1. General Information
Data protection and information security are fundamental to soffico GmbH (hereinafter referred to as soffico) for maintaining stable and successful customer relationships and are a high priority within the company. For this reason, the protection of your personal data (hereinafter referred to as ‘data’) is very important to us.
When handling personal data, we comply with all relevant regulations – in particular those of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telecommunications and Telemedia Data Protection Act (TTDSG) or the Unfair Competition Act (UWG) in their currently valid versions. In addition, we have taken the technical and organisational measures necessary to ensure adequate data protection.
Below, we would like to provide you with detailed information about what data is collected when you visit our website and use our services, and how we process and use this data.
2. Website
If you only use our website to retrieve information, it is generally not necessary for you to provide personal data. However, it is necessary for the operation of the website to process certain data that can be used to identify individuals. In this case, we only process the data that is transmitted to us by your internet browser. This includes the following in particular:
- Date and time of access to one of our web pages
- Your browser type
- Browser settings
- Operating system used
- The last page you visited
- The amount of data transferred and the access status (file transferred, file not found, etc.)
- Your IP address
2.1 Purpose
This is done to enable you to access and use the websites you visit, for statistical purposes and to improve our website.
2.2 Legal basis
The legal basis for this is our legitimate interest pursuant to Art. 6 (1) (f) GDPR for error analysis, availability analysis and defence against attacks, as well as the maintenance and general functionality of the website.
2.3 Recipients
Your data may be transferred to processors (specifically to YEAH GbR as the website operator and All-Inkl-com as the host). However, it will not be transferred to third parties.
2.4 Storage period
The data will be stored for a maximum of four weeks, unless there is a legal obligation to retain it for longer. At the same time, longer storage may take place if this is necessary to investigate detected attacks on our website.
2.5 Right to object
You may have the right to object to processing based on the legitimate interests of the controller.
3. Cookies
We use cookies to enable you to use this website without restriction. Cookies are small text files that enable us to recognise users and analyse their use of our website. These text files store a randomly generated unique identification number. Cookies also contain information about their origin and storage period. These cookies cannot store any other data. Setting cookies does not allow us to view files on your computer.
The cookies set by our website do not pose any risk to the user’s computer system, as they do not cause any damage and do not contain viruses or similar.
We distinguish between three types of cookies that we use to operate our website:
- Functionally necessary cookies to ensure the technical operation and basic functions of our website. Among other things, this type of cookie is used to store your selection of activated cookies via a cookie banner.
- Statistics/marketing cookies to understand how visitors interact with our website and to enable targeted advertising activities. Information is collected and analysed anonymously only. This provides us with valuable insights to optimise the website and our product range.
- Third-party cookies, if third-party media content is integrated, for example when playing YouTube videos.
The use of cookies can also be prevented by adjusting your browser settings accordingly. If your browser supports ‘Do Not Track’ technology and you have activated it, no usage profile will be created during your visit. However, please note that this website may not be fully usable without cookies.
3.1 Legal Basis
The legal basis for the use of technically necessary cookies that do not require consent is our legitimate interest pursuant to Art. 6(1)(f) GDPR in ensuring the technical operation and basic functions of our website, as well as in storing your selected cookie settings and operating the website accordingly.
The legal basis for the use of cookies for marketing and analysis purposes (see the sections below on ‘Matomo’, ‘Google Ads’, ‘Google Ads Remarketing’ and ‘LinkedIn’), which you can select via the cookie banner, is your consent in accordance with Art. 6 (1) (a) GDPR and Section 25 TTDSG.
The legal basis for the use of statistics/marketing cookies and third-party cookies is exclusively your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 TTDSG, which you can give either via the cookie banner or by accessing the relevant content, for example when playing a YouTube video (see the section ‘YouTube videos’).
3.2 Right to object (in cases of legitimate interest)
Under certain circumstances, you have the right to object to processing based on the legitimate interest of the controller.
3.3 Right to withdraw consent (in cases of consent)
You may revoke your consent at any time for record-keeping purposes. Revoking your consent does not affect the lawfulness of processing based on consent before its revocation.
3.4 Recipients
This data is transferred to processors, but not to third parties.
3.5 Transfer to third countries
When playing YouTube videos, using Google services or consenting to other data processing described below, the transfer of your data to the USA cannot be ruled out. Personal data processed by technically necessary cookies is never transferred to a third country.
However, since 10 July 2023, there has been a new data protection agreement between the EU and the USA, which constitutes an adequacy decision within the meaning of Art. 45 GDPR. On the basis of this adequacy decision, personal data may also be transferred to a third country or an international organisation.
3.6 Storage period
Cookies are stored for different lengths of time depending on their purpose:
- Cookies that are necessary for consent management are stored for one year.
