This privacy policy relates to the following topics:
· Use of our website/s and all other internet pages referring to it
· Blog
· Use of our external pages (Social Media)
· Processing applications
· Further processing operations
We take the protection of your personal data and the legal obligations to ensure data protection very seriously. The law requires full transparency regarding the processing of personal data. You as a data subject can only understand the details of the processing if you are duly informed about the purpose, nature and scope of the processing.
The controller within the meaning of the General Data Protection Regulation is
AmpereSoft GmbH
Jonas-Cahn-Straße 13
53115 Bonn
+49(228)6088470
This email address is being protected from spambots. You need JavaScript enabled to view it.
Hereinafter referred to as "controller" or "we".
You can reach the data protection officer at:
This email address is being protected from spambots. You need JavaScript enabled to view it.
The terms used in this privacy policy (e.g. data categories, purposes and legitimate interests, as well as terms from the GDPR) are explained in the section "Definition of terms" VII.).
We only process personal data to the extent permitted by law. We only disclose or transfer personal data to third parties in the cases described below. The personal data are protected by appropriate technical and organisational measures (e.g. pseudonymisation, encryption).
Except where we are obliged by law to store the data or disclose or transfer them to third parties (including but not limited to prosecuting authorities), the decision which personal data we process and for how long and to which extent we may disclose or transfer them to third parties depends on the specific website features you use from time to time.
The personal data will be deleted as soon as the purpose of the processing is no longer applicable or another reason for deletion pursuant to Art. 17 para. 1 GDPR applies (e.g. you have revoked your consent given to us). In exceptional cases, we may nevertheless continue to process your personal data if an exception to the deletion obligation applies, in particular pursuant to Art. 17 para. 3 GDPR or another law (e.g. there is a statutory storage obligation).
Personal data that we process as part of an application (see below) will be stored for a period of six months after completion of the application process.
Automated decisions in individual cases, including profiling, do not take place.
You have the right of access/right to information under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to data portability under Art. 20 GDPR.
You have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).
The data protection supervisory authority responsible for us is
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia)
Kavalleriestraße 2-4
40213 Düsseldorf
However, you are free to lodge a complaint with another data protection supervisory authority.
We will notify all recipients to whom your personal data has been disclosed of any rectification or erasure of your personal data or restriction of processing in accordance with Art. 16, Art. 17 (1) and Art. 18 GDPR, unless this notification is impossible or involves a disproportionate effort. We will inform you about the recipients if you request this.
Unless otherwise stated in the information on the legal bases, you are not obliged to provide personal data. If we base the processing on Art. 6 para. 1 sentence 1 letter b GDPR, your personal data is required for the performance of a contract or the conclusion of a contract. If you do not provide the personal data, it is not possible to fulfill the contract or conclude the contract. If you do not provide the data in the cases of Art. 6 para. 1 sentence 1 letters a, f GDPR, it is not possible to use the offers affected by this.
We are legally obliged to disclose personal data to government agencies or authorities if they request the transfer of this data within the scope of their legal powers and in compliance with the applicable legal provisions. There are also situations in which our employees are legally obliged to forward personal data to government agencies or authorities, for example to prevent serious crimes. Disclosure or transfer will only take place if there is a corresponding request for information or a corresponding obligation and the legal requirements are met. You will be informed of such data transfer to the extent permitted by law and provided that this does not jeopardize the fulfillment of official tasks.
Data transfers to third countries outside the European Union (EU) and the European Economic Area (EEA) are only permitted in compliance with the special provisions of Art. 44 et seq. GDPR are permissible. If your personal data is processed in such a third country, we will inform you below about the third country transfer and the basis for the transfer.
General information on the transmission bases:
If the transfer is based on an exception pursuant to Art. 49 GDPR, you will find the details at the respective point.
