Data protection information

Data protection is of particular importance to our company. This data protection information provides you with an overview of the processing of your personal data when you visit ALLPLAN Campus. We will inform you about what data we collect from you and how we use it. We also explain your rights under applicable data protection law and tell you who you can contact if you have any questions.

Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.

1. Responsible party for data processing

The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is

ALLPLAN GmbH

Konrad-Zuse-Platz 1

81829 Munich

Germany

E-mail: info (please no spam) @ (please no spam) allplan.com

2. Get in touch with our data protection officer

Please contact our data protection officer at dataprotectionofficer@allplan.com or our postal address by adding “data protection officer”.

3. Legal basis of our data processing

The processing of personal data can be based on various legal bases. If we need your data to fulfill a contract with you or to answer your inquiries regarding a contract, the legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b GDPR. If we obtain your consent for certain data processing, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. We carry out some data processing on the basis of our legitimate interest, whereby a balance is always struck between your interests worthy of protection and our legitimate interests. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. Insofar as processing is necessary to fulfill a legal obligation to which we are subject, the legal basis is Art. 6 para. 1 sentence 1 lit. c GDPR.

Below we explain how we process your personal data when you use ALLPLAN Campus.

Legal basis of our data storage according to the TDDDG:

According to § 25 TDDDG, the storage of information in the end user's terminal equipment or access to information already stored in the terminal equipment is only permitted if the end user has consented on the basis of clear and comprehensive information, i.e. has consented to the data processing.

For the storage of information on your device or access to information that is already stored on your device, we therefore obtain your consent in accordance with Section 25 (1) TDDDG and consequently also process purely technical data only after obtaining your consent.

In our information to you and the obtaining of consent, we comply with the requirements of the TDDDG in accordance with the design requirements of the GDPR.

According to Section 25 (2) TDDDG, consent is not required in exceptional cases,

  • if the sole purpose of storing information in the end user's terminal equipment or the sole purpose of accessing information already stored in the end user's terminal equipment is to carry out the transmission of a message via a public telecommunications network, or
  • if the storage of information in the end user's terminal equipment or access to information already stored in the end user's terminal equipment is absolutely necessary for the provider of a telemedia service to provide a telemedia service expressly requested by the user.
     

4. Processing of personal data when accessing ALLPLAN Campus

ALLPLAN Campus is our education portal for students, pupils and teaching staff, available at https://campus.allplan.com/. We collect the following technical information (log file data) when you use the website for information purposes only by accessing ALLPLAN Campus, i.e. if you do not register:

Data

Purpose of processing

Duration of storage

Operating system used

Evaluation by devices in order to ensure an optimized display of the website

The data are deleted in log files for the purpose of operating the website and to protect against misuse in accordance with our security regulations, as a matter of principle after 30 days.

Information about the type of browser and the version used

Evaluation of the browser used in order to optimize our websites for this purpose

The Internet service provider of the user

Evaluation of the Internet service provider

IP address

Display of the website on the respective device

Date and time of access

Ensuring the proper operation of the website

If necessary, manufacturer and type designation of the smartphone, tablet or other end device

Evaluation of device manufacturers and types of mobile devices for statistical purposes

Name of accessed site

Ensuring the proper operation of the website

Referrer URL (source URL from which you came to the website)

Ensuring the proper operation of the website

The collection of this data is technically necessary in order to display our website to you and to ensure stability and security. We (and our hosting service providers) do not regularly know who is behind an IP address. We do not merge the data listed above with other data.

The legal basis is the legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, as well as § 25 para. 2 no. 2 TDDDG. As part of the balancing of interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, we have considered and weighed up our interest in the provision and your interest in processing your personal data in accordance with data protection regulations. Since the following data is technically necessary for the provision of our service in order to be able to offer you our website and also to ensure stability and security, in particular to offer protection against misuse, we have come to the conclusion that this data - with a state-of-the-art guarantee of data security - must be processed, taking due account of your interest in data protection-compliant processing. If the processing is based on another legal basis (e.g. consent pursuant to Art. 6 para. 1, sentence 1 lit. a GDPR, § 25 para. 1 TDDDG), this will be indicated accordingly.

