Search

Privacy Policy

This Privacy Policy informs you about the processing of your personal data by disy Informationssysteme GmbH (Disy) and the rights available to you under applicable data protection law.
 

1. Who is responsible for data processing and how can I reach the Data Protection Officer?

The controller within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR) is:

disy Informationssysteme GmbH

Data Protection Officer: Thomas Reimann

Address: c/o beratergruppe:Leistungen PartGmbB, Rüppurrer Str. 4, 76137 Karlsruhe

Email: datenschutz@leistungen.de

You can reach our Data Protection Officer using the contact details above.
 

2. For what purposes and on what legal basis is data processed?

We process your personal data in compliance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG), and all other applicable legislation.

Data is processed for the following purposes:

  • to provide and maintain the technical operation of our website,
  • to ensure IT security,
  • to analyse and optimise our online services,
  • and — where you have given your consent — for marketing and tracking purposes (e.g. through the use of Google Analytics or HubSpot).

General browsing of the website
When you use our website solely for informational purposes — i.e. without registering or otherwise submitting information to us — we collect only the personal data that your browser automatically transmits. This includes:

  • IP address
  • Date and time of the request
  • Time zone difference relative to Greenwich Mean Time (GMT)
  • Content of the request (specific page accessed)
  • Access status / HTTP status code
  • Volume of data transferred
  • Website from which the request originated (referrer)
  • Browser type
  • Operating system and its interface
  • Language and version of the browser software

This data is stored in log files in order to ensure the functionality of the website, to maintain the security of our IT systems, and for technical optimisation of our services.

Use of analytics and marketing tools
If you give your consent, we additionally use analytics and marketing tools (e.g. Google Analytics and HubSpot). In doing so, further personal data may be processed, including in particular usage data, pseudonymous identifiers, and information about your browsing behaviour. Further details can be found in the corresponding sections of this Privacy Policy.

Legal bases
The processing of personal data is based on:

  • Art. 6(1)(f) GDPR — to protect our legitimate interests (e.g. operation and security of the website),
  • Art. 6(1)(a) GDPR — based on your consent (e.g. for tracking and marketing measures),
  • Art. 6(1)(b) GDPR — for the performance of a contract or pre-contractual steps,
  • Art. 6(1)(c) GDPR — for compliance with a legal obligation,
  • and where applicable, Art. 6(1)(d) GDPR — to protect vital interests.

Personal data may be transferred to IT service providers and providers of analytics and marketing tools engaged by us, to the extent necessary for the respective purposes.
 

3. Data security

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data against risks during data transmission and against unauthorised access by third parties. These measures are continuously updated in line with the current state of the art.
 

4. Disy News (Newsletter)

With your consent, you may subscribe to our news mailings, through which we keep you regularly informed about our topics — including events, training courses, product and service updates, customer stories, and general company news — in the form of regular newsletters or occasion-specific mailings.

For newsletter sign-ups, we use the so-called double opt-in procedure. This means that after you enter your email address, we send a confirmation email asking you to confirm that you wish to receive the newsletter. Unconfirmed registrations are deleted no later than two working days. Once you confirm your wish to receive our news mailings, we store your email address and any other data you have provided, solely for the purpose of sending you the newsletter. We also store your IP addresses and the timestamps at the time of registration and confirmation, to prevent misuse of your personal data.

The only mandatory field for receiving the news is your email address. Additional fields, clearly marked as optional, are used to personalise or segment the news mailings.

To enable performance analysis, the emails we send contain so-called web beacons (also known as tracking pixels). These are single-pixel image files that allow us to evaluate your user behaviour. This is done by recording the data mentioned above, with web beacons linked to your email address and associated with a unique ID. Links contained in news emails also carry this ID.

We use your data exclusively for sending news mailings and, in aggregated form, for statistical analysis of usage behaviour (click rate, open rate, email client type, frequency of link clicks). This serves to improve the quality of our offering. No conclusions are drawn about the behaviour of individual users.

You may withdraw your consent to receive news mailings at any time. You can do so by clicking the unsubscribe link provided in every news email, by emailing disy-news@disy.net, or by writing to the contact details provided in our legal notice (Impressum). Your data will only be shared with the service used to send the newsletter.