If the transfer is based on an adequacy decision within the meaning of Art. 45 GDPR, you can find an overview of the adequacy decisions here:
· Overview of adequacy decisions
If the transfer is based on so-called standard data protection clauses of the EU Commission within the meaning of Art. 46 para. 2 lit. c) GDPR, you can find the implementing decision 2021/914 of the EU Commission, which contains the contractual clauses, here:
· Standard data protection clauses of the EU Commission
If the transfer is based on binding corporate rules (BCR) within the meaning of Art. 46 (2) (b) GDPR, you can find an overview of the published BCR here:
· Overview of binding internal data protection rules
Pursuant to Art. 21 (1) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you if the processing is based on Art. 6 (1) sentence 1 ( (f) GDPR If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes in accordance with Art. 21 para. 2 GDPR. The objection can be made informally and should be addressed to the contact details above.
In accordance with Art. 7 para. 3 sentence 1 GDPR, you have the right to withdraw your consent(s) informally (e.g. by post or email) at any time with effect for the future. The lawfulness of the processing carried out on the basis of the consent(s) until the revocation remains unaffected by this. Upon your revocation, we will delete the personal data processed on the basis of the consent(s) if there is no other legal basis for their processing. The withdrawal is not subject to formal requirements and should be sent to the contact data stated above.
The use of the website(s) and its functions regularly requires the processing of personal data. Unless otherwise indicated, the following statements refer to all websites that we operate and which refer to this data protection information.
Please note that links on our website may take you to other websites that are not operated by us, but by third parties. Such links are either clearly marked by us or are recognizable by a change in the address line of your browser. We are not responsible for compliance with data protection regulations and the secure handling of your personal data on these websites operated by third parties.
Provision of the website (including our Blog)
Purpose of processing: Advertising and personalized marketing measures, information security
Legal basis: Art. 6 para. 1 sentence 1 letter f GDPR
Legitimate interests: Design, operation and availability of digital products, customer acquisition, customer retention, customer recovery, promotion of sales activities, operation, integrity and security of digital products
Data categories: Connection data, usage data
Recipients of the data: (IT-) service provider
Intended third country transfer: None
Subscription to our Newsletter
Purpose of processing: Advertising and personalized marketing measures, user, prospect and/or customer support, analysis and performance measurement as well as optimization of products and/or services
Legal basis: Art. 6 para. 1 lit. a, f GDPR
Legitimate interests: Customer acquisition, customer loyalty, customer recovery, promotion of sales activities, promotion of economic interests, advertising and image improvement, market and opinion research
Data categories: Master data, contact data and connection data
Recipients of the data: (IT-) service provider
Intended third country transfer: None
Registration for seminars
Purpose of processing: Event management, user, prospect and/or customer support
Legal basis: Art. 6 para. 1 sentence 1 letter f GDPR
Legitimate interests: Customer acquisition, customer loyalty, customer recovery, promotion of sales activities, promotion of economic interests, advertising and image improvement, market and opinion research, integration of desired or required functionalities
Data categories: Master data, contact data and contract data
Recipients of the data: (IT-) service provider
Intended third country transfer: None
Request for Marketing materials, downloads, and trial versions
Purpose of processing: Advertising and personalized marketing measures, user, prospect and/or customer support
Legal basis: Art. 6 para. 1 sentence 1 lit. f GDPR, Art. 6 para. 1 sentence 1 lit. b GDPR (if your request concerns the conclusion of a contract or an existing contract)
Legitimate interests: Customer acquisition, customer retention, customer recovery, promotion of sales activities, promotion of economic interests, advertising and image improvement, market and opinion research
Data categories: Master data, contact data, content data, contract data and connection data
Recipients of the data: (IT) service provider
Intended third country transfer: None
Contacting us
Purpose of processing: User, prospect and/or customer support
Legal basis: Art. 6 para. 1 sentence 1 letter f GDPR, Art. 6 para. 1 sentence 1 letter b GDPR (if the request leads to a subsequent conclusion of a contract or concerns an existing contract)
Legitimate interests: Integration of desired or required functionalities, promotion of sales activities, analysis and optimization of own offers, services and advertising measures, customer acquisition, customer loyalty, customer recovery
Categories of data Connection data, content data, master data if applicable and contact data if applicable
Recipients of the data: (IT-) service providers
Intended third country transfer: In individual cases USA and other third countries (on the basis of standard data protection clauses and adequacy decisions)
Support requests
Purpose of processing: User, prospect and/or customer support
