Durlacher Allee 73
§ 1 General Provisions
- Data generated by visiting the Website without registration
- Data processed for the purposes of contract performance or while using the Platform
Collection, processing, and use of personal data
Personal data is collected, processed, and used by ITscope exclusively in accordance with the applicable statutory provisions, including, but not limited to the General Data Protection Regulation (GDPR) and Federal Data Protection Act (BDSG).
Controller and Data Protection Officer
The responsible party for data processing (“Controller”) within the meaning of the European Data Protection Law is:
Durlacher Allee 73
Durlacher Allee 73
Tel.: +49 721 627376-0
You may access our Legal Notice at itscope.com/impressum.
§ 2 Use of the Website without registration (cookies, web analysis, retargeting)
I. Server logfiles
(1) The web pages can be visited without registration and, thus, also without providing personal data. If the User discloses personal data on the web pages, this will occur on a voluntary basis.
(2) When a User visits our Website, this access is stored in logfiles or log entries on the ITscope server systems in compliance with legal requirements. The following types of data will be collected:
a. Date and time of access to the service;
b. Host name of the accessing computer (IP address);
c. Referrer URL (the previously visited website);
d. User’s browser type and version;
e. User’s screen resolution;
f. User’s operating system;
g. Pages and features accessed by the User;
h. Search term by which the Website was found, e.g., in Google.
(3) ITscope will use the data referred to above based on the legitimate interests of ITscope within the meaning of Art. 6 (1) (f) GDPR, namely statistical analysis and to improve the usability of the Website. This data will not be linked with personal data by ITscope itself nor on behalf of ITscope by a third party. The gathered data will be deleted upon the expiration of a ninety (90) days period.
(1) This Website is hosted by an external service provider (web host). The personal data collected on this Website is stored on the web host’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contact details, names, web page accesses, and other data generated by a website. In order to ensure data processing in compliance with data protection rules and regulations, we have concluded a contract for data processing with our web host.
Our Website uses so-called cookies. Cookies are small text files that are stored on the User’s computer when a website is called up. Cookies help to make websites more comfortable, more efficient, and safer. Since these are text-only files, cookies cannot contain viruses or other malware. Most browsers offer the option of displaying a warning before a cookie is saved, of refusing to accept cookies altogether, and/or of deleting existing cookies.
We use certain cookies because they are essential for our Website and its functionality to work properly (“Essential” cookies). These cookies are placed automatically when you access our Website or a certain function, unless you have prevented cookies from being placed by making the appropriate settings in your web browser.
In contrast, cookies that are not absolutely essential are placed to display advertising (“Marketing”). In order to achieve an optimum Website design, we use non-essential analysis cookies (“Statistics”). In order to ensure that content from video and social media platforms is fully accessible, we also place cookies that are non-essential (“external media”).
In order to make it easier for you to handle cookies on our Website, we have implemented the extended cookie banner “Borlabs Cookie” created by Borlabs. The cookies required for the functionality of the web pages and the services offered are pre-set. Data processing is therefore carried out to safeguard our legitimate interests pursuant to Art. 6 (1) (f) GDPR. We have a legitimate interest in the provision and maintenance of our online offer.
By unchecking the box, you can prevent the placing of cookies in the corresponding category (e.g., “Marketing”). However, if you allow us to use personalised advertising (recognition of your page views on our site and those of advertising partners or social media providers such as LinkedIn), we can continue to provide you with personalized information as before, remind you of content you have already viewed and optimize our web pages based on an anonymous analysis of your user behaviour on our web pages and in our services and platforms.