The legal basis for processing data following a news subscription is the user's consent pursuant to Art. 6(1)(a) GDPR. Once the data is no longer required for the purpose for which it was collected, it will be deleted from the subscriber database. Accordingly, subscriber data is stored only for the duration of the active subscription.
 

5. Moosend

We use Moosend as our newsletter sending software. Your data is transmitted to Moosend Ltd. Moosend is prohibited from selling your data or using it for any purpose other than sending our news mailings. Moosend is a European, certified provider selected in accordance with the requirements of the GDPR. Further information is available at www.moosend.com/trust, which also contains a more detailed explanation of the tracking functionality.

The Moosend software used by Disy includes its own tracking system, which measures how many recipients opened a given newsletter and how many clicked on individual links.

Moosend embeds a small image (approximately 1 x 1 pixel) in each email. Once this image is displayed when a recipient opens the email — and thus retrieved from a server — it becomes possible to record that and when the image was accessed. This information is stored and aggregated to generate a unique open rate.

Each individual click on a link is recorded and stored, enabling click rate measurement. This is achieved by rewriting every link in the news email as a unique URL. These URLs (also referred to as 'tracking domains') belong to Moosend and follow the naming pattern n2g01.com, n2g02.com, n2g03.com, etc.

This information is anonymised and aggregated, so that figures are available but cannot be attributed to individual persons. The information is used to evaluate newsletter usage, compile reports on recipient activity, tailor the news to user needs, and provide relevant content.

Additional note for our newsletter to former students: In addition to name and email address, we also process the name of the recipient's LinkedIn profile. The purpose of this data processing is to inform recipients about events, job postings, product and service news, and general updates about Disy Informationssysteme GmbH. The legal basis is the user's consent pursuant to Art. 6(1)(a) GDPR.
 

6. Contact via email

You may contact us via the email address provided on our website, in which case the personal data transmitted with your email will be stored by us.

Where the user has given consent, the legal basis for processing is Art. 6(1)(a) GDPR. Where the purpose of the email contact is to conclude a contract, the legal basis is Art. 6(1)(b) GDPR.

Personal data collected in this context will be deleted upon request. Please note that further communication will then no longer be possible, as all personal data stored in connection with the contact will be deleted in such a case.
 

7. Matomo

This website uses the web analytics service Matomo (formerly: Piwik) to analyse user visits. No cookies are used for tracking.

When you access individual pages of our website, the following data is processed:

1. Two bytes of the IP address of the user's accessing system
2. The webpage accessed
3. The website from which the user navigated to the accessed page (referrer)
4. The subpages accessed from the visited page
5. Time spent on the webpage
6. Frequency of page visits
7. User interactions with content blocks (e.g. forms), but not their content
8. Date and time
9. Primary language of the browser
10. Browser user agent
11. Screen resolution
12. Files downloaded from the webpage

The analytics software runs exclusively on our own website servers. Personal data is processed solely there and is not transmitted to third parties. If you have activated the 'Do Not Track' setting in your web browser, Matomo respects and honours this. The software is configured to process IP addresses in truncated form only — 2 bytes of the IP address are masked (e.g. 192.168.xxx.xxx), making it impossible to associate the truncated IP address with the accessing device or your location. Tracking is performed via JavaScript. If you do not wish this, you must disable JavaScript execution using a so-called No-Script plug-in. Further information is available on the website of your web browser provider.

The legal basis for processing users' personal data is Art. 6(1)(1)(f) GDPR. Processing users' personal data enables us to analyse browsing behaviour on our website. By evaluating the data obtained, we are able to compile information on the use of individual components of our website, which helps us to continuously improve the website and its usability. This also constitutes our legitimate interest in processing the data pursuant to Art. 6(1)(1)(f) GDPR. The anonymisation of IP addresses adequately addresses users' interest in the protection of their personal data.

Data is deleted once it is no longer needed for our recording purposes, which is the case after 180 days.

Further information on the privacy settings of the Matomo software is available at: https://matomo.org/docs/privacy/
 

8. Google Analytics and Google Tag Manager

Google Analytics (GA4)
We use Google Analytics on our website, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ('Google').

