SoftMaker logo

Data-protection statement

SoftMaker takes the protection of your personal data seriously. In this data-protection statement, we first define some terms and then describe:

  • what data we receive from you, store and process,
  • on which legal basis we receive, store and process your data,
  • how long we retain your data,
  • how you can contact us regarding data protection at SoftMaker,
  • and which rights you can assert against us with regard to your data.

Definitions

In this data-protection statement, we use the following definitions:

  1. GDPR is the General Data Protection Regulation that harmonizes the rules for the processing of personal data by private companies and public authorities throughout the European Union.
  2. Personal data means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  3. Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  4. Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
  5. Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
  6. Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
  7. Filing system means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.
  8. Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  9. Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  10. Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
  11. Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
  12. Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Controller

The controller within the meaning of the GDPR and other data-protection regulations is:

SoftMaker Software GmbH
Kronacher Str. 7
90427 Nuremberg
Germany
Phone: +49 911 9363860
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
Web site: www.softmaker.com

(hereinafter also referred to as “SoftMaker” or “we”)

Use of our web sites

When you visit our web sites, our system automatically collects a series of data:

  • the IP address and/or host name of your computer
  • the name, language and version of your browser
  • the operating system used for accessing our web sites
  • the referrer URL (the previously visited page)
  • the date and time of your access
  • the time-zone difference to Greenwich Mean Time (GMT)
  • the content of the request (specific page)
  • the transferred data volume
  • the access status and HTTP status code

We do not use this data to personally identify you. Instead, we need it:

  • for summarized and anonymized usage statistics
  • for the optimization of our web sites and their advertising
  • for ensuring the functionality of our web sites
  • to support law enforcement agencies in the event of a cyber attack

The log files of our web sites are stored separately from other personal data.

Cookies

Like many other web sites, our web sites use "cookies". These are small text files that the browser stores on your computer when you visit a web site. A cookie stores small amounts of data, for example a "cookie ID". This is a unique string of characters that allows web sites to associate page views with a specific browser. A particular browser can be identified by the cookie ID.

We use cookies for the following purposes, among others:

  • to increase the user-friendliness of our web sites
  • to store your preferences, for example the language of the web sites
  • to save your login credentials, for example when you access our online shop
  • to provide a shopping cart for your orders

You can delete cookies in your browser at any time, and you can configure all common browsers so that cookies are generally not stored. By the latter you express your objection to the setting of cookies. If you deactivate the setting of cookies, you may not be able to use all functions of our web sites.

Registration on our web sites

You can register on our web sites, for example to create a customer account in our online shop or to request free software.

For this you need to provide certain personal data. You can identify which personal data this is by examining the input mask that appears during registration. In addition to the visible entries, your IP address and the date and time of access are collected and stored. We need this additional data to be able to trace the possible abuse of an e-mail address and thus for our legal protection.

Furthermore, we store which products you have ordered, including product keys or serial numbers. This serves to increase the user-friendliness, as you can call up this information later in our customer center.

This data will not be passed on to third parties, with the exception that:

  • there is a legal obligation to pass on the data, or
  • a court of competent jurisdiction or a law enforcement authority orders the passing on of the data, or
  • it is necessary to pass on the data to assert, exercise or defend any legal claims.

Subscription to our newsletter

When you register on our web sites to receive our e-mail newsletter, you need to provide certain personal data.

You can identify which personal data this is by examining the input mask that appears during registration. In addition to the visible entries, your IP address and the date and time of access are collected and stored. We need this additional data to be able to trace the possible abuse of an e-mail address and thus for our legal protection.

We will send a confirmation e-mail to the e-mail address you provide during registration as part of our double opt-in process. With this confirmation e-mail, we verify that you are the actual owner of the e-mail address and agree to receiving the newsletter.

If you click the confirmation link in the e-mail, we collect and store your current IP address and the date and time of the click. We collect this additional data to be able to trace the possible abuse of an e-mail address and thus for our legal protection.

If you purchase goods or services from our web sites or request free goods or services and provide your e-mail address, we reserve the right to use it for sending you our newsletter. This serves our legitimate interest in contacting our customers for advertising, which predominates in the weighing of interests. The legal basis for this is Article 6(1)(f) GDPR.

This data will not be passed on to third parties, with the exception that:

  • there is a legal obligation to pass on the data, or
  • a court of competent jurisdiction or a law enforcement authority orders the passing on of the data, or
  • it is necessary to pass on the data to assert, exercise or defend any legal claims.

You can unsubscribe from our newsletter at any time. The newsletter contains a link to unsubscribe. You can also instruct us by other means, for example by e-mail or contact form, to stop sending you our newsletter.

Contact via e-mail or contact form

If you contact us by e-mail or through one of our contact forms, certain personal data will be collected and stored by us.

