data_protection_information_allplan_learn

Data Protection Information ALLPLAN LEARN NOW

PRIVACY NOTICE

Data protection is a particularly important topic at our company. This data protection declaration applies to the collection, processing and use of personal data in the context of the use of our ALLPLAN LEARN NOW learning platform, on the basis of Totara Open Source software. Our intention with ALLPLAN LEARN NOW is to offer our business partners the possibility of training in the use of our products. For this purpose, we have expanded our training offer for learning with ALLPLAN LEARN NOW. Personal data are all data relating to you personally, such as name, address, email addresses or user behavior. We have put in place extensive technical and operational safeguards to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. We regularly review our security measures and adapt them to technological progress.

1. RESPONSIBLE PARTY FOR DATA PROCESSING

Responsible party pursuant to Art. 4 (7) EU General Data Protection Regulation (GDPR) is

ALLPLAN GmbH
Konrad-Zuse-Platz 1
81829 München
Deutschland

E-Mail: info@allplan.com

2. GET IN TOUCH WITH OUR DATA PROTECTION OFFICER

Please contact our data protection officer at datenschutzbeauftragter@allplan.com or our postal address by adding “data protection officer”.

3. SCOPE OF THE DATA PROCESSING

For the purpose of operating our ALLPLAN LEARN NOW learning platform on the basis of Totara Open Source software, we use the agency Arrabiata Solutions GmbH, Seidlstraße 25, 80335 Munich, Germany (hereinafter “Arrabiata”) as a service provider. We have concluded an order processing agreement with Arrabiata in accordance with Art. 28 GDPR. Pursuant to this agreement, Arrabiata undertakes to ensure the necessary protection of your data and to process this exclusively on our behalf and according to our instructions, pursuant to data protection regulations. We use the service provider for the purpose of offering you our ALLPLAN LEARN NOW learning platform. The platform itself as well as the data processed therein are located at data centers of SpeedPartner GmbH, Blindeisenweg 43, 41468 Neuss, Germany; the data are thus processed within the EU.

3.1 Collection of personal data when calling up our website

Our ALLPLAN LEARN NOW learning platform may now be called up at learnnow.allplan.com. By calling up the ALLPLAN LEARN NOW website, even without registering or otherwise transmitting information to us (e.g., via a contact form), we collect the following technical information (log file data):

Data	Purpose of processing	Duration of storage
Operating system used	Evaluation by devices in order to ensure an optimized display of the website	The data are deleted in log files for the purpose of operating the website and to protect against misuse in accordance with our security regulations, as a matter of principle after 30 days.
Information about the type of browser and the version used	Evaluation of the browser used in order to optimize our websites for this purpose
IP address (stored in pseudonymized form)	Display of the website on the respective device
Date and time of access	Ensuring the proper operation of the website
If necessary, manufacturer and type designation of the smartphone, tablet or other end device	Evaluation of device manufacturers and types of mobile devices for statistical purposes
Name of site called up	Ensuring proper operation of the website
Referrer URL (source URL from which you came to the website)	Ensuring proper operation of the website

We collect this data for technical reasons to display our website to you and to ensure stability and security. We, Arrabiata and hosting service provider SpeedPartner are generally not aware of who is behind an IP address. We do not merge the above data with any other data.

The legal basis is the legitimate interest pursuant to Art. 6 (1) s. 1 lit. f GDPR. Within the framework of the balancing of interests pursuant to Art. 6 (1) lit. f GDPR, we have taken into account and weighed our interest in providing and your interest in processing your personal data in accordance with data protection. Since the following data are technically necessary for us to provide you with our service and also to ensure stability and security, in particular to protect from misuse, we have to process this data – while ensuring data security in line with the state of the art – taking due account of your interest in processing in line with data protection requirements. If the processing is based on another legal basis (e.g. consent according to Art. 6 (1) lit. a GDPR), this will be shown accordingly.