Google Analytics enables us to analyse visitor behaviour on our website and evaluate the use of our online services. For this purpose, pseudonymous usage profiles are created and cookies are used. The information generated by cookies about your use of this website typically includes:

  • Pages visited and interactions
  • Time spent and time of access
  • Origin of visitors (e.g. via campaigns, search engines, or referral links)
  • Technical information about browser and device
  • Approximate location data (based on truncated IP addresses)

Users' IP addresses are truncated by default (IP anonymisation), thus excluding any direct personal identification.

We also use Google Analytics to evaluate marketing campaigns, enabling us to determine which channels bring users to our website and which content is most relevant.

Data processing takes place exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR, which you may grant via our cookie banner. Consent may be withdrawn at any time.

The use of Google Analytics may involve the transfer of data to servers of Google LLC in the USA. In such cases, Google has concluded Standard Contractual Clauses pursuant to Art. 46 GDPR to ensure an adequate level of data protection.

Further information on data protection at Google is available at: https://policies.google.com/privacy

You can prevent your data from being collected by Google Analytics by adjusting your cookie settings accordingly or by installing the following browser plug-in: https://tools.google.com/dlpage/gaoptout

Google Tag Manager
We use Google Tag Manager, a service provided by Google Ireland Limited. Google Tag Manager allows website tags to be centrally managed and other services to be integrated into our website. Google Tag Manager itself does not process any personal data and does not set cookies. It merely triggers other tags that may in turn collect data.
 

9. Embedding of YouTube Videos

We have embedded YouTube videos in our online offering. These videos are hosted on www.YouTube.com and can be played directly from our website. All videos are embedded using the 'extended data protection mode', meaning that no data about you as a user is transmitted to YouTube if you do not play the videos. Data as described in Section 2 above is only transmitted when you start playback. We have no influence over this data transmission.

By visiting our website, YouTube receives information that you have accessed the relevant subpage of our website. The data referred to in Section 2 of this Privacy Policy is also transmitted. This occurs regardless of whether the third-party provider maintains a user account through which you are logged in, or whether no such account exists. If you are logged in to Google, your data will be associated directly with your account. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the relevant button.

YouTube stores this data as usage profiles and uses it for the purposes of advertising, market research, and/or the needs-based design of its website. Such evaluation takes place in particular (even for non-logged-in users) to provide targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of such usage profiles; to exercise this right, you must contact YouTube directly.

The legal basis for processing users' personal data is Art. 6(1)(f) GDPR. Via plug-ins, we offer you the ability to interact with social networks and other users, enabling us to improve our offering and make it more interesting for you as a user.

Third-party provider information: YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. Privacy policy: https://policies.google.com/technologies/product-privacy and https://www.google.com/intl/en/policies/privacy. Google also processes your personal data in the USA.
 

10. LinkedIn

We use LinkedIn as a social network to maintain contact and communicate with various groups of people. The responsible party for the processing of personal user data on LinkedIn's websites is generally LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

When you visit our LinkedIn pages, LinkedIn processes certain information about you, even if you do not have a LinkedIn user account or are not logged in to LinkedIn. LinkedIn informs you in its Privacy Policy at www.linkedin.com/legal/privacy-policy about how LinkedIn processes your data. As the operator of our LinkedIn page, we can view your public LinkedIn profile. What we can see depends on your profile settings. If you contact us via our LinkedIn page, we process your name and the content of your messages, enquiries, or other contributions to us, for the purpose of processing and, where appropriate, responding to them. Depending on the nature of your enquiry, we process your personal data on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR, or on the basis of Art. 6(1)(b) GDPR where your enquiry is aimed at concluding a contract with us.

LinkedIn provides us with so-called Page Analytics data. This data consists of anonymised statistics that enable us to evaluate the quality of our LinkedIn page and its content. LinkedIn collects usage data about your interactions with our LinkedIn page and generates statistics from this. We do not have access to the underlying usage data. With respect to the processing of Page Analytics data, there is a relationship of joint controllership, governed by the agreement available at https://legal.linkedin.com/pages-joint-controller-addendum. Under this agreement, LinkedIn undertakes to assume responsibility for this processing and to fulfil the rights of data subjects under the GDPR. The legal basis for this data processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR, to better understand how users interact with our LinkedIn page (e.g. number of followers, page views, user statistics by age, geography and language) and to tailor and improve the page accordingly. We store your personal data on our own systems — outside of LinkedIn — only to the extent and for as long as required for the purposes of collection, or as required by statutory retention obligations.

