Data privacy notices

We, EPLAN GmbH & Co KG (“Eplan”), are pleased to welcome you to our website. The protection of your personal data during its processing is important to us. Here we disclose your personal data is processed when you visit our website.

A. Controller

Responsible for the processing of personal data on this website is:

EPLAN GmbH & Co. KG

An der alten Ziegelei 2
40789 Monheim am Rhein

B. Individual processing activities

Below you will find information on the processing of personal data on our website.

1. User account

Data processing: If you voluntarily set up a user account for our website, we process your name, your private or business address and your private or business email address. We also store your industry, position, institution, specialist field and registration number.

Purpose: The user account is used to give our customers or your companies access to our applications.

Legal basis: The legal basis for the processing of your data is Article 6(1) 1b) GDPR. Eplan processes the data to fulfill the user contract with the respective user which is concluded when the user accepts the terms of use.

Data recipient: The internal recipients of your data are all departments involved in the provision of the applications. The external recipients are dependent upon the respectively used applications. For the Eplan Cloud, for example, this is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Park, Dublin 24, Ireland; HubSpot Inc., 2nd Floor 30 North Wall Quay, Dublin 1, Ireland; Twilio Ireland Limited, 70 Sir John Rogerson’s Quay, Dublin 2, D02 R296, Ireland; Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Salesforce Inc., Salesforce Tower 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA.

Transfer to third countries: The data we collect is stored on the servers of our contractors stated above, some of which are located in the USA. To protect your data and to comply with the applicable data protection regulations, we have concluded order processing contracts with the service providers. Further information about how data is processed by our service providers can be found here: https://www.twilio.com/en-us/legal/privacy.

Duration of the processing: We process your data until you delete your user account or have it deleted. Please note that in the case of subscriptions, we must store the relevant personal data for 10 years even after termination of the subscription.

2. Communication

Data processing: If you have any questions about our services or products, you can reach us using the contact form, by phone or by email. If you enter your data in the contact form, we will ask you for your company affiliation, title, request, surname, first name, zip code, city, business email address, business telephone number, department, Eplan solutions, position, and the country in which your company has its headquarters. We may process personal data that you leave in your message to us. If you call us, we will generally process your surname and first name and usually also the aforementioned data if this is necessary to respond to your concerns. If you send us an email, we will process your email address, which usually contains your surname and first name and your company affiliation, as well as any other information that you provide to us in the course of further correspondence.

Purpose: We process this data to process your query.

Legal basis: If you contact us with matters regarding a product or service that your company has already purchased from us, we will process your data on the basis of our legitimate interest in helping our customers with customer support (Article 6(1) sentence 1f) GDPR). If you are contacting us for the first time because your company is interested in our products, we will process your data based on your consent, cf. Article 6(1) sentence 1a) GDPR. You can revoke your consent to the storage and processing of your data at any time by sending an email to privacy@eplan.de requesting us to delete the data. If a contract is initiated between us and your company or if the contract is concluded, we process the data on the basis of our legitimate interest in using the contact details of employees of our contractual partners to initiate a contract.

Data recipient: Internal recipients are, dependent upon the subject of your point of contact, e.g., our sales department or our customer support, our internal consulting department or training management, if their input is required to answer your concerns. The external data recipient is HubSpot Inc., 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. To protect your data and to comply with the applicable data protection regulations, we have concluded an order processing contract with HubSpot.

Transfer to third countries: The data may also be processed outside the EU by HubSpot Inc. in the USA. Information about how data is processed at HubSpot can be found here: https://legal.hubspot.com/privacy-policy.

Duration of the processing: If you contact us voluntarily for the first time, we will delete your contact details after six months or as soon as you ask us to do so. With regard to support requests during ongoing business relationships, we store the data for the duration of our business relationship.

3. Server log files

Data processing: Server log files (temporary access data) are collected every time you visit our website. This data is required for the technical provision and ensuring the functionality of our website. The data that is processed includes: your operating system, requesting access provider, your IP address used, time of page view, amount of data sent in bytes, the referring website and your browser. This data is automatically sent to the server hosting our website by the browser being used on your end device.

Purpose: The purpose of the processing is to ensure trouble-free operation and the technical provision of the website.

Legal basis: The legal basis for the processing of server data is Article 6(1) sentence 1f) GDPR. Our legitimate interest lies in ensuring the trouble-free operation of the website.

Data recipient: We are the internal recipient of the data. External recipients are our host providers. To protect your data and to comply with the applicable data protection regulations, we have concluded an order processing contract with the host providers.

Transfer to third countries: The data is not transferred to a third country.

Duration of the processing: Server log files are regularly deleted after 28 days at the latest.

