§ 1 General Provisions
a) Data generated by visiting the Website without registration
b) Data processed for the purposes of contract performance or while using the Platform
Collection, processing, and use of personal data
Personal data is collected, processed, and used by ITscope exclusively in accordance with the applicable statutory provisions, including, but not limited to the General Data Protection Regulation (GDPR) and Federal Data Protection Act (BDSG).
Controller and Data Protection Officer
The responsible party for data processing (“Controller”) within the meaning of the European Data Protection Law (GDPR) is:
ITscope GmbH | Durlacher Allee 73 | 76131 Karlsruhe | Germany
You may access our Legal Notice at https://www.itscope.com/en/legal-info/.
You may contact our Data Protection Officer at:
ITscope GmbH | Durlacher Allee 73 | 76131 Karlsruhe | Germany
phone.: +49 721 627376-0
§ 2 Use of the Website without registration (cookies, web analysis, retargeting)
I. Server logfiles
(1) The web pages can be visited without registration and, thus, also without providing personal data. If the User discloses personal data on the web pages, this will occur on a voluntary basis.
(2) When a User visits our Website, this access is stored in logfiles or log entries on the ITscope server systems in compliance with legal requirements. The following types of data will be collected:
a. Date and time of access to the service;
b. Host name of the accessing computer (IP address);
c. Referrer URL (the previously visited website);
d. User’s browser type and version;
e. User’s screen resolution;
f. User’s operating system;
g. Pages and features accessed by the User;
h. Search term by which the Website was found, e.g., in Google.
(3) ITscope will use the data referred to above based on the legitimate interests of ITscope within the meaning of Art. 6 (1) (f) GDPR, namely statistical analysis and to improve the usability of the Website. This data will not be linked with personal data by ITscope itself nor on behalf of ITscope by a third party. The gathered data will be deleted upon the expiration of a ninety (90) days period.
(1) This Website is hosted by an external service provider (web host). The personal data collected on this Website is stored on the web host’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contact details, names, web page accesses, and other data generated by a website. In order to ensure data processing in compliance with data protection rules and regulations, we have concluded a contract for data processing with our web host.
Our Website uses so-called cookies. Cookies are small text files that are stored on the User’s computer when a website is called up. Cookies help to make websites more comfortable, more efficient, and safer. Since these are text-only files, cookies cannot contain viruses or other malware. Most browsers offer the option of displaying a warning before a cookie is saved, of refusing to accept cookies altogether, and/or of deleting existing cookies.
We use certain cookies because they are essential for our Website and its functionality to work properly (“Essential” cookies). These cookies are placed automatically when you access our Website or a certain function, unless you have prevented cookies from being placed by making the appropriate settings in your web browser.
In contrast, cookies that are not absolutely essential are placed to display advertising (“Marketing”). In order to achieve an optimum Website design, we use non-essential analysis cookies (“Statistics”). In order to ensure that content from video and social media platforms is fully accessible, we also place cookies that are non-essential (“external media”).
In order to make it easier for you to handle cookies on our Website, we have implemented the extended cookie banner “Borlabs Cookie” created by Borlabs. The cookies required for the functionality of the web pages and the services offered are pre-set. Data processing is therefore carried out to safeguard our legitimate interests pursuant to Art. 6 (1) (f) GDPR. We have a legitimate interest in the provision and maintenance of our online offer.
By unchecking the box, you can prevent the placing of cookies in the corresponding category (e.g., “Marketing”). However, if you allow us to use personalised advertising (recognition of your page views on our site and those of advertising partners or social media providers such as LinkedIn), we can continue to provide you with personalized information as before, remind you of content you have already viewed and optimize our web pages based on an anonymous analysis of your user behaviour on our web pages and in our services and platforms.