Contact using a contact form: You can identify which personal data this is by examining the input mask that appears on the contact form. In addition to the visible entries, your IP address and the date and time of access are collected and stored. We need this additional data to be able to trace the possible abuse of an e-mail address and thus for our legal protection.

Contact by e-mail: If you contact us by e-mail, the personal data collected and stored by us will be the complete e-mail message that you send us, including all headers.

This data will not be passed on to third parties, with the exception that:

  • there is a legal obligation to pass on the data, or
  • a court of competent jurisdiction or a law enforcement authority orders the passing on of the data, or
  • it is necessary to pass on the data to assert, exercise or defend any legal claims.

Comment function in our blog and discussion forums

You can write comments in our blog and discussion forums. If you do this, the user name you have chosen (your pseudonym) will be saved and published in addition to the text of your comment.

We also store your IP address and the date and time of your access. This is for our protection if your comment contains infringing content or abuses our blog or discussion forum.

Additionally, when you create a user account in our blog or discussion forums, certain personal data will be collected and stored by us. You can identify which personal data this is by examining the input mask that appears on the account-creation form. In addition to the visible entries, your IP address and the date and time of access are collected and stored. This is for our protection if your comment contains infringing content or abuses our blog or discussion forum.

This data will not be passed on to third parties, with the exception that:

  • there is a legal obligation to pass on the data, or
  • a court of competent jurisdiction or a law enforcement authority orders the passing on of the data, or
  • it is necessary to pass on the data to assert, exercise or defend any legal claims.

Profiling

We do not use profiling.

Legal basis of the processing

For data-processing operations where we request consent for a specific processing purpose, Article 6(1)(a) GDPR serves as the legal basis for the processing. If the processing of personal data is necessary for the performance of a contract with the data subject, for example for the supply of goods or services or pre-contractual measures, such as inquiries about our products and services, the processing is based on Article 6(1)(b) GDPR. A processing operation may also be based on Article 6(1)(f) GDPR where processing is necessary to protect a legitimate interest of us or of a third party, provided that the interests of the data subject do not prevail.

Period for which personal data is stored

We store personal data only as long as is necessary to achieve the respective purpose of the data storage, unless laws or government regulations require a longer storage period. If the storage purpose no longer applies and the prescribed storage period expires, personal data is routinely deleted or locked.

Rights of the data subject

Every data subject affected by the processing of personal data has a number of rights which he or she can exercise towards us. To exercise their rights, data subjects should contact us by any commonly accepted method of communication.

Right of access

  1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
    • the purposes of the processing;
    • the categories of personal data concerned;
    • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
    • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
    • the right to lodge a complaint with a supervisory authority;
    • where the personal data are not collected from the data subject, any available information as to their source;
    • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  2. Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
  3. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
  4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure ("right to be forgotten")

  1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
    • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    • the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing;
    • the data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR;
    • the personal data have been unlawfully processed;
    • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
    • the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
  2. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
  3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
    • for exercising the right of freedom of expression and information;
    • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    • for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) GDPR as well as Article 9(3) GDPR;
    • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
    • for the establishment, exercise or defense of legal claims.

Right to restriction of processing

  1. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
    • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
    • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
    • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
    • the data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
  2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
  3. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.

Right to data portability

  1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
    • the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and
    • the processing is carried out by automated means.
  2. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
  3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17 GDPR. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

Right to object

  1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
  2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
  4. At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.
  5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
  6. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Right to withdraw consent

The data subject shall have the right to withdraw his or her consent to processing his or her personal data at any time.

Data-protection provisions regarding our use of Olark live chat

We use components of the third-party live-chat service Olark to enable our users to communicate with us.

These components and Olark as a whole are operated by Habla, Inc., 205 ½ N Main St. Ann Arbor, Michigan 40104, United States of America.

Olark is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law. You can check the status of Olark regarding Privacy Shield here.

If you contact us using Olark live chat, certain personal data will be transmitted to us. As the live chat functionality is operated by Habla, Inc., this personal data is transmitted to them at the same time. The personal data transmitted by you will be the text of the chat messages that you write. In addition, visitor information (IP address, browser specification, referring page) is transferred to access-controlled databases of Habla, Inc. in the United States of America.

Olark's privacy policy informs you about the collection, processing and use of personal data by Habla, Inc.

Data-protection provisions regarding our use of Facebook

We use components of the social network Facebook on our web sites to make it easier for our users to interact with Facebook.

These components and Facebook as a whole are operated by Facebook, Inc, 1 Hacker Way, Menlo Park, CA 94025, United States of America. The controller responsible for the processing of personal data if a data subject lives outside the United States of America or Canada is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time a data subject visits one of the pages of our web sites, his or her browser is automatically prompted by the Facebook components to download the components' visual representation from Facebook. At the same time, Facebook is informed about which pages of our web sites are visited by the data subject. If the data subject is logged in to Facebook, every time the data subject visits a page on our web sites, Facebook recognizes which page of our web sites the data subject visits.