3.2 Registration

To use ALLPLAN LEARN NOW, prior one-off registration as an authorized user is first required. Your registration takes place in our customer service portal “ALLPLAN Connect”. Information on data protection when using our customer portal can be found at: https://connect.allplan.com/privacy-policy.html

Your registration takes place in the “ALLPLAN Connect” portal. Here we collect your personal data to create a user profile for you in ALLPLAN Connect and to provide you with a practical login process for using ALLPLAN LEARN NOW. For this purpose, the following of your personal data as a user of the platform are processed:

First name, last name,
Password (chosen by you),
Connect ID (for allocation to a company as licensee),
Email address (private or business),
Customer type (simple license, license + service (service-plus customer) or subscription customer)

Data are collected and stored for the purpose of creating a user profile in ALLPLAN Connect for you as a user. The data are also transferred to ALLPLAN LEARN NOW via an API data interface and stored within the system there in a user profile assigned to you. This is necessary to set up your access to ALLPLAN LEARN NOW and to offer you learning content assigned to your license. After successful registration, you will receive personal, password-protected access to ALLPLAN LEARN NOW.

The legal basis for the data processing is our legitimate interest according to Art. 6 (1) (f) GDPR to provide you with our learning platform ALLPLAN LEARN NOW, to ensure the security and stability of the website, to be able to offer you a user-friendly operating experience and to make suitable training content available to you on the basis of the specifically applicable license conditions of your company.

3.3 Use of the Portal

The ALLPLAN LEARN NOW dashboard displays learning content according to your specified favored categories. As a user, you can select your learning program from the content offered to you via the dashboard or the menu ribbon. The offered learning content fundamentally comprises the following formats:

analog questionnaires
learning by means of digital courses
learning with trainers in virtual course rooms/forums (in the form of mutual exchange or as streaming offer)

During use, various types of data relating to you will be processed. The type and scope of the processing of your data may vary, depending on which training courses are activated for you and which learning content is taught in these courses. Individual usage data allocated to your user profile include:

Course (teaching unit) and customer (company)
Learning progress data

o Start of course (status started/not started)

o Learning progress (in steps)

o Course completion (date)

o Last login (access to learning content)

Result/certificate

In addition, further usage data may be collected from you when you participate in webinars, online seminars or other online meetings that we offer via the GoToWebinar or GoToMeeting platforms (see below under 6. GoToMeeting/GoToWebinar).

As a user, you can see your current learning status for the courses you have completed to provide you with an insight into your own learning success by way of an informative user guide. User profiles and user data can also be viewed by our relevant specialist department at ALLPLAN, the ALLPLAN Admin, as well as the admin of our external processor, Arrabiata. Should you take advantage of learning offers that take place as online meetings with trainers in virtual course rooms, the trainers receive your course registration data (first name, last name). Furthermore, during training courses conducted via the GoToMeeting or GoToWebinar platforms, these trainers and other course participants may also receive further personal data (e.g. your name, data concerning your communication (postings, requests to speak, etc.) in the course of the respective meetings), depending on the selected settings.

Beyond this, neither your profile nor user data (name and performance data) will be shared with any third parties, for example your employer or other users.

The aforementioned processing of your data in the context of use of the LEARN NOW platform is carried out for the purpose of offering you our learning platform with its functionalities and intended learning formats and to make learning progress transparent in order to train you in the use of our products. The legal basis for the data processing is our legitimate interest according to Art. 6 (1) (f) GDPR to provide you with our learning platform, to ensure the security and stability of the website, to be able to offer you a user-friendly operating experience and to make suitable training content available to you on the basis of the specifically applicable license conditions of your company.

The data we collect are stored within the scope of statutory obligations and subsequently deleted. Personal data are generally only stored for as long as is necessary for the fulfillment of the aforementioned purposes, unless obligations of statutory proof and retention require the company to store the data for a longer period. In principle, we retain your data that are not subject to a statutory retention period or to Art. 17 (3) GDPR for as long as your employer and you are authorized customers and are interested in consuming our learning content, and for the duration that the data are required for this purpose.

You may delete the user profile you have created at any time via our “ALLPLAN Connect” service portal. Via the interface we have established to our learning platform, your data will then also be deleted (anonymized) there. Upon deletion of the account, all personal data not subject to a legal obligation to retain data or to Article 17 (3) GDPR will be anonymized.