IV. Web analysis
ITscope uses the following services for web analysis and remarketing as well as their cookies (“Services”) on its Website:
(1) Google Analytics
This Website uses Google Analytics, a service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, to analyse and improve our Platform based on your user behaviour. Your IP address is shortened before the evaluation of the usage statistics so no conclusions can be drawn about your identity. Cookies, i.e., text files that are stored on the User’s computer and allow an analysis of how a User uses a particular website are used for these Services. The information generated by the cookie about the use of the Website or Platform will be transmitted to the servers of the analytical services in the U.S. and stored there. The storage of Google Analytics cookies and the use of this analytics tool are based on Art. 6 (1) (a) GDPR (Consent). For further information on how to manage your consent please refer to the following paragraph VII.
The User’s IP addresses are anonymized using “anonymizeIp()” or through comparable technical means, or only used to retrieve geodata and not stored by the Services for any other purpose so that it is not possible to associate them with an internet access point or a User. According to Google, Google will not merge the IP address of the User with other Google data.
The Services will use the collected information to analyze the use of the Website, to compile reports on Website activities, and to provide ITscope with other services in connection with the Website used. This information may also be transmitted to third parties if this is required by law or if third parties process this data on behalf of the Services.
We have concluded a data processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics. User and event-level data stored by Google, which is linked to cookies, user IDs (e.g., User ID) or advertising IDs (e.g., DoubleClick cookies, Android advertising ID), is anonymized or deleted after 14 months. Please click on the following link for details: https://support.google.com/analytics/answer/7667196?hl=en
The following services process your data based on your consent (pursuant to Art. 6 (1) (a) GDPR). For further information on how to manage your consent please refer to the following paragraph VII.
(1) Google Tag Manager
We have implemented Google Analytics (Universal) via the so-called “Google Tag Manager”. The Google Tag Manager is also a Google product that allows us to manage website tags on a user interface. The Tag Manager is a cookie-free domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If cookies were disabled at the domain or cookie level, this will affect all tracking tags implemented with Google Tag Manager.
(2) Google Analytics Remarketing
This Website also uses Google Analytics Remarketing in conjunction with the cross-device features of Google Ads and Google DoubleClick. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. This feature allows us to link the advertising audiences created with Google Analytics Remarketing to the cross-device capabilities of Google Ads and Google DoubleClick. This way, interest-based, personalized advertising messages that have been customized for you based on your past usage and browsing habits on one device (e.g., mobile phone) can be displayed on another of your devices (e.g., tablet or PC). If you have granted your consent, Google will connect your web and app browsing history with your Google Account for this purpose. This way, the same personalized advertising messages to be displayed on any device on which you log into your Google Account. To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to help us define and create audiences for cross-device advertising. You may opt-out of cross-device remarketing/targeting permanently by disabling personalized advertising; just click on the following link: https://www.google.com/settings/ads/onweb/.
(3) Google Ads und Google Conversion Tracking
This Website uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. As part of Google Ads, we use what is known as conversion tracking. When you click on an ad placed by Google, a conversion tracking cookie is placed. Cookies are small text files that the web browser places on the user’s computer. These cookies expire within 30 days and are not used to personally identify Users. If the User visits certain pages of this Website and the cookie has not expired, Google and we may recognize that the User clicked on the ad and was redirected to this page.
Each Google Ads customer receives a unique cookie. The cookies cannot be tracked on the websites of Google Ads customers. The information collected through the conversion cookie is used to compile conversion statistics for Google Ads customers who have opted-in to conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive information that personally identifies users. If you do not wish to be tracked, you can easily opt-out of this service by disabling the Google Conversion Tracking cookie in the user preferences of your web browser. You will then not be included in the conversion tracking statistics.
(4) Google Optimizer
We would like to point out, however, that in this case it may not be possible to use all features of our Website to their full extent. Furthermore, you can prevent Google from collecting data generated by cookies that is related to your use of the Website, as well as from processing this data, by downloading and installing the browser plug-in available from the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
(5) Microsoft Bing Ads
On our pages we use the Conversion Tracking feature of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft Bing Ads stores a cookie on your computer if you have come to our site through a Microsoft Bing ad. This enables Microsoft Bing and us to see that a visitor clicked on an ad, was redirected to our website and landed on a predetermined page (conversion page). We only learn the total number of users who clicked on an ad and were redirected to the conversion page. No personal information about the identity of the User is disclosed.