Legal basis: Art. 6 para. 1 sentence 1 letter f GDPR, Art. 6 para. 1 sentence 1 letter b GDPR (if the request leads to a subsequent conclusion of a contract or concerns an existing contract)
Legitimate interests: Integration of desired or required functionalities, promotion of sales activities, analysis and optimization of own offers, services and advertising measures, customer acquisition, customer loyalty, customer recovery
Categories of data Connection data, content data, master data if applicable and contact data if applicable
Recipients of the data: (IT-) service providers
Intended third country transfer: In individual cases USA and other third countries (on the basis of adequacy decisions and standard data protection clauses)
Integration of external fonts
Purpose of processing: Advertising and personalized marketing measures
Legal basis: Art. 6 para. 1 sentence 1 letter f GDPR
Legitimate interests: Design, operation and availability of digital products
Data categories: Connection data
Recipient of the data: IT service provider
Intended transfer to third countries: In individual cases USA and other third countries (on the basis of adequacy decisions)
CAPTCHA service (bot access detection service)
Purpose of processing: Information security
Legal basis: Art. 6 para. 1 letter f GDPR
Legitimate interests: Operation, integrity and security of digital products, reduction of downtime risks, prevention of criminal offenses, administrative offenses and other detrimental actions, design, operation and availability of digital products
Categories of data Connection data, usage data
Recipient of the data: (IT-) service provider
Intended transfer to third countries: In individual cases USA (on the basis of adequacy decisions)
Integration and implementation of applicant management
Purpose of processing: Applicant management
Legal basis: Art. 6 para. 1 sentence 1 letter b GDPR in conjunction with §. 26 para. 1 sentence 1 BDSG (German Federal Data Protection Act).
Data categories: Master data, contact data, content data, contract data, applicant and employee data, possibly connection data, possibly usage data and possibly special categories of personal data within the meaning of Art. 9 para. 1 GDPR (depending on the specific job advertisement; only the data relating to your application that you provide to us and that we are permitted to process for the purpose of processing an application will be stored)
Recipients of the data: (IT) service provider
Intended third country transfer: In individual cases USA (on the basis of adequacy decisions and standard data protection clauses)
The use of external sites and their functions regularly requires the processing of personal data. Unless otherwise indicated, the following statements refer to all external sites that we operate and which link to this data protection information.
LinkedIn (profile)
Purpose of processing: Advertising and personalized marketing measures, analysis and performance measurement as well as optimization of products and/or services
Legal basis: Art. 6 para. 1 sentence 1 letter f GDPR
Legitimate interests: Design, operation and availability of digital products, advertising and image improvement, market and opinion research, customer acquisition, customer loyalty, customer recovery
Data categories: Master data, contact data, content data, usage data, connection data and, if applicable, location data
Recipients of the data Platform operator and media (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"))
Intended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions)
XING (profile)
Purpose of processing:Advertising and personalized marketing measures, analysis and performance measurement as well as optimization of products and/or services
Legal basis: Art. 6 para. 1 sentence 1 letter f GDPR
Legitimate interests: Design, operation and availability of digital products, advertising and image improvement, market and opinion research, customer acquisition, customer loyalty, customer recovery
Data categories: Master data, contact data, content data, usage data, connection data and, if applicable, location data
Recipients of the data: Platform operator and media (New Work SE, Dammtorstraße 30, 20354 Hamburg ("XING"))
Intended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions)
YouTube Channel
Purpose of processing:Advertising and personalized marketing measures, analysis and performance measurement as well as optimization of products and/or services
Legal basis: Art. 6 para. 1 sentence 1 letter f GDPR
Legitimate interests: Design, operation and availability of digital products, advertising and image improvement, market and opinion research, customer acquisition, customer loyalty, customer recovery
Data categories: Master data, contact data, content data, usage data, connection data and, if applicable, location data
Recipients of the data: Platform operator and media (Google Ireland Ltd, Gordon House, Barrow Street Dublin 4, Ireland ("Google"))
Intended third country transfer: In individual cases USA and other third countries
Remote access in customer support
Purpose of processing:Security and emergency management, order fulfillment and contract management, warranty, guarantee, goodwill and general service, user, prospective customer and/or customer support
Legal basis: Art. 6 para. 1 sentence 1 letter b GDPR
Data categories: Depending on the support request, contact data, master data, content data, usage data, connection data. In the case of remote maintenance, we expressly only process data that is necessary for the provision of the support request.