ITscope uses the following services for web analysis and remarketing as well as their cookies (“Services”) on its website:
(1) Google Analytics
This Website uses Google Analytics, a service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, to analyse and improve our Platform based on your user behaviour. Your IP address is shortened before the evaluation of the usage statistics so no conclusions can be drawn about your identity. Cookies, i.e., text files that are stored on the User’s computer and allow an analysis of how a User uses a particular website are used for these Services. The information generated by the cookie about the use of the Website or Platform will be transmitted to the servers of the analytical services in the U.S. and stored there. The storage of Google Analytics cookies and the use of this analytics tool are based on Art. 6 (1) (a) GDPR (Consent). For further information on how to manage your consent please refer to the following paragraph VIII.
The User’s IP addresses are anonymized using “anonymizeIp()” or through comparable technical means, or only used to retrieve geodata and not stored by the Services for any other purpose so that it is not possible to associate them with an internet access point or a User. According to Google, Google will not merge the IP address of the User with other Google data.
The Services will use the collected information to analyze the use of the Website, to compile reports on Website activities, and to provide ITscope with other services in connection with the Website used. This information may also be transmitted to third parties if this is required by law or if third parties process this data on behalf of the Services.
We have concluded a data processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics. User and event-level data stored by Google, which is linked to cookies, user IDs (e.g., User ID) or advertising IDs (e.g., DoubleClick cookies, Android advertising ID), is anonymized or deleted after 14 months. Please click on the following link for details: https://support.google.com/analytics/answer/7667196?hl=de
The following services process your data based on your consent (pursuant to Art. 6 (1) (a) GDPR). For further information on how to manage your consent please refer to the following paragraph VII.
(1) Google Analytics Remarketing
This Website also uses Google Analytics Remarketing in conjunction with the cross-device features of Google Ads and Google DoubleClick. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. This feature allows us to link the advertising audiences created with Google Analytics Remarketing to the cross-device capabilities of Google Ads and Google DoubleClick. This way, interest-based, personalized advertising messages that have been customized for you based on your past usage and browsing habits on one device (e.g., mobile phone) can be displayed on another of your devices (e.g., tablet or PC). If you have granted your consent, Google will connect your web and app browsing history with your Google Account for this purpose. This way, the same personalized advertising messages to be displayed on any device on which you log into your Google Account. To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to help us define and create audiences for cross-device advertising. You may opt-out of cross-device remarketing/targeting permanently by disabling personalized advertising; just click on the following link: https://www.google.com/settings/ads/onweb/.
(2) Google Ads und Google Conversion Tracking
This Website uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. As part of Google Ads, we use what is known as conversion tracking. When you click on an ad placed by Google, a conversion tracking cookie is placed. Cookies are small text files that the web browser places on the user’s computer. These cookies expire within 30 days and are not used to personally identify Users. If the User visits certain pages of this Website and the cookie has not expired, Google and we may recognize that the User clicked on the ad and was redirected to this page.
Each Google Ads customer receives a unique cookie. The cookies cannot be tracked on the websites of Google Ads customers. The information collected through the conversion cookie is used to compile conversion statistics for Google Ads customers who have opted-in to conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive information that personally identifies users. If you do not wish to be tracked, you can easily opt-out of this service by disabling the Google Conversion Tracking cookie in the user preferences of your web browser. You will then not be included in the conversion tracking statistics.
(3) Microsoft Bing Ads
On our pages we use the Conversion Tracking feature of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft Bing Ads stores a cookie on your computer if you have come to our site through a Microsoft Bing ad. This enables Microsoft Bing and us to see that a visitor clicked on an ad, was redirected to our website and landed on a predetermined page (conversion page). We only learn the total number of users who clicked on an ad and were redirected to the conversion page. No personal information about the identity of the User is disclosed.
