Legal

FAKT Software GmbH
Dufourstraße 28
D – 04107 Leipzig
GERMANY

Phone +49 (0) 341 14 99 05 64
Fax +49 (0) 341 14 99 05 65
Mail info@fakt-software.de

Managing Directors: Andreas Lenk, Falk Möckel, Thomas Heinschke 
Head Office: Leipzig, Germany
Commercial Register: Amtsgericht Leipzig, HRB 25996
USt-ID: DE219893196  

DATA PROTECTION DECLARATION

The following data protection declaration applies for the use of our online service

fakt-software.com, fakt-software.de, ... (hereafter the „Website“).

Data protection is very important to us. The collection and processing of your personal data take place in compliance with the current data protection regulations, especially the General Data Protection Regulation (GDPR).

1. Person responsible
The person responsible for the collection, processing and use of your personal data in accordance with art. 4 no. 7 GDPR is

Falk Möckel
FAKT Software GmbH
Dufourstraße 28
04107 Leipzig - Saxony 
Germany

If you wish to object to the collection, processing or use of your data by us in accordance with these data protection provisions overall or for individual actions, you can address your objection to the person responsible.

You can save and print this data protection declaration at any time.

2. General purposes of the processing
We use personal data for the purpose of operating the Website.

3. Which data we use and why
3.1 Hosting
The hosting services that we use provide the following services: infrastructure and platform services, processing capacity, storage space and database services, security services as well as technical maintenance services that we use for the purpose of operating the Website.

Here, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this Website on the basis of our legitimate interest in the efficient and secure provision of our Website in accordance with art. 6 par. 1 sentence 1f) GDPR in conjunction with art. 28 GDPR.

3.2 Access data
We collect information about you when you use this Website. We automatically record information about your usage behaviour and your interaction with us and register data to your computer or mobile device. We collect, store and use data about every access to our Website (so-called server log files). The access data include:

  • Name and URL of the accessed file
  • Date and time
  • Data volume transmitted
  • Notification of successful access (HTTP response code)
  • Browser type and browser version
  • Operating system
  • Referrer URL (i.e. the previous page visited)
  • Websites accessed from our Website by the system of the user
  • Internet service provider of the user
  • IP address and requesting provider

Without allocation to your person or other profiling, we use these log data for statistical evaluations for the purpose of operation, security and optimisation of our Website as well as for anonymous recording of the number of visitors to our Website (traffic) and of the extent and type of use of our Website and services, likewise for accounting purposes to measure the number of clicks received by cooperation partners. On the basis of this information, we can provide personalised and location-related content and we can analyse the data traffic, find and eliminate faults, and improve our services.

Our legitimate interest also lies in this, in accordance with art. 6 par. 1 sentence 1f) GDPR.

We reserve the right to review the log data subsequently, if there is justified suspicion of unlawful use on the basis of concrete evidence. We store IP addresses in the log files only for a limited period, if this is required for security purposes or for the service provision or necessary for billing of a service, e.g. if you use one of our services. After cancellation of the order process or after receipt of payment, we delete the IP address if it is no longer required for security purposes. We also store IP addresses if we have definite suspicion of a criminal offence in connection with the use of our Website. Furthermore, we store the data of your last visit as part of your account (e.g. on registration, login, clicking on links etc.).

3.3 Cookies
We use so-called session cookies to optimise our Website. A session cookie is a small text file that is sent to and temporarily stored on your hard drive by the respective servers when a website is visited. This file as such contains a so-called session ID with which various requests from your browser can be assigned to the joint session. This enables recognition of your computer when you return to our Website. These cookies are deleted once you close your browser. They serve e.g. to allow you to use the shopping basket function across several pages.

To a limited extent, we also use persistent cookies (likewise small text files that are stored on your terminal device), which remain on your terminal device and allow us to recognise your browser on your next visit. These cookies are stored on your hard drive and deleted automatically after the set time. Their life is from 1 month to 10 years. We can, therefore, present our service in a more user-friendly, effective and secure way and for example show you information tailored specifically to your interests on the site.

Our legitimate interest in use of the cookies in accordance with art 6 par. 1 sentence 1f) GDPR lies in making our Website more user-friendly, effective and secure.

Data and information such as the following are stored in the cookies:

  • Log-in information
  • Language settings
  • Search terms entered
  • Information about the number of retrievals of our Website and use of individual functions of our web presence.

