Data Protection Policy
Protecting your personal data when collecting, processing and using it by virtue of you visiting our homepage is an important matter for us. At usedSoft Deutschland GmbH (hereinafter 'usedSoft'), particularly high importance is placed on protecting personal data. We would therefore like to use this opportunity to inform you about data protection in our company. It goes without saying that we comply with the statutory provisions of the General Data Protection regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG), and other provisions under data protection legislation.What data of yours usedSoft collects, how it is handled, and to whom it is made available etc. is summarised in the following data protection policy:
Name and address of the controller
The controller in the sense of the General Data Protection Regulation, other domestic data protection legislation of the Member States, other provisions under data protection legislation is:
usedSoft Deutschland GmbH
Phone: +49 231 9999 1000
Fax: +49 231 9999 1005
Email: [email protected]
Direct contact with a point of contact regarding data protection
The controller has appointed an external data protection officer and internal data protection coordinator for the company. For all questions about data protection such as requests for information, applications for access, or objections to data processing, please contact:
usedSoft Deutschland GmbH
c/o René Rautenberg
Email: [email protected]
Collecting and processing data
No data about you is collected by the usedSoft website (http://www.usedsoft.com) (for example first name, surname, address, telephone number, email address etc.) unless you provide us with such data on a voluntary basis (for example by completing our form on the website, survey, order etc.) or, as may apply, you have consented to the collection or processing of your data, or the corresponding legal provisions about protecting your data allow this.
usedSoft will not knowingly collect data of children without expressly pointing out that such data should only be provided with the consent of the parents if applicable legal provisions provide for this. In principle, data of children is only used or disclosed by usedSoft where permitted by law, for obtaining parental consent required by law, or for protecting children. Applicable national provisions and cultural customs are to be borne in mind here for the term 'child/children'.
Collecting and processing data when making contact with regard to business relationships or, as may apply, entering into a contract
If you make contact with us, for example for buying or selling products, we will collect the following information about you and, where applicable, your colleagues where they also contact us:
- salutation, first name, surname
- a valid email address
- telephone number (land line and/or mobile)
- information necessary for processing your specific enquiry.
This data is collected
- to be able to identify you as our (potential) client
- to be able to advise you appropriately
- for corresponding with you
- for invoicing
- for processing any liability claims in place as well as asserting any other claims resulting from the business relationship.
Data is processed in line with your enquiry and is required in accordance with Article 6 (1, 1, b) GDPR for the stated purposes, for the appropriate drawing up of a contract, and mutual compliance with obligations resulting from the business relationship.
Personal data collected by us during commissioning is stored for processing a purchase and/or sale, and then until expiry of the statutory duties of retention. It is then erased. By way of example, a duty of retention exists if we are bound by Article 6 (1, 1, c) GDPR to storage due to duties of retention and documentation under fiscal and commercial legislation (resulting from the German Commercial Code, the German Criminal Code or the German Fiscal Code). Storage (over and beyond this) is also possible if you have consented to such in accordance with Article 6 (1, 1, a) GDPR.In addition, the advice in this data protection policy applies accordingly, in particular with regard to your rights as a data subject.
In order to enable expeditious electronic communication, usedSoft can be reached via a contact form or by email. Where a data subject makes contact with usedSoft by email or via a contact form, personal data provided by the data subject is automatically stored.
Where you haven provided usedSoft with personal data, usedSoft only uses it for responding to your enquiries, performing contracts entered into with you, and for technical administration. Your personal data is only disclosed or otherwise transmitted to third parties if required for the purposes of performing a contract (in particular the forwarding of order details to suppliers), for invoicing purposes, or you have consented to it beforehand. You have the right to revoke consent granted with future effect at any time.
Personal data provided on a voluntary basis is stored on the basis of Article 6 (1, a) GDPR for the purposes of processing the enquiry and/or contacting the data subject. Where the enquiry is made with regard to performing a contract or implementing pre-contractual measures, the legal basis is Article 6 (1, b) GDPR. Personal data is not forwarded to third parties unless the data subject has consented to disclosure in advance or disclosure is necessary as part of the payment process.
In addition, for tending to the client relationship it may be necessary for usedSoft or a third party on behalf of usedSoft to use personal data to inform the data subject about usedSoft offers of use to the business activity of the data subject, or for the online collection of data used by usedSoft for better serving the requirements of the data subject. In this case, processing is on the basis of Article 6 (1, f) GDPR.
Stored personal data is erased if you revoke your consent to storage, if knowledge of it is no longer required for performing the purpose pursued with the purpose, or if its storage is not permitted for other legal reasons.
Use for a specific purpose
usedSoft will only collect, process or use personal data provided online by you for purposes of which you have been informed under this data protection policy or otherwise expressly informed where collection, processing or use
- is in direct connection with the original purpose of collecting the personal data,
- required for processing, negotiating and performing a contract with you,
- required due to legal obligations, or official or court order,
required for substantiating or protecting legal claims, or for defending against actions, serving to prevent abuse or other unlawful activity, for example intentional attacks on the usedSoft server systems for guaranteeing data security.