5. Registration

In order to be able to use ALLPLAN Campus, a one-time prior registration as an authorized user is required. Your registration takes place in our customer service portal "ALLPLAN Connect".  We process your personal data as part of the registration for individual user access and to process orders and payments as well as to process contact and service requests.

We use the so-called double opt-in procedure for registration. This means that after you have entered your e-mail address, we will send you a confirmation e-mail to the e-mail address you have provided, in which we ask you to confirm your registration. If you do not confirm this within 24 hours, your registration will be automatically deleted from the database. Upon confirmation, we will store your data for the storage period specified in the table. The data is also stored for participation in the ALLPLAN Community, which also gives you the opportunity to use our services (Allplan Share, Allplan Exchange, Allplan Connect, Allplan Bimplus, Allplan LEARN NOW) with an account. Once you have registered, you will receive personal, password-protected access and can view and manage the data you have stored.

When you register, we also save the time of registration. The purpose of this procedure is to be able to prove your registration as part of our accountability obligations and, if necessary, to clarify any possible misuse of your personal data. Due to the fulfillment of the accountability obligation, we have a legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in the processing of the data of the double opt-in procedure.

We collect and store the following personal data from you for registration purposes:

Data

Purpose of processing

Legal basis of processing

Duration of storage

Email address and username

Creation of the customer account

Legitimate interest: Article 6(1)(1)(f) GDPR; contract execution: Article 6(1)(1)(b) GDPR

Until the termination of the customer account term

Password

Creation of the customer account

Legitimate interest: Article 6(1)(1)(f) GDPR; contract execution: Article 6(1)(1)(b) GDPR

Until the termination of the customer account term

IP address at registration

Proof of double opt-in

Legitimate interest; Article 6(1)(1)(f) GDPR, § 25 (2) Nr. 2 TDDDG – technical necessity

3 years after termination of customer relationship

Date of registration

Proof of double opt-in

Legitimate interest; Article 6(1)(1)(f) GDPR, § 25 (2) Nr. 2 TDDDG – technical necessity

3 years after termination of customer relationship

IP address at double opt-in

Proof of double opt-in

Legitimate interest; Article 6(1)(1)(f) GDPR, § 25 (2) Nr. 2 TDDDG – technical necessity

3 years after termination of customer relationship

Time of double opt-in verification

Proof of double opt-in

Legitimate interest; Article 6(1)(1)(f) GDPR, § 25 (2) Nr. 2 TDDDG – technical necessity

3 years after termination of customer relationship

Customer number

Assignment in case of already existing contractual relationship

Legitimate interest: Article 6(1)(1)(f) GDPR; contract execution: Article 6(1)(1)(b) GDPR

Until the end of the tax statutory limitation periods (10 years after the end of the contractual relationship)

Salutation

Direct approach within the scope of the contractual relationship

Legitimate interest: Article 6(1)(1)(f) GDPR; contract execution: Article 6(1)(1)(b) GDPR

Until the end of the tax statutory limitation periods (10 years after the end of the contractual relationship)

First name

Direct approach within the scope of the contractual relationship/invoicing

Legitimate interest: Article 6(1)(1)(f) GDPR; contract execution: Article 6(1)(1)(b) GDPR

Until the end of the tax statutory limitation periods (10 years after the end of the contractual relationship)

Family name

Direct approach within the scope of the contractual relationship/invoicing

Legitimate interest: Article 6(1)(1)(f) GDPR; contract execution: Article 6(1)(1)(b) GDPR

Until the end of the tax statutory limitation periods (10 years after the end of the contractual relationship)

Company

Invoicing

Legitimate interest; Article 6(1)(1)(f) GDPR

Until the end of the tax statutory limitation periods (10 years after the end of the contractual relationship)

Telephone

Contract execution 
(customer support)

Legitimate interest: Article 6(1)(1)(f) GDPR; contract execution: Article 6(1)(1)(b) GDPR

After the end of the contractual relationship

Language

Control of language settings

Legitimate interest: Article 6(1)(1)(f) GDPR; contract execution: Article 6(1)(1)(b) GDPR

After the end of the contractual relationship)

Country

Contract conclusion and execution

Legitimate interest: Article 6(1)(1)(f) GDPR; contract execution: Article 6(1)(1)(b) GDPR

Until the end of the tax statutory limitation periods (10 years after the end of the contractual relationship)

Address

Invoicing

Legitimate interest: Article 6(1)(1)(f) GDPR; contract execution: Article 6(1)(1)(b) GDPR

Until the end of the tax statutory limitation periods (10 years after the end of the contractual relationship)

Required personal data is marked as a mandatory field in the respective registration form; any additional information is voluntary.

