Privacy Policy

Thank you for visiting our website www.valentin-software.com and for your interest in our company and products.

Insofar as personal data is collected and processed during your visit and when using our products and services, this is done in accordance with the applicable legal regulations as follows:

1. Responsible office

Responsible for the processing of your personal data in accordance with Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is

Valentin Software GmbH
Stralauer Platz 34
10243 Berlin
E-mail: datenschutz@valentin-software.com

2. Data processing when visiting our website

When you visit the website, the following access data is automatically collected by us or our internet provider and temporarily stored in a log file:

the IP address of the computer you are using,
date and time of your visit,
the web pages you visit on our website and the time you spend on them,
the website from which you accessed our website,
browser type and browser version and
the operating system of your computer.

The data is used to establish the connection to the website and to ensure system security. Under no circumstances will the access data be used to establish a connection to you personally. The legal basis for data processing is Art. 6 (1) sentence 1 f) GDPR. Our legitimate interest in data processing arises from the aforementioned purposes.

The data will be deleted as soon as it is no longer required for the stated purposes. The data required to establish the connection will be deleted as soon as you leave our website. Otherwise, the data in the log files will be deleted after seven days at the latest.

3. Online shop: hosting by Shopify

For our online shop, we use Shopify, a cloud-based shop system from Shopify International Ltd, 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland. For this purpose, we have concluded an order processing contract with Shopify in accordance with Art. 28 GDPR. Shopify provides us with infrastructure and storage space for our shop on its servers and takes care of maintenance, technical support and system operation. Accordingly, the provider processes personal data on our behalf that is transferred when our services are used.

In addition, it is in our legitimate interest pursuant to Art. 6 para. 1 sentence 1 f) GDPR to ensure the functional and secure operation of our online shop.

When providing these services, Shopify may also transfer personal data to other regions, for example to Canada and the USA. The data transfer to Canada is based on an adequacy decision issued by the European Commission in accordance with Art. 45 GDPR. Insofar as Shopify processes data in the USA, this is done on the basis of standard contractual clauses in accordance with Art. 46 para. 2 c) GDPR, which have been approved by the European Commission. Nevertheless, it cannot be ruled out that US authorities and US intelligence services may gain access to the data without the data subjects being informed of this.

You can find the standard contractual clauses here: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=EN

You can find Shopify's privacy policy here: https://help.shopify.com/de/manual/your-account/privacy

4. TLS encryption

The website uses the TLS (Transport Layer Security) encryption method. The procedure corresponds to the current state of the art and serves to protect your personal data from access by third parties during transmission.

In addition, appropriate technical and organisational measures are taken to protect the security of your data against accidental or intentional manipulation, loss, destruction or unauthorised access. The security measures are adapted in line with technical developments.

5. Data processing when you contact us

When you contact us (e.g. by e-mail, telephone or via a contact form), data such as your e-mail address, name and telephone number will be stored by us. When using the contact form, the data is requested as shown on the form. The data will be processed for the purpose of answering your enquiry and deleted as soon as your request has been dealt with. The legal basis for data processing is our legitimate interest in processing your request in accordance with Art. 6 para. 1 sentence 1 f) GDPR.

If your enquiry is made for the purpose of concluding a contract, the data will also be processed for the implementation of pre-contractual measures or for the fulfilment of the contract in accordance with Art. 6 para. 1 sentence 1 b) GDPR (see section 6).

6. Contract execution, user management (rental licence) and identity verification

a) Contract execution

We process your data for the fulfilment of the contract and for the implementation of corresponding pre-contractual measures, in particular for the purpose of processing orders in our web shop and for the provision of our other services such as conceptual and strategic consulting, campaign planning, software and design development/consulting, software rental, maintenance, consulting and training services, etc.

For this purpose, we process personal data such as your name, address, e-mail address, telephone and, if applicable, fax number as well as your text entries, videos and photos etc. that you send us. If you use our online forms, we process the data as shown in the respective form.

You can voluntarily create a customer account by clicking in the corresponding box so that your order data is saved for future purchases. The legal basis for this is Art. 6 para. 1 sentence 1 a) GDPR. You can revoke your consent at any time by sending an email to sales@valentin-software.com to revoke your consent. Your customer account will then be deleted. Data that we require to process an order placed or that is required to fulfil our statutory retention obligations remains unaffected by the deletion of the customer account.

The abovementioned data is processed for the fulfilment of the contract or the implementation of pre-contractual measures in accordance with Art. 6 para. 1 sentence 1 b) GDPR. After the contract has been processed, the data will be deleted, provided that there are no legal regulations, for example tax and commercial law retention obligations, to the contrary, and you have not given us your express consent for further use.

Your contract data will only be passed on to third parties if this is necessary for the processing of the contractual relationship with you in accordance with Art. 6 para. 1 sentence 1 b) GDPR.

Your payment data will be processed by the payment service provider commissioned with the payment for the purpose of processing your order (see section 7).

b) User management: rental licence

When booking one of our named-user licenses (rental licence), user management is required for the provision of our contractual services. For this purpose, we use the cloud-based software of Slascone, GmbH, Friedrichstr. 114 A, 10117 Berlin.