If you do not want Microsoft to use information about your browsing behaviour as described above, you can refuse to accept cookies by selecting the appropriate settings in your web browser, such as setting your browser to refuse all cookies automatically. You can also prevent the collection of data generated by the cookie and related to your use of the Website, and Microsoft’s processing of such data, by clicking the link below: Object to the placing of cookies: https://account.microsoft.com/privacy/ad-settings/signedout?lang=en-EN. For more information about data protection and cookies used by Microsoft and Bing Ads, visit the Microsoft Web website at https://privacy.microsoft.com/de-de/privacystatement
(6) LinkedIn Insight Tag
The LinkedIn Insight tag allows us to collect information about visits to our Website, including URL, referrer URL, IP address, device and browser characteristics, timestamps, and page views. This data is encrypted, anonymized within seven days, and the anonymized data is deleted within 90 days. This technology allows us to generate reports on the performance of our advertisements and information on website interaction. To do this, the LinkedIn Insight tag is embedded in this Website, which connects to the LinkedIn server when you visit this Website while you are logged into your LinkedIn account.
You can disable the LinkedIn Insight tool and interest-based advertising by opting out at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
(7) Twitter Advertising (Retargeting bzw. Conversion Tracking)
On our Website, we use services provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, U.S. Within the EU/EEA region, the controller responsible for handling data subject rights is Twitter International Company, Attn: Data Protection Officer, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND.
Twitter Ads allows advertisers to collect data of users who visit their website. Cookies and code are used to connect the Website to another third-party platform such as Twitter. A non-reversible and non-personal checksum (hash value) is generated based on your usage data and sent to Twitter for analysis and marketing purposes. In addition, a so-called “Twitter pixel” can be used to track the actions of Users after they have seen or clicked on a Twitter advertisement.
User behaviour is recorded, such as websites visited, accessed contents, time of visit, etc., but also device-related data such as applications and operating systems used. Your IP address is stored and used for the geographically accurate distribution of advertising. With “cross-device personalization”, Twitter also attempts to identify and link all devices of a user. As the data is stored and processed by Twitter, it is also possible to link it to the respective user profile on twitter.com.
In the course of processing, the data may be transferred to a server of Twitter Inc. in the U.S. Twitter Inc. offers a level of protection for your data that is comparable to European data protection law.
Anonymized data will be deleted within 6 months. Data that allow the identification of a specific user on Twitter will be deleted within 90 days. Further information on the storage period can be obtained from the provider or at https://legal.twitter.com/ads-terms/international.html.
VI. Social media plugins
We do not use any social media plugins for data protection reasons. The Website has been linked to our accounts in social networks such as Xing, YouTube, Twitter, and Facebook. When you click on the embedded icons , you will be redirected to the page of the respective provider, i.e., your user data will not be transferred to the respective provider, unless you click on the respective icon. If you are logged into your user profile within the corresponding social network, your user profile will be associated with the visit of our Website when you click on the icon. If you do not want social networks to collect data about this Website, you should log out of the social networks before you visit the Website.
VII. Note on data processing, withdrawal of opt-in, opt-out option
The User may prevent the storing of cookies by making the appropriate settings in its browser software; however, please note, that in this case you may not be able to use the full functionality of the Website or Platform.
How to withdraw a consent granted Opt-In:
If you have granted your consent to the processing of your data for advertising purposes, for statistical analyses, or for the use of external media and wish to withdraw this consent, please follow this Link. Remove the check mark from the corresponding category (“Marketing”, “Statistics”, “External media”) and click on “save”.
In addition, the User has the following opt-out options:
- The User may object to the collection of data by Google Analytics with effect for the future, in particular, by installing an opt-out (deactivation) add-on (http://tools.google.com/dlpage/gaoptout) for its web browser.