- The query as to whether the visitor has already been to the website is stored for up to 400 days.
- For logged-in users, cookies for settings and time are stored for 1 year.
- Cookies relating to language settings are stored for 1 day.
3.7 Necessity of provision
You are under no obligation to provide this data. By not providing the functionally necessary cookies, you may experience problems with accessing and using our website.
3.8 Statistics and marketing tools
The statistics/marketing tools we use are described below:
3.8.1 Matomo
If you have given your consent to statistics/marketing cookies, our website uses the software ‘Matomo’ (HTTPS://MATOMO.ORG/) as a web analysis tool to make our website even better and more specific. The software places cookies on your computer that enable your browser to be recognised. When subpages of the website are accessed, the following data is stored:
- Date and time of access to one of our web pages
- Your browser type
- Your browser settings
- The operating system used
- The last page you visited or how you arrived at our site
- The amount of data transferred and the access status (file transferred, file not found, etc.)
- Your IP address, truncated by the last two bytes (anonymised)
The data collected with Matomo is stored in the Matomo Cloud.
3.8.2 Google Maps
We use the ‘Google Maps’ component from Google on our website.
No cookies are set when using the ‘Google Maps’ component. Please note that data is only transferred to Google when you actively select the component, i.e. click on the map and use the component. Google is solely responsible for the processing of personal data (e.g. IP address, location) in this regard; we do not have access to this data.
The use of Google Maps and the information obtained via Google Maps is subject to Google’s Terms of Use HTTP://WWW.GOOGLE.DE/INTL/DE/POLICIES/TERMS/REGIONAL. HTML and the additional terms and conditions for Google Maps, which can be found at the following link: HTTPS://WWW.GOOGLE.COM/INTL/DE_DE/HELP/TERMS_MAPS.HTML.
3.8.3 Google Ads
If you consent to processing, we use Google Ads to draw attention to our product and service portfolio on external websites with the help of advertising material (known as Google Ads). We can determine how successful the individual advertising measures are in relation to the data from the advertising campaigns. This enables us to show you advertising that is of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.
These advertising materials are delivered by Google via so-called ‘ad servers’. For this purpose, we use ad server cookies, which allow certain parameters for measuring success, such as the display of ads or clicks by users, to be measured. If you access our website via a Google ad, Google Ads will store a cookie on your device. This cookie usually stores the unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversions) and opt-out information (indicating that a user no longer wishes to be targeted) as analysis values.
These cookies enable Google to recognise your internet browser. If a user visits certain pages on the website of Ads customers and the cookie stored on their computer has not yet expired, Google and the customers can recognise that a user has clicked on the advertisement and been redirected to this page. Each Ads customer receives a different cookie. Cookies cannot therefore be tracked across the websites of Ads customers. We ourselves do not collect or process any personal data in the advertising measures mentioned. We only receive statistical evaluations from Google. Based on these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify users based on this information.
Due to the marketing tools used, your browser establishes a direct connection to Google’s server after you have given your consent. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: By integrating Ads Conversion, Google receives the information that you have accessed the corresponding part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that Google will find out and store your IP address.
3.8.4 Google Ads Remarketing
If you consent to its use, we will use the remarketing function within the Google Ads service. The remarketing function allows us to present users of our website with advertisements based on their interests on other websites within the Google advertising network (in Google Search or on YouTube, known as ‘Google Ads’ or on other websites). To do this, we analyse user interaction on our website, e.g. which offers a user was interested in, so that we can show users targeted advertising on other sites even after they have visited our website. To do this, Google stores cookies on the end devices of users who visit certain Google services or websites in the Google Display Network. These cookies are used to track the visits of these users. The cookies are used to uniquely identify a web browser on a specific device and not to identify a person.
3.8.5 LinkedIn (Insight-Tag)
If you have given your consent to statistics/marketing cookies, we activate a cookie from LinkedIn when you visit our website (LinkedIn Ireland, Wilton Place, Dublin 2, Ireland).
The tag reports to LinkedIn what actions you have taken on our website and any data that may identify you.
The data allows LinkedIn to recognise that you have visited our website, what you have clicked on, and if you have clicked on a link on LinkedIn that connects you to our website. This allows LinkedIn to show you interest-based content. LinkedIn may link this data to your user account and use it for its own purposes. The processing of your data by LinkedIn is explained in the privacy policy at HTTPS://WWW.LINKEDIN.COM/LEGAL/PRIVACY-POLICY.
3.8.6 YouTube Videos
Our website incorporates YouTube videos that are stored on ‘www.youtube.com’ and can be played directly from our website. YouTube is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter referred to as ‘Google’). We use the ‘extended data protection mode’ option provided by YouTube, which means that no data about you as a user is transferred to YouTube if you do not play the videos.