You can delete your user account at any time. When the account is deleted, all personal data that is not subject to a statutory retention obligation or Article 17 (3) GDPR will be anonymized.

6. Cookies

Our website uses cookies. Cookies are files that are stored on your computer by a website you visit and enable your browser to be reassigned. Cookies are used to transmit information to the site that sets the cookie. Cookies can store various information, such as your language setting, the duration of your visit to our website or the entries you make there. This prevents you from having to re-enter required form data each time you use the website, for example. The information stored in cookies can also be used to recognize preferences and target content according to areas of interest.

There are different types of cookies: Session cookies are data sets that are only temporarily stored in the working memory and are deleted when you close your browser. Permanent or persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. With this type of cookie, the information can also be stored in text files on your computer. However, you can also delete these cookies at any time via your browser settings.

First-party cookies are set by the website you are currently visiting. Only this website may read information from these cookies. Third-party cookies are set by organizations that do not operate the website you are visiting. These cookies are used by marketing companies, for example.

The legal basis for possible processing of personal data using cookies and their storage duration may vary. If you have given us your consent, the legal basis is § 25 para. 1 TDDDG and Art. 6 para. 1 sentence 1 lit. a GDPR. If the data processing is based on our overriding legitimate interests, the legal basis is Section 25 (2) no. 2 TDDDG and Art. 6 (1) sentence 1 lit. f GDPR. The stated purpose then corresponds to our legitimate interest.

We use cookies to ensure the proper operation of the website, to provide basic functionalities, to measure reach and - with your consent - to tailor our services to your preferred areas of interest.

You can delete cookies already stored on your device at any time. If you wish to prevent the storage of cookies, you can do so via the settings in your Internet browser. You can find instructions for common browsers here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile. Alternatively, you can also install so-called ad blockers. Please note that individual functions of our website may not work if you have deactivated the use of cookies.

When accessing our website, all users of our website are also informed about our use of cookies by an info banner from our consent management platform Usercentrics and referred to this privacy policy. As a user, you will also be asked for your consent to the use of certain cookies, in particular those relevant for the personalization of services and for marketing measures. Once you have given your consent, you can revoke it at any time with effect for the future by clicking on the icon (fingerprint) in the bottom left-hand corner of each page to access the cookie management and uncheck the box behind the processing to which you had consented. You can also find more information about the cookies we use in the cookie management.

6.1 Usercentrics

We use the Usercentrics service to manage consents on our website. Usercentrics is a software from Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany.

Usercentrics determines the language used by your browser. A cookie is set to check whether you have already made a selection in our consent tool during a previous visit to our website. This cookie is necessary because it enables the website to recognize whether you have consented to tracking or not. In addition, a log file is created in order to be able to prove that consent has been given. This file contains the IP address in anonymized form, information on the browser used, data on the scope of consent, as well as the date and time of the visit. The legal basis for this can be found in Section 25(2) no. 2 TDDDG and in our legitimate interest pursuant to Art. 6(1) sentence 1(f) GDPR.

The purpose of data processing is the user-friendly and legally compliant design of our website. We want to make it as easy as possible for you to give or withdraw your consent and increase the transparency of data processing using cookies, pixels, tags or similar on our website. Our legitimate interest also lies in the purpose of data processing.

The cookie containing your consent or your refusal to use cookies is stored on your end device for one year. The consent data (consent given and withdrawal of consent) is stored for three years.

Cookies are stored on the user's computer and transmitted from there to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings of your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

6.2 Website analysis

We use various services for the purpose of analyzing and optimizing our websites, which are described below. We use these services to analyze how many users visit our site, which information is most in demand or how users find the offer. We also collect data about the website from which a user came to our website (so-called referrer), which subpages of our website were accessed or how often and for how long a subpage was viewed. This helps us to design our offers in a user-friendly way, to find errors and to improve our offers.