Slascone supports us in automating the licensing process, in particular in creating, setting up and managing user authorisations. We have concluded an order processing contract with Slascone in accordance with Art. 28 GDPR. Slascone processes the login data transmitted when using our products, for example name and e-mail address, on our behalf and in accordance with our instructions. Slascone will delete the data at the latest upon termination of the order processing contract with us or earlier in accordance with our instructions.

The legal basis for data processing is 6 para. 1 sentence 1 b) GDPR.

After the contract has been processed, the data will be deleted, provided that there are no legal regulations, for example tax and commercial law retention obligations, to the contrary and you have not given us your express consent to further use.

You can find Slascone's privacy policy here: https://slascone.com/de/datenschutz/

c) Identity check

When using a named-user licence, we use Azure Active Directory B2C (Azure AD B2C) for identity verification, a Microsoft service that enables us to verify the identity of the users of our applications. For this purpose, your login data - as shown in the login screen - is processed and cookies are set (see section 11). The cookies store the IP address of your computer and your location, as well as the date and time of registration, browser type, browser version, the operating system of your computer and the version of the operating system.

The cookies are necessary to identify you as a legitimate user of our application and to prevent access by unauthorised third parties. These are session cookies that are automatically deleted as soon as you close your browser. If you select the "Stay logged in" function (if available), the cookies remain active for longer and are deleted after 90 days at the latest.

The legal basis for data processing is Art. 6 para. 1 sentence 1 f) GDPR. It is in our legitimate interests to verify the identity of the users of our applications and to protect our services from unauthorised access or fraud.

The data is generally stored in the EU. Insofar as data is also processed outside the EU when providing the services, this is done on the basis of an adequacy decision issued by the European Commission pursuant to Art. 45 GDPR or on the basis of standard contractual clauses pursuant to Art. 46 para. 2 c) GDPR, which have been approved by the European Commission. The standard contractual clauses can be found here: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=EN

Data processed in the USA is subject to the EU-U.S. Data Privacy Framework, an agreement that ensures compliance with the data protection regulations applicable in the EU. Microsoft is certified under the EU-U.S. Data Privacy Framework.

The privacy policy of Microsoft, Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland can be found here: https://privacy.microsoft.com/de-de/privacystatement

7. Payment processing

You can pay with PayPal and via Shopify Payments by credit card (VISA, Maestro/Mastercard and American Express).

a) PayPal

To pay with PayPal, you will be redirected to the PayPal website during the order process, where you log into your PayPal account. Your payment data stored there will be used by PayPal for payment processing. The legal basis for payment processing is Art. 6 para. 1 sentence 1 b) GDPR.

Credit rating

When paying by credit card and direct debit and - if offered - when purchasing on account, PayPal compares your data with databases of external credit agencies such as SCHUFA for the purpose of identity and creditworthiness checks. The following data is transmitted to the credit agency: first and last name, address, date of birth and your account details. If necessary, PayPal will also transmit information about any non-contractual or fraudulent behaviour on your part. The data is stored by the credit agency and can be used by the credit agency to determine your ability and willingness to pay in the form of scoring values, among other things. The calculation of the scoring value is based on a mathematical-statistical procedure. For example, personal and demographic data can be used for this purpose. If the credit check is negative, the selected payment method is not possible. You will be informed of this immediately. The legal basis for data processing and disclosure for the purpose of credit checks and fraud prevention is Art. 6 para. 1 sentence 1 b) and Art. 6 para. 1 sentence 1 f) GDPR. It is in PayPal's legitimate interest to protect itself against payment defaults.

The data is generally stored in the EU. Insofar as PayPal also processes data outside the EU, this is done on the basis of an adequacy decision issued by the European Commission pursuant to Art. 45 GDPR or on the basis of standard contractual clauses pursuant to Art. 46 para. 2 c) GDPR, which have been approved by the European Commission. The standard contractual clauses can be found here: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=EN

You have the right to object to PayPal processing your data for the purpose of a credit check. For details, please refer to the privacy policy of PayPal (Europe), S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, at the following link: https://www.paypal.com/de/webapps/mpp/ua/privacy-full. There you will also find an overview of the credit agencies with which PayPal co-operates.

b) Payment by credit card via Shopify Payments and Stripe

With Shopify Payments, we offer you payment by credit card (VISA, Maestro/Mastercard and American Express). Shopify Payments processes credit card payments via the technical service provider Stripe. Stripe collects your order data (name, address, e-mail address, telephone number, payment method, date and payment amount of the transaction) and your credit card data for payment processing. The legal basis for payment processing is Art. 6 para. 1 sentence 1 b) GDPR.

Credit rating

Stripe uses the transaction data to detect and prevent fraudulent activity and also to detect unauthorised logins using your online activity. Stripe may share information about you with us and other business users, including card issuers and others involved in payment processing, in order to assess the risk of fraud associated with the payment in question. Stripe may compare the data with credit agency databases for the purpose of identity and credit checks. Your address, account and card details are transmitted to the credit agency for this purpose. The credit agency stores the data and can use it to determine your solvency and willingness to pay in the form of scoring values, among other things. The calculation of the scoring value is based on a mathematical-statistical procedure. For example, personal and demographic data can be used for this purpose. If the credit check is negative, you will not be able to use the payment method you have selected. You can contact Stripe to find out which credit agencies Stripe uses.