4. Newsletter

Data processing: If you would like to receive one of our newsletters, we need a valid email address from you. We then carry out the so-called double opt-in procedure, i.e., we send an email to the given email address and ask the recipient to confirm the registration. When you register, in addition to your IP address and the date and time of registration, we store the personal data that you provide to us in the registration form, e.g., first and last name, title and company affiliation. No other data is collected.

Purpose: The purpose of the data processing is to send you the newsletter and as proof of your consent to prevent misuse.

Legal basis: The legal basis for processing the data is your consent in accordance with Article 6(1) sentence 1a) GDPR. You can revoke at any time your consent to the storage of your data, your email address and its use for sending the newsletter. The revocation can be sent via a link in the newsletters or by sending an email to privacy@eplan.de.

Data recipient: The internal recipient of the data is our marketing department. The external data recipient is HubSpot Inc., 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. To protect your data and to comply with the applicable data protection regulations, we have concluded an order processing contract with HubSpot.

Duration of the processing: We store the data until you revoke your consent and unsubscribe from the newsletter.

5. Cookies

We use cookies and similar technologies to recognize the preferences of the users of our websites and to achieve the best possible design for the web pages. Cookies are small files that are stored on your end device and can be used to determine whether your end device has already communicated with our website. You can find detailed information about the used cookies in our cookie consent tool.

General information about how cookies are used and about some especially important groups of cookies on our website is given below.

5.1. Technically required cookies

Data processing: Technically required cookies are set to technically enable or facilitate the use of the website. This covers functions such as maintaining sessions, saving language settings, speeding up the website performance, saving the consent to the use of cookies or implementing general preferences.

Purpose: The purpose of the processing is to provide technical functions of our website.

Legal basis: Section 25 (2) 2) German Telecommunications Telemedia Data Protection Act (TDDDG) permits the setting of cookies or comparable technologies without the user’s consent if this is absolutely necessary in order to provide the digital service expressly requested by the user.

Data recipient: The information collected by these technically required cookies is processed internally by the IT department. To enable you to manage cookies easily, we work with OneTrust, LLC, Atlanta, 1200 Abernathy Rd NE, Building 600, Atlanta, GA 30328, USA. To protect your data and comply with applicable data protection regulations, we have concluded a data processing agreement with OneTrust. Further information can be found here: https://www.onetrust.com/privacy/.

Transfer to third countries: The data may also be processed outside the EU by OneTrust, LLC in the USA. Information about how data is processed at OneTrust can be found here: https://www.onetrust.com/privacy-notice/.

Duration of the processing: Technically required cookies are only stored for as long as they are necessary to fulfill their technical function. This can range from one session to several months depending on the type of cookie and the purpose of the processing. Details can be found in the cookie consent tool.

5.2. Analytics and marketing cookies

Data processing: Analytics and marketing cookies collect information about your user behavior on our website, including the pages you visit, the links you click and other actions you take on our website.

Purpose: We use analytics and marketing cookies to improve the user-friendliness and to analyze usage patterns in order to optimize the structure and content of the website. These cookies also help us to personalize content by providing relevant content and recommendations based on your user behavior. Marketing cookies allow us to display personalized advertising based on your interests and behavior. Finally, these cookies enable us to measure and analyze the effectiveness of advertising campaigns and marketing strategies in order to continuously improve our marketing measures.

Legal basis: The use of analytics and marketing cookies is based on your consent in accordance with Article 6(1) sentence 1a) GDPR.

Data recipient: The information collected by these cookies may be shared with internal recipients, such as our marketing department, and external recipients, such as advertising networks and analytics service providers. We work with third-party providers who process this data on our behalf. Information about our third-party providers can be found in the cookie consent tool. To protect your data and to comply with the applicable data protection regulations, we have concluded order processing contracts with the third-party providers.

Transfer to third countries: Data may be transferred to a third country via third-party cookies. Information about this can be found below and in our cookie consent tool.

Duration of the processing: Most cookies are automatically deleted when you close your browser (so-called session cookies). Other cookies remain stored on your end device for a certain period of time and enable us to recognize your end device on your next visit (persistent cookies). The storage period may vary depending on the type of cookie and its purpose. Information about this can be found in the cookie consent tool.

Do-not-track cookie: If you decide against the use of cookies, we will set a so-called do-not-track cookie. This tells our web server that no other cookies may be set. In this case or if you configure your browser so that it generally does not accept cookies, functional restrictions of our offering may occur, e.g., services such as login areas or content filters may not be provided.