When the cookie is activated, it is assigned an identification number and no allocation of your personal data to this identification number takes place. Your name, IP address or similar data that allow allocation of the cookie to you are not stored in the cookies. On the basis of the cookie technology, we receive only pseudonymised information, for example about which pages of our shop have been visited, which products have been viewed etc.

You can adjust your browser so that you are informed in advance of the setting of cookies and can decide in the individual case whether to exclude the acceptance of cookies for certain cases or generally, or to completely prevent cookies. This may impair the functionality of the Website.

3.5 Data for performance of our contractual duties
We process personal data, which we require for performance of our contractual duties, such as name, address, e-mail address, products ordered, invoice and payment data. The collection of these data is required for formation of the contract.

The data are deleted after expiry of the guarantee periods and statutory retention periods. In all cases, data that are not linked to a user account (see below) remain retained for the period of operation of this account.

The legal basis for processing of these data is art. 6 par. 1 sentence 1b) GDPR, as these data are required so that we are able to fulfil our contractual obligations to you.

3.6 E-mail contact
If you contact us (e.g. using the contact form or by e-mail), we process your details for handling of the enquiry and in the event of occurrence of follow-up questions.
If the data are processed for the performance of pre-contractual measures at your request or for performance of the contract if you are already our customer, the legal basis for this data processing is art. 6 par. 1 sentence 1b) GDPR.
We process other personal data only if you consent to this (art. 6 par. 1 sentence 1a) GDPR) or if we have a legitimate interest in the processing of your data (art. 6 par. 1 sentence 1f) GDPR). A legitimate interest lies e.g. in replying to your e-mail.

4. Storage duration
Unless specifically stated, we store personal data only for as long as required for performance of the purposes pursued.
In some cases the law requires storage of personal data, such as in fiscal or commercial law. In these cases, we only continue to store the data for these statutory purposes but do not otherwise process them and we delete them after expiry of the statutory retention period.

5. Your rights as the data subject 
Under the applicable laws, you have various rights with respect to your personal data. If you wish to assert these rights, please address your request by e-mail or post to the address mentioned in figure 1 with clear identification of who you are.
A summary of your rights can be found below.

5.1 Right to confirmation and information
You have the right to clear information about the processing of your personal data.
Specifically: 

  1. The purposes of processing;
  2. The categories of personal data being processed;
  3. The recipients or categories of recipients to which the personal data have been or will be disclosed, especially in the case of recipients in third countries or in the case of international organisations;
  4. If possible, the planned duration for which the personal data will be stored, or if this is not possible then the criteria to determine this duration;
  5. The existence of a right to correction or deletion of the personal data about you or to limitation of processing by the person responsible, or of a right to object to this processing;
  6. The existence of a right to appeal to a regulatory authority;
  7. If the personal data are not collected by you, all available information about the origin of the data;
  8. The existence of automated decision-making including profiling in accordance with art. 22 par. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and intended effects of such processing for you.

If personal data are transmitted to a third country or to an international organisation, you have the right to be advised of the appropriate guarantees in connection with the transmission in accordance with art. 46 GDPR.

5.2 Right to correction
You have the right to demand that we correct and if applicable also complete personal data about you.
Specifically:
You have the right to demand that we immediately correct any incorrect personal data about you. In consideration of the purposes of the processing, you have the right to demand completion of incomplete personal data – including by means of a supplementary statement.

5.3 Right to deletion (“right to be forgotten”)
In a number of cases, we are obliged to delete personal data about you.
Specifically:
In accordance with art. 17 par. 1 GDPR, you have the right to demand that we immediately delete personal data about you and we are obliged immediately to delete personal data about you as long as one of the following reasons applies: 

  1. The personal data are no longer required for the purposes for which they were collected or otherwise processed;
  2. You revoke your consent upon which the processing in accordance with art. 6 par. 1 sentence 1a) GDPR or art. 9 par. 2a) GDPR was based and there is otherwise no legal basis for the processing;
  3. You file an objection to the processing in accordance with art. 21 par. 1 GDPR and there are no overriding legitimate reasons for the processing or you file an objection to the processing in accordance with art. 21 par. 2 GDPR;
  4. The personal data have been processed unlawfully;
  5. Deletion of the personal data is required to fulfil a legal obligation under Union law or the law of the member states to which we are subject;
  6. The personal data have been collected in relation to services offered by the information society in accordance with art. 8 par. 1 GDPR.