The legal basis for data processing and disclosure for the purpose of credit assessment and fraud prevention is Art. 6 para. 1 sentence 1 b) and Art. 6 para. 1 sentence 1 f) GDPR. The legitimate interest lies in the prevention of payment defaults. You have the right to object to data processing for the purpose of credit checks vis-à-vis Stripe under the legal requirements.

The data is generally stored in the EU. Insofar as the payment services also process data in other regions, this is done on the basis of an adequacy decision issued by the European Commission pursuant to Art. 45 GDPR or on the basis of standard contractual clauses pursuant to Art. 46 para. 2 c) GDPR, which have been approved by the European Commission. The standard contractual clauses can be found here: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=EN

Stripe is a payment service provided by Stripe Payments Europe, Limited, The One Building, 1, Lower Grand Canal Street, Dublin 2, Ireland. Insofar as Stripe processes data in the USA, the EU-U.S. Data Privacy Framework applies, an agreement that guarantees compliance with the data protection regulations applicable in the EU and under which Stripe is certified accordingly. You can access Stripe's privacy policy via the following link: https://stripe.com/de/privacy#translation

Shopify Payments is a payment service provided by Shopify International Limited, 2nd Floor Victoria Buildings 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. You can access Shopify Payments' privacy policy here: https://www.shopify.com/de/legal/datenschutz

VISA: Contact: Visa Europe Management Services Limited, German Branch, Neue Mainzer Straße 66-68, 60311 Frankfurt. The privacy policy can be found here: https://www.visa.de/legal/privacy-policy.html

Maestro/Mastercard: Contact: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium. The privacy policy can be found here: https://www.mastercard.de/de-de/datenschutz.html

American Express: Contact: American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany. The privacy policy can be found here: https://www.amex-kreditkarten.de/datenschutz/datenschutzerklaerung.php

8. Transfer of data to third parties

Your personal data will only be transferred to third parties in the following cases:

You have consented to the transfer in accordance with Art. 6 para. 1 sentence 1 a) GDPR.
The transfer is legally permissible and required for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 b) GDPR.
The disclosure is required pursuant to Art. 6 para. 1 sentence 1 c) GDPR to fulfil a legal obligation to which we are subject.
The disclosure is necessary pursuant to Art. 6 para. 1 sentence 1 d) GDPR in order to protect your vital interests or those of another natural person.
The disclosure is necessary pursuant to Art. 6 para. 1 sentence 1 f) GDPR for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.
The transfer takes place in accordance with Art. 28 GDPR on the basis of an order processing contract.

9. Use of forum

If you would like to use our forum to exchange information with other product users and our software developers on various application options or specific questions, we will collect your e-mail address.

To prevent unauthorised persons from misusing your e-mail address, we use the double opt-in procedure: After your registration you will receive an e-mail with an activation link. Only when you click on this link will your registration be finalised and you will be able to use our forum.

Your e-mail address will not be published. It will be stored by us in order to contact you for comment in the event that your forum post is reported by third parties as unlawful (e.g. due to offensive content). The legal basis is Art. 6 para. 1 sentence 1 f) GDPR. Our legitimate interest arises from the aforementioned purpose.

If you leave comments or other forum contributions, your IP address will be stored for a period of approx. 10 - 14 days on the basis of our legitimate interests within the meaning of Art. 6 para. 1 sentence 1 f) GDPR. The storage serves to provide us with legal protection in the event that your post contains illegal content.

Your posts and comments and the data contained therein will be permanently stored and published by us in the forum. The legal basis is Art. 6 para. 1 sentence 1 b) and f) GDPR. The legitimate interest arises from the purpose of the forum, which is to enable the exchange of experiences between product users and our software developers.

If you wish to delete your contributions, please send us a corresponding message by e-mail.

10. Newsletter

Insofar as you have given your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR, Art. 7 GDPR in conjunction with § 7 para. 3 UWG, we will use your e-mail address to send you our free newsletter 5-8 times a year with information and advertising about our range of services.

To prevent misuse, you will receive an e-mail with a link to confirm your registration after you have registered for the newsletter. Only when you click on the link will you receive our newsletter in future.

To prove your consent to receive our newsletter, we log your IP address and the date and time of your registration on the basis of our legitimate interests pursuant to Art. 6 (1) sentence 1 f) GDPR.

You can revoke your consent to receive the newsletter at any time by unsubscribing from the newsletter via the "unsubscribe" link in each newsletter or by sending us an e-mail. If you unsubscribe from the newsletter, we will delete your e-mail address from our newsletter mailing list.