Only when you play the videos will YouTube cookies be stored on your computer and data transferred to YouTube operator Google. If you play videos stored on YouTube, at least the following data will be transferred to Google: IP address and cookie ID, the specific address of the page you visited on our site, browser language settings, system date and time of access, and your browser ID. The data transfer takes place regardless of whether you are logged in to a YouTube user account or do not have a user account. If you are logged in, this data is directly associated with your account. You can prevent this association by logging out before activating the start button. YouTube or Google stores this data as usage profiles and uses it for advertising, market research and/or the needs-based design of its website. You have the right to object to the creation of these usage profiles, which you must address directly to Google as the operator of YouTube.
Further information on YouTube’s data protection policy is available from Google at HTTPS://POLICIES.GOOGLE.COM/PRIVACY. By playing YouTube videos, you consent to the processing of data by Google. We do not process the data concerned.
4. Individual processing operations
4.1 contact form
4.1.1 Purpose
If you contact us via the contact form on the website, by email or by telephone, we will store the data you provide for the purpose of processing your enquiry and in case of follow-up questions.
4.1.2 Legal basis
The legal basis is, on the one hand, our legitimate interest pursuant to Art. 6 (1) (f) GDPR in responding to your enquiry or, on the other hand, the initiation or fulfilment of a contract pursuant to Art. 6 (1) (b) GDPR.
4.1.3 Recipients
Your personal data may be forwarded to external processors (e.g. Salesforce, All-inkl-com, Microsoft), but in any case not to third parties.
4.1.4 Storage period
The data will only be stored for as long as is necessary to achieve the respective purpose or within the framework of statutory retention periods.
4.1.5 Right to object (in the case of legitimate interest)
You may have a right to object to processing based on the legitimate interest of the controller.
4.1.6 Necessity of provision
The provision of your data may be necessary for the initiation or fulfilment of a contract. The consequences of not providing your data may include delays in processing your enquiry, failure to conclude a contract or termination of the contract.
4.2 Registration on this website (customer portal)
4.2.1 Purpose
You can register on our website to use additional functions on the site. These functions include, in particular, the customer portal.
We use the data entered for this purpose only for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration (user name, email address, password) must be provided in full. Otherwise, we will reject the registration. In the event of important changes, for example to the scope of the offer or technically necessary changes, we will use the email address provided during registration to inform you. A full name can be added voluntarily at a later date.
4.2.2 Legal basis
The processing of your registration and use of the customer portal is necessary for the performance of the respective contract between you and us (Art. 6(1)(b) GDPR).
4.2.3 Recipients
Your personal data may be forwarded to external processors (e.g. All-inkl-com), but in any case not to third parties.
4.2.4 Storage period
The data collected during registration will be stored by us for as long as you are registered on our website and will be deleted afterwards. Statutory retention periods remain unaffected.
4.2.5 Necessity of provision
The provision of your data may be necessary for the initiation or fulfilment of a contract. The consequences of not providing your data may include delays in processing your enquiry, failure to conclude a contract or termination of the contract.
4.3 Newsletter dispatch
4.3.1 Purpose
You have the option of subscribing to our newsletter via our website. This will keep you up to date and provide you with interesting company news, topic-related information and invitations to our events. For this purpose, we require your email address and your declaration that you agree to receive the newsletter. When you subscribe to our newsletter, we will also store the date and time of your registration. This serves as a safeguard on our part and as proof of your consent in the event that a third party misuses your email address and subscribes to our newsletter without your knowledge. In addition, we use the so-called double opt-in procedure.
In addition, statistics on opening, reading and clicking behaviour are compiled in connection with the newsletter. This enables us to offer you better services and to send you only the information that is of real interest to you.
4.3.2 Legal basis
The legal basis for sending the newsletter is your consent in accordance with Art. 6 (1) (a) GDPR in conjunction with § 7 (2) No. 3 UWG (German Unfair Competition Act). The compilation of statistics is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR, whereby our interest arises from the aforementioned purpose.
4.3.3 Recipients
Your personal data will be forwarded to external processors, but not to third parties. We use the MAILEON tool from XQUEUE GMBH to send the newsletter. This company has undertaken to comply with data protection regulations vis-à-vis us.
4.3.4 Storage period
Deletion or non-processing for the above purpose takes place after unsubscribing from the newsletter.
4.3.5 Revocation
You can cancel your subscription to the newsletter at any time by clicking on the ‘Unsubscribe newsletter’ button. Your cancellation will be sent to the following email address: MARKETING@SOFFICO.DE. You can of course also contact us by email or telephone. We will then immediately delete your data in connection with the newsletter dispatch. The lawfulness of the processing carried out between your consent and revocation remains unaffected.