6.2.1 Matomo

We use the open source web analysis software Matomo on our website. The software is operated exclusively from our own servers.

Cookies are used to analyze the use of the website. For this purpose, the usage information recorded in the cookie (including your shortened IP address) is transmitted to our server and stored for usage analysis purposes. Matomo does not transmit any data to servers that are outside our control. Your IP address is immediately anonymized during this process so that you as a user are not identifiable to us. The information collected about your use of this website is not passed on to third parties. We use the data collected for statistical analysis of user behavior for the purpose of optimizing the functionality and stability of the website and for marketing purposes. Our interest in and purpose of data processing lies in the optimization of our website, the adaptation of content and the improvement of our offer. The interests of users are adequately protected by anonymization. We only store the analysis data for as long as the purpose of the data processing requires, but for a maximum of 14 months.

The legal basis for accessing the information is your consent in accordance with Section 25 (1) TDDDG. The legal basis for the data processing described is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. Once you have given your consent, you can withdraw it at any time with effect for the future by changing your selection in the cookie settings (see above, section 5. Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options will then be displayed again.

6.2.2 Google Analytics 4

If you have given your consent, this website also uses Google Analytics 4, a web analytics service provided by Google LLC. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Google Analytics 4 uses cookies to help the website analyze how users use the site. The information collected by the cookies about your use of this website is generally transmitted to a Google server in the USA and stored there.

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your visit to the website, your user behavior is recorded in the form of "events". Events can be

  • Page views
  • First visit to the website
  • Start of the session
  • Your "click path", interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • Clicks on external links
  • Internal search queries
  • Interaction with videos
  • Ads viewed / clicked on


Also recorded:

  • Your approximate location (region)
  • Your IP address (in abbreviated form)
  • Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • your internet provider
  • the referrer URL (via which website/advertising medium you came to this website)
     

On behalf of Allplan, Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

Recipients of the data are/may be

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
     

It cannot be ruled out that US authorities may access the data stored by Google.

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

The data sent by us and linked to cookies is automatically deleted after 14 months. Data that has reached the end of its retention period is automatically deleted once a month.

The legal basis for accessing the information is your consent in accordance with Section 25 (1) TDDDG. The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. Once you have given your consent, you can withdraw it at any time with effect for the future by changing your selection in the tracking settings (see above, under Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options will then be displayed again.

Alternatively, you can prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may limit the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by

  1. not giving your consent to the setting of cookies or
  2. downloading and installing the browser add-on to deactivate Google Analytics here.


You can find more information on the terms of use of Google Analytics and on data protection at Google at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.

6.3 Advertising

We use cookies for marketing purposes in order to target our users with interest-based advertising. In addition, we use cookies to limit the likelihood of an advertisement being displayed and to measure the effectiveness of our advertising measures. This information may also be shared with third parties, such as ad networks. The legal basis for this is Art. 6 para. 1 sentence 1 lit. a GDPR.

6.3.1 HubSpot

This website uses HubSpot for online marketing activities. HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.

This is an integrated software solution that covers various aspects of online marketing. These include email marketing, social media publishing & reporting, contact management, landing pages and contact forms. Cookies are also stored on the device you are using.

Our registration service allows visitors to our website to learn more about our company, download content and provide their contact information and other demographic information. This information and the content of our website are stored on the servers of our software partner HubSpot. It can be used by us to contact visitors to our website and to determine which of our company's services are of interest to them. All information we collect is subject to this privacy policy. We use all information collected exclusively to optimize our marketing measures. You can find HubSpot's privacy policy at https://legal.hubspot.com/privacy-policy.

Insofar as data is processed outside the EU/EEA, we have concluded the standard data protection clauses adopted by the EU Commission in accordance with Art. 46 GDPR with the service provider in order to establish a secure level of data protection, which allow personal data to be transferred to a third country in individual cases.

Further information from HubSpot regarding EU data protection regulations can be found at https://legal.hubspot.com/data-privacy

You can find more information about the cookies used by HubSpot here https://knowledge.hubspot.com/account/hubspot-cookie-security-and-privacy and here https://knowledge.hubspot.com/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser.