If you do not want Microsoft to use information about your browsing behaviour as described above, you can refuse to accept cookies by selecting the appropriate settings in your web browser, such as setting your browser to refuse all cookies automatically. You can also prevent the collection of data generated by the cookie and related to your use of the Website, and Microsoft’s processing of such data, by clicking the link below: Object to the placing of cookies: https://account.microsoft.com/privacy/ad-settings/signedout?lang=en-EN. For more information about data protection and cookies used by Microsoft and Bing Ads, visit the Microsoft Web website at https://privacy.microsoft.com/de-de/privacystatement
(4) LinkedIn Insight Tag
The LinkedIn Insight tag allows us to collect information about visits to our Website, including URL, referrer URL, IP address, device and browser characteristics, timestamps, and page views. This data is encrypted, anonymized within seven days, and the anonymized data is deleted within 90 days. This technology allows us to generate reports on the performance of our advertisements and information on website interaction. To do this, the LinkedIn Insight tag is embedded in this Website, which connects to the LinkedIn server when you visit this Website while you are logged into your LinkedIn account.
You can disable the LinkedIn Insight tool and interest-based advertising by opting out at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
(1) Our Website uses the services of HubSpot for various reasons. HubSpot is an U.S. software company with a subsidiary in Ireland. Contact details: HubSpot, 2nd floor, 30 North Wall Quay, Dublin 1, Ireland, phone: +353 1 5187500.
(2) HubSpot is an integrated software solution that we use to cover several aspects of our online marketing, including:
(3) Email marketing, social media publishing & reporting, reporting, contact management (e.g., user segmentation and CRM), and landing pages. In addition, we use HubSpot for providing contact forms. For further information please refer to section 3 (III) “Forms”.
(4) For further information on the topics above, please refer to the relevant explanations regarding the specific online marketing activities for which we hereby provide further additional information:
(5) We use the gathered information only for the purpose of optimizing our marketing and advertising activities.
As part of the optimization of our marketing and advertising activities, the following data may be gathered and processed via HubSpot:
a) geographic position
b) browser type
c) domain names
d) viewed pages
e) operating system version
f) internet service provider
g) IP address
h) device ID
i) duration of website visit
j) operating system
k) events that occurred within the application
l) access times
m) device model and version
(6) Data will be stored and further processed on the servers of this service provider. Insofar, HubSpot acts as our data processor and processes data only as instructed by us. For further information on the various types of use please refer to: https://www.hubspot.de/ .
(7) Whenever we request your consent to certain online marketing activities, your consent to data processing is required pursuant to Art. 6 (1) (a) GDPR. To the extent data is processed for the purpose of performing a contract that we entered with you, this is subject to Art. 6 (1) (b) the GDPR. Otherwise, data processing is based on Article 6 (1) (f) GDPR, pursuant to which the processing of personal data is also permissible without the consent from the data subject, where such processing is required for the purposes of the legitimate interests pursued by the controller or a third part, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data. In this regard, we rely on our legitimate interest in direct advertising pursuant to recital 47 of the German GDPR version. Our legitimate interest is based on the fact that specific online marketing activities allow us to ensure the efficiency of the campaigns created by us und an effective use of the allocated funds. Furthermore, you will only receive such advertising that is potentially relevant and interesting to you.
(8) If you do not wish the kind of data mentioned above to be gathered and processed via HubSpot, you may refuse or withdraw your consent at any time with effect for the future (to withdraw your consent to HubSpot at any time please click here: Opt-Out
(9) In connection with the processing of data via HubSpot, data may be transmitted to the United States. The security of the transmission is warranted by the so-called Standard Contract Clauses which ensure that a level of security is applied during the processing of personal data that equals the GDPR standard.
VI. External media
(1) Google Maps
In our Website we use Google Maps (API), a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Maps is a web service for displaying interactive maps that allows us to visualize geographical information.
As soon as you access those web pages in which maps provided by Google Maps have been embedded, information on your use of our Website is transmitted to Google servers in the United States and stored thereon, including, but not limited to your IP address. This transmission will take place irrespective of the fact whether you have a Google account or are logged in to that account, or whether you do not have a user account. When you are logged in to your Google account, your data may be directly matched with your account.