Configuration options: Most browsers accept cookies automatically. You can delete cookies that have already been set on your end device at any time or configure your browser so that it does not accept cookies (which may, however, result in functional restrictions of our offering). Please refer to the instructions for your browser or from the manufacturer of your end device for details about how to do this.

6. HubSpot

Data processing: This website uses HubSpot, a service provided by HubSpot Inc., a software provider from the USA with a branch in Ireland (HubSpot Inc., 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, telephone: +353 1 5187500) with whom we cover various aspects of our online marketing activities. These include, among other things:

Content management (e.g., contents of the website)
Email marketing (newsletters and automated mailings, e.g., for information about updates)
Social media publishing and reporting (e.g., LinkedIn)
Reporting (e.g., traffic sources, accesses, etc.)
Contact management (e.g., user segmentation and CRM)
Provision of landing pages and contact forms

HubSpot uses so-called web beacons as well as cookies, which are stored on your computer and allow us to analyze your use of the website. HubSpot evaluates the collected information (e.g., your IP address, geographical location, type of browser, duration of your visit and the viewed pages) on our behalf to create reports about your visit and the pages you have visited. If you do not want HubSpot cookies to transfer data, you can prevent the storage of cookies at any time in our cookie consent tool.

Purpose: The data collected using HubSpot is used solely for the provision and optimization of our marketing activities. We may use your data to contact you as a visitor to our website and to determine which of our company’s services are of interest to you. If you subscribe to our email newsletters and download studies and other documents, we can also use HubSpot to record your visits using your additional personal details (e.g., name, email address) and, where applicable, provide you with specific information about your preferred topics.

Legal basis: We only use HubSpot’s services if you have given us your consent (see Article 6(1) sentence 1a) GDPR). You can revoke your consent to the storage and processing of your data at any time by changing the selection of active cookies in the cookie consent tool.

Data recipients and third country transfer: The data collected by us using HubSpot is stored on the servers of our contractor HubSpot in the USA. To protect your data and to comply with the applicable data protection regulations, we have concluded an order processing contract with HubSpot. HubSpot’s full privacy policy can be found here. HubSpot informs you here: https://legal.hubspot.com/privacy-policy about how HubSpot Inc. complies with EU data privacy regulations. HubSpot provides information about the cookies it uses here and here.

7. Contentsquare (Hotjar)

Data processing: For analysis purposes, we use the Hotjar web analysis service from Contentsquare S.A.S. With the help of this tool, the interaction data of your visit to our website (e.g., scrolling, clicks or time spent on a page) is collected in pseudonymized form to optimize the user-friendliness of the website and for marketing purposes using cookies. Contentsquare collects the following data: Information about the characteristics of your end device (in particular your operating system and browser), IP address (pseudonymized), date and time of your visit, time spent on our website, address of the page you visited on our website, address of the website you visited immediately before (referrer), geographical location (country from which the website is opened), information about interactions with website elements (e.g., clicks, mouse position, scrolls, hover, blur, focus, anonymized HTML content) and product-related transaction data.

Purpose: The data is processed to optimize the user-friendliness of the website and to support marketing purposes.

Legal basis: We only use Contentsquare’s services if you have given us your consent (see Article 6 (1) sentence 1a) GDPR). You can revoke your consent to the storage and processing of your data at any time by changing the selection of active cookies in the cookie consent tool.

Data recipients and third country transfer: The internal recipient is our marketing department. The external recipient is Hotjar Limited, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta. To protect your data and to comply with the applicable data protection regulations, we have concluded an order processing contract with Contentsquare. Data may be transferred to a third country by transmitting the information to a Contentsquare server. Further information can be found in Contentsquare’s data privacy policy here: https://contentsquare.com/privacy-policy/.

8. Google services

Data processing: To improve our reach and our online presence, we use various statistics, analytics and tracking services, and web applications from Google on this website. These are only activated if you give your consent. The Google services we use are DoubleClick, Google Analytics 4 (GA4), Google Ads Conversion, Google Optimize, Google Remarketing, Google Tag Manager (GTM), Google Optimize and Google Signals.

Google Analytics 4 (GA4): With the consent of our users, we analyze the use of our website with GA4. GA4 uses cookies to collect information about the usage and surfing behavior of users and possibly amalgamate it with other data. The data is transferred to Google servers and stored there.
DoubleClick: DoubleClick helps us to analyze and improve the reach and effectiveness of our adverts. DoubleClick sets cookies to track whether users have seen or clicked an ad and in doing so can control how frequently ads are displayed.
Google Ads Conversion: With Google Ads Conversion we can track whether users have reached our website from an advert in order to determine the effectiveness of our advertising measures.
Google Remarketing: This function enables us to show users relevant advertising across all devices after a visit to our website. Google evaluates user behavior and displays targeted advertising within the Google advertising network.
Google Tag Manager (GTM): The GTM helps us to integrate and manage cookies, statistical tools or tracking services on our website. The GTM itself does not set any cookies and does not create its own user profiles.
Google Optimize: Google Optimize is a tool for conducting A/B tests and personalizing website content to improve your user experience and increase conversion rates.
Google Signals: Google Signals collects event data from users who are signed in to their Google account and have ad personalization enabled so we can track which services you use across devices and browsers.