- The User can permanently object to Google Remarketing by deactivating personalised advertising in its Google Account via the following link: https://www.google.com/settings/ads/onweb
- The User can prevent the collection and processing of its data by Google Optimizer by following the instructions by clicking on this link: http://tools.google.com/dlpage/gaoptout?hl=de.
- The User may object to the use of data for interest-related advertisements on the following web pages: http://optout.networkadvertising.org/, https://adssettings.google.com/
- You can disable the LinkedIn Insight tool and interest-based advertising by opting out at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- The user can object to data collection by Twitter by adjusting the advertising settings in its Twitter account or at https://twitter.com/personalization.
§ 3 Special features of our Website
In addition to the informational content on our Website, we also offer various services or features which you can use if you are interested. For this purpose, you will generally have to provide additional personal data, which we use to provide the respective service or feature as described below.
I. Online job application
We offer every visitor of our Website the possibility to apply for a job via an online job application form. Alternatively, you may submit your job application by email. For further details on the job application process please refer to our hyperlinked privacy statement for job applicants.
Processing of personal data during the job application process
It is a prerequisite of the job application process that job applicants provide personal data and details to us. These include, but are not limited to: Name(s) and family name, contact details (email, telephone) as well as the cover letter and annexes (CV, certificates, etc.). Furthermore, job applicants can provide us with additional information on a voluntary basis.
Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily shared during the job application process, their processing is also subject to Art. 9 (2) (b) GDPR (e.g., health data, such as severely disabled status or ethnic origin).
All incoming job applications are handled confidentially and only by a small defined group of HR employees and the relevant parties involved in the job application process. The data will not be disclosed to third parties.
Purpose, legal basis, and storage period
We process a candidate’s data only for the purpose and within the scope of the job application procedure in accordance with the legal requirements. Candidate data is processed for the purpose of fulfilling our (pre-)contractual obligations within the scope of the job application procedure in accordance with Art. 6 (1) (b) GDPR (in Germany section 26 BDSG (Federal Data Protection Act) applies additionally). In the event of a successful job application, the data provided by the candidates may be processed by us for the purposes of the employment relationship. If the application for a job offer is not successful, the applicants’ data will be deleted. In the event that the data should still be needed for the enforcement of legal rights after the application procedure has been completed, further data processing may be carried out based on the requirements of Art. 6 GDPR, including, but not limited to the safeguarding of legitimate interests pursuant to Art. 6 (1) (f) GDPR. Our legitimate interest then consists in the assertion or defence of claims. Deletion shall take place no later than within 180 days.
In some cases, we invite candidates to join our talent pool. Admission is only granted on the basis of the applicant’s consent within the meaning of Art. 6 (1) (a) GDPR. All candidates admitted to the talent pool are stored permanently and for the purpose of filling a potential vacancy. Data will only be deleted by ITscope upon request by the individual concerned or if the candidate’s profile does not match the vacancy at a later date. The deletion can be requested by email to firstname.lastname@example.org without stating reasons.
Notes on the job application form
Note on email job applications
When applying by email, please note that emails are generally not sent in encrypted form and that the job applicants themselves must ensure that they are encrypted. We can, therefore, not accept any responsibility for the transmission path of the job application between the sender and the inbox of our server and therefore recommend our job application form. Personio software is also used to process the email application to facilitate this process.
Withdrawal and deletion of job application
Applicants can demand the deletion of their data at any time without giving any details. In addition, previously granted consent (e.g., talent pool) may be withdrawn with effect for the future. The request for deletion or withdrawal must be emailed to email@example.com. The stored data of the applicant will be deleted immediately, unless there is are legal grounds which justify their storage (e.g., an existing employment relationship). In this case, the data will be deleted after the expiration of the applicable retention period.