Newsletter without registration

If we have received your e-mail address in connection with the sale of a product or service, we may send you our newsletter by e-mail with advertising for our own products or services that are similar to those from your order. The prerequisite for this is that you have not objected to the use of your e-mail address and that we clearly inform you when collecting the e-mail address and for each use that you can object to the use at any time without incurring any costs other than the transmission costs according to the basic rates. The legal bases are Section 7 (3) UWG and Art. 6 (1) sentence 1 f) GDPR. Our legitimate interest in the data processing described above is to present you with further products and services from our range for advertising purposes. You can exercise your right to object by sending us an email or by clicking on the unsubscribe link contained in every newsletter.

rapidmail

We use rapidmail to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. Among other things, rapidmail is used to organise and analyse the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter is stored on rapidmail's servers in Germany. If you do not wish to be analysed by rapidmail, you can unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. For the purpose of analysis, the e-mails sent with rapidmail contain a so-called tracking pixel, which connects to the rapidmail servers when the email is opened. In this way, it can be determined whether a newsletter message has been opened. We can also use rapidmail to determine whether and which links in the newsletter message have been clicked on. Links in the email can also be set as tracking links with which your clicks can be counted.

The recipient of the data is rapidmail GmbH. Data processing is carried out on the basis of an agreement on joint responsibility in accordance with Art. 28 GDPR, which we have concluded with rapidmail. Data is not transferred to third countries. The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR.

The data stored by us as part of your consent for the purpose of the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of rapidmail after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.

You have the option to revoke your consent to data processing at any time with effect for the future. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.

For more information, please refer to the data security information from rapidmail at: Privacy policy - rapidmail. For more information on the analysis functions of rapidmail, please see the following link: Support and help for our newsletter tool - rapidmail.

11. Cookies

Cookies are small text files that are stored on your device by the browser when you visit our website. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering.

Temporary cookies or "session cookies" or "transient cookies" are cookies that are deleted as soon as you close the browser. These cookies ensure essential functions of the website (e.g. navigation, transactions, etc.).

Others, so-called "permanent cookies", have a longer lifespan and are used to recognise your browser on the basis of the information stored in the cookie during a subsequent visit.

The legal basis for the use of cookies that are technically necessary or absolutely necessary for the fulfilment of pre-contractual measures and contract performance (e.g. registration, shopping basket function) is Art. 6 para. 1 sentence 1 b) GDPR.

If cookies are used to save the settings you have made (e.g. language settings) for subsequent visits, the legal basis is Art. 6 para. 1 sentence 1 f) GDPR. Our legitimate interest lies in making your visit to our website user-friendly according to your preferences.

Insofar as you have given your consent to the use of cookies from third-party providers (so-called "third-party cookies"), in particular for analysis, advertising and marketing purposes, the legal basis is Art. 6 para. 1 sentence 1 a) GDPR, § 25 TDDDG. Details can be found in the description of the respective service.

Unless otherwise stated in this privacy policy, cookies have a maximum lifespan of 24 months. At the end of their lifespan, they are automatically deleted.

You can revoke your consent at any time by clicking on the "Revoke consent" link on the website. Click on the "Change privacy settings" link on the website to call up the cookie consent banner and manage your selection there by clicking in the corresponding field. Please refer to section 12 for details.

Alternatively, you can decide whether you want to reject cookies or whether they should be removed when you close your browser by making the appropriate selection in your browser settings. You can also delete stored cookies there. Further information can be found in the settings of your browser in the "Help" area.

If you reject cookies, you may not be able to use all website functions.

12. Cookie consent banner

We use the "Real Cookie Banner" on our website, a cookie consent tool from devowl.io GmbH, Tannet 12, 94539 Grafling, Germany. The service allows us to request your consent to the use of cookies where necessary and to save your decision as proof. A cookie is set for this purpose so that your decision can be retrieved on future visits to our website. The cookie for consent management is stored for a maximum of 12 months and then automatically deleted.

You can call up the cookie consent banner at any time by clicking on "Change privacy settings" and manage your consent in the settings (by ticking or unticking the box). The cookie consent service serves our legal obligation to request and document the legally required consents. The legal basis is Art. 6 para. 1 sentence 1 c) GDPR. Details of the service can be found on the provider's website at http://devowl.io/de/wordpress-real-cookie-banner/

13. Webinars and online meetings with GoTo

If you book a webinar with us, personal data such as your name, e-mail address and/or telephone number will be processed on our behalf by GoTo, GoTo Technologies Ireland Unlimited Company, The Reflector, 10 Hanover Quay, Dublin 2, D02R573, Ireland for the purpose of providing the meeting functions. Data such as the duration, date and time of the meeting, your IP address, browser type and version and the operating system/version of your computer as well as audio and video data and chat messages are also stored for this purpose.

The legal basis for data processing to organise the online meeting is Art. 6 para. 1 sentence 1 b) GDPR (see section 6 above).

Data processing by GoTo is based on an order processing contract in accordance with Art. 28 GDPR. In addition, the secure and technically reliable organisation of our webinars and online meetings is in our legitimate interest within the meaning of Art. 6 para. 1 sentence 1 f) GDPR. The meeting chronicle and any cloud recordings are automatically deleted by GoTo after one year.

