Contact Data Privacy Team
Fabasoft has a data security team (“Privacy Team”) entrusted with legal data security issues. You can contact the Privacy Team as follows:
Fabasoft AG, c/o Privacy Team, Honauerstrasse 4, 4020 Linz, Austria
A. General Information
A.1. Who is responsible for data processing? - The Group’s Structure
The Fabasoft-company, with which you have a legal relationship, is responsible for your data protection. You will find all Fabasoft companies listed here:
|Fabasoft AG (parent company)||Austria||Honauerstrasse 4
|Fabasoft International Services GmbH||Austria||Honauerstrasse 4
|Fabasoft R&D GmbH||Austria||Honauerstrasse 4
|Fabasoft Austria GmbH||Austria||Honauerstrasse 4
|Fabasoft Deutschland GmbH||Germany||THE SQUAIRE 14, Am Flughafen
60549 Frankfurt am Main
|Fabasoft Schweiz AG||Switzerland||Spitalgasse 36
|Fabasoft Corporation||USA||101 Federal Street, Suite 1900
Boston, MA 02110
|Mindbreeze GmbH *||Austria||Honauerstrasse 2
|Mindbreeze Corporation *||USA||180 N. Stetson, Suite 3500
Chicago, IL 60601
*Additional Information: Mindbreeze GmbH and its subsidiary company, the Mindbreeze Corporation, belong to the Fabasoft Group, but they have their own website, available at: www.mindbreeze.com and have their own public corporate design.
The current privacy statement provides information about how Fabasoft handles personal data within its business operations, in particular with regard to the Fabasoft website (www.fabasoft.com). Due to its particular characteristics, there are a number of additional, separate privacy statements for the following areas:
- for products and services offered by Fabasoft, in particular for Fabasoft Cloud Services (https://www.fabasoft.com/data-security, https://www.fabasoft.com/public-cloud/contract)
- for the products and services offered by Mindbreeze.
- for applicants during the application process (in German)
- for employees
- for other, specific processing areas, further privacy statements may exist and those affected by this will be notified separately.
With this privacy statement, Fabasoft is informing the data subjects of the nature, scope and purpose of the data they process, as well as informing them of their legal rights with regard to this. Since the technical and legal frameworks for processing personal data undergo continuous and progressive development, Fabasoft is committed to adhering to these changes.
A.2. Which data are processed? Where does the data come from (the data sources)?
Fabasoft processes personal data that has been collected directly from the data subject.
- Fabasoft processes personal data that it obtains through its business relations (with customers, suppliers, partners or support requests) in order to fulfil a contract or to implement pre-contract procedures.
- Fabasoft processes personal data supplied directly by the customers.
- Fabasoft processes personal data that are required in order to fulfil a legal obligation.
- Fabasoft processes personal data for which consent has been granted, for various reasons, by the data subject.
Personal data includes: title, first name(s), surname, email address(es), home address(es), telephone number(s), fax number, date of birth (if provided), contract details, company details, other relevant information (correspondence history and contact details etc).
In addition, Fabasoft processes personal data that is not directly obtained from the data subject. Furthermore, information such as telephone numbers, job titles, gender, company, size of the company, titles, industry, street, post code, locations and country are retrieved from public sources, such as from a company register, land register, business register, the German Federal Gazette, as well as information published by individuals on the company’s website or on social media platforms.
A.3. Why is personal data processed and what is the legal basis for doing this?
- The fulfilment of contractual and pre-contractual obligations.
Processing personal data is important for providing products and services that are appropriate for the required/commissioned scope of the project. The purpose of data processing is strictly aligned with the commissioned product or service.
- The fulfilment of legal obligations.
As far as the processing of personal data is necessary to fulfil a legal obligation that is subject to our company, Art. 6 para. 1 lit. c DSGVO applies as the legal basis for data processing.
- Data processing and consent
If Fabasoft is granted the permission to process personal data, the processing is carried out in accordance with the established objectives. Consent can be withdrawn at any time. Until it is withdrawn, the consequent data processing is considered legal.
- Protecting legitimate interests
It is in Fabasoft interests to continuously improve its products and services. In order to receive feedback, Fabasoft invites parties to participate in surveys. A survey may be answered using personal data without notifying the data subjects. Disclosing personal information is voluntary and not a requirement. The results of these surveys contribute to the further improvement of Fabasoft products and services.