II. Chatbot, CRM system
III. Contact forms, request by email, telephone, and fax
If you send us inquiries via the contact form, your details from the contact form, including the contact data you provide therein, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent. The same applies to inquiries received by email, telephone, or fax.
This data is processed based on Art. 6 (1) (b) GDPR, if your request is related to the performance of a contract or is necessary for performing pre-contractual tasks. In all other cases, processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 (1) (f) GDPR), or on your consent (Art. 6 (1) (a) GDPR), provided that it had been obtained.
The data you enter in the contact form will remain with us until you request us to delete it, withdraw your consent to storage, or the purpose for which the data had been stored no longer applies (e.g., after your request has been fully processed). Mandatory legal provisions – including, but not limited to retention periods – remain unaffected.
Subscribing to our newsletter via the Website is based on your consent within the meaning of Art 6 (1) (a) GDPR. The User agrees to data storage for the purpose of establishing contact. He or she will be regularly informed about products, services, and innovations regarding the ITscope Platform. Provided that the User has not objected to or prevented the analysis of its user behaviour by the aforementioned analytical tools, the User will receive personalized advertising. The contact data provided will be stored until the User withdraws its consent. The User can declare its withdrawal of consent via the “unsubscribe link” in the newsletters or send a short message to firstname.lastname@example.org.
§ 4 Data processing during Platform use
- ITscope collects personal data of the User (including, but not limited to the name and business contact data) when the User registers on this Platform or is registered by a third party, e.g., if the employer of a User creates an account for it on the Platform. If required by data protection law, rules, and regulations, the customer assures to have obtained the prior consent of its employees and to have informed them accordingly. With regard to its employees, the customer shall ensure that ITscope may process and use the contact data collected for the contractual purposes described herein and, if necessary, may contact the employees (e.g., in connection with a support ticket).
- During the registration process, ITscope will request the following mandatory information that is marked with an asterisk (*): family name, first name, email address, company, for newly registered companies also the full postal address of the company, and a phone number. Registration without this mandatory data is not permissible. During the registration process the User may also provide additional data on a voluntary basis, such as on its position within the company and other contact data. This information is not a prerequisite for registration.
- ITscope will process and use the personal data of customers and Users for contract performance and customer support (e.g., provision of support services and user support) based on Art. 6 (1) (b) GDPR. ITscope will inform Users by email about new and similar products and services as well as special offers from ITscope that might be of interest to the User in the form of a periodic newsletter. The User has the right to object to the use of its email address for such marketing purposes by notifying ITscope hereof at any time (e.g., by unsubscribing from a newsletter by activating a link at the end of each newsletter) without incurring any costs.
- ITscope will neither use the User’s personal data for other advertising purposes nor pass it on to third parties, unless,
a) the User expressly grants its consent to the use of its data for advertising purposes and/or disclosure to third parties; the User may withdraw its consent at any time; or
b) ITscope is obligated to pass on data by law, e.g., to investigative authorities.
- Personal data that the User voluntarily provides on the Platform via the presentation and communication features provided may be deleted by the User at any time during the existing contractual relationship. In addition, personal user data (including the User’s login data for supplier systems stored on the Platform, cf. Art. 4) will be deleted from all systems or their processing will be restricted no later than three (3) months after termination of the contractual relationship with ITscope. This can also be done by removing the personal identifiers from texts written by the User or contents uploaded to the Platform (e.g., product reviews and comments).
§ 5 Creation and analysis of user profiles on the Platform
- In addition, the access of registered Users to the Platform based on the legitimate interests of ITscope in accordance with Art. 6 (1) (f) GDPR will be logged using their user ID and account number and stored for the purpose of enhancing the user experience and for statistical analysis. ITscope has the right to publish analysis results in anonymous or aggregated form, i.e., without reference to individual customers or Users, for information purposes, for instance on the Website. Beyond this, profile data will not be passed on to third parties, unless ITscope is obligated by law to do so.
- The User may disable the compilation of personal user profiles on the Platform in the user settings.