The data is generally stored in the EU. Insofar as GoTo also processes personal data in other regions, this is done on the basis of an adequacy decision issued by the European Commission pursuant to Art. 45 GDPR or on the basis of standard contractual clauses pursuant to Art. 46 para. 2 c) GDPR, which have been approved by the European Commission. The standard contractual clauses can be found here: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=ENTML/?uri=CELEX:32021D0914&from=EN

Data processed in the USA is subject to the EU-U.S. Data Privacy Framework, an agreement that ensures compliance with the data protection regulations applicable in the EU. GoTo is certified under the EU-U.S. Data Privacy Framework. For more information on the use of your data, please visit: https://www.goto.com/de/company/legal/privacy/international

14. Google services on the website

The provider of the services described in this section is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Insofar as Google also processes data outside the EU, this is done on the basis of an adequacy decision issued by the European Commission pursuant to Art. 45 GDPR or on the basis of standard contractual clauses pursuant to Art. 46 para. 2 c) GDPR, which have been approved by the European Commission. The standard contractual clauses can be found here: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=EN

Data processed in the USA is subject to the EU-U.S. Data Privacy Framework, an agreement that ensures compliance with the data protection regulations applicable in the EU. Google is certified under the EU-U.S. Data Privacy Framework. You can access Google's privacy policy via the following link https://policies.google.com/privacy?hl=de

a) Google Fonts

We use Google Fonts, a directory of open source fonts provided by Google that can be downloaded from the Internet. When the fonts are integrated, a connection to the Google server is established. Personal data such as the IP address of the computer you are using is transmitted to Google.

The legal basis for data processing is your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR. You can withdraw your consent at any time with effect for the future (see section 12 above).

You can also prevent data processing by deactivating JavaScript in your browser settings.

b) Registration via ReCaptcha

To avoid automated registrations, we use the ReCaptcha Enterprise service. ReCaptcha is a risk analysis service from Google that serves to protect us from misuse by malicious software on the website. The service recognises whether entries (for example in the online contact form) are made by humans or whether they are bots or other automated attacks. The latter are stopped, while valid users are not hindered.

For this purpose, a cookie is set and your user behaviour on the website as well as mouse movements and IP address are transmitted to Google servers and stored there permanently.

The legal basis for data processing is Art. 6 para. 1 sentence 1 a) GDPR. You can withdraw your consent at any time with effect for the future (see section 12 above).

c) Google Universal Analytics and Google Analytics 4

We use Google (Universal) Analytics and Google Analytics 4, a Google Analytics process that analyses users on the basis of a pseudonymous user ID and thus creates a pseudonymous profile of the user with information from the use of various devices (so-called "cross-device tracking").

We use the service to analyse and statistically evaluate the use of our website. We use the information obtained in this way for marketing purposes and to optimise our website. Pseudonymised user profiles are created, and cookies are used (see section 11 above). The following information is collected by the cookie:

the IP address of your computer,
date and time of your visit,
the internet pages that you visit on our website,
the website from which you accessed our website,
the browser type and version you are using and
the operating system of your computer.

This data is transferred to Google servers and stored there. When using Google Analytics, we have activated the anonymisation of the IP address by "_anonymizeIp()", which means that your IP address will be shortened and anonymised by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage for the purposes of website optimisation. Google also uses the information for its own purposes to provide the analysis and tracking service.

Data processing is carried out on the basis of an agreement on joint responsibility in accordance with Art. 26 GDPR, which we have concluded with Google.

The legal basis for data processing is your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR. You can revoke your consent at any time with effect for the future (see section 12 above). You can also prevent the storage of cookies by selecting the appropriate settings in your browser software (see section 11 above).

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser add-on available under the following link to deactivate Google Analytics: http://tools.google.com/dlpage/gaoptout?hl=de

Further information can be found in Google's privacy policy here: https://policies.google.com/privacy?hl=de
and https://policies.google.com/technologies/partner-sites

15. Plausible

In order to understand and improve the use of our website in accordance with our interest in the analysis, optimisation and economic operation of our online offer, we use the open source web analysis tool "Plausible Analytics", offered by Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia. Plausible does not use cookies and does not store any personal data. You can find more information on data protection at Plausible Analytics at https://plausible.io/data-policy

16. Data processing when using our products

On the basis of our legitimate interests within the meaning of Art. 6 para. 1 sentence 1 f) GDPR and in the interests of our business customers, we use service offers from third-party providers in our products for the planning, design and simulation of the systems as follows:

a) Google Maps

We integrate the map service Google Maps. Cookies are set and data such as IP address, browser and device type, operating system, date and time of access and your location data are transmitted to Google. You can prevent access to location data via the settings on your device.

The legal basis is Art. 6 para. 1 sentence 1 f) GDPR. It is our legitimate interest and is also in the interest of our business customers to make our products as user-friendly as possible.

Google Maps is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. You can access Google's privacy policy via the following link https://policies.google.com/privacy?hl=de.

b) Google Solar API

We have integrated an interface to a fee-based image data service from Google into our software. The PV*SOL premium programme enables users to optionally use high-resolution orthophotos and elevation data from the Google Solar API via the interface. In order to use the interface to the Google Solar API, users need a Google Solar API key and must create an account directly with Google. Account registration and the provision of services by Google involves the collection of personal data, which is stored and processed by Google, but not by Valentin Software.