Those data received by Fabasoft in the course of its contractual relationship with the customer, will be processed by Fabasoft in order to send emails, letters or advertising brochures to customers for the purpose of depicting and presenting Fabasoft products (Art. 6 (1)(f) GDPR). The customer has the right to object to this processing of the customer's data for the purpose of direct advertising, said right can be exercised at any time without giving reasons by means of letter to Fabasoft c/o Privacy or email to firstname.lastname@example.org. Fabasoft will process the customer data for this purpose for as long as the customer lodges no objection, however, up to a maximum of 3 years after the last activity. Where other forms of direct advertising are concerned, Fabasoft will only process the customer data if the customer has expressly given its express consent to the processing of its data (Art. 6 (1)(a) GDPR). If the customer has given its consent to the data processing, it can revoke this consent without giving reasons by means of letter to Fabasoft or email to email@example.com. The processing of the personal data of the customer for the purpose of direct advertising is not necessary for the execution of the contractual relationship. The processing performed until objection is made against such processing or until consent is revoked shall remain lawful.
A.4. Who receives the personal data?
Within Fabasoft, the individual employees, departments or Fabasoft companies, that require it in order to fulfil contractual or legal obligations, such as legitimate interests, receive the personal data. Furthermore, if necessary, we will transfer your data to tax consultants and auditors for purposes of tax consultancy and auditing and, in individual cases, to lawyers and courts, if necessary for legal advice or law enforcement purposes. In individual cases, we also forward your data to our data protection officer in Austria or Germany in order to obtain advice on the implementation of data protection regulations, e.g. if you assert claims against us. In addition, Fabasoft employs various sub-contractors, to whom personal data is transferred to enable them to effectively carry out their respective services.
All sub-contractors are required to use the data solely for the purpose of providing the service that has been clearly defined by Fabasoft.
Through contractual agreements, Fabasoft collaborates with the following providers when dealing with marketing and communication:
- CleverReach GmbH & Co. KG, Rastede, Germany
Service: Sending and analysing of e-mail newsletters and e-mail direct mails via the marketing software CleverReach. The data required for the sending of e-mails (such as salutation or e-mail address) are stored on the CleverReach servers in Germany or Ireland. Fabasoft uses CleverReach to analyze the delivered e-mail newsletters and direct emails. This evaluation includes how many recipients have opened an e-mail or how many times a link has been clicked. Conversion tracking also enables the evaluation of whether a recipient has executed a specific action (e.g. registration for a webinar) after clicking on a link in an e-mail newsletter. The processing is based on your consent, which you can revoke at any time by using the unsubscribe feature at the end of each newsletter sent by Fabasoft. The legality of the already completed data processing operations remains unaffected by the revocation.
- LogMeIn. Inc, located in Boston, Massachusetts, USA
Service: Platform for the organisation and implementation of webinars.
Information on compliance with the GDPR: https://www.logmeininc.com/gdpr/gdpr-compliance
Swiss-US-Privacy Shield Framework and EU-US-Privacy Shield Framework:
- Lewis Communications GmbH, located in Düsseldorf, Germany.
Service: The agency provides services for Fabasoft concerning public relations
- Trummer & Team GmbH, located in Vienna, Austria
Service: The agency provides services for Fabasoft concerning public relations
- Fabasoft International Services GmbH
Service: The provision of services for the whole Fabasoft Group
- Fabasoft Austria GmbH
Service: Fabasoft Austria GmbH provides the customer support services for Fabasoft products.
Provided that personal data is sent to the USA, Fabasoft can ensure that there is a suitable level of data protection in place.
A.5. For how long is data stored?
Fabasoft stores personal data for as long as is necessary for the duration of the business relationship, from the initiation, to the execution and until the termination of the contract. In addition, it complies with the records management, retention and disposal policy, which stems from the legal business and fiscal retention requirement (usually a period of 10 years) or from the limitation periods outlined in the German Civil Code (up to 30 years).
Personal information (for example for a newsletter, announcement, webinar etc) that is submitted to Fabasoft with consent will be stored for a maximum of three years after its last activity, provided that it is not withdrawn before this period ends.
A.6. Where is the data stored?
Fabasoft stores data on its own hardware in highly secure, external data centres in Germany, Austria and Switzerland.
A.7. What are the data subject’s data protection rights?
You have the right to disclosure, correction, removal or restriction in the processing of the stored information. You have the right to object to the use of your personal information as well as the right to data portability in accordance with the requirements of the data protection law.
In the event that you withdraw consent to use your personal information, Fabasoft will immediately stop using this data, provided that the use of this data is solely based on your consent. Exceptions arise as a result of legal or contractual obligations, which render storing data necessary, but this is only in the event of the aforementioned obligations. The legitimacy of the processing, for which consent was granted, remains intact until the consent is withdrawn.
All Fabasoft companies may demand any of the rights outlined above through the following channels.
By email: firstname.lastname@example.org
By post: Fabasoft AG, c/o Privacy, Honauerstraße 4, 4020 Linz, Austria
All queries about rights should be addressed to Fabasoft in writing. In order to prevent any unauthorized persons from abusing these rights, you must prove your identity to Fabasoft in an appropriate manner. Everyone has the right to information.