Data will be processed based on your consent pursuant to Art. 6 (1) (a) GDPR that you may give in our cookie banners. For further information on data protection in connection with the use of Google Maps please refer to the Google website: https://www.google.de/intl/de/policies/privacy/
(2) Embedding of YouTube videos
We have embedded YouTube videos in our Website that are hosted by YouTube, but may be played directly on our Website. YouTube is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google“). By default, this service is deactivated, but may be activated by the user. When you access any page within our Website that includes a YouTube video, general basic data such as your IP address may be transmitted to Google by the embedding technology. Google processes the IP address of the user(s), since it is unable to send the contents to their browsers, unless the IP address is known. When you give your consent to this data transmission to Google, Google’s use of such data is beyond our sphere of control. For example, Google may use pixel tags for statistical or marketing purposes. Pixel tags enable Google to analyze information such as the visitor traffic on this Website and its individual pages. Furthermore, pseudonymized information may also be stored in cookies on the user’s device and, among others, include technical information on the browser and operating system, on referring websites, on the time of the visit, and other details on the use of our online offering. YouTube may store your data in the form of usage profiles and use it for the purposes of advertising, market research, and/or the needs-based design of its services. If you do not wish the gathered and transmitted data to be matched with your YouTube or Google profile, you need to log out of your account prior to viewing the video. The embedding of the YouTube services in our Website is permissible based on your consent pursuant to Art. 6 (1) (a) GDPR which you may give in our cookie banners.
We use Wistia plugins to show videos. This service is provided by Wistia, 17 Tudor Street, Cambridge, Massachusetts, U.S. When you visit one of our pages that includes a Wistia player, a connection with the Wistia servers is made. Wistia gathers the following categories of personal information in anonymized form:
• anonymized IP address, including service provider
• access time for the watched video
• details on the video sections watched
• URL of the video(s)
• type of device (stationary, mobile)
• operating system and browser used
When you are in to your Wistia member account, Wistia will match this information with your personal user account on this platform. You may prevent this matching from occurring by logging out of your user account prior to visiting our Website.
Wistia services that are embedded in our Website require your consent pursuant to Art. 6) (a) GDPR which you may give in our cookie banner.
(4) Google Tag Manager
We have implemented Google Analytics (Universal) via the so-called “Google Tag Manager”. The Google Tag Manager is also a Google product that allows us to manage website tags on a user interface. The Tag Manager is a cookie-free domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If cookies were disabled at the domain or cookie level, this will affect all tracking tags implemented with Google Tag Manager.
VII. Social Media Plugins
We do not use any social media plugins for data protection reasons. The Website has been linked to our accounts in social networks such as Xing, YouTube, Twitter, and Facebook. When you click on the embedded icons, you will be redirected to the page of the respective provider, i.e., your user data will not be transferred to the respective provider, unless you click on the respective icon. If you are logged into your user profile within the corresponding social network, your user profile will be associated with the visit of our Website when you click on the icon. If you do not want social networks to collect data about this Website, you should log out of the social networks before you visit the Website.
VIII. Note on data processing, withdrawal of opt-in, opt-out option
The User may prevent the storing of cookies by making the appropriate settings in its browser software; however, please note, that in this case you may not be able to use the full functionality of the Website or Platform.
How to withdraw a consent granted Opt-In:
If you have granted your consent to the processing of your data for advertising purposes, for statistical analyses, or for the use of external media and wish to withdraw this consent, please change it here: Opt-Out In addition, the User has the following opt-out options:
- a. The User may object to the collection of data by Google Analytics with effect for the future, in particular, by installing an opt-out (deactivation) add-on (http://tools.google.com/dlpage/gaoptout) for its web browser.b. The User can permanently object to Google Remarketing by deactivating personalised advertising in its Google Account via the following link: https://www.google.com/settings/ads/onweb
c. The User may object to the use of data for interest-related advertisements on the following web pages: http://optout.networkadvertising.org/, https://adssettings.google.com/
d. You can disable the LinkedIn Insight tool and interest-based advertising by opting out at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
e. You can withdraw your consent to the use of your data by HubSpot at any time by clicking on this: Opt-Out
§ 3 Special features of our Website
In addition to the informational content on our Website, we also offer various services or features which you can use if you are interested. For this purpose, you will generally have to provide additional personal data, which we use to provide the respective service or feature as described below.