The legal basis for accessing the information is your consent in accordance with Section 25 (1) TDDDG. The legal basis for the data processing described is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. Once you have given your consent, you can withdraw it at any time with effect for the future by changing your selection in the cookie settings (see above, section 5. Cookies). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options will then be displayed again.

You can unsubscribe from emails sent by HubSpot via a link in the respective email.

6.3.2 Google Dynamic Remarketing

We use the marketing and remarketing services ("Google Marketing Services" for short) of the provider Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, to optimize and operate our online offer economically. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Google marketing services allow us to display advertisements for our website in a more targeted manner in order to present you only with advertisements that potentially match your interests. For these purposes, when you visit our website, Google immediately executes a code from Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on your device (comparable technologies can also be used instead of cookies). This file records which websites you have visited, which content you are interested in and which offers you have clicked on, as well as technical information on the browser and operating system, referring websites, time of visit and other information on the use of the online offer. Your IP address is also recorded. The IP address is not merged with your data within other Google offers. Google may also combine the aforementioned information with information from other sources. If you subsequently visit other websites, you may be shown ads tailored to your interests.

We process your data pseudonymously as part of Google marketing services. This means that Google does not store and process your name or e-mail address, for example, but processes the relevant data in relation to cookies within pseudonymous user profiles. The information collected by Google marketing services about users is transmitted to Google and stored on Google's servers in the USA.

Insofar as data is processed outside the EEA, where there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish a secure level of data protection.

The log data is deleted or anonymized after 9 months, and the cookie information is anonymized after 18 months.

Further information on the use of data for marketing purposes by Google can be found on the overview page https://www.google.com/policies/technologies/ads, Google's privacy policy is available at https://www.google.com/policies/privacy.

The legal basis for accessing the information is your consent in accordance with Section 25 (1) TDDDG. The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. If you do not want Google Remarketing to collect and process the aforementioned data, you can refuse your consent or revoke it at any time with effect for the future.

7. YouTube (extended data protection mode)

We use services from YouTube, LLC 901 Cherry Ave, 94066 San Bruno, CA, USA, a company of Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website.

When you access a page in which a YouTube video is embedded, a connection to the YouTube servers is usually established and the content is displayed on the website by notifying your browser.  By using our consent management tool (Usercentrics), this is prevented if you have not consented to data processing with regard to YouTube. Due to the integration of YouTube, no data is transferred without your consent.

We also use the extended data protection option provided by YouTube to protect your personal data. However, according to YouTube, data is only transmitted to the YouTube server in "extended data protection mode" when you actively start the video. If you are logged in to YouTube at this time, the information about the videos you have watched will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website. Further information on data protection from YouTube is provided by Google at the following link https://www.google.de/intl/de/policies/privacy/.

By activating this in the cookie settings, you consent to YouTube receiving data from your use of the website, which may also be used to analyze your usage behavior for market research and marketing purposes.

The legal basis for the described data processing is therefore your consent, Art. 6 para. 1 sentence 1 lit. a GDPR. Once you have given your consent, you can withdraw it at any time with effect for the future by changing your selection in the cookie settings (see section 5. Cookies above). Alternatively, you can delete your cookies (all or only from this website). The banner with the selection options will then be displayed again. If you do not agree or revoke your consent, the use will be prevented for you.

8. Google Tag Manager

For reasons of transparency, we would like to point out that we use the Google Tag Manager of the provider Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager itself does not collect any personal data. Google Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements that are used, among other things, to measure traffic and visitor behaviour, record the impact of online advertising and social channels, set up remarketing and targeting and test and optimize websites. We use the Tag Manager for the Google Analytics service. If you have made a deactivation, this deactivation will be taken into account by Google Tag Manager. For more information on Google Tag Manager, see https://www.google.com/intl/de/tagmanager/use-policy.html.

9. Social bookmarks

Social bookmarks from the following providers are integrated on our website:

  • Facebook (operator: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland)
  • LinkedIn (operator: LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA, 94085-2810 USA)
  • Instagram (Operator: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland)
  • YouTube (operator: Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043)

Social bookmarks are Internet bookmarks with which the users of such a service can collect links and news items. These are only integrated on our website as links to the corresponding services. After clicking on the embedded graphic, you will be redirected to the page of the respective provider, i.e. only then will user information be transmitted to the respective provider. For information on the handling of your personal data when using these websites, please refer to the respective privacy policies of the providers.

