Data Controller
Name and Address
The controller in the sense of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection regulations is:
SweetSpot Business Software GmbH
Rosental 5, c/o Munich City Office
80331 Munich, Germany
Contact
email: contact.us@software-sweetspot.com
website: www.software-sweetspot.com
General Information on Data Processing
Scope of Processing Personal Data
We process personal data of our users only as necessary to provide a functional website and our content and services. The processing of personal data of our users is regularly based on the user's consent. An exception applies in cases where obtaining consent beforehand is not possible for actual reasons and where data processing is permitted by law.
Legal Basis for the Processing of Personal Data
Insofar as we obtain your consent for processing operations of personal data, Article 6(1)(a) GDPR serves as the legal basis.
If the processing of personal data is necessary for the performance of a contract to which you are a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures upon your request.
If processing of personal data is necessary to comply with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.
If vital interests of the data subject or another natural person make it necessary to process personal data, Article 6(1)(d) GDPR serves as the legal basis.
If processing is necessary to protect a legitimate interest of our company or a third party, and your interests, fundamental rights, and freedoms do not override the first-mentioned interest, Article 6(1)(f) GDPR serves as the legal basis.
Data Deletion and Storage Duration
We retain your data as long as necessary to provide our online services or as we have a legitimate interest in further retention. In all other cases, we delete your personal data, except data we must retain to fulfill contractual or legal obligations (e.g., for tax or commercial purposes). Contractual retention obligations may also arise from agreements with third parties (e.g., copyright holders). Data subject to a retention obligation will be blocked until the end of the period.
Disclosure of Data to Third Parties; Service Providers
Disclosure of Data to Third Parties
Your personal data will only be disclosed to third parties if necessary for contract fulfillment, if we or a third party have a legitimate interest in disclosure, or if you have given your consent. If data is disclosed to third parties based on legitimate interest, this will be explained in this privacy policy. Additionally, data may be transferred to third parties if we are legally required to do so by enforceable administrative or judicial orders.
Service Providers
We reserve the right to use service providers to collect or process data. Service providers will receive only the personal data necessary for their specific tasks, such as your email address to deliver a requested newsletter. Service providers may also be engaged to provide server capacities. Service providers are typically integrated as "data processors," processing personal data of users of this online service only in accordance with our instructions.
If service providers are not specifically named in this privacy policy, the following categories of service providers are involved:
(1) IONOS SE Germany (technical support)
(2) IONOS SE Germany (hosting)
(3) Alphabet Inc., Google LLC, Google Ireland Limited (translation)
Data Transfer to Non-EEA Countries
We also transfer personal data to third parties or data processors located in non-EEA countries. In such cases, we ensure that the recipient has an adequate level of data protection (e.g., through the recipient's self-certification for the EU-US Privacy Shield or by agreeing to EU Standard Contractual Clauses with the recipient) or that a sufficient level of data protection is provided by obtaining your consent. You may request an overview of recipients in third countries and a copy of the specific provisions ensuring an adequate level of data protection from us by using the contact information provided in the "Contact" section above.
Data Collection When Visiting Our Website
Description and Scope of Data Processing
If you use our website solely for informational purposes, we collect only the data your browser transmits to our server (known as "server log files"). When you access our website, we collect the following data, which is technically necessary to display the website to you:
(1) Information about the browser type and version used
(2) The user's operating system
(3) The user's internet service provider
(4) Date and time of access
(5) Websites from which the user's system accessed our website
(6) Websites accessed by the user's system through our website
These data are stored in our system's log files, but are not stored together with other personal data. The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR. Temporarily storing the IP address by the system is necessary to deliver the website to your computer. Therefore, your IP address must be stored for the duration of the session. The storage in log files is done to ensure the functionality of the website, optimize the website, and ensure the security of our information technology systems. The data will not be evaluated for marketing purposes in this context.
The data will be deleted as soon as it is no longer necessary to achieve the purpose of their collection. In the case of data collection for the provision of the website, this is the case when the respective session ends. Data collection for the provision of the website and data storage in log files is mandatory for the operation of the website, so the user has no right to object.
Contact Form and Email Contact
Description and Scope of Data Processing
Our website contains a contact form that can be used for electronic contact. If a user uses this option, the data entered in the input mask is transmitted to us and stored. These data are:
(1) Name
(2) Email address
(3) Telephone number
(4) Company name
(5) Message text
At the time the message is sent, the following data is also stored:
(1) The user's IP address
(2) Date and time of registration
During the submission process, your consent for data processing will be obtained, and reference will be made to this privacy policy.
Alternatively, you may contact us through the provided email address. In this case, the personal data you transmit via email will be stored.
No data will be shared with third parties, and it will only be used for processing the conversation.
The legal basis for data processing is as follows:
(1) With your consent, in accordance with Art. 6 para. 1 lit. a GDPR.
(2) In the case of email contact, based on Art. 6 para. 1 lit. f GDPR.
(3) If the purpose of the email contact is to conclude a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.
The processing of personal data from the contact form is solely for handling your inquiry. In the case of email contact, this is also our legitimate interest in data processing. Any additional personal data processed during the submission process helps prevent misuse of the contact form and ensures the security of our IT systems.
Data will be deleted once it is no longer necessary for the purposes for which it was collected. For personal data submitted through the contact form or via email, this occurs when the conversation with the user has ended, that is, when the matter has been resolved. Personal data collected during the submission process will be deleted within seven days.