This information is collected by the Facebook components and connected by Facebook to the Facebook user account of the data subject. If the data subject clicks a Facebook button integrated on our web sites or makes a comment, Facebook connects this information to the personal Facebook user account of the data subject and stores this personal data.

If the data subject does not want such information to be transmitted to Facebook, he or she can prevent this by logging out of their Facebook user account before visiting our web sites.

Facebook's privacy policy informs you about Facebook's collection, processing and use of personal information and the ways in which you can configure or suppress the transmission of information to Facebook.

Data-protection provisions regarding our use of Twitter

We use components of the microblogging service Twitter on our web sites to make it easier for our users to interact with Twitter.

These components and Twitter as a whole are operated by Twitter, Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, United States of America.

Twitter is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law. You can check the status of Twitter regarding Privacy Shield here.

Each time a data subject visits one of the pages of our web sites, his or her browser is automatically prompted by the Twitter components to download the components' visual representation from Twitter. At the same time, Twitter is informed about which pages of our web sites are visited by the data subject. If the data subject is logged in to Twitter, Twitter recognizes which page of our web sites the data subject visits every time the data subject visits one of our web sites.

This information is collected by the Twitter components and connected to the Twitter user account of the data subject. If the data subject clicks a Twitter button integrated in our web sites or makes a comment, Twitter connects this information to the Twitter user account of the data subject and stores this personal data.

If the data subject does not wish such information to be transmitted to Twitter, he or she can prevent this by logging out of his or her Twitter user account before visiting our web sites.

Twitter's privacy policy informs you about the collection, processing and use of personal data by Twitter.

Data-protection provisions regarding our use of Google Analytics

We use the component "Google Analytics" with anonymization on our web sites.

Google Analytics is an analysis service that collects and evaluates data about the behavior of visitors of our web sites. To improve data protection, we let Google shorten the IP addresses of visitors to our web sites from the European Union and the European Economic Area and thus make them anonymous.

Google Analytics and Google as a whole are operated by Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States of America.

Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law. You can check Google's status regarding Privacy Shield here.

Google Analytics stores cookies on the computer of the data subject to enable the analysis of the use of the pages of our web sites. Every time a data subject visits a page of our web sites that uses Google Analytics, the browser is prompted to transmit data to Google for the purpose of analysis. This gives Google knowledge of personal data such as the IP address of the data subject, which Google uses among other things to trace the origin of visitors and clicks.

The information generated by the cookie about your use of the web site such as

  • the IP address and/or host name of your computer
  • the name, language and version of your browser
  • the operating system with which you are accessing
  • the referrer URL (the previously visited page)
  • the date and time of your access

are usually transferred to a Google server in the United States of America and stored there, with anonymized IP address. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. Google may disclose the collected personal data to third parties.

On our behalf, Google uses this information to evaluate your use of the web sites, to compile reports on the activities on our web sites and to provide us with other services relating to use of the web site.

You can delete cookies in your browser at any time, and you can configure all common browsers so that cookies are generally not stored. By the latter you express your objection to the setting of cookies. If you deactivate the setting of cookies, you may not be able to use all functions of our web sites.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the web site (including your IP address) and from processing this data by Google by installing the browser plug-in available here.

As an alternative to the browser add-on, you can also prevent Google Analytics from collecting data by clicking here. An opt-out cookie will be set to prevent future collection of your data when you visit this web site. The opt-out cookie is only valid in this browser and only for one of our web sites at a time, and it is stored on your computer. If you delete the cookies in this browser, you must set the opt-out cookie again.

We additionally use Google Analytics to evaluate data from double-click cookies and AdWords for statistical purposes. If you do not want this to happen, you can disable this using the Ads Preferences Manager.

For more information about Google Analytics privacy, please visit the Google Analytics Help Center.

Data-protection provisions regarding our use of PayPal

We have integrated the online payment service PayPal as one of the available payment options in our online shop on our web sites.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If a data subject chooses PayPal as a payment option during the ordering process in our online shop, data of the data subject is automatically transmitted to PayPal. By choosing PayPal as a payment option, the data subject consents to the transfer of personal data required for processing the payment. This information may include first and last name, address, email address, IP address, telephone number, ordered products including prices and other information necessary for payment processing and fraud prevention.

PayPal may share personal information with banks, credit agencies, affiliates and subcontractors.

A data subject may revoke his/her consent to the processing of personal data by PayPal at any time by notice to PayPal. Such revocation does not affect personal data which must be transmitted and processed for payment processing or which must be kept due to legal regulations.

PayPal's privacy policy informs you about the collection, processing and use of personal information by PayPal.