If we have made personal data public and we are obliged to delete them in accordance with art. 17 par. 1 GDPR, we take reasonable measures including of a technical nature in consideration of the available technology and implementation costs to inform the people responsible for the data processing, who process the personal data, that you have demanded that they delete all links to these personal data or copies or replications of these personal data.

5.4 Right to limitation of processing
In a number of cases, you are entitled to demand that we limit the processing of your personal data.
Specifically:
You have the right to demand that we limit the processing if one of the following conditions applies:

  1. The correctness of the personal data is disputed by you and namely for a duration that allows us to check the correctness of the personal data;
  2. The processing is unlawful and you have refused deletion of the personal data and instead demanded limitation of the use of the personal data;
  3. We no longer require the personal data for the purposes of the processing but you require the data for the assertion, exercise or defence of legal claims; or
  4. You have filed an objection to the processing in accordance with art. 21 par. 1 GDPR whilst it has not yet been determined whether the legitimate grounds of our undertaking outweigh yours.

5.5 Right to data portability 
You have the right in machine-readable format to receive or transmit personal data about you or to have such transmitted by us.
Specifically:
You have the right to receive personal data about you, which you have provided to us, in a structured, current and machine-readable format and you have the right to transmit these data to another person responsible without hindrance by us if:

  1. The processing is based upon consent in accordance with art. 6 par. 1 sentence 1a) GDPR or art. 9 par. 2a) GDPR or upon a contract in accordance with art. 6 par. 1 sentence 1b) GDPR and
  2. The processing is undertaken by means of automated procedures.

In the exercise of your right to data portability in accordance with paragraph 1, you have the right to have the personal data transmitted directly from us to another person responsible, if this is technically feasible.

5.6 Right to object
You have the right to object to legitimate processing of your personal data by us, if this is justified by your personal situation and not outweighed by our interests in the processing.
Specifically:
You have the right to file an objection at any time to the processing of personal data about you on the basis of art. 6 par. 1 sentence 1e) or f) GDPR, for reasons arising from your specific situation; this also applies for profiling based upon these provisions. We will no longer process the personal data unless we are able to demonstrate compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
If personal data are processed by us in order to conduct direct advertising, you have the right to file an objection at any time to the processing of the personal data about you for the purpose of such advertising; this also applies for profiling if it is connected with such direct advertising.
You have the right to file an objection to the processing of personal data about you for academic or historical research purposes or for statistical purposes, in accordance with art. 89 par. 1 GDPR, for reasons arising from your specific situation, unless the processing is required for performance of a task in the public interest.

5.7 Automated decision-making including profiling 
You have the right not to be subject to a decision based exclusively on automated processing – including profiling – which has a legal impact on you or similarly has a significant adverse effect on you.
No automated decision-making takes place on the basis of the personal data collected. 

5.8 Right to revoke consent under data protection legislation 
You have the right at any time to revoke consent to the processing of personal data. 

5.9 Right to appeal to a regulatory authority 
You have the right to appeal to a regulatory authority, especially in the member state of your residence, of your workplace or of the alleged infringement, if you are of the opinion that the processing of the personal data about you is unlawful. 

6 Data security
We have maximum commitment to the security of your data in the context of current data protection legislation and as far as is technically possible.
With us, your personal data are transmitted encrypted. This applies for your orders and also for the customer login. We use the SSL (Secure Sockets Layer) coding system but point out that data transmission on the internet (e.g. in the case of communication by e-mail) may present security gaps. Complete protection of the data from access by third parties is not possible.
To protect your data, we maintain technical and organisational security measures in accordance with art. 32 GDPR, which we continually adapt to the latest technology.
Furthermore, we do not guarantee that our service will be available at specific times; faults, interruptions or malfunctions cannot be excluded. The servers that we use are regularly backed up carefully.

7 Disclosure of data to third parties, no data transmission abroad outside the EU 
Fundamentally, we use your personal data only within our company.
If and to the extent to which we use third parties in the course of the performance of contracts (such as logistics services providers), these parties receive personal data only to the extent to which transmission is required for the corresponding performance.
In the event that we outsource certain parts of the data processing (“order processing”), we contractually bind order processors to use personal data only in compliance with the requirements of the data protection legislation and to guarantee protection of the rights of the subject.
Other than in the case specified in figure 4 of this declaration, no data transmission to bodies or people outside the EU takes place or is planned.