You may withdraw your consent to the processing of personal data at any time. If you contact us by email, you may object to the storage of your personal data at any time. In such a case, the conversation cannot be continued.
You may object to the storage of your personal data at any time by contacting us at the email address provided under Section I above. In this case, all personal data stored during the contact process will be deleted.
Use of social plugins
We use social plugins (hereinafter referred to as “social plugins” or “plugins”) from the following providers on our website
Plugins from Linkedin; Linkedin is operated by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland (“Linkedin”). The plugins are marked with a Linkedin logo.
You can find information on data protection at Linkedin here: https://www.linkedin.com/legal/privacy-policy
YouTube
Plugins from YouTube; YouTube is operated by Google Ireland Limited Company Gordon House, Barrow Street, Dublin 4, Ireland ("YouTube"). The plugins are marked with a YouTube logo.
You can find information on data protection at YouTube here: https://policies.google.com/privacy?hl=de
Basic functionality of plugins
Only when you activate the plugins does your internet browser establish a direct connection to the servers of the respective plugin provider. As a result, the plug-in provider receives the information that your Internet browser has accessed the corresponding page of our online offering, even if you do not have a user account with the provider or are not currently logged in. Log files (including the IP address) are transmitted directly from your Internet browser to a server of the respective plug-in provider and may be stored there. This server may be located outside the EU or the EEA (e.g. in the USA).
The plugins are independent extensions of the plugin providers. We therefore have no influence on the scope of the data collected and stored by the plug-in providers via the plug-ins. If you do not want the plug-in providers to receive the data collected via this Internet portal and, if necessary, store or use it, you should not use the respective plug-ins. You can also completely prevent the plugins from loading with the help of add-ons for your browser, so-called script blockers.
Further information about the purpose and scope of the collection and the further processing and use of your data by plugin providers as well as your rights and settings options for protecting your data can be found in the privacy policies of the respective providers.
Rights of the Data Subject
Under applicable data protection law, you are entitled to comprehensive rights (information and intervention rights) regarding the processing of your personal data. We inform you of these rights below.
Right to Information according to Art. 15 GDPR
You have the right to obtain information on your personal data we process, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been disclosed, the planned storage period or criteria for determining this period, your rights to rectification, deletion, restriction of processing, objection to processing, lodging a complaint with a supervisory authority, the origin of your data if it was not collected from you, the existence of automated decision-making, including profiling, and if applicable, meaningful information about the logic involved and the potential consequences of such processing. You are also entitled to be informed of any guarantees under Art. 46 GDPR if your data is transferred to third countries.
Right to Rectification according to Art. 16 GDPR
You have the right to obtain the immediate correction of inaccurate personal data concerning you and/or the completion of incomplete data stored with us.
Right to Erasure according to Art. 17 GDPR
You have the right to request the deletion of your personal data, provided the requirements of Art. 17 para. 1 GDPR are met. This right does not apply, in particular, if processing is necessary for the exercise of freedom of expression and information, compliance with a legal obligation, reasons of public interest, or for the establishment, exercise, or defense of legal claims.
Right to Restriction of Processing according to Art. 18 GDPR
You have the right to request the restriction of the processing of your personal data if the accuracy of your data is contested for the time required to verify it, if you object to the deletion of your data due to unlawful processing and request restriction instead, if you require your data to assert, exercise, or defend legal claims after we no longer need it for our purposes, or if you objected to processing for reasons based on your particular situation while verification is pending on whether our legitimate grounds override yours.
Right to Notification according to Art. 19 GDPR
If you have asserted the right to rectification, erasure, or restriction of processing, we are obligated to notify all recipients to whom the personal data has been disclosed unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.
Right to Data Portability according to Art. 20 GDPR
You have the right to receive your personal data that you provided to us in a structured, commonly used, and machine-readable format or to request its transfer to another controller where technically feasible.
Right to Withdraw Consent according to Art. 7 para. 3 GDPR
You have the right to revoke any consent you have given to the processing of your data with effect for the future at any time. Upon revocation, we will delete the affected data unless further processing can be based on a legal basis allowing processing without consent. The revocation of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint according to Art. 77 GDPR
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. You may also contact the data protection authority in your place of residence, which will forward your concern to the relevant authority.
Since our headquarters are in Munich, the responsible supervisory authority is:
Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 27, D-91522 Ansbach, Germany.
RIGHT TO OBJECT
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCE OF INTERESTS DUE TO OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE AFFECTED DATA. HOWEVER, FURTHER PROCESSING IS PERMITTED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING AT ANY TIME. YOU MAY EXERCISE THIS RIGHT AS DESCRIBED ABOVE. IF YOU OBJECT TO PROCESSING FOR DIRECT MARKETING PURPOSES, WE WILL STOP PROCESSING YOUR PERSONAL DATA FOR THIS PURPOSE.
Further Information and Contacts
If you have any further questions on data protection, please contact us at the email address provided above in Section I (“Data Controller”)
Wir benötigen Ihre Zustimmung zum Laden der Übersetzungen
Wir nutzen einen Drittanbieter-Service, um den Inhalt der Website zu übersetzen, der möglicherweise Daten über Ihre Aktivitäten sammelt. Bitte überprüfen Sie die Details in der Datenschutzerklärung und akzeptieren Sie den Dienst, um die Übersetzungen zu sehen.