Purpose: The data is processed to improve the user-friendliness by analyzing usage patterns, personalizing content based on user behavior, displaying targeted advertising and evaluating the effectiveness of advertising campaigns and marketing strategies.

Legal basis: The use of Google services is based on your consent in accordance with Article 6(1) sentence 1a) GDPR. You can revoke your consent to the storage and processing of your data at any time by changing the selection of active cookies in the cookie consent tool. We also use Google Consent Mode v2 for this purpose. This mode transmits cookie and data privacy settings from the cookie consent tool on your website to the Google services being used. If users give their consent, Google services set cookies and read data from end devices to get to know users better. This is not possible without the user’s consent. Google then uses ping information with reduced data and closes any resulting gaps with data modeling based on artificial intelligence. The Consent Mode V2 Basic used by us allows tracking pixels to be blocked until the user gives their consent. No data or even pings for data modeling are sent to Google without the user’s consent.

Data recipient: The internal recipient of the data is our marketing department. The external recipients are Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To protect your data and to comply with the applicable data protection regulations, we have concluded an order processing contract with Google.

Transfer to third countries: The data may also be processed outside the EU by Google Inc. in the USA. Information about how data is processed at Google can be found here: https://policies.google.com/privacy?hl=en.

Duration of the processing: The data collected by Google is stored for as long as is necessary to fulfil the purpose. The storage period is regulated in Google’s internal guidelines.

Other configuration options for handling Google cookies: you can prevent participation in Google’s tracking procedures as follows:

Deactivating cookies for conversion tracking: configure your browser to block cookies from the domain www.googleadservices.com. Further information can be found here: https://myadcenter.google.com/personalizationoff.
Deactivating interest-based ads: use the link http://www.aboutads.info/choices. Please note that this setting will be canceled if you delete your cookies.
Permanent deactivation in your browser: Use the corresponding plugins for Firefox, Internet Explorer or Google Chrome provided at http://www.google.com/settings/ads/plugin.
Browser add-on: You can prevent the collection and processing of data generated by Google cookies by downloading and installing the browser add-on available here: https://tools.google.com/dlpage/gaoptout.

9. Google reCAPTCHA

Data processing: On our website we use Google reCAPTCHA to check and prevent interactions on our website as the result of automated access attempts, for example by so-called bots. This service enables Google to determine from which website a request is sent and from which IP address you are using the reCAPTCHA input box. As well as your IP address, Google may also collect other information that is necessary for the provision and guarantee of this service.

Purpose: The purpose of the processing is the security of our website as well as to defend against unwanted, automated access in the form of spam or similar.

Legal basis: The legal basis for the use of Google reCAPTCHA is Article 6(1) sentence 1f) GDPR. Our legitimate interest lies in the security of our website and the prevention of automated access.

Data recipient: The external data recipient is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. In cases where personal data is transferred to countries outside the European Union (EU) where there is no adequate level of protection as stipulated by the GDPR, we agree to apply EU standard contractual clauses.

Transfer to third countries: The data may also be processed outside the EU by Google LLC in the USA. Information about how data is processed at Google can be found here: https://policies.google.com/privacy.

Duration of the processing: The data collected by Google reCAPTCHA is stored for as long as is necessary to fulfil the purpose.

10. Adobe services

Data processing: On our website we use the services Adobe Analytics, Adobe Data Collection, Adobe Experience Manager, Adobe Forms, Adobe Learning Manager, Adobe Launch and Adobe Target provided by Adobe Systems Software Ireland Limited, 4–6 Riverwalk, Citywest Business Park, Dublin 24, Ireland (hereinafter “Adobe”). In addition to the general provision of the website, these services help us to analyze user behavior on it, to optimize it and to personalize the content.