If Google processes data outside the EU, this is done on the basis of an adequacy decision issued by the European Commission in accordance with Art. 45 GDPR or on the basis of standard contractual clauses in accordance with Art. 46 para. 2 c) GDPR, which have been approved by the European Commission. The standard contractual clauses can be found here: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=EN

Google processes personal data in accordance with its privacy policy: https://policies.google.com/privacy?hl=de.

c) OpenStreetMap

Users of our programmes can also use maps from the OpenStreetMap service. OpenStreetMap is offered on the basis of the Open Data Commons Open Database Licence (ODbL) by the OpenStreetMap Foundation (OSMF).

Cookies are used for this purpose. The following information is collected by the cookie: IP address, browser and device type, operating system and date and time of access. This data is transmitted to OSMF servers. If your location is also transmitted, this is only approximately in the form of the country in which you are probably located. You can completely prevent access to location data via the settings on your mobile device. OSMF will only use the data for the technical and security support of the service and in anonymised form for research and other purposes.

Insofar as data is also transmitted to OSMF servers in the United Kingdom, this is done on the basis of an adequacy decision issued by the European Commission in accordance with Art. 45 GDPR.

The legal basis is Art. 6 para. 1 sentence 1 f) GDPR. It is our legitimate interest and is also in the interest of our business customers to make our products as user-friendly as possible.

More information about the OpenStreetMap Foundation, based at St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom, can be found here: https://blog.openstreetmap.org/impressum/?lang=de

You can find OSMF's privacy policy here: https://wiki.osmfoundation.org/wiki/Privacy_Policy

d) Bing Maps

Bing Maps, a map service from Microsoft, is also integrated into our software products. Cookies are set for the geographical display and data such as IP address, browser and device type, operating system, date and time of access and your location data are transmitted to Microsoft. You can prevent access to location data via the settings on your mobile device.

The legal basis is Art. 6 para. 1 sentence 1 f) GDPR. It is in our legitimate interest and also in the interest of our business customers to make our products as user-friendly as possible.

The data is generally stored in the EU. If data is also processed outside the EU, this is done on the basis of an adequacy decision issued by the European Commission in accordance with Art. 45 GDPR or on the basis of standard contractual clauses in accordance with Art. 46 para. 2 c) GDPR, which have been approved by the European Commission. The standard contractual clauses can be found here: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=EN

The privacy policy of Microsoft, Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland can be found at: https://privacy.microsoft.com/de-de/privacystatement

e) Matomo

In our PV*SOL software, we use the Matomo tool, an open source software for web analysis, to collect anonymous usage data for analysis purposes. No personal data is transmitted with the collected data: The IP address is anonymised and no project data that could contain personal data is collected. The legal basis for data processing is Art. 6 para. 1 sentence 1 f) GDPR. Our legitimate interest in data processing follows from the aforementioned purpose.

You can prevent Matomo from collecting your data by switching off data processing when installing the software. After installation, you can object to data processing at any time by making the appropriate setting in the programme options.

You can access Matomo's privacy policy via the following link: https://matomo.org/privacy-policy/

f) Microsoft Azure database

In our GeoT*SOL and PV*SOL software, we use a Microsoft Azure database to collect anonymous usage data. The transmission of this data is voluntary and can be switched off by the user during installation (PV*SOL) or at the first start (GeoT*SOL) and later in the programme at any time via the programme options. No personal data is transmitted with the recorded data: The IP address is anonymised and no project data that could contain personal data is recorded. The database is hosted in a Microsoft data centre in Western Europe. The privacy policy of Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland can be found at: https://privacy.microsoft.com/de-de/privacystatement

g) Additional services: interfaces for climate data
Various climate data is available to our users via an interface. The provider named in each case is solely responsible for data processing when using the services listed below:

i. PVGIS
You can access climate data for Europe, Africa, large parts of Asia and America from PVGIS (Photovoltaic Geographical Information System) of the European Commission, EU Science Hub, free of charge via an interface in our programmes. Under the link Privacy policy | European Commission (europa.eu) you will find further information on data protection.

ii. Solcast
We have integrated an interface into our PV*SOL software for the predominantly fee-based climate data service from Solcast, 32, Halloran St Lilyfield 2040, Sydney, Australia. If you wish to use the Solcast service, you will be asked by the service provider to provide your e-mail address for the purpose of registering and creating an account. You will be redirected to Solcast's online website and will then receive an email from Solcast inviting you to create a password in the API Toolkit account.

The data may be processed in Australia. Further information on data protection can be found here: https://solcast.com/privacy-policy

iii. SolarAnywhere
SolarAnywhere is a fee-based climate data service from the USA that is integrated into our products via an interface. The company Clean Power Research is based at 1541 Third St., Napa, CA 94559. The company states in its privacy policy that it complies with the GDPR standards regarding the rights of data subjects. The privacy policy can be found here: https://www.cleanpower.com/privacy-policy/

iv. NREL
We have integrated an interface for the free climate data offered by the National Renewable Energy Laboratory (NREL), 901 D. Street, S.W. Suite 930, Washington, D.C. into our PV*SOL products. If you wish to use NREL's offer, you will be asked by the service provider to provide your name and e-mail address for the purpose of registration and provision of an API key. When using the offer in the program, you will be directed to the online website of the NREL developer network and will then receive an e-mail from NREL with your API key.