4.3.6 Notice of objection (in case of legitimate interest)
Under certain circumstances, you have the right to object to processing based on the legitimate interest of the controller.
4.4 Podcast
4.4.1 Purpose
When using the LetsCast web player, information about the respective podcast episode, the IP address and the version of the browser and operating system is transmitted. The processing is carried out for statistical evaluation of the playback process, as well as for the secure, efficient provision and optimisation of the podcast offering.
Buzzsprout processes listeners’ personal data – such as IP address, user agent and, if applicable, the referring URL – in order to validate podcast downloads, identify the applications used and determine the approximate geographical origin of the downloads. This data is used in particular for:
- the creation of anonymised statistics for podcasters
- the detection of fraud or abuse
- the fulfilment of legal obligations.
4.4.2 Legal basis
Data processing is based on your consent in accordance with Art. 6 (1) (a) GDPR.
4.4.3 Recipients
When you access the LetsCast.fm web player, a connection to LetsCast.fm is automatically established, making LetsCast.fm the recipient of the aforementioned data.
The recipient of the data when using the Buzzsprout podcast service is Higher Pixels, Inc., dba Buzzsprout, operator of Buzzsprout Services.
4.4.4 Third country transfer
We use the Buzzsprout hosting service from Higher Pixels, Inc., based in Jacksonville (Florida, USA), to provide our podcasts. Buzzsprout is certified under the EU-US and Swiss-US Data Privacy Framework (DPF), which ensures adequate data protection guarantees for the transfer of personal data. For more information, please refer to Buzzsprout’s privacy policy: HTTPS://WWW.BUZZSPROUT.COM/PRIVACY
4.4.5 Storage period
The storage period for Buzzsprout cookies ends when the respective session is closed. The Letscast web player does not set any cookies or local storage entries in the browser.
4.4.6 Revocation
You can revoke your consent at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent until revocation.
4.4.7 Necessity of provision
The provision of personal data is voluntary and based solely on consent. Without consent, the podcast player cannot be used.
4.5 application process
4.5.1 Purpose
The personal data you provide in the course of an application (including correspondence) will be processed for the purposes of recording and storage, coordination and evaluation in the application process, keeping records of the data for future application processes, and anonymous statistical evaluation of the applicant structure. Without the provision of your data, it is not possible to consider your application in the application process, as we would otherwise be unable to assess whether you are suitable for the position in question.
4.5.2 Legal basis
The legal basis is the implementation of pre-contractual measures within the meaning of Art. 6 (1) (b) GDPR and, in the case of record keeping, your express consent within the meaning of Art. 6 (1) (a) GDPR. Furthermore, we have a legitimate interest pursuant to Art. 6 (1) (f) GDPR in retaining documents from the application process for evidence purposes and for the assertion or defence of any legal claims.
4.5.3 Recipients
Your personal data will not generally be passed on to third parties unless this is necessary in individual cases (verification of documents or certificates in cases of suspicion, assertion or defence of any legal claims).
4.5.4 Storage period
Once the application process has been completed, the personal data you have provided will be deleted after six months. In certain cases, the data may be stored for longer, namely for the purpose of asserting and defending legal claims.
If you have given your consent to a longer storage period, we will store the data for this storage period (5 years) and delete it after expiry (so-called retention).
4.5.5 Right to object (in case of legitimate interest)
You may have a right to object to processing based on the legitimate interest of the controller.
4.5.6 Notice of revocation (in case of consent)
You may revoke your consent to record-keeping at any time. Revoking your consent does not affect the lawfulness of the processing carried out on the basis of your consent prior to revocation.
4.5.7 Necessity of provision
The provision of data is generally voluntary, but the provision of your data may be necessary for the initiation or fulfilment of a contract. The consequences of not providing data may include, for example, delays in processing your enquiry, failure to conclude a contract or termination of the contract.
4.6 Business Relationships
Depending on the contract, it is necessary to process certain data in order to either use the respective service or to be able to provide it on our part.
4.6.1 Purpose
We process the data necessary for the initiation of a contract (submission of offers, participation in tenders, etc.).
Within the framework of existing business relationships, we also process data that is necessary for the provision of our services, customer support and information, including internal documentation and administration. In addition, data is also stored in order to comply with legal obligations (in particular the German Fiscal Code, Value Added Tax Act and Commercial Code).
4.6.2 Legal basis
The following legal bases apply in this case:
- Initiation or fulfilment of a contract – Art. 6(1)(b) GDPR.
- Fulfilment of legal obligations – Art. 6(1)(c) GDPR.
- Documentation for the assertion and defence of legal claims – Art. 6(1)(f) GDPR.
4.6.3 Recipients
In order to provide our services, we