10. Storage period

We store your personal data for as long as is necessary to fulfill our legal and contractual obligations in connection with the use of ALLPLAN Campus.

After the end of the term of a contract, we usually delete your data after 10 years due to the fulfillment of commercial and tax retention obligations (in particular retention periods from the German Commercial Code (HGB) or the German Fiscal Code (AO). In individual cases, it may be necessary to retain data for up to 30 years in order to preserve evidence within the framework of the statute of limitations provisions of the German Civil Code (BGB).

11. Forwarding of data

We do not transfer your personal data to third parties for purposes other than those listed. We only pass on your personal data to third parties if:

  • you have given your express consent to this,
  • the disclosure is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
  • there is a legal obligation for the disclosure, as well as this is legally permissible and necessary for the initiation of contracts or the processing of contractual relationships with you.
     

In these cases, however, the scope of the transmitted data is limited to the necessary minimum. Insofar as our service providers come into contact with your personal data, we ensure that they comply with the provisions of the data protection laws in the same way as part of order processing in accordance with Art. 28 GDPR. Please also note the respective data protection notices of the providers. The respective service provider is responsible for the content of external services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness.

12. Data transfer to third countries

We attach great importance to processing your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In these cases, we ensure that an adequate level of data protection is established at the recipient before your personal data is transferred. This means that a level of data protection comparable to the standards within the EU is achieved via EU standard contracts (EU standard contractual clauses) and by agreeing any other necessary measures or an adequacy decision by the European Commission.

If data is transferred outside the European Union, the high European level of data protection does not generally apply. In the case of a transfer, it may be that there is currently no adequacy decision by the EU Commission within the meaning of Art. 45 para. 1, 3 GDPR. This means that the EU Commission has not yet positively determined that the country-specific level of data protection corresponds to the level of data protection in the European Union on the basis of the GDPR, which is why we have created the aforementioned suitable guarantees.

Possible risks that cannot be completely ruled out in connection with the transfer of data are in particular:

  • Your personal data could possibly be processed beyond the actual purpose.
  • There is also the possibility that you may not be able to assert and enforce your rights under data protection law, such as your right to access, rectification, erasure or data portability.
  • There may also be a higher probability that incorrect data processing may occur and that the protection of personal data does not fully meet the requirements of the GDPR in terms of quantity and quality.


13. Data security

At ALLPLAN, your personal data is transmitted securely using encryption. This applies to all form processes (e.g. registration, login, order). ALLPLAN uses the SSL/TLS (Secure Socket Layer/Transport Layer Security) coding system. Nobody can guarantee absolute protection. However, ALLPLAN secures its website and other systems through technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.

14. Your rights

You have the following rights vis-à-vis us with regard to your personal data:

14.1 General rights

You have the right to information, rectification, erasure, restriction of processing, objection to processing and data portability. If processing is based on your consent, you have the right to withdraw this consent from us with effect for the future.

To exercise your rights, please contact us by e-mail at dataprotectionofficer@allplan.com or by post at ALLPLAN GmbH, Konrad-Zuse-Platz 1, 81829 Munich, Germany. The exercise of your rights described in this section is free of charge for you.

14.2 Rights in data processing based on legitimate interest

In accordance with Art. 21 para. 1 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 e GDPR (data processing in the public interest) or on Art. 6 para. 1 f GDPR (data processing to protect a legitimate interest); this also applies to profiling based on this provision. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

14.3 Right to lodge a complaint with a supervisory authority

Without prejudice to these rights and the possibility of seeking any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority at any time, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes data protection regulations (Art. 77 GDPR).

15. Links to other websites

Our websites may contain links to websites of other providers. We would like to point out that this information on data protection applies exclusively to the website https://campus.allplan.com/. We have no influence on and do not check that other providers comply with the applicable data protection regulations.

16. Changes to the data protection information

We reserve the right to change or adapt this privacy policy at any time in compliance with the applicable data protection regulations.

Status: 01.05.2024