Information on data protection can be found here: Privacy and Security Notices | NREL. Data processed in the USA is subject to the EU-U.S. Data Privacy Framework, an agreement that ensures compliance with the data protection regulations applicable in the EU.

17. Business analyses and market research

If you have given us your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR, we internally analyse the data available to us on business transactions, contracts, enquiries, etc. in order to operate our business economically, identify market trends and the wishes of contractual partners and users. In doing so, we process inventory data, communication data, contract data, payment data, usage data and metadata, whereby the data subjects include contractual partners, interested parties, customers, visitors and users of our online offering.

The analyses are carried out for the purpose of business evaluations. In doing so, we can take into account the profiles of registered users with information, e.g. on the services they have used. The analyses help us to increase user-friendliness, optimise our offering and improve business efficiency.

The analyses are for internal purposes only and are not published unless they are anonymous analyses with summarised values.

If these analyses or profiles are personal, they will be deleted or anonymised upon termination by the user, otherwise after two years from the conclusion of the contract. In addition, the overall business analyses and general trend determinations are created anonymously where possible.

You can revoke your consent at any time by sending us a corresponding message by e-mail.

18. Application procedure

When you apply to us, we process your surname, first name, date of birth, address, e-mail address and telephone number. We also process personal data that you provide to us in your application documents (CV, references, etc.) and in the interview as part of the application process. The data is processed for the purpose of carrying out the application procedure for the selection of suitable applicants and, if suitable, for the establishment of an employment relationship. If you are employed by us after completion of the application process, your data collected during the application process will be stored in your personnel file to the extent necessary for the fulfilment of the employment relationship. Otherwise, the data will be deleted. The legal basis is Art. 6 para. 1 sentence 1 b) GDPR and § 26 para. 1 sentence 1 Federal Data Protection Act.

Insofar as we process special categories of personal data in accordance with Art. 9 para. 1 GDPR (e.g. health data) that you voluntarily provide to us, this processing is carried out in accordance with Art. 9 para. 2 a) GDPR. Insofar as the processing of these special categories of data is necessary in order to exercise or fulfil rights and obligations, for example under labour law, the legal basis is Art. 9 para. 2 b) GDPR.

In the event of rejection, the data will be deleted within six months after you have received our notification of rejection, unless we have your consent to the further use of the data. At your request, the data will be deleted before the end of the application process if you no longer wish to participate in the application process.

19. Social Media

Insofar as the providers listed below process personal data not only in the EU but also outside the EU, this is done on the basis of an adequacy decision issued by the European Commission pursuant to Art. 45 GDPR or on the basis of standard contractual clauses pursuant to Art. 46 (2) c) GDPR, which have been approved by the European Commission. The standard contractual clauses can be found here: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=EN

Data processed in the USA is subject to the EU-U.S. Data Privacy Framework, an agreement that ensures compliance with the data protection regulations applicable in the EU.

a) YouTube

If you have given us your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR, YouTube will be activated, and you can watch embedded YouTube videos on our website.

When the videos are played, data such as the IP address, browser and device type, operating system and time of playback are transmitted to YouTube. In addition, a connection to the DoubleClick advertising network, a subsidiary of Google LLC, is established. Cookies are set to provide you with relevant advertising, to improve campaign performance reports or to prevent you from seeing the same adverts more than once.

We have embedded the videos in extended data protection mode. This means that data transmission only begins when you activate playback of the video by clicking on the video.

You can revoke your consent at any time with effect for the future. Details on revocation can be found above in section 12 of this privacy policy. You can also prevent the storage of cookies by selecting the appropriate settings in your browser software (see section 11 above).

You can also deactivate personalised advertising from Google via the advertising settings. If you deactivate personalised advertising, you will still receive advertisements, but they will no longer be tailored to your interests. You can find instructions for deactivation on the following website: https://support.google.com/accounts/answer/2662922#stop_goog_p13n

Alternatively, you have the option of installing a browser plug-in to deactivate personalised advertising. This sets an opt-out cookie that prevents the DoubleClick cookie and deactivates interest-based advertising. You can download the browser plug-in from the following website: https://support.google.com/ads/answer/7395996?hl=de

YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland. Google is certified under the EU-U.S. Data Privacy Framework. You can access the privacy policy via the following link: https://policies.google.com/privacy?hl=de

b) Facebook, LinkedIn and XING

We have an online presence on Facebook, LinkedIn and XING so that you can also communicate with us via social networks.

If you have given the corresponding permission in your user account in the social network, the operators of the networks use cookies to analyse and measure your behaviour in the social network for advertising and marketing purposes and to display relevant advertising to you in the social network and also on websites outside the network. Data processing is carried out on the basis of an agreement on joint responsibility in accordance with Art. 26 GDPR, which we have concluded with the respective social network.

The legal basis for data processing is your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR. You can revoke your consent at any time with effect for the future by making the appropriate privacy settings in the social network.

