for other purposes
In individual cases, your data may also be processed for other purposes. These include, for example, the transfer of your personal data to third parties if we are legally obliged to do so, but also for the purpose of asserting legal claims on our part or on the part of third parties or defending legal disputes. In these cases, the legal basis is either a legal obligation (Article 6 (1) lit. c) GDPR) or our legitimate interests or legitimate third-party interests (Article 6 (1) lit. f) GDPR), e.g. if we support users in enforcing rights.
4. disclosure of personal data / recipients
We treat your personal data carefully and confidentially and only pass it on to third parties in the rarest of cases.
Data recipients also include the service providers mentioned in our overview of cookies and analytics tools. Detailed information about these providers can be found in the information about cookies, web analytics and other tracking technologies at the end of this privacy statement.
data transfers outside the EEA:
We do not transfer your personal data to countries outside the EEA (so-called "third countries") without taking appropriate protective measures. However, third countries do not provide a level of data protection identical to that in the EU.
We will only transfer your personal data if
The Commission has adopted a so-called adequacy decision for the third country or the recipient in this third country,
appropriate safeguards are provided by the recipient in accordance with Article 46 of the GDPR for the protection of personal data (including any additional measures required),
you have expressly consented to the transfer, after we have informed you about the risks, in accordance with Article 49 (1) lit. a) GDPR,
the transfer is necessary for the performance of contractual obligations between you and us
or another exception from Article 49 GDPR applies.
Suitable guarantees according to Article 46 of the GDPR can be so-called standard data protection clauses, with which the recipient assures to sufficiently protect the data and thus to ensure a level of protection comparable to the GDPR.
purposes and recipients
Hosting of the website and storage of consent forms:
Cloudflare Germany GmbH
Rosental 7, c/o Mindspace, 80331 München
Registergericht: Amtsgericht München
Handelsregisternummer: HRB 242623
Bevollmächtigter Vertreter: Matthew Prince
We use Cloudflare Web Analytics from Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany, to analyse the behaviour of our website visitors.
Cloudflare Web Analytics tracks events without any reference to users and does not use any client-side state, such as cookies or local Storage, to collect usage metrics. We also don’t “fingerprint” individuals via their IP address, user agent string, or any other data for the purpose evaluating the functionalities of our website.
For more information about Cloudflare web analytics, please visit: https://www.cloudflare.com/web-analytics/
For more information about Cloudflare's privacy compliance: https://www.cloudflare.com/trust-hub/gdpr/
Cloudflare has its headquarters in the United States and data may be accessed from there.
The transfer is based on the EU Commission's adequacy decision of 10 July 2023, according to which data transferred to US companies participating in the EU-US Trans-Atlantic Data Privacy Framework and which have certified themselves in accordance with the Framework (DPF) enjoy comparable protection to EEA standards.
Cloudflare is registered under the DPF, see current status here: Participant Detail (dataprivacyframework.gov)
5. duration of storage:
We process and store your personal data as long as this is necessary to fulfill our contractual or legal obligations. If the data is no longer required for the fulfillment of legal obligations (e.g. tax or commercial law), it will be deleted, unless further processing is necessary for the preservation of evidence or the defense of legal claims against us, unless the processing is based on your consent. In this case, we will store your data until revoked.
6. your legal rights according to the GDPR:
You have the following rights vis-à-vis us:
Your right to withdraw consent given in accordance with Article 7 (3) GDPR. You can revoke a once granted consent at any time, without giving reasons with effect for the future.
Your right to information and disclosure in accordance with Article 15 GDPR, in particular you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data, if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.
Your right to rectification in accordance with Article 16 GDPR, e.g. if your data is incomplete or incorrect, you can request us to correct it.
Your right to erasure pursuant to Article 17 GDPR, if this is not (any longer) necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.
Your right to restriction of processing pursuant to Article 18 GDPR. You may request that your data be blocked, e.g. because you believe the data is inaccurate or the processing is unlawful, but you object to its erasure because you need it to assert, exercise or defend legal claims or you have objected to the processing pursuant to Article 21 GDPR.
Your right to data portability pursuant to Article 20 GDPR. You may request that we hand over data that you have provided to us in a structured, common and machine-readable format or transfer it to another controller.
Finally, you also have the right to lodge a complaint with the competent data protection supervisory authority (Article 77 GDPR). You can file this complaint both at your place of residence, at your place of work or at the place of the data protection breach you are complaining about. You can also file a complaint with the supervisory authority at our registered offices.
If you wish to exercise your rights as a data subject, you can also do so by contacting: [email protected]
Information about your right to object according to Article 21 GDPR
In addition to the rights already mentioned, you have the right to object at any time to the processing of your personal data on grounds relating to your particular situation, provided that such processing is carried out on the basis of Article 6 (1) lit. f) GDPR (data processing on the basis of a balance of interests). If you object, we will no longer process your personal data unless we can demonstrate circumstances that override your interests, rights and freedoms and therefore justify the processing.
You also have the right to object at any time to the processing of your personal data for the purpose of direct marketing (including subscription to our newsletter), without incurring any costs other than the transmission costs according to the prime rates; this also applies to the creation of a user profile (so-called "profiling"), insofar as this is associated with direct marketing. If you object, we will no longer process your personal data in the future.
Please note that you may not be able to use the website or services, or only to a limited extent, if you do not provide us with certain data or if you object to the use of this data. The objection can be submitted informally to [email protected] .
What are cookies?
Cookies are small text files containing information that are stored on your access device. They are usually used to assign a specific action or preference on a website to a user, but without identifying the user as a person or revealing their identity.