4. COOKIES AND WEBSITE ANALYSIS

Our LEARN NOW website uses cookies. Cookies are files that are placed on your computer by a website you visit and allow your browser to be reassigned. Cookies transmit information to the entity that sets the cookie. Cookies can store various information, such as your language setting, the duration of your visit to our website or the entries you have made there. This ensures, for example, that you do not have to re-enter required form data each time you use it. The information stored in cookies can also be used to identify preferences and target content according to areas of interest.

There are different types of cookies: Session cookies are sets of data that are only temporarily held in memory and are deleted when you close your browser. Permanent or persistent cookies are automatically deleted after a predefined duration, which may differ depending on the cookie. With this type of cookies, the information can also be stored on your computer in text files. You can, however, also delete these cookies at any time via your browser settings.

First-party cookies are set by the website you are currently visiting. Only this website is allowed to read information from these cookies. Third-party cookies are set by organizations that are not operators of the website you are visiting. These cookies are used by marketing companies, for example.

The legal basis for possible processing of personal data by means of cookies and their storage period may vary. If you have given us your consent, the legal basis is Art. 6 (1) s. 1 lit. a GDPR. Insofar as the data processing is based on our overriding legitimate interests, the legal basis is Art. 6 (1) s. 1 lit. f GDPR. The stated purpose then corresponds to our legitimate interest.

We use cookies to ensure the proper operation of the website, to provide basic functionality, to measure reach and, with your consent, to tailor our services to preferred areas of interest.

You can delete cookies already stored on your mobile device at any time. If you want to prevent cookies from being stored, you can do so via the settings in your Internet browser. You can find instructions for popular browsers here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile. Alternatively, you can also install so-called ad blockers. Please note that individual functions of our website may not work if you have disabled the use of cookies.

4.1 Cookies

When accessing our website, all users of our website are also informed by an information banner about our use of cookies and referred to this privacy policy. Here, as a user, you will also be asked for your consent to the use of certain cookies, in particular those relevant for the personalization of services and for marketing measures. Once you have given your consent, you can revoke it at any time with future effect by calling up the cookie administration via the icon (fingerprint) in the lower left-hand corner of each page and unchecking the box next to processing to which you had consented. In the cookie manager you can also find more information about the cookies we use.

4.1.1 Technically necessary cookies

We use cookies to enhance the user-friendliness of our website. Some elements of our website require that the browser being used to call up the website can be identified even after switching to a new page.

Name of cookie	Purpose of processing	Duration of storage
TotaraSession	User login	Until logout or until the end of the current browser session.

Technically necessary cookies are mandatory to display the website and/or serve to re-authenticate the user in the system. As such, the user is not given the opportunity to object to these cookies; they can be deactivated in the settings of the respective browser.

4.2 Usercentrics

We use the Usercentrics service for the purpose of consent management. Usercentrics is software produced by Usercentrics GmbH, Rosental 4, 80331 Munich, Germany.

Usercentrics identifies the language used by your browser. They set a cookie to check whether you have already made a selection in our consent tool on a previous visit to our website. This cookie is necessary because it allows the website to recognize whether you have consented to tracking or not. Usercentrics also creates a log file in order to be able to prove that consent has been given. This file contains the de-identified IP address, information about the browser that was used, data about the scope of consent, and the date and time of the visit.

The legal basis for the processing is our legitimate interest pursuant to Art. 6 (1) (1) (f) GDPR.

The purpose of data processing is a user-friendly and legally compliant design of our website. We want to make it as easy as possible for you to give or withdraw consent and to increase the transparency of data processing using cookies, pixels, tags or similar on our website. Our legitimate interest also lies in the purpose of processing data.

The cookie containing your consent or refusal to use cookies is stored on your device for one year. Consent data (consent given and consent revoked) will be retained for three years. Cookies are stored on the user’s computer and transmitted from it to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings of your Internet browser, you can disable or restrict the transfer of cookies. You can delete cookies that have already been saved at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

4.3 Website analysis

To analyze and optimize our websites, we use various services as described below. We use these services to analyze how many users visit our site, what information is most in demand, or how users find an offer. We also record data on which Internet page a user came to our website from (so-called referrer), which sub-pages of the Internet page were accessed or how often and for how long a sub-page was viewed. This helps us to design our offers in a user-friendly way, to find errors and to improve our offers.