Recipient of the data: IT service provider
Intended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions)
Suppliers and other business partners
Purpose of processing: Order fulfillment and contract management; business partner management; legal matters and compliance measures
Legal basis:Art. 6 para. 1 sentence 1 lit. b, c, f GDPR
Legitimate interests: Reduction of default risks, assertion, exercise or defence of legal claims, promotion of economic interests, analysis and optimization of own offers, services and advertising measures
Data categories:Master data, contact data, content data, contract data, payment data, possibly usage data, possibly connection data
Recipient of the data: IT service provider
Intended third country transfer: In individual cases USA (on the basis of adequacy decisions)
In the cases listed below, we are jointly responsible with another body within the meaning of Art. 4 No. 7, 26 GDPR. You are free to contact any of the joint controllers directly with your request. Depending on the specific agreement on data subject rights with the other entity, we will forward your request to the other entity.
Operation of the LinkedIn page(s)
As part of the operation of our LinkedIn page, there is a joint responsibility with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
The essence of the agreement can be found here: https://legal.linkedin.com/pages-joint-controller-addendum
LinkedIn is responsible for the implementation of your data subject rights.
LinkedIn will inform you about your data subject rights at www.linkedin.com/legal/privacy-policy.
The terms used in this data protection information (e.g. data categories, purposes and legitimate interests, as well as terms from the GDPR) are explained in the "Definition of terms" section.
From the GDPR
This privacy policy uses the terms of the legal text of the GDPR. The definitions (Art. 4 GDPR) can be found, for example, at eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679.
Additional definitions
Data categories
When we specify the categories of data processed, this refers in particular to the following data:
· Master data (e.g. name, address, date of birth)
· Contact data (e.g. email addresses, telephone number, messenger services)
· Content data (e.g. text entries, photographs, videos, contents of documents/files)
· Contract data (e.g. subject matter of the contract, terms, customer category)
· Payment data (e.g. bank details, payment history, use of other payment service providers)
· Usage data (e.g. history on our website, use of certain content, access times, contact or order history)
· Connection data (e.g. device information, IP addresses, URL referrers)
· Location data (e.g. GPS data, IP geolocalization, access points)
· Diagnostic data (e.g. crash logs, website/app performance data, other technical data for analyzing malfunctions and errors)
· Applicant and employee data (e.g. employment history, working hours, vacation times, periods of incapacity to work, assessments, training and further education, social data, bank details, social security number, health insurance/health insurance number, salary expectations and salary data as well as tax identification number, proof and documents, working hours, public offices held, social security data, data on occupational integration management)
Purposes of data processing
In the following sections, we indicate the purposes pursued as purpose categories to improve comprehensibility and
readability. In some cases, there may be overlaps with our "legitimate interests" (see the definitions below). This is in the nature of things.