Fabasoft may make further use of relevant personal information, provided that it is anonymized in advance and that it is not possible to relate this information to a particular or identifiable individual.
Complaints should be directed to the Austrian Data Protection Authority or to another data protection authority within the European Union or Switzerland, preferably where you live or work.
A.8. Contact with Data Protection Officers
Fabasoft has a data security team at its disposal that is dedicated to data protection issues (“Privacy Team”) The contact details for this privacy team are available at: https://www.fabasoft.com/privacy. The privacy team can be contacted at: email@example.com
As far as the GDPR, or rather national regulations, require, Fabasoft will appoint a data protection officer. The contact details of this data protection officer are available at: https://www.fabasoft.com/privacy
A.9. Compulsory provision of personal information
In the context of the business contract or pre-contractual procedures, personal data necessary for the execution of the business contract, and to which Fabasoft is legally obliged to collect, must be provided. If this information is not provided, the delivery of products and service, for example, will not be possible.
B. Additional Information About the Fabasoft Website
B.1. Data collection
The Fabasoft website collects general information with every visit. Such information includes, for example: the IP address, the type of browser used, the language, the login pages, the device used, the volume of data transmitted, the browsing history as well as the HTTP referrer.
Fabasoft does not use this data to draw any conclusions about the data subject. This information will be needed in order to successfully deliver the content of the website, to guarantee the website is always functioning or to provide relevant information to the authorities.
In addition, the Fabasoft website offers many opportunities to register your personal information or to get in contact with the company through the email addresses provided. The following Fabasoft companies are responsible for your data protection for the purposes listed in the tabular below:
- For Germany: Fabasoft Deutschland GmbH
- For Switzerland: Fabasoft Schweiz AG
- For Austria and all other countries: Fabasoft Austria GmbH
For a better overview, the ways in which you can register will be outlined separately:
Ways to register
|The purpose of data collection|
|To register for the newsletter “Fabasoft Times”||To send information about the product Fabasoft Cloud, as well as information on the issue of digitalisation, approx. 1x/month|
|To register for the newsletter “eGov”||To send information about Fabasoft’s product eGove-Suite, as well as information on the issue of E-Documents/E-Government, approx. 1x/quarter|
|Register for webinars||To send information about webinars, access details for webinar participants, check the status of registrations, as well as progress reports, and information about similar webinars|
|Register for Fabasoft events||To send information about events, communicate the status of registrations, as well as progress reports and to distribute information about similar events|
|Register for blog articles||Information about new blog articles available on the Fabasoft website, approx. 2x/month|
|Register to download resources
Selected documents such as whitepapers and case studies are made available here after registration.
|To forward the download link to the necessary documents via email
To send additional supporting information about the products or services via email
|Register for Fabasoft Cloud (Test access)||https://www.fabasoft.com/cloudservices/data-security
|Register for the Fabasoft Cloud as an existing customer or guest||https://www.fabasoft.com/cloudservices/data-security|
|Online application||See separate privacy statement “Data protection for applicants during the application process”|
|Request help from sales or support team||Contact the sales or support team|
|Fabasoft Shop (order Fabasoft Cloud)||https://www.fabasoft.com/public-cloud/contract
|Sign up for fee-based trainings||To send information about training, communicate the registration status, and to send information about similar trainings
|Providing information about products and services||To receive information about the technical advancements of products such as Release Notes, Software Product Information (SPI), Knowledge Base on a regular basis|
When registering for one or more of the purposes mentioned above, personal data will only be collected in the form of first name(s), surname(s), email address, company, job title, gender, telephone number, street, postcode, location and country. This information contributes to providing an efficient service and will be processed if consent is granted.
B.2. Sending requests to general email addresses
On the Fabasoft website, to contact Fabasoft additional general email addresses will be provided. When you send us an email, it is automatically directed to the relevant person so that you query can be processed.
|_ga||Google analytics cookie|
|_gid||Google analytics cookie|
|_gat||Google analytics cookie|
|JSESSIONID||Session ID for Mindbreeze search engine|
The two main types of cookies are session cookies and permanent cookies, which are separated into first-party and third-party cookies.
Session cookies are deleted at the end of the session (when you close your browser). They record navigation through the website so that the website “remembers” your entries. These session cookies are normally used to temporarily save the user’s entries when filling in online forms that span several pages or to temporarily save the information entered by the user when adding items to online shopping baskets. Examples of typical entries could be: Entering information when ordering online, choosing currency, whether the user is registered or simply when navigating the site.
Permanent cookies remain after the browser is closed and are automatically deleted 2 years after their last use at the latest. The information gathered by these cookies is still available to you after your session has ended, if you return to this website. In this instance, the information is related to language settings, layout preferences, login settings and preferred settings.