4.3.1 Matomo

On our website, we use the Open Source web analytics software Matomo, a software of “InnoCraft Ltd”, a company located at 150 Willis St, Wellington 6011, New Zealand. Since InnoCraft is located outside the EU, InnoCraft has appointed a representative in the EU (privacy@innocraft.com). The software is operated exclusively from our own servers.

They use cookies, to analyze the use of the website. For this purpose, the usage information collected in the cookie (including your shortened IP address) is transmitted to our server and stored for usage analysis purposes. Matomo does not transmit data to servers that are outside of our control. Your IP address is immediately de-identified during this process, so that you as a user are not identifiable to us. We do not share the information we collect about your use of this website with third parties. We use the collected data for statistical analysis of user behavior for the purpose of optimizing the functionality and stability of the website and for marketing purposes. Our interest in and purpose of data processing is to optimize our website, to adapt the content and to improve our offer. The user’s interests are sufficiently protected by de-identifying the data. We store the analysis data only as long as necessary for data processing purposes, but no longer than 14 months.

The legal basis for the described data processing is our legitimate interest pursuant to Art. 6 (1) s. 1 lit. a GDPR. Once you have given your consent, you can revoke it at any time with future effect by changing your selection in the cookie settings (see section 5 Cookies above). Alternatively, you can delete your cookies (all or only from this website). You will then see the banner with the options again.

4.3.2 Google Analytics 4

If you have given your consent, this website also uses Google Analytics 4, a web analytics service provided by Google LLC. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, (“Google”) Ireland.

Google Analytics 4 uses cookies that analyze how you use our websites. The information about your use of this website created by the cookie is usually transmitted to a server of Google in the U.S. and saved there.

Google Analytics 4 de-identifies IP addresses by default. When de-identifying your IP address, Google will truncate your IP address within Member States of the European Union or in other countries that are party to the Agreement on the European Economic Area. The full IP address is transmitted to a server of Google in the U.S. and shortened there only in exceptional cases. The IP address that is transmitted by your browser within the frame of Google Analytics is not combined with other data of Google.

During your website visit, your user behavior is recorded in the form of “events”. Such events can include but are not necessarily limited to:

Site views
First visit to the website
Start of the session
Your “click path”, interaction with the website
Scrolls (whenever a user scrolls to the end of the page (90%))
Clicks on external links
Internal search requests
Interaction with videos
Ads seen / clicked

They can also record:

Your approximate location (region)
Your IP address (in truncated form)
Technical information about your browser and the end devices you use (e.g. language setting, display resolution)
Your Internet provider
The referrer URL (via which website/advertising medium you came to this website)

On behalf of Allplan, Google will use this information for the purpose of evaluating your pseudonymous use of the website and compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

Recipients of the data are/may be:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 GDPR)
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, U.S.
Alphabet Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, U.S.

It cannot be ruled out that U.S. authorities will access the data stored by Google. Insofar as data are processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, U.S. A transmission of data to the U.S. and access by U.S. authorities to the data stored by Google cannot be ruled out. From a data protection perspective, the U.S. is currently considered a third country. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

The data sent by us and linked to cookies is automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

The legal basis for this data processing is your consent pursuant to Art. 6 (1) p.1 lit.a GDPR. Once you have given your consent, you can revoke it at any time with future effect by changing your selection in the tracking settings (cf. Cookies above). Alternatively, you can delete your cookies (all or only from this website). You will then see the banner with the options again.

Alternatively, you can prevent the storage of cookies from the outset by selecting the appropriate settings in your browser software. However, if you configure your browser to reject all cookies, you may experience limited functionality on this and other websites. You can also prevent cookies from collecting data relating to your use of the website (including your IP address) and prevent Google from processing this data by

1. not giving your consent to the setting of the cookie or

2. downloading and installing the browser add-on to disable Google Analytics https://tools.google.com/dlpage/gaoptout?hl=en .