§ 6 Erasure or deletion of data
- Personal data collected via the Website will only be stored by ITscope until the purpose for which it had been transmitted by the User has been completely fulfilled. This shall also apply to personal data if the User had granted its express consent to the collection and processing of this type of personal data.
- The data will not (yet) be deleted if it still needs to be retained until the purpose is completely attained or if there are other legitimates grounds for its retention and/or if statutory provisions (e.g., retention duties under trade and tax law) prohibit the erasure or deletion of data. Article 3 (5) above applies to the deletion of data collected and processed in connection with the Platform use.
§ 7 Use of supplier services within the Platform
- Suppliers listed on the ITscope Platform may provide their own services on or via the Platform (“Supplier Services”), e.g., for retrieving particular purchase prices or for electronic order processing.
- User login data (in particular, passwords) required for using Supplier Services are electronically transmitted to the suppliers’ servers as encrypted messages at all times, unless a supplier fails to offer a secure or encrypted connection for this purpose.
- ITscope uses state-of-the-art, secure encryption procedures with separately stored keys to protect the User’s login data and will decrypt these only for the purpose set forth on the Platform, in particular, to retrieve prices and to transmit order documents to the User.
- ITscope exclusively uses its own server systems for storing such login data, which are hosted at a data center certified in accordance with the BSI Grundschutzhandbuch (Basic Protection Manual) and ISO 27001.
- ITscope is not responsible for the collection and processing of User’s personal data by the supplier, rather, the corresponding supplier is the Controller within the meaning of the GDPR.
§ 8 Data subject rights
(1) Users affected by data processing (“Data Subjects”) may exercise various rights. In particular, these are:
- Right to access: The User has the right to access information that ITscope stored about him/her.
- Right to rectification and erasure: The User may request ITscope to rectify inaccurate data and to erase its data.
- Restriction of processing: The User may request ITscope to restrict the processing of its data.
- Data portability: If the User provides data to ITscope under an agreement or based on a consent, it may demand the provision of the data submitted by it in a structured, common, and machine-readable format, or that ITscope transmit this information to another controller.
- Objection to data processing based on “legitimate interest”: If reasons exist that are based on grounds relating to the User’s particular situation, the User may object at any time to the processing of personal data by ITscope, to the extent that the “legitimate interest” is the legal basis for this objection. If the User should exercise its right to object, ITscope will discontinue the processing of its data, unless ITscope are able to show that there are compelling reasons that allow the continued data processing and override the User’s rights.
- Withdrawal of consent: If the User has granted its consent to the processing of its data the User may withdraw this consent at any time with effect for the future. The legitimacy of processing of its data up to the date of withdrawal remains unaffected.
- Right to lodge complaints with the supervisory authority: Furthermore, the User has the right to lodge a complaint with the competent supervisory authority, if it believes the processing of its personal data to violate the applicable statutory provisions, rules, and regulations. In this case, the User may contact the data protection authority having competence at its place of residence or in its country, or the data protection authority having competence at the place of business of ITscope.
The User is only entitled to the rights described above subject to the condition precedent that the applicable legal requirements have been complied with, including those that are not explicitly mentioned in the above explanations.
In case of any questions regarding the processing of their User data, data subject rights or any consent granted, the User may contact ITscope free of charge.
(2) If you wish to exercise any or all of your rights, please email us at email@example.com, or write a letter to the address indicated in section 1 above, or give us a call. Please ensure that we will be able to identify you without any doubt.
Last revised: 24.08.2020
Digitise your sales and purchasing!
Test ITscope with no obligation for 30 days: all tools and no hidden costs! In order to continue to have access to ITscope, you can choose from a variety of licence packages. Choose between packages with either monthly or yearly cancellation – we would be happy to advise you on the optimal ITscope version for your company!
Comprehensive: use all tools and functions
No hidden costs: no payment information or cancellation necessary
Flexible: various update options available afterwards