Adobe Analytics uses cookies to collect information about the usage behavior of users. This includes, among other things, the IP address, the browser being used, the operating system, the visited pages and the date and time of the visit.
Adobe Data Collection is used to collect and manage data from various digital channels. It is used to optimize marketing campaigns and improve user experiences through precise data analysis.
Adobe Experience Manager helps to create, manage and deliver digital content across multiple channels. This allows us to efficiently design and optimize personalized customer experiences.
Adobe Forms is used to create, manage and fill in interactive forms. It facilitates the collection, processing and automation of data in digital workflows.
We use Adobe Learning Manager to create, deliver and manage learning content. It helps us to organize training programs efficiently and to track the users’ learning progress.
Adobe Launch is used to manage and implement these tracking and analysis tools.
Adobe Target is used to provide personalized content and experiences for users. It enables A/B testing, automation and optimization of marketing campaigns to increase conversion rates.

Purpose: The purpose of the processing is to analyze user behavior, to optimize the website structure and content, to provide relevant content based on user behavior, and to measure the effectiveness of marketing activities.

Legal basis: Adobe services are used on the basis of your consent in accordance with Article 6(1) sentence 1a) GDPR. You can revoke your consent at any time by configuring the appropriate settings in the cookie consent tool.

Data recipient: Adobe Systems Software Ireland Limited, 4–6 Riverwalk, Citywest Business Park, Dublin 24, Ireland.

Transfer to third countries: The data may also be processed by Adobe Inc., 345 Park Avenue, San Jose, CA 95110-2704, USA. Information about how data is processed by Adobe can be found in Adobe’s privacy policy: https://www.adobe.com/privacy.html.

Duration of the processing: The data collected by Adobe is stored for as long as is necessary to fulfil the purpose. The storage period is regulated in Adobe’s internal guidelines.

Configuration options: You can prevent the collection and processing of data generated by Adobe cookies by configuring the appropriate settings in your browser or by using the Adobe opt-out tool available here: https://www.adobe.com/privacy/opt-out.html.

11. LinkedIn Insight and LinkedIn Ads

Data processing: With the user’s consent, on our website we use the LinkedIn Insight Tag, a JavaScript code snippet. The LinkedIn Insight Tag enables LinkedIn to collect data about the users of our website, including the URL, referrer URL, IP address, device and browser characteristics (user agent), and the timestamp. The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed.

Purpose: Through LinkedIn Insight and associated tools such as LinkedIn Ads, we receive extensive statistical and analytical information about the use of our website, the reach of our advertising, and how you as a user react to our content. The Tag also enables us to track conversions, retarget our website visitors and gain additional information about the LinkedIn members who view our ads.

Legal basis: The LinkedIn Insight Tag is used on the basis of your consent in accordance with Article 6 (1) sentence 1a) GDPR. You can revoke your consent at any time by configuring the appropriate settings in the cookie consent tool.

Data recipient: The external recipient is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. To protect your data and to comply with the applicable data protection regulations, we have concluded an order processing contract with LinkedIn.

Transfer to third countries: The data may also be processed by LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA. Information about how data is processed by LinkedIn can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

Duration of the processing: The members’ direct identifiers are removed within seven days in order to pseudonymize the data. This remaining pseudonymized data is deleted within 180 days.

Configuration options: LinkedIn members can control the use of their personal data for advertising purposes in their account settings. Further information about the protection of your privacy can be found in LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy.

12. Vimeo

Data processing: On our website we use plugins from the Vimeo video portal operated by Vimeo, Inc, 555 West 18th Street, New York, New York 10011, USA. When you visit one of our pages containing a Vimeo plugin and play the video, a connection is established to a Vimeo server. This tells the Vimeo server which of our pages you have visited. Vimeo also obtains your IP address even if you are not logged in to Vimeo or you do not have a Vimeo account.

Purpose: The purpose of the data processing is the provision and embedding of video content on our website.

Legal basis: Vimeo is used on the basis of your consent in accordance with Article 6(1) sentence 1a) GDPR. You can revoke your consent at any time by configuring the appropriate settings in the cookie consent tool.

Data recipient: Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA. To protect your data and to comply with the applicable data protection regulations, we have concluded an order processing contract with Vimeo.

Transfer to third countries: The data may also be processed outside the EU by Vimeo, Inc in the USA. Information about how data is processed by Vimeo can be found in LinkedIn’s privacy policy: https://vimeo.com/privacy.

Duration of the processing: The data collected by Vimeo is stored for as long as is necessary to fulfil the purpose. The storage period is regulated in Vimeo’s internal guidelines.

Configuration options: Further information about the protection of your privacy can be found in Vimeo’s privacy policy at: https://vimeo.com/privacy.

13. Meta pixel

Data processing: On our website we use the Meta pixel, a service provided by Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA 94025, USA (hereinafter “Meta”). The Meta pixel is a JavaScript code snippet that we have integrated into our website. This service collects data about visits to our website, including the URL, referrer URL, IP address, device and browser characteristics (user agent) and timestamp. The IP addresses are shortened or hashed, and the direct identifiers of the members are removed within seven days in order to pseudonymize the data.