I. Online job application
We offer every visitor of our Website the possibility to apply for a job via an online job application form. Alternatively, you may submit your job application by email. For further details on the job application process please refer to our hyperlinked privacy statement for job applicants.
Processing of personal data during the job application process
It is a prerequisite of the job application process that job applicants provide personal data and details to us. These include, but are not limited to: Name(s) and family name, contact details (email, telephone) as well as the cover letter and annexes (CV, certificates, etc.). Furthermore, job applicants can provide us with additional information on a voluntary basis.
Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily shared during the job application process, their processing is also subject to Art. 9 (2) (b) GDPR (e.g., health data, such as severely disabled status or ethnic origin).
All incoming job applications are handled confidentially and only by a small defined group of HR employees and the relevant parties involved in the job application process. The data will not be disclosed to third parties.
Purpose, legal basis, and storage period
We process a candidate’s data only for the purpose and within the scope of the job application procedure in accordance with the legal requirements. Candidate data is processed for the purpose of fulfilling our (pre-)contractual obligations within the scope of the job application procedure in accordance with Art. 6 (1) (b) GDPR (in Germany section 26 BDSG (Federal Data Protection Act) applies additionally). In the event of a successful job application, the data provided by the candidates may be processed by us for the purposes of the employment relationship. If the application for a job offer is not successful, the applicants’ data will be deleted. In the event that the data should still be needed for the enforcement of legal rights after the application procedure has been completed, further data processing may be carried out based on the requirements of Art. 6 GDPR, including, but not limited to the safeguarding of legitimate interests pursuant to Art. 6 (1) (f) GDPR. Our legitimate interest then consists in the assertion or defence of claims. Deletion shall take place no later than within 180 days.
In some cases, we invite candidates to join our talent pool. Admission is only granted on the basis of the applicant’s consent within the meaning of Art. 6 (1) (a) GDPR. All candidates admitted to the talent pool are stored permanently and for the purpose of filling a potential vacancy. Data will only be deleted by ITscope upon request by the individual concerned or if the candidate’s profile does not match the vacancy at a later date. The deletion can be requested by email to firstname.lastname@example.org without stating reasons.
Notes on the job application form
Note on email job applications
When applying by email, please note that emails are generally not sent in encrypted form and that the job applicants themselves must ensure that they are encrypted. We can, therefore, not accept any responsibility for the transmission path of the job application between the sender and the inbox of our server and therefore recommend our job application form. Personio software is also used to process the email application to facilitate this process.
Withdrawal and deletion of job application
Applicants can demand the deletion of their data at any time without giving any details. In addition, previously granted consent (e.g., talent pool) may be withdrawn with effect for the future. The request for deletion or withdrawal must be emailed to email@example.com. The stored data of the applicant will be deleted immediately, unless there is are legal grounds which justify their storage (e.g., an existing employment relationship). In this case, the data will be deleted after the expiration of the applicable retention period.
On certain pages, we use the “Messages“ chatbot of the HubSpot tool (HubSpot, 2nd floor North Wall Quay, Dublin 1, Ireland) for communicating with you. You may interact with the chatbot if you wish. When you use the chatbot, your IP address will be transmitted to HubSpot. You may decided in your own discretion, which personal data you disclose during the chat. If you should decide to disclose personal information (such as your email account), this data will be transmitted to the U.S. and stored on HubSpot servers in the U.S. We use a cloud-based HubSpot services located in the U.S. for managing customer data and customer interaction. This data is processed and stored based on Art. 6 (1) (b) GDPR, if your inquiry is linked to the performance of an agreement or is required for the completion of pre-contractual activities. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries directed to us and in efficient and fast processing of user inquiries and the improvement of the customer base management (Art. 6 (1) (f) GDPR) or your consent (Art. 6 (1) (a) GDPR), if you have been requested to give your consent. For further information on the use of HubSpot please refer to the information provided above in section V (5).