For more information on the terms of use of Google Analytics and on data protection at Google, please visit https://marketingplatform.google.com/about/analytics/terms/us/ or https://policies.google.com/?hl=en.

4.3.3 Mouseflow

This website uses Mouseflow, a web analysis tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark. We have concluded an order processing contract with Mouseflow ApS in accordance with Art. 28 GDPR.

The data processing serves the purpose of improving customer communication and the needs-based design of the website. User behavior is analyzed with the help of the cookies used by the tool. The analysis results are then processed graphically, e.g. using so-called live heat maps. In particular, the following data is processed:

Mouse positions and so-called "hovers" (hovering of the mouse on buttons)
Number and positioning of clicks on a button
Time until a click has occurred
Scroll movement and speed
Time spent on the homepage
Viewing time of individual parts of the homepage
Points at which entries in a contact form are aborted (so-called conversion funnels)

This creates a log of mouse movements and clicks. We evaluate the logs of individual website visits on a random basis in order to derive improvements for the website. From the information in the logs, we can deduce which website areas are preferred by the website visitor.

Mouseflow assigns a so-called session ID, which tracks the page views and actions of a website visit. The session ID is stored in the user's browser in the form of a cookie, which can be used to interpret user behavior in a coherent manner. This cookie is automatically deleted after leaving the website. A user ID is also assigned, which is used to recognize returning users on the website. The user's behavior is then linked to data from previous visits. We store this analysis data for 30 days.

The legal basis for accessing the information is your consent in accordance with Section 25 (1) TTDSG. The legal basis for the data processing described is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. Once you have given your consent, you can withdraw it at any time with effect for the future by changing your selection in the cookie settings (see above, section 5. Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options will then be displayed again.

You also have the option of deactivating recording on all websites that use Mouseflow globally for the browser you are currently using via the following link: https://mouseflow.com/opt-out/. You can find more information on data protection at Mouseflow online at: https://mouseflow.com/legal/gdpr/.

4.3.4 Google Tag Manager

For transparency reasons, we would like to point out that we use the Google Tag Manager of the provider Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager itself does not collect any personal data. Google Tag Manager makes it easy for us to integrate and manage our tags. Tags are small pieces of code used to measure traffic and visitor behavior, track the impact of online advertising and social channels, set up remarketing and audience targeting, and test and optimize websites, among other things. We use the Tag Manager for the Google Analytics service. If you have disabled it, this disabling will be taken into account by Google Tag Manager. For more information on Google Tag Manager, please see: https://www.google.com/intl/de/tagmanager/use-policy.html.

5. VIMEO

Our LEARN NOW learning platform uses the services of Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA (“Vimeo”) to play video content (webinars and product information). These are loaded by Vimeo or transmitted via Vimeo. In the process, your data may be transferred to Vimeo. Our intended purpose of the integration of Vimeo videos is to make our offers on the platform more interesting and attractive for users and to achieve better presentation of content for the training and user-relevant use of our products.

When you call up a page of the e-learning platform in which a video is embedded via Vimeo, a connection is usually established to the Vimeo servers and data are sent to servers in the USA, thereby transmitting information about the website you have visited to the Vimeo server. By using our consent management tool, this process is prevented if you have not consented to data processing with regard to Vimeo. Thus, as a consequence of the integration of Vimeo, no data are transferred without your consent.

With regard to our use of Vimeo, to protect your personal data we use the service in so-called “Do Not Track” mode, so that the setting of cookies by Vimeo is prevented.

If you have consented to data processing by Vimeo via the consent management tool, you agree that data about you will be transferred to Vimeo by means of cookies and similar technologies used by Vimeo when you watch a video, regardless of whether you have a Vimeo account or not. This includes but is not limited to your IP address, technical information concerning the type of browser you are using, your operating system and fundamental device information. If you are logged in to Vimeo at that time, information about videos you watch can be assigned to your Vimeo member account. You can prevent this by logging out of your member account before visiting the platform.