Purpose: The purpose of the processing is to analyze user behavior, to optimize the website structure and content, to provide relevant content based on user behavior, to display targeted advertising, and to measure the effectiveness of marketing activities.

Legal basis: The Meta pixel is used on the basis of your consent in accordance with Article 6(1) sentence 1a) GDPR. You can revoke your consent at any time by configuring the appropriate settings in the cookie consent tool.

Data recipient: Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, and

Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. To protect your data and to comply with the applicable data protection regulations, we have concluded an order processing contract with Meta.

Transfer to third countries: The data may also be processed outside the EU by Meta Platforms Inc. in the USA. Information about how data is processed by Meta can be found in Meta’s privacy policy: https://www.facebook.com/privacy/explanation.

Duration of the processing: The members’ direct identifiers are removed within seven days in order to pseudonymize the data. This remaining pseudonymized data is then deleted within 180 days.

Configuration options: you can prevent participation in Meta’s tracking procedures as follows:

Opt-out: By configuring the appropriate settings in your browser or using the cookie consent tool on our website.
Browser add-on: You can prevent the collection and processing of data generated by Meta cookies by installing the appropriate browser add-ons.
Further information about the protection of your privacy can be found in Meta’s privacy policy at: https://www.facebook.com/privacy/explanation.

14. Social media fan pages (Facebook and LinkedIn)

We run so-called social media fan pages (Facebook and LinkedIn) to present our company. For this purpose, we use the technical platform and services provided by Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland and LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Please note that you use these fan pages and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating).

When you visit our fan pages, Facebook and LinkedIn collect, among other things, your IP address and other information about you, your accounts, your interests, your activities and your usage behavior. Information that is stored on your end device and/or in your browser as cookies is also used. The collected information is used to provide us, as the operator of the fan pages, with statistical information about how they are used.

The data collected about you in this context is processed by Facebook Ltd. and LinkedIn Unltd. and may be transferred to countries outside the European Union. What information the platform operator receives and how it is used is described in general terms in their data usage guidelines. Here you will also find information on how to contact Facebook and the settings options for adverts.

Facebook’s data usage guidelines are available here: https://www.facebook.com/about/privacy/previous/

Facebook’s full privacy policy can be found here: https://www.facebook.com/privacy/policy/

LinkedIn’s full privacy policy can be found here: https://www.linkedin.com/legal/privacy-policy

How Facebook and LinkedIn use the data from fan page visits for their own purposes, to what extent activities on the fan page are allocated to individual users, how long the platform operators store this data and whether data from a visit to the fan page is passed on to third parties, is not conclusively and clearly stated, at least not by Facebook, and is not known to us.

When you access a Facebook fan page, the IP address assigned to your end device and other log files are always transmitted to Facebook. According to Facebook, the IP address is anonymized (“German” IP addresses). Facebook also stores information about the end devices of its users (e.g., as part of the login notification function); Facebook may still be able to allocate IP addresses to individual users.

If you are currently logged in to Facebook or LinkedIn as a user, a cookie with your identifier is stored on your end device. This enables the platform operators to understand that you have visited this page and how you have used it.

If you want to prevent this, you should log out or deactivate the “stay logged in” function, delete the cookies on your end device, and close and restart your browser. In this way, information that can be used to directly identify you is deleted. This allows you to use our fan pages without revealing your identifier. If you access interactive functions on the page (Like, Comment, Share, Messages, etc.), a login screen is shown. After logging in, you will again be identifiable to Facebook and LinkedIn as a specific user.

Information about how you can manage or delete existing information about you can be found on the designated data privacy pages of the platform operators.

As the operator of the fan pages, we do not collect and process any other data from your use of our service.

15. Other social media presences (YouTube, Xing, X)

Our company is also present on the social media platforms YouTube (platform operator: Google Ireland Limited Gordon House, Barrow Street Dublin 4), Xing (platform operator: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany) and X (platform operator: Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland). Some of the parent companies of these platform operators are located in the USA.

Please note that you use these offerings and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating, or creating user profiles).

When you visit the platforms and our presences and you view our content there, the respective platform operator collects personal data from you. This includes, for example: Your IP address, log files, information about you (e.g., age, gender, interests), information about the type and duration of use, information about your account there (if you have one) and information about your activities and usage behavior. Information that is stored on your end device or in your browser as cookies, for example, may also be accessed. We have therefore concluded an agreement on joint responsibility within the meaning of Article 26 GDPR or an order processing contract within the meaning of Article 28 GDPR with the platform operators insofar as these are offered by them.