Unless otherwise stated, the purposes are to be understood as follows:
· Advertising and personalized marketing measures: Includes, for example, the opening of public and possibly access-restricted websites, apps and/or external pages for general information about our products/services (e.g. general website about our company, press pages, social media pages), personalized communication with users, interested parties and/or customers (e.g. newsletters), playout of (personalized) recommendations and advertising measures (e.g. personalized newsletters, playout of advertising measures).E.g. personalized newsletters, display of advertising on other websites, search engines, social media pages and/or apps and generally in advertising networks), merging and linking of data (possibly involving other parties such as publishers in advertising networks) to guarantee commission claims for advertising material.
· Security and emergency management: all processes are recorded that serve to ensure the relevant security requirements in the respective context and the prevention and/or treatment of accidents and emergencies, such as access controls, video surveillance, logging, evacuation, personal rescue and damage limitation
· Analysis and performance measurement as well as optimization of products and/or services: Includes, for example, opinion polls and voting, comparative tests (so-called A/B testing), analysis and (usually aggregated) evaluation of user, prospect and/or customer behavior in the online and/or offline area (e.g. through click paths, mouse movements and heat maps), analysis and evaluation of the success of general and, if applicable, personalized marketing measures, needs-based design of our (digital) products and services based on the analyzed demand and/or usage behavior.
· Order fulfillment and contract management: This includes all processing operations that are necessary to fulfill the relevant orders/contracts, such as the processing of master and contact data to fulfill customer orders, payment processing including any necessary transfer of data to payment service providers, processing of returns, license verification.
· Operation and further development of internal IT systems: Includes, among other things, user management, authentication and technical logging, as well as IT support and the further development and adaptation of systems and the associated processing of personal data. This applies regardless of whether the IT systems are operated by the controller itself or by a service provider (processor).
· Applicant management: This includes personnel marketing and processes in the context of employment initiation, such as the processing of applications (digital and analog), communication with applicants, conducting job interviews, assessment center procedures and trial work, setting up talent pools and documenting the outcome of applications.
· Business partner management: All processes used to analyze and select suitable business partners and maintain existing business relationships are recorded.
· Warranty, guarantee, goodwill and general service: Includes in particular the processing of warranty, guarantee and goodwill cases, as well as any information on updates, improvements and recalls.
· Identity and/or credit check: The purpose of the processing is to check the identity of the data subject, if this is necessary for the respective process and/or to check the creditworthiness and/or solvency of an interested party or contractual partner.
· Information security: Processing operations are recorded that serve to protect against dangers and to secure IT systems, as well as to achieve the protection goals of confidentiality, availability and integrity of data, systems and processes (e.g. differentiation between human and bot access, detection and defense against abusive access, security-relevant analysis of the use of digital products and services).
· Logistics and fleet management: Includes, among other things, the planning, management and control of our logistics including external logistics service providers and the management of our vehicle fleet including the fulfillment of legal obligations
· User, prospect and/or customer support: Includes, for example, contact forms, chat systems including chat bots and call-back options as well as the general processing of various inquiries (e.g. advice, service, complaints)
· Human resources and HR management: Includes all processes for the performance of employment or processes that are closely related to employment, such as onboarding, personnel administration, the fulfillment of employer obligations, personnel development including training and further education, voluntary employer benefits, personnel planning and controlling, company health management, company social counseling, company co-determination, measures to terminate employment, investigative and disciplinary measures and offboarding.
· Project management including collaboration in projects: coordination and implementation of projects, project planning, project schedule management, exchange of information in the context of projects, collaboration in the context of projects
· Legal matters and compliance measures: Includes, for example, the assertion, exercise and enforcement of legal claims and processes for compliance with legal requirements (e.g. in the context of data protection consent management) and for the prevention and/or clarification and prosecution of legal violations.
· Event management: All processes required for the implementation of offline and online events (e.g. registration, participant management, implementation of the event, processing of personal preferences and needs, data processing in the context of video conferences and/or instant messaging services), photo, audio and/or video documentation of events, issuing of certificates of participation are recorded.