First-party cookies are the cookies set by Fabasoft and will only be used by Fabasoft, or you. Fabasoft mainly uses session cookies; meaning cookies that are deleted after 1 month at the latest. On the other hand, third-party cookies are not used directly by Fabasoft, but by third-parties. These can help third-parties track your overall navigation of the website and calculate the number of visits to and the length of time spent on the website.
B.4. The use of analytics services
Internet analytics service Google Analytics
We only use Google Analytics when IP anonymization is in place. This means that, within other European Union Member States or countries in the European Economic Area, Google will ensure that only part of the user’s IP address is shown. Only in exceptional circumstances will the full IP address be sent to a Google server in the USA, where it is shortened. The IP address of the user’s browser will not be merged with other information collected by Google.
You can prevent cookies from being stored by changing the settings on your internet browser. In addition, you can prevent Google from collecting or processing information from your cookies and about your use of online offers by downloading and installing the following browser plugin at this link: http://tools.google.com/dlpage/gaoptout?hl=de.
You can learn more about Google’s use of data for advertising purposes, the different ways to adjust your settings or to oppose the use of this information on Google’s website: https://www.google.com/intl/de/policies/privacy/partners (“Google’s use of the data collected from your visits to partner websites or Apps”), http://www.google.com/policies/technologies/ads (Using data for advertisement purposes”), http://www.google.de/settings/ads (“Managing the information that Google uses to show you advertisements”) and http://www.google.com/ads/preferences (“Determine which advertisements Google shows you”).
You can prevent Google Analytics from collecting information by clicking on the following link. An opt-out cookie will be available, which prevents the collection of further information when visiting the website. Deactivate Google Analytics
Fabasoft has integrated Google AdWords into its website. Google AdWords is an internet advertising service that permits advertisers to change the advertisements both on Google’s search engine results page and on Google’s Display Network. Google AdWords enables advertisers to specify certain key words in advance that will trigger the display of specific advertisements on Google’s search engine page if the user searches for a relevant key word in the search engine. On Google’s Display Network, advertisements are filtered by an automatic algorithm and taking into account key words that have been entered on similar internet sites.
The operating company that provides the Google AdWords service is Google Inc. 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of using Google AdWords is to advertise our website by placing interesting and relevant advertisements on third-party companies’ websites, onto Google’s search engine results page and to display third-party advertisements on our own website.
If one of Google’s advertisements succeeds in directing someone to our website, Google will file a so-called conversion cookie on this person’s device. Cookies have already been defined above.
A conversion cookie expires after thirty days and does not serve to identify the data subject. Provided that it has not yet expired, conversion cookies can be used to establish whether certain sub-sites, for example the basket in online shopping systems, are visited on our website.
Through conversion cookies, both we and Google can establish whether a data subject, who is directed to our website via an AdWords advertisement, generates revenue, for example by making purchases in the basket or if they cancel them.
Google uses the data and information collected by conversion cookies in order to generate statistics on the number of visits to our website.
On the other hand, we use these statistics to determine the total number of people using our website and how many of them are directed to us by AdWords advertisements. Therefore, we use this information to evaluate how successful various AdWords advertisements are at directing people to our site and in order to streamline our AdWords advertisements in the future. Neither our company nor Google AdWords’ other advertisement customers receive information from Google that would enable a data subject to be identified.
Through conversion cookies, personal information, for example internet sites visited by the data subject, will be stored. With each visit to our website, personal information will therefore be sent to Google in the USA, including the IP address of the data subject’s Internet connection. This personal information will be stored by Google in the USA. Google will pass on the personal information collected through online activity to third-parties if necessary.
This setting on the internet browser would also prevent Google from creating a conversion cookie on the data subject’s computer system. In addition, cookies that have been already established by Google AdWords can be deleted via the internet browser, or other software programmes, at any time.
Furthermore, the data subject may reject personalised advertising from Google. To do so, the data subject must use the following link to remove the internet browsers they used and to set their desired settings: https://www.google.de/settings/ads
This page uses the Google Maps map service via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. It is necessary to save your IP address in order to use the functions of Google Maps. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. Google Maps is used in the interest of presenting our online offers in an appealing manner and making it easier to find the locations we have indicated on the website. This constitutes a legitimate interest within the context of Art. 6 (1) (f) GDPR. You can find more information on the handling of user data in Google's data protection declaration: https://www.google.de/intl/de/policies/privacy
B.5. Social Media Icons
Fabasoft also provides links on this website to the following social media sites: Twitter, Facebook, YouTube, Xing, LinkedIn, Google+. Some of these links are displayed as icons. When you click on these social media icons (links) you will be subsequently redirected from the Fabasoft website to the respective social media site.
When you click on one of these links, you will be redirected to the respective website and are thus allowing the respective site operator to access your personal information. This collection of data is the sole responsibility of the respective provider and not of Fabasoft.