Vimeo is based in the USA and thus in a non-secure third country where the level of data protection is lower than in the EU/EEA. To provide the service, Vimeo also uses data centers in the USA. Your data may therefore also be processed on servers in the USA. We would like to point out that, according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks in connection with the legality and security of data processing. To guarantee an adequate level of data protection, EU standard contractual clauses pursuant to Art. 46 GDPR have been concluded with Vimeo; these are provided by the EU Commission to ensure that your data are processed in accordance with the European standard of data protection even if the data are transferred to and stored in third countries such as the USA.

The legal basis for the described data processing is your consent pursuant to Article 6 (1) (a) GDPR. You may revoke this consent with effect for the future at any time within our consent management tool. Further information concerning Vimeo’s data protection is provided by Vimeo under the following link: https://vimeo.com/privacy.

6. GOTOWEBINAR AND GOTOMEETING

In order to be able to offer webinars and online events for training purposes on LEARN NOW, the GoToMeeting and GoToWebinar services of the company LogMeIn Ireland Limited (Bloodstone Building Block C70 Sir John Rogerson's Quay Dublin 2, Ireland) are used. Within the scope of registration and use, personal data are also transmitted to the service provider LogMeIn; however, pursuant to Art. 28 GDPR, LogMeIn may only use your data as a processor on an order-related basis for the implementation of the webinar or virtual course.

Within the scope of registering for a webinar or online event via the event login, we process the following personal data provided by you:

1. GoToWebinar (personal data can only be viewed by trainers, not by participants)

First and last name
Email address

2. GoToMeeting (personal data can be viewed by all participants)

First and last name (voluntary)
Email address (voluntary)

In the registration form, voluntary information is designated as such. To enter a virtual room, at least the name is required. However, this can be pseudonymized when entering the virtual room.

When you use GoToMeeting and GoToWebinar, various types of data are processed. The scope of the data also depends on the data you provide before or during your participation in an online meeting or webinar.

User details (displayed username, email address if applicable, optional profile picture, preferred language)
Meeting metadata (e.g. participant IP address, date, time, meeting ID, phone numbers, location, attendance (time of joining and leaving)), hardware/device information data (end device operating system, browser (type, version, language settings))
Text, audio and video data (if used): text entered in the chat function, audio information when using microphone (optional), image information transmitted via connected camera (optional), screen transmission (optional).
User ID (to assign your participation in a webinar/online meeting to your user profile in LEARN NOW)

Data about your device, operating system and browser are only used for the purpose of providing, optimizing and securing the services of GoToMeeting and GoToWebinar. Your participant information is used for the purpose of identification in the webinar or online meeting. Transmitted video and audio data are processed for the purpose of conducting the webinar or online meeting. The user ID helps us to assign your participation to your user profile in LEARN NOW. All of the aforementioned processing of your data in the context of use of our learning platform is carried out for the purpose of offering you our learning platform with its functionalities and intended learning formats and to make learning progress transparent.

The legal basis for the data processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR to offer you training content on LEARN NOW in the form of webinars and online meetings and to make suitable training content available to you. Should the webinar/meeting be conducted in the context of an existing contractual relationship or a soon-to-be initiated contractual relationship, the additional legal basis is Art. 6 (1) (b) GDPR.

Personal data processed in connection with participation in webinars or online meetings fundamentally will not be disclosed to third parties, provided the data are not intended for disclosure. During a webinar or online meeting, trainers and other course participants may become aware of personal data about you (e.g. your name, data concerning your communication in the course of the respective meetings (chat content, image and audio data)), depending on the selected settings. Your data can also be viewed by our relevant specialist department at ALLPLAN, the ALLPLAN Admin, as well as the processor LogMeIn.

GoToMeeting and GoToWebinar are services of the provider LogMeIn; in the course of using the applications, data are also processed outside the EU/EEA in third countries such as the USA. This data processing is secured by us through contracts for commissioned processing pursuant to Art. 28 GDPR with LogMeIn. To guarantee an adequate level of data protection, EU standard contractual clauses pursuant to Art. 46 GDPR have been concluded; these are provided by the EU Commission to ensure that your data are processed in accordance with the European standard of data protection even if the data are transferred to and stored in third countries such as the USA.