It is possible that LinkedIn Ireland Unlimited Company transfers some of the data collected to other LinkedIn entities located outside the European Union, such as LinkedIn Corporation and its US subsidiaries ('LinkedIn') based in the USA. To ensure an adequate level of data protection, LinkedIn bases such transfers on the Standard Contractual Clauses of the European Commission. In addition, as of February 2024, LinkedIn Corporation is an active participant in the EU-U.S. Data Privacy Framework.

If you wish to exercise your rights as a data subject vis-a-vis LinkedIn, please contact LinkedIn directly via the contact form accessible through the link provided above. In other matters, please use the contact details set out at the beginning of this Privacy Policy.
 

11. HubSpot

We use HubSpot, a service provided by HubSpot Inc. (25 First Street, Cambridge, MA 02141, USA), for customer relationship management (CRM), for creating and hosting landing pages and forms, and for sending email communications (e.g. newsletters and marketing emails).

In connection with the use of HubSpot, personal data may be collected (e.g. name, email address, usage data, IP address). This information is stored on servers operated by our software partner HubSpot and may be used by us to communicate with website visitors and to determine which of our services may be of interest to them. All information we collect is subject to this Privacy Policy. We use all collected information to optimise our marketing, sales, and communication processes.

HubSpot is a US software company with an office in Ireland. Data transfers to HubSpot (30 North Wall Quay, Dublin 1, Ireland) are safeguarded on the basis of the EU-U.S. Data Privacy Framework and the Standard Contractual Clauses approved by the European Commission.

Depending on the nature of the use, processing takes place on the basis of Art. 6(1)(a) GDPR (consent) or Art. 6(1)(f) GDPR (legitimate interest in efficient marketing and customer communication). Where consent is obtained (e.g. via a form), it may be withdrawn at any time with effect for the future.

Further information on data protection at HubSpot is available at: https://legal.hubspot.com/privacy-policy
 

12. Webinars

Disy offers webinars. Participation is governed by the Disy Webinar Terms and Conditions of Participation, which you can find here.

12.1 Personal data
To enable your participation in and the delivery of webinars, we process personal data. This includes in particular:

  • First and last name
  • Email address
  • Additional data, such as details of your company or institution and professional contact information, which may be provided voluntarily.

12.2 Purposes of processing your personal data
We require your personal data to send you the access credentials for the webinar and to identify you. We also need it to send you the webinar materials by email after the event.

Furthermore, by registering, you have consented to being included in our Disy mailing list for future updates on webinars and other events. You may withdraw this consent at any time, for example via the link at the bottom of the email. Your email address will not be added to our newsletter distribution list unless you have separately given your consent for this.

12.3 Webinar service: ClickMeeting
To conduct live webinars over the internet, we use ClickMeeting software. ClickMeeting is responsible for providing the service and the associated data processing. Your registration data (company, first name, last name, email address) is therefore transmitted to ClickMeeting for the purpose of conducting the webinar. To protect your data against unauthorised disclosure, we have concluded a Data Processing Agreement (Auftragsverarbeitungsvertrag, AVV) with ClickMeeting in accordance with the GDPR.

Upon registration and participation in a webinar, the following data is collected and stored at ClickMeeting: email address, first name, last name, company, date and time of registration, browser and system data, IP address, language, time zone. In addition, any data you provide in the chat, as well as usage data arising from registration and participation in the webinar, may also be processed.

Webinar content transmitted during the session is recorded and stored within the ClickMeeting platform. The following data may be stored in total:

  • Audio and/or video of the presenter
  • Audio and/or video of participants
  • Chat

Information shared by participants via the chat function is neither recorded nor stored. Further information about ClickMeeting is available at: https://knowledge.clickmeeting.com/privacy-security/

12.4 Disy mailings
Disy mailings are sent using the mailing service provider Moosend. We refer in this regard to Section 5 of this Privacy Policy.

12.5 Legal bases for data processing
We process your personal data for the performance of our contractual obligations — in order to conduct the webinar and subsequently send you the webinar materials as contractually agreed. The legal basis for this is Art. 6(1)(b) GDPR. Since you have given your consent, in exchange for participation in the webinar, to being added to our Disy mailing list, the sending of mailing emails is based on Art. 6(1)(a) GDPR. Where a webinar is recorded, we obtain your prior consent for this. In such cases, the legal basis is likewise Art. 6(1)(a) GDPR.