Cookies are not automatically good or bad, but it is worth understanding what you can do about them and making your own decisions about your data.
We use the following types of cookies, the scope and functionality of which are explained below: Session cookies and persistent cookies.
Session cookies are automatically deleted when you close your browser. This applies in particular to session cookies. They store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
Persistent cookies are also initially stored when you close your browser and then automatically deleted after a certain period of time, which may vary depending on the cookie. You can also delete the cookies at any time in the security settings of your browser.
You can reset your browser before or after your visit to our website so that all cookies are rejected or to indicate when a cookie is sent. By default, the setting of cookies can be managed by the browser program of your browser, including so that no cookies can be set at all or that cookies are deleted again as soon as you close your browser. Your browser may also have an anonymous browsing feature. You can use these functions of your browser yourself at any time. However, if you have disabled the setting of cookies in your browser by default, our website or services may not function properly.
Purposes and legal basis
The use of these technologies is solely for the purpose of making the use of our offer more pleasant for you and to ensure the security of our services. For example, we use session cookies to recognize that you have already visited individual pages of our services. These are automatically deleted after you leave our site.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your terminal device for a certain specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again. The data processed by these cookies are necessary for the aforementioned purposes to protect our legitimate interests as well as those of third parties in accordance with Article 6 (1) lit. f) GDPR.
Finally, we use - subject to your consent - cookies and other technologies to embed content and for marketing purposes.
The prerequisite for this is that you have given us prior consent in accordance with Article 6 (1) lit. a GDPR via our cookie management tool. You can revoke your consent for the future at any time via the cookie management tool. You can access the tool again at any time via the "Cookie Settings" button at the bottom of the website to check and adjust your consent settings.
We operate company pages on the networks Facebook, Instagram, LinkedIn, YouTube and Xing. In principle, the platform operators of these networks are solely responsible for the processing of personal data of their users. Insofar as we receive evaluations and analyses from the platform operators about the interactions with our content, we are thereby jointly responsible with
· Facebook: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereinafter: Facebook,
· Instagram: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter: Instagram
· LinkedIn: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, hereinafter: LinkedIn,
· YouTube & Google Maps: Google LLc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, hereinafter Youtube.
Responsible in the sense of Article 4 No. 7 of the General Data Protection Regulation (GDPR) for the processing of your personal data when you access our site or contact us via it.
We have reached agreement with the network operators as joint controllers of these pages.
The following agreements are authoritative in each case:
· Facebook & Instagram: Page Insights Addendum regarding the controller .
· LinkedIn: Page Insights Joint Controller Addendum https://legal.linkedin.com/pages-joint-controller-addendum from LinkedIn.
In these agreements, the providers assume the essential obligations under data protection law to inform data subjects and to fulfill data subject rights to data security and to report and inform in the event of data breaches. As providers of the social network, they have direct access to the required information and can also take any necessary measures and provide information immediately. If our support is nevertheless required, we can be contacted at any time. In particular, you can also assert your data subject rights against us at any time.
Page Insights evaluations
In connection with the operation of the above-mentioned social media profiles, we receive evaluations and analyses about the interactions with our content.
For this purpose, cookies and similar technologies such as pixels are used by the network operators when you visit our pages, and a unique user code is created in each case. This user code can be linked to the data of such users who are registered with the platform operators.
The visitor statistics created are transmitted to us exclusively in anonymized form and we do not have access to the underlying data in each case.
Purposes and legal basis
We use our social media pages to communicate with our customers, interested parties and users and to provide information about our range of services. In this context, we may receive further information, e.g. due to user comments, private messages or because you follow us or share our content. The processing is solely for the purpose of communicating and interacting with you.
We process user statistics so that we can better understand how to use our social media pages to further our business goals. We also operate our social media pages to present ourselves to and communicate with users of these platforms and other interested persons who visit our social media pages. The processing of the users' personal data is based on our legitimate interests in an optimized presentation of our company and products (Article 6 para. 1 p. 1 lit. f) GDPR).
Recipients and third country processing
The providers are U.S. companies that process personal data in insecure third countries. A third country is considered insecure if the EU Commission has not issued an adequacy decision for that country under Article 45(1) of the GDPR confirming that adequate protection for personal data exists in that country. EU citizens are not entitled to the same effective legal protections in third countries compared to the EU.
Facebook and Instagram: Meta Platforms Ireland Ltd transfers personal data to Meta Platforms Inc, 1 Hacker Way, Menlo Park, CA 94025, US based in the US, based on standard contractual clauses approved by the European Commission. We have no influence on these processing operations. We ourselves do not pass on any personal data that we receive via our Facebook page.
LinkedIn: LinkedIn transfers data to LinkedIn Corporation 1000 W Maude Ave Sunnyvale, CA, US on the basis of standard contractual clauses approved by the European Commission. We have no influence on these processing operations. We ourselves do not share any personal data we receive through our LinkedIn profile.
Google Ireland transfers data on the basis of standard contractual clauses approved by the European Commission to Google LLC., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (hereinafter: Google). We have no influence on these processing operations. We ourselves do not pass on any personal data that we receive via our Youtube channel.
You are entitled to the following objection options in particular:
Facebookand Instagram: Users of Facebook and Instagram can influence the extent to which their user behavior may be recorded when visiting our Facebook page or Instagram profile under the settings for advertising preferences. The Facebook settings or the form provided via Facebook for the right to object offer further options for objection. Settings for Instagram can also be made via the form.