· Administration: Processes are recorded that include, in particular, basic functions of business operations such as communication, accounting, invoicing and reporting, documentation and archiving, knowledge and contact management.
Legitimate interests
In the following sections, we state our legitimate interests within the meaning of Art. 6 para. 1, sentence 1 letter f GDPR as categories to improve comprehensibility and readability. In some cases, there may be overlaps with our "purposes" (see the definitions above). This is in the nature of things.
Unless otherwise stated, the stated legitimate interests are to be understood as follows:
· Promotion of sales activities: e.g. promotion of our sales by evaluating the demand of our customers, analysis of the interests and purchasing and demand behavior of our prospects, users and/or customers.
· Promotion of economic interests: e.g. measures to reduce costs and cost savings, avoidance/reduction of significant additional costs, general increase in earnings (in particular through outsourcing to service providers) and avoidance of competitive disadvantages.
· Advertising and image improvement, market and opinion research: e.g. opinion polls, voting, product and/or service evaluations and other reviews, as well as the integration of these results.
· Analysis and optimization of our own offers, services and advertising measures: e.g. analysis of user, prospective customer and/or customer behavior to optimize processes, services and products, needs-based design of our products, services and marketing measures and direct customer contact.
· Design, operation and availability of digital products: includes, for example, the integration of general functions of websites, apps and other digital products.
· Operation, integrity and security of digital products: in particular defence against requests that overload the service (denial of service attacks) or excessive use of bots to destabilize a platform, IT security measures such as the storage of log files and in particular IP addresses for a longer period of time in order to detect and prevent misuse, also beyond the legally required extent.
· Direct advertising (personalized marketing): in particular direct approaches to interested parties and customers that are not based on consent, such as product recommendations based on previous demand behavior, including the processing of data in preparation for direct advertising (e.g. customer segmentation, affinity ratings).
· Integration of desired or required functionalities: Integration of functionalities that are in the interest of the customer, are played out at the customer's request and/or are necessary for the provision of the service (e.g. the integration of contact options on websites or in apps or, for example, the possibility of saving configurations by the user (e.g. language selection)).
· Assertion, exercise or defense of legal claims: e.g. preservation of evidence, to clarify the facts in the event of a foreseeable legal dispute.
· Customer acquisition, customer loyalty, customer recovery: e.g. operation of a customer relationship management (CRM) system for prospect and customer care.
· Freedom of expression, press and broadcasting: in particular processing that previously fell under the so-called media privilege.
· Protection of the body and health of data subjects
· Promotion of legitimate interests in a group of companies: performance of organizational, procedural or entrepreneurial tasks arising from the cooperation of several affiliated companies (see the explanations in Recital 48 GDPR).
· Prevention of criminal offenses, administrative offenses and other detrimental actions: in particular fraud prevention, preventive measures as part of an internal control system, measures to clarify risks following suspicious cases or other indications of possible actions to the detriment of the controller or other persons
· Reduction of default risks: Identification of economic, technical, procedural or organizational risks for the company that could lead to a complete or partial failure of the company, parts of the company or the company's products or services
· Employee support: integration or implementation of services and activities that are in the interests of employees, such as satisfaction surveys, voluntary events and activities, birthday lists, sending greeting cards, etc.
· Employee retention: Integration or implementation of services and activities to achieve long-term employee loyalty to the employer, e.g. promotion of personal development, birthday lists, sending birthday gifts
· Other legitimate interests: If relevant, these interests are explained separately at the respective points.
Categories of recipients
In the following section, we list the categories of recipients that we use in our data protection information:
· Banks and other financial service providers
· Authorities and other public bodies
· Professional secrecy holders and their companies/institutions
· (IT) service providers
· Opponents in legal disputes
· Group companies and other affiliated companies
· Customers and interested parties
· Suppliers
· Personnel service providers
· Platform operators and media
· Associations, organizations and interest groups
· Landlords
· Insurance companies
· Contractual partners (without customers)