Details specific to communication or use
If you resort to telecommunications services on the usedSoft website, details specific to communication (e.g. internet protocol address) or, as may apply, details specific to use (e.g. details about the start and duration of use as well as telecommunications services used by you) are automatically created using technical resources. These may draw conclusions about personal data. Where collection, processing and use of your communication details specific to your communication or, as may apply, use is mandatory, it is subject to the statutory provisions regarding data protection.
Automatically collected non-personal data
If you access the usedSoft website, information is automatically collected on an occasional basis (i.e. not via registration) that is not assigned to a specific person (for example internet browser and operating system used; domain name of website from where you were directed; number of visits; average stay; pages accessed). usedSoft uses this information for determining the attractiveness of the usedSoft website, and improving its content and performance.
Disclosing personal data to third parties
Contractual provisions may require personal data to be disclosed to third parties. By way of example, this may enable the sending of goods by providing the shipping partner with the name and address of the recipient. The data subject failing to provide personal data or revoking consent results in the contract not being able to be performed, or not being able to be performed properly.
In addition, the provision of personal data is in part prescribed by law, for instance under tax law.
Under no circumstances will personal data be sold or otherwise marketed to third parties.
Data erasure and storage duration
Personal data of the data subject is erased or blocked as soon as the purpose of storage no longer exists. Storage may also occur if provision is made by European or national legislators in European Regulations, laws or other requirements to which the controller is subject. In this case, processing occurs on the basis of Article 6 (1, c) GDPR. Once the storage period intended by law has expired, the corresponding personal data is erased unless there is a requirement for continued storage of the data for entering into or performing a contract.
By means of technical and organisational security measures, usedSoft ensures that your personal data is protected against unintended or unlawful erasure, alteration or loss, and against unlawful disclosure or unlawful access.
Links to other websites
The usedSoft website contains links to other websites. usedSoft is not responsible for the data protection policies of these other websites. usedSoft evaluates in an anonymous manner those links that have been clicked on for statistical purposes. In this way, the specific person having clicked on the link cannot be identified.
If you visit the usedSoft website, usedSoft may place information on your computer in the form of cookies that automatically recognise you on your next visit. By way of example, cookies allow a website to adapt a website to your interests or save your password so that you do not have to re-enter it every time. If you do not want usedSoft to recognise your computer, set your internet browser in such a way to delete cookies from your computer hard drive, block all cookies, or warn you before a cookie is saved.
Automated decision-making and profiling
As a responsible company, usedSoft rejects automatic decision-making or profiling.
Newsletter subscription and data protection provisions for using MailChimp
usedSoft will use the information that you provide in the newsletter form for staying in contact with you and providing you with updates and marketing information. usedSoft arranges this service in part via a mailing service provider.
usedSoft sends its newsletter by means of the 'MailChimp' mailing service provider, a newsletter mailing platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA, as part of the Intuit-Group.
By subscribing to our newsletter, you consent to receive the newsletter and at the same time give your consent to the use of the delivery service provider "MailChimp" and to a statistical collection of your reading behaviour, without an adequacy decision of the European Commission pursuant to Regulation (EU) 2016/679 regarding the adequacy of the level of protection for the transfer and processing of this data outside the European Economic Area (EEA), but standard contractual clauses approved by the European Commission are used to ensure an adequate level of protection for the transfer and processing of such data outside the European Economic Area (EEA) in accordance with Regulation (EU) 2016/679.
The email addresses of our newsletter recipients as well as other data of theirs described in this respect is stored on MailChimp servers in the USA. MailChimp uses this information to mail and evaluate the newsletter on our behalf. In addition, according to its own information, MailChimp is able to use this data to optimise or improve its own services, for example to optimise mailing technology and represent the newsletter, or for commercial purposes to determine from what countries the recipients originate. However, MailChimp does not use the data from our newsletter recipients to make contact itself or forward to third parties.
About statistical collection and analysis by MailChimp in detail:
Our newsletter contains a so-called web beacon, i.e. a pixel-sized file called up by a MailChimp server when the newsletter is opened. When called up in this way, technical information, such as information about the browser and your system as well as you IP address at the time of being called up is collected. This information is used for technical improvement of the services by means of the technical data or of the target groups and their reading habits by means of its place of access (determinable with the help of the IP address) or the times of access.
Statistical collection also includes the determination of whether you have opened the newsletter, and what links have been clicked by you. For technical reasons, this information can indeed be assigned to individual newsletter recipients. Nevertheless, it is neither our intention, nor that of MailChimp, to monitor individual users. The evaluations serve usedSoft much more to identify the reading habits of the newsletter recipients and adapt the newsletter content accordingly, or to send different content according to the interests of the newsletter recipients.