12.6 Retention period
Data is deleted once the purpose of processing has been fulfilled or can no longer be fulfilled, with the precise timing to be determined on a case-by-case basis. Where data processing is based on your consent, data will be deleted or blocked for further processing as soon as you withdraw your consent.
 

13. Learning modules

Disy offers the use of learning modules.

13.1 Personal data
To enable your use of the learning modules, we process personal data. This includes in particular:

  • First and last name
  • Email address
  • Additional data, such as details of your company or institution and professional contact information, which may be provided voluntarily.

13.2 Purposes of processing your personal data
We require your personal data to grant you access to the learning modules and to identify you.

Furthermore, by registering, you have consented to us informing you in the future via our Disy mailing list about webinars, other events, product and service news, and general updates about Disy Informationssysteme GmbH. You may withdraw your consent at any time.
 

14. Embedding of Google Maps

This website uses Google Maps. This allows us to display interactive maps directly on the website and enables you to make convenient use of the map feature.

By visiting our website, Google receives information that you have accessed the relevant subpage of our website (including your IP address). This occurs regardless of whether Google maintains a user account through which you are logged in, or whether no such account exists. If you are logged in to Google, your data will be associated directly with your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the relevant button.

Google stores this data as usage profiles and uses it for the purposes of advertising, market research, and/or the needs-based design of its website. Such evaluation takes place in particular (even for non-logged-in users) to provide targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of such usage profiles; to exercise this right, you must contact Google directly.

Third-party provider information: Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. Privacy policy: https://www.google.com/intl/en/policies/privacy. Google also processes your personal data in the USA.
 

15. What data subject rights can I exercise?

Subject to any applicable professional or statutory restrictions, you have the right:

  • pursuant to Art. 7(3) GDPR, to withdraw any consent you have given to us at any time. This means that we may no longer continue the data processing that was based on that consent going forward;
  • pursuant to Art. 15 GDPR, to request access to your personal data processed by us at any time. In particular, you may request information on the purposes of processing, the categories of personal data concerned, the sources and categories of recipients to whom your data has been or will be disclosed, the intended retention period, the existence of a right to rectification, erasure, restriction of processing or objection, the right to lodge a complaint, the origin of your data where it was not collected directly from you, and the existence of any automated decision-making including profiling and, where applicable, meaningful information about the logic involved;
  • pursuant to Art. 16 GDPR, to request the immediate rectification of inaccurate personal data or completion of incomplete personal data stored by us;
  • pursuant to Art. 17 GDPR, to request the erasure of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defence of legal claims;
  • pursuant to Art. 18 GDPR, to request restriction of the processing of your personal data where you contest the accuracy of the data, the processing is unlawful but you oppose erasure, we no longer need the data but you require it for the establishment, exercise, or defence of legal claims, or you have objected to processing pursuant to Art. 21 GDPR;
  • pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request that it be transmitted to another controller; and
  • pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a general rule, you may contact the supervisory authority of your habitual place of residence, your place of work, or our registered office.

Please address all information requests, access requests, or objections to data processing by email to datenschutz@disy.net or to the address stated in our legal notice (Impressum).
 

16. Children

We do not collect personal information from minors. In the event of inadvertent collection, we will delete such information without delay.
 

17. Can I object to the processing of my personal data?

You have the right to object, at any time and without stating reasons, to the processing of your personal data for the purposes of direct marketing. Where we process your data to protect our legitimate interests, you may object to such processing on grounds relating to your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless the processing serves the establishment, exercise, or defence of legal claims.

The collection and storage of data in log files is strictly necessary to make the website available to users and to ensure its operation. Accordingly, the user has no right to object to this processing.

Where log files are stored, they are deleted no later than fourteen days thereafter. No further processing takes place.
 

18. Do I have the right to lodge a complaint?

If you believe that the processing of your personal data by us is unlawful or otherwise in breach of data protection law, you may lodge a complaint with the supervisory authority responsible for us:

Der Landesbeauftragte fur den Datenschutz und die Informationsfreiheit Baden-Württemberg

(The State Commissioner for Data Protection and Freedom of Information, Baden-Württemberg)

Königstrasse 10a, 70173 Stuttgart, Germany