The information collected by the respective platform operator is used to provide us with statistical information about the use of our content on their platform, to show you personalized content matched to you and to advertise our content.

In addition, the data collected about you is also processed by the respective platform operator on their own responsibility and may be transferred to countries outside the European Union (for example to the respective parent companies in the USA).

What information the respective platform operator receives and how it is used is described by them in general terms in their data privacy notice.

There you will also find information about the use of cookies and plugins on the platforms, how to contact the platform operators or the data protection officers, as well as about the data privacy settings there and the configuration options for (personalized) adverts.

How the platform operators use your data for their own purposes, the extent to which your data is amalgamated with other data and used further, the extent to which activities on our presence there are allocated to individual users, how long this data is stored, and whether data is passed on to third parties is determined by the platform operators. We have no influence over this data processing, which is the responsibility of the platform operator.

More information about this can be found under the following links:

YouTube: https://policies.google.com/privacy?hl=en
Xing: https://privacy.xing.com/en/privacy-policy
X: https://x.com/en/privacy

You can also easily access our social media presences on YouTube, Xing and X from our website. For this purpose we have embedded links in the form of graphics or the corresponding logos on our website. By clicking these logos you will be redirected to the respective platform or our presence there. The data processing described above then takes place there.

16. Microsoft services

Data processing: We use Microsoft Azure and Microsoft Advertising to manage our databases. On the one hand, this allows us to manage preferences and therefore place targeted advertising for our website that is matched to your specific interests. Microsoft Azure, on the other hand, allows us to create databases for various purposes and to simplify and speed up our business processes to improve the general productivity and efficiency.

Purpose: We use these Microsoft services for the following purposes:

Microsoft Azure: We use Microsoft Azure to provide a data management and analysis platform. Microsoft Azure enables us to efficiently store, organize and retrieve data, to generate reports and to perform complex data analyses.
Microsoft Advertising allows us to deliver effective advertising campaigns that are matched to your specific interests and behavior. This helps us to better reach our target groups and offer more effective advertising.

Legal basis: Microsoft Azure and Microsoft Advertising is used based on your consent in accordance with Article 6(1) sentence 1a) GDPR. You can revoke your consent at any time by configuring the appropriate settings in the cookie consent tool.

Data recipient: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. To protect your data and to comply with the applicable data protection regulations, we have concluded an order processing contract with Microsoft.

Transfer to third countries: The data may also be processed outside the EU by Microsoft in the USA. Information about how data is processed by Adobe can be found in Adobe’s privacy policy: https://www.microsoft.com/en-gb/privacy/privacystatement.

Duration of the processing: The data collected by Microsoft is stored for as long as is necessary to fulfil the purpose. The storage period is regulated in Microsoft’s internal guidelines.

17. Salesforce services

Data processing: We use the Salesforce Marketing Cloud, Salesforce Sales Cloud and Salesforce Service Cloud to manage and analyze our customer relationships. Salesforce services enable us to contact customers in a personalized manner. Alongside an efficient and personalized customer service, they support us with the following functions:

We use Salesforce Marketing Cloud Engagement to design and automate personalized customer interactions across email, cell phones, social media and other channels. It helps us to improve customer commitment and build long-term customer relationships.
Salesforce Sales Cloud is used to manage sales processes, track leads and optimize sales opportunities. It supports our sales teams in shortening the sales cycle.
We use the Salesforce Service Cloud to optimize customer service processes and provide personalized support experiences. This enables us to manage requests efficiently and to automate the customer service for greater customer satisfaction.

Purpose: Salesforce services provide us with a central customer management platform and simplify customer interactions. We use these services to store, process and analyze customer data, manage sales processes, automate our marketing efforts and customer service, and analyze our business relationships.

Legal basis: The processing of data by Salesforce takes place in accordance with Article 6(1) sentence 1f) GDPR and in our legitimate interest to efficiently manage and optimize our business processes and to offer improved customer service. If we use the Salesforce services to conduct personalized marketing, this is done on the basis of your consent in accordance with Article 6(1) sentence 1a) GDPR. You can revoke your consent at any time by configuring the appropriate settings in the cookie consent tool.

Data recipient: Salesforce Inc., Salesforce Tower 415 Mission Street, 3rd Floor San Francisco, CA 94105, USA. To protect your data and to comply with the applicable data protection regulations, we have concluded an order processing contract with Salesforce.

Transfer to third countries: The data may also be processed outside the EU by Salesforce Inc. in the USA. Information about how data is processed by Vimeo can be found in LinkedIn’s privacy policy: https://www.salesforce.com/company/legal/privacy/.

Duration of the processing: The data collected by Salesforce is stored for as long as is necessary to fulfil the purpose. The storage period is regulated in Salesforce’s internal guidelines.