III. Contact forms, request by email and telephone
If you send us inquiries via the contact form, your details from the contact form, including the contact data you provide therein, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent. The same applies to inquiries received by email or telephone.
This data is processed based on Art. 6 (1) (b) GDPR, if your request is related to the performance of a contract or is necessary for performing pre-contractual tasks. In all other cases, processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 (1) (f) GDPR), or on your consent (Art. 6 (1) (a) GDPR), provided that it had been obtained.
The data you enter in the contact form will remain with us until you request us to delete it, withdraw your consent to storage, or the purpose for which the data had been stored no longer applies (e.g., after your request has been fully processed). Mandatory legal provisions – including, but not limited to retention periods – remain unaffected.
Subscribing to our newsletter via the Website is based on your consent within the meaning of Art 6 (1) (a) GDPR. The User agrees to data storage for the purpose of establishing contact. He or she will be regularly informed about products, services, and innovations regarding the ITscope Platform. The registration procedure uses a so-called double-opt-in, i.e., following your registration you will receive an email asking you to confirm your registration in order to prevent any abuse of your email account. We will record the accounts that register for our mailings in order to show that the registration procedure complies with the statutory provisions and, if applicable, to prevent or investigate any abuse of your personal data. The contact data provided will be stored until the User withdraws its consent. The User can declare its withdrawal of consent via the “unsubscribe link” in the newsletters or send a short message to firstname.lastname@example.org.
§ 4 Data processing during Platform use
- ITscope collects personal data of the User (including, but not limited to the name and business contact data) when the User registers on this Platform or is registered by a third party, e.g., if the employer of a User creates an account for it on the Platform. If required by data protection law, rules, and regulations, the customer assures to have obtained the prior consent of its employees and to have informed them accordingly. With regard to its employees, the customer shall ensure that ITscope may process and use the contact data collected for the contractual purposes described herein and, if necessary, may contact the employees (e.g., in connection with a support ticket).
- During the registration process, ITscope will request the following mandatory information that is marked with an asterisk (*): family name, first name, email address, company, for newly registered companies also the full postal address of the company, and a phone number. Registration without this mandatory data is not permissible. During the registration process the User may also provide additional data on a voluntary basis, such as on its position within the company and other contact data. This information is not a prerequisite for registration.
- ITscope will process and use the personal data of customers and Users for contract performance and customer support (e.g., provision of support services and user support) based on Art. 6 (1) (b) GDPR. ITscope will inform Users by email about new and similar products and services as well as special offers from ITscope that might be of interest to the User in the form of a periodic newsletter. The User has the right to object to the use of its email address for such marketing purposes by notifying ITscope hereof at any time (e.g., by unsubscribing from a newsletter by activating a link at the end of each newsletter) without incurring any costs.
- ITscope will neither use the User’s personal data for other advertising purposes nor pass it on to third parties, unless,
a) the User expressly grants its consent to the use of its data for advertising purposes and/or disclosure to third parties; the User may withdraw its consent at any time; or
b) ITscope is obligated to pass on data by law, e.g., to investigative authorities.
- Personal data that the User voluntarily provides on the Platform via the presentation and communication features provided may be deleted by the User at any time during the existing contractual relationship. In addition, personal user data (including the User’s login data for supplier systems stored on the Platform, cf. Art. 4) will be deleted from all systems or their processing will be restricted no later than three (3) months after termination of the contractual relationship with ITscope. This can also be done by removing the personal identifiers from texts written by the User or contents uploaded to the Platform (e.g., product reviews and comments).