Details on data protection can be found in the privacy policy of the respective provider as follows:

Facebook is a service of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. The agreement on joint responsibility pursuant to Art. 26 GDPR with Facebook is available here: https://de-de.facebook.com/legal/terms/page_controller_addendum

Meta Platforms is certified under the EU-U.S. Data Privacy Framework. You can find the privacy policy here: https://de-de.facebook.com/policy.php

LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The agreement on joint responsibility pursuant to Art. 26 GDPR with LinkedIn is available here: https://legal.linkedin.com/pages-joint-controller-addendum

LinkedIn is certified under the EU-U.S. Data Privacy Framework. You can find the privacy policy here: https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_join-form-privacy-policy

You can also object to data processing for advertising purposes by LinkedIn. You can find an opt-out option here: https://www.linkedin.com/help/linkedin/answer/62931/manage-advertising-preferences?lang=de

XING is a service of New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. Details on XING's data protection can be found here: https://www.xing.com/app/share?op=data_protection

c) LinkedIn Insight Tag

Our website uses the "LinkedIn Insight Tag" conversion tracking tool from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The LinkedIn Insight Tag sets a cookie in your browser and enables the collection of the following data, among others: URL, referrer URL, IP address, device and browser properties, timestamp and page events (e.g. page views).

This data is transmitted to LinkedIn servers in encrypted form, even if you are not a member of LinkedIn. If you are logged into your LinkedIn account while visiting our website, LinkedIn can assign the data to your account.

The data is pseudonymised by LinkedIn within seven days. The pseudonymised data will be deleted within 180 days.

Using the LinkedIn Insight Tag, we receive information about the use of our website and about the reach and success of our adverts in the LinkedIn network. LinkedIn does not provide us with any personal data, but with aggregated evaluations to analyse our website target groups and LinkedIn advertising campaigns. In addition, the LinkedIn Insight Tag offers the possibility of retargeting, so that interest-based advertising can be displayed to you on LinkedIn and other websites.

Data processing is carried out on the basis of an agreement on joint responsibility in accordance with Art. 26 GDPR, which we have concluded with LinkedIn.

The legal basis for data processing is your consent in accordance with Art. 6 para. 1 sentence 1 a) GDPR. You can revoke your consent at any time with effect for the future via the settings in our cookie consent banner (see section 12 above). You can also object to data processing for advertising purposes by LinkedIn. You can find an opt-out option here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out?trk=microsites-frontend_legal_cookie-policy

The agreement on joint responsibility pursuant to Art. 26 GDPR with LinkedIn is available here: https://legal.linkedin.com/pages-joint-controller-addendum

You can find out more about the LinkedIn Insight Tag here: https://www.linkedin.com/help/lms/answer/a427661/linkedin-insight-tag-haufig-gestellte-fragen?lang=en-US

LinkedIn is certified under the EU-U.S. Data Privacy Framework. You can find the privacy policy here: https://www.linkedin.com/legal/privacy-policy

20. Links

Insofar as we link to the content of external websites, we are not responsible for data protection on these websites. We can therefore not guarantee that the secure handling of your data guaranteed by us is also guaranteed on the external websites. If you have any questions about data protection, please contact the respective operator.

21. Your rights

You have the right to request information from us at any time about your personal data stored by us (Art. 15 GDPR). This also applies to the recipients or categories of recipients to whom this data is disclosed and the purpose of storage. You also have the right to request rectification under the conditions of Art. 16 GDPR and/or erasure under the conditions of Art. 17 GDPR and/or restriction of processing under the conditions of Art. 18 GDPR. Furthermore, you can request data transfer at any time under the conditions of Art. 20 GDPR.

22. Your right to lodge a complaint with a supervisory authority

In accordance with Art. 77 GDPR, without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.

23. Your right to withdraw consent

If you have given us your consent to the processing of your personal data in accordance with Art. 6 para. 1 sentence 1 a) GDPR, you have the right to withdraw your consent at any time in accordance with Art. 7 para. 3 GDPR. The lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by the revocation.

24. Right of objection

Insofar as we process your personal data to protect our legitimate interests in accordance with Art. 6 para. 1 sentence 1 f) GDPR, you have the right to object to the data processing at any time in accordance with Art. 21 GDPR for reasons arising from your particular situation; this also applies to profiling based on this provision. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

To exercise your right to object, please send an e-mail to: datenschutz@valentin-software.com

25. Provision of personal data

The provision of your personal data is neither legally nor contractually required and you are not obliged to provide us with personal data. If you conclude a contract with us, certain personal data such as your contact details are required for the conclusion of the contract. If you do not provide us with this data, we will not be able to conclude the contract with you.

26. Existence of automated decision-making

We do not use automated decision-making or profiling.

27. Changes to the privacy policy

This privacy policy is currently valid. In view of possible changes to the website and our products and services as well as future changes to legal requirements, it may be necessary to amend our privacy policy from time to time. The current version of the privacy policy can be found on our website under the link "Privacy Policy".

For information, revocations or objections to data processing, please contact:

Valentin Software GmbH
Stralauer Platz 34
10243 Berlin
E-mail: datenschutz@valentin-software.com

Translated with Deepl Advanced
Berlin, November 2024