18. Events (Ventari)

Data processing: We use Ventari for the planning, realization and post-processing of physical and virtual events. In Ventari, we process your personal data when registering participants, for interaction during the event and for collecting feedback.

Purpose: Ventari offers an event management platform that helps us plan, organize and realize physical, virtual and hybrid events.

Legal basis: Ventari is used on the basis of your consent in accordance with Article 6(1) sentence 1a) GDPR. You can revoke your consent at any time by configuring the appropriate settings in the cookie consent tool.

Data recipient: The external data recipient is up2date solutions GmbH, Prinzregentenufer 3, 90489 Nürnberg.

Transfer to third countries: Your personal data is not transferred to a third country.

Duration of the processing: The data collected by Ventari is stored for as long as is necessary to fulfil the purpose. The storage period is regulated in Ventari’s internal guidelines.

19. Remarketing

Data processing: We use various remarketing tools from Google, LinkedIn, Microsoft and Meta on our website. Remarketing tools create lists of visitors to our website and divide them into different groups, which are shown different adverts depending on their behavior on our website.

Purpose: Remarketing allows us to offer you targeted products and services that we consider relevant to you based on your previous interactions. This increases the likelihood that we will not offer you products in which you have no interest whatsoever.

Legal basis: Remarketing is used on the basis of your consent in accordance with Article 6(1) sentence 1a) GDPR. You can revoke your consent at any time by configuring the appropriate settings in the cookie consent tool.

Data recipient: The external recipients are Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA , LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA und Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. To protect your data and to comply with the applicable data protection regulations, we have concluded separate order processing contracts with the respective external recipients.

Transfer to third countries: The data may also be processed outside the EU by the providers in the USA. Information about how data is processed by the various providers can be found in their previously mentioned data privacy notices.

Duration of the processing: The data collected by Google, LinkedIn, Microsoft and Meta is stored for as long as is necessary to fulfil the purpose. The storage period is regulated in the providers’ internal guidelines.

D. Data subject rights

As a data subject, you can exercise the following rights if the legal requirements are fulfilled:

Right to information (Article 15 GDPR):

You have the right to request information about whether and which personal data about you is being processed. This includes information about the processing purpose, the categories of personal data, the recipients or categories of recipients to whom the data is passed on and the planned storage period.

Right to correction (Article 16 GDPR):

You have the right to request the correction of incorrect or the completion of incomplete personal data stored about you.

Right to deletion (Article 17 GDPR):

Under certain circumstances, you have the right to request the deletion of your personal data, e.g., if the data is no longer required for the purposes for which it was collected or if you have revoked your consent and there is no other legal basis for the processing.

Right to restriction of processing (Article 18 GDPR):

Under certain circumstances, you have the right to request a restriction of the processing of your personal data, e.g., if you dispute the accuracy of the data or the processing is unlawful, but you refuse to have the data deleted.

Right to data portability (Article 20 GDPR):

You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format and the right to transmit this data to another controller without hindrance from us.

Right to objection (Article 21 GDPR):

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data unless we can substantiate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms.

Automated decision-making including profiling (Article 22 GDPR):

You have the right not to be subject to a decision based solely on automated processing, including profiling, which results in legal effects concerning you or similarly has a significant negative impact on you.

Right to lodge a complaint with a supervisory authority (Article 77(1) GDPR):

You have the right to lodge a complaint with a supervisory authority. As a rule, for this purpose you can contact the supervisory authority for your usual place of residence or workplace or [the competent supervisory authority for the company’s registered office].

E. Amendments to these data privacy notices

For legal and/or organizational reasons, amendments to or adaptations of our data privacy notices may become necessary from time to time. In this regard, please pay attention to the current version of our data privacy notices, which you can also access automatically by clicking the respective link that is displayed in the window with the cookie settings. Amendments always apply to personal data collected in the future. This does not affect protection of the data collected and stored by us prior to the amendment.

F. Contact

You can contact us at any time if you have any questions regarding data privacy. The best way to do this is to use the contact address below or the contact details in our legal notice. You can inquire at any time whether and which of your data is stored by us. In addition, you can send us information, blocking, deletion and correction requests regarding your personal data as well as revocations of granted notices of consent or suggestions by email or letter.

You can also, at any time, contact our Data Protection Officer who is available to respond to requests for information, suggestions or complaints:

Dr. Martin Schmidt
Data Protection Officer
Comfield Unternehmensberatung GmbH & Co. KG
Uhlandstraße 162 • 10719 Berlin
martin.schmidt@comfield.eu
privacy@eplan.de

Dated: June 2025