Further information on data protection and data security from LogMeIn can be found here:

7. DATA TRANSFER

Your personal data will not be transferred to third parties for purposes other than those listed.

We will only share your personal data with third parties if:

you have given your express consent to this,
the disclosure is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
there is a legal obligation for the disclosure, and
this is legally permissible and necessary for the processing of contractual relationships with you.

External service providers and partner companies receive your data only to the extent necessary to process your order. In these cases, however, the scope of the data transmitted is limited to the minimum required. Insofar as our service providers come into contact with your personal data, we ensure within the framework of commissioned processing pursuant to Art. 28 GDPR that they comply with the provisions of the data protection laws in the same manner. Please also note the respective privacy notices of the providers. The respective service provider is responsible for the content of third-party services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness.

We consider it important to process your data within the EU/EEA. However, we may sometimes use service providers who process data outside the EU/EEA. In these cases, we ensure that an adequate level of data protection is established at the recipient before transferring your personal data. This means that via EU standard contracts or an adequacy decision of the European Commission, a level of data protection is achieved that is comparable to the standards within the EU.

In the event of data transfer outside the European Union, the high European level of data protection generally does not exist. In the case of a transfer, it may be that there is currently no adequacy decision by the EU Commission within the meaning of Art. 45 (1), (3) GDPR. This means that the EU Commission has not yet positively determined that the country-specific level of data protection corresponds to the level of data protection in the European Union based on the GDPR; therefore, we have put in place the aforementioned appropriate guarantees.

Possible risks that may not be completely excluded in connection with the transfer of data include, in particular:

Your personal data could possibly be processed beyond the actual purpose.
In addition, there is the possibility that you may not be able to assert and enforce your rights under data protection law, such as your right to information, correction, deletion or data portability, in the long term.
There may also be a higher probability that incorrect data processing may occur and that the protection of personal data does not fully comply with the requirements of the GDPR in terms of quantity and quality.

8. DATA SECURITY

Your personal data are transferred securely at ALLPLAN using encryption. This applies to all form processes (including registration, login, ordering). ALLPLAN uses the SSL/TLS (Secure Socket Layer/Transport Layer Security) coding system. Whilst no one can guarantee absolute protection, ALLPLAN secures its website and other systems against loss, destruction, access, modification or distribution of your data by unauthorized persons by means of technical and organizational measures. We regularly review our security measures and adapt them to technological progress.

9. YOUR RIGHTS

You have the following rights with respect to us regarding personal data concerning you:

9.1 General rights

You have a right to information, correction, deletion, restriction of processing, objection to processing and data portability. Insofar as processing is based on your consent, you have the right to revoke this consent with effect for the future.

To exercise your rights, please contact us by email at datenschutzbeauftragter@allplan.com or by mail at ALLPLAN Deutschland GmbH, Konrad-Zuse-Platz 1, 81829 Munich, Germany. The exercise of your rights described in this point is free of charge for you.

9.2 Rights in data processing according to legitimate interest

Pursuant to Art. 21 (1) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (e) GDPR (data processing in the public interest) or on the basis of Art. 6 (1) (f) GDPR (data processing for the purposes of safeguarding a legitimate interest); this also applies to profiling based on this provision. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

9.3 Rights in case of direct advertising

If we process your personal data for the purpose of direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising pursuant to Art. 21 (2) GDPR; this also applies to profiling, insofar as it is associated with such direct advertising.

In the event of your objection to processing for the purpose of direct advertising, we will no longer process your personal data for these purposes.

9.4 Right to complain to a supervisory authority

Without prejudice to these rights and the possibility of seeking any other administrative or judicial remedy, you may at any time exercise your right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection law (Art. 77 GDPR).

10. LINKS TO OTHER WEBSITES

Our websites may contain links to websites of other providers. We would like to point out that this privacy notice applies exclusively to the website www.ALLPLAN.com. We have no influence on and do not control that other providers comply with the applicable data protection regulations.

11. AMENDMENTS TO THE DATA PROTECTION DECLARATION

We reserve the right to change or adapt this privacy notice at any time in compliance with the applicable data protection regulations.

As of: March 12, 2024