§ 5 Creation and analysis of user profiles on the Platform
- In addition, the access of registered Users to the Platform based on the legitimate interests of ITscope in accordance with Art. 6 (1) (f) GDPR will be logged using their user ID and account number and stored for the purpose of enhancing the user experience and for statistical analysis. ITscope has the right to publish analysis results in anonymous or aggregated form, i.e., without reference to individual customers or Users, for information purposes, for instance on the Website. Beyond this, profile data will not be passed on to third parties, unless ITscope is obligated by law to do so.
- The User may disable the compilation of personal user profiles on the Platform in the user settings.
§ 6 Erasure or deletion of data
- Personal data collected via the Website will only be stored by ITscope until the purpose for which it had been transmitted by the User has been completely fulfilled. This shall also apply to personal data if the User had granted its express consent to the collection and processing of this type of personal data.
- The data will not (yet) be deleted if it still needs to be retained until the purpose is completely attained or if there are other legitimates grounds for its retention and/or if statutory provisions (e.g., retention duties under trade and tax law) prohibit the erasure or deletion of data. Article 3 (5) above applies to the deletion of data collected and processed in connection with the Platform use.
§ 7 Use of supplier services within the Platform
- Suppliers listed on the ITscope Platform may provide their own services on or via the Platform (“Supplier Services”), e.g., for retrieving particular purchase prices or for electronic order processing.
- User login data (in particular, passwords) required for using Supplier Services are electronically transmitted to the suppliers’ servers as encrypted messages at all times, unless a supplier fails to offer a secure or encrypted connection for this purpose.
- ITscope uses state-of-the-art, secure encryption procedures with separately stored keys to protect the User’s login data and will decrypt these only for the purpose set forth on the Platform, in particular, to retrieve prices and to transmit order documents to the User.
- ITscope exclusively uses its own server systems for storing such login data, which are hosted at a data center certified in accordance with the BSI Grundschutzhandbuch (Basic Protection Manual) and ISO 27001.
- ITscope is not responsible for the collection and processing of User’s personal data by the supplier, rather, the corresponding supplier is the Controller within the meaning of the GDPR.
§ 8 Data subject rights
(1) Users affected by data processing (“Data Subjects”) may exercise various rights. In particular, these are:
- Right to access: The User has the right to access information that ITscope stored about him/her.
- Right to rectification and erasure: The User may request ITscope to rectify inaccurate data and to erase its data.
- Restriction of processing: The User may request ITscope to restrict the processing of its data.
- Data portability: If the User provides data to ITscope under an agreement or based on a consent, it may demand the provision of the data submitted by it in a structured, common, and machine-readable format, or that ITscope transmit this information to another controller.
- Objection to data processing based on “legitimate interest”: If reasons exist that are based on grounds relating to the User’s particular situation, the User may object at any time to the processing of personal data by ITscope, to the extent that the “legitimate interest” is the legal basis for this objection. If the User should exercise its right to object, ITscope will discontinue the processing of its data, unless ITscope are able to show that there are compelling reasons that allow the continued data processing and override the User’s rights.
- Withdrawal of consent: If the User has granted its consent to the processing of its data the User may withdraw this consent at any time with effect for the future. The legitimacy of processing of its data up to the date of withdrawal remains unaffected.
- Right to lodge complaints with the supervisory authority: Furthermore, the User has the right to lodge a complaint with the competent supervisory authority, if it believes the processing of its personal data to violate the applicable statutory provisions, rules, and regulations. In this case, the User may contact the data protection authority having competence at its place of residence or in its country, or the data protection authority having competence at the place of business of ITscope.
The User is only entitled to the rights described above subject to the condition precedent that the applicable legal requirements have been complied with, including those that are not explicitly mentioned in the above explanations.
In case of any questions regarding the processing of their User data, data subject rights or any consent granted, the User may contact ITscope free of charge.
(2) If you wish to exercise any or all of your rights, please email us at email@example.com, or write a letter to the address indicated in section 1 above, or give us a call. Please ensure that we will be able to identify you without any doubt.
Last revised: June 2022