You can cancel subscription to the newsletter at any time. Your consent to storing personal data that you granted usedSoft for mailing the newsletter can be revoked at any time. There is a corresponding link in every newsletter for the purpose of revoking consent. In addition, there is the possibility of you turning directly at any time to usedSoft via the contact options on this website for cancelling mailing of the newsletter.
Information about analysis tools
As explained in detail below, only with your consent will cookies be used and/or social plugins activated and, in turn, personal data processed in order to be able to analyse how our website is used.
In view of the discussion about the use of analysis tools with full IP addresses, usedSoft would like to point out that the usedSoft website uses Google Analytics with the extension '_anonymizeIp()' and therefore only further processes IP addresses in an abbreviated format to rule out them being linked directly to a person.
Google AdWords Conversion Tracking
Information about social plugins using 'Shariff'
Normal social media buttons pass user data every time pages are accessed to Facebook & co., and provide the social networks with precise information about surfing habits (user tracking). You need to be neither logged in nor on the network in this respect. By contrast, a Shariff button only establishes direct contact between the social network and the visitor if the latter actively clicks on the social plugin button in question (source and more information: www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html). Only if you interact with one of the plugins, for example by clicking on the 'Share' or 'Tweet' button, is this information sent directly to and stored on a server of the respective network. This information is also published via your profile and shown to your contacts.
By employing the data-protection-friendly 'Shariff solution, the website also uses social plugins from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter 'Google'). If you access pages containing such a plugin, after clicking on the social plugin data about your visiting habits is sent to Google servers. The website operator has no influence over the type and scope of the data collected and sent to Google. Being logged into Google allows Google to assign your visit to your Google account. You will find further information about data protection with the Google +1 button under: https://developers.google.com/+/web/buttons-policy.
By employing the data-protection-friendly 'Shariff solution', this website also uses plugins from Twitter Inc., 1355 Market St., Suite 900, San Francisco, CA 94103, USA (hereinafter 'Twitter'). If you access pages containing such a plugin, after clicking on the social plugin data about your visiting habits is sent to the Twitter server. The website operator has no influence over the type and scope of the data collected and sent to Twitter. Being logged into Twitter allows Twitter to assign your visit to your Twitter account.
Payment processing advice
As an external payment service provider, we use BS PAYONE GmbH (‘Payone’), Lyoner Straße 9, D-60528 Frankfurt/Main, via whose platforms we and users are able to perform payment transactions.
When performing orders, we use this payment service provider on the basis of Article 6 (1 b) GDPR. We also use the external payment service provider on the basis of our legitimate interests in accordance with Article 6 (1, f) GDPR to offer our users effective and secure payment options.
Data processed by the payment service provider includes master data such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs and check numbers, as well as contract-, amount- and recipient-specific details. The details are required for performing transactions. Nevertheless, data provided is only processed by the payment service provider and stored with them. In other words, we receive no account- or credit-card-specific information, rather merely information confirming or refusing payment. Under certain circumstances, data is forwarded by the payment service provider to credit agencies. This is forwarded for the purpose of checking identity and creditworthiness. In this respect, we refer to the T&Cs of the payment service provider, available at: https://www.payone.com/allgemeine-geschaeftsbedingungen/. You will find the Payone data protection policy at: https://www.payone.com/datenschutz/.The terms and conditions and data protection policy of the payment service provider apply to payment transactions, available on the respective website or, as may apply, in the respective transaction applications.
Legal bases for processing personal data
Where we obtain consent of the data subject for processing personal data, Article 6 (1, a) EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data required for performing a contract whose party is the data subject, Article 6 (1, b) GDPR serves as the legal basis. This also applies to processing required for implementing pre-contractual measures.
Where processing personal data is required for performing a legal obligation to which our company is subject, Article 6 (1, c) GDPR serves as the legal basis.
In the event of essential interests of the data subject or another natural person making processing of personal data necessary, Article 6 (1, d) GDPR serves as the legal basis.
Where processing is required for guaranteeing a legitimate interest of our company or a third party, and the interests and fundamental rights and freedoms of the data subject do not outweigh the first-stated interest, Article 6 (1, f) GDPR serves as the legal basis for the processing.
Rights of the data subject
The data subject is in principle entitled to the following rights under GDPR:
- Right of confirmation and access (see Article 15 GDPR)
- Right of rectification (see Article 16 GDPR)
- Right to revoke consent under data protection legislation (see Article 7 GDPR)
- Right to erasure ('right to be forgotten', see Article 17 GDPR)
- Right to restriction of processing (see Article 18 GDPR)
- Right to object (see Article 21 GDPR)
- Right to data portability (see Article 20 GDPR)
- Right to lodge a complaint with a supervisory authority (see Article GDPR)
In order to exercise one or more of these rights, please click on the 'Contact' link in the right-hand column or in the footer and contact us. You can send a message with your concerns to the email or postal address shown in the Legal Notice..
Express reference to the right to object in accordance with Article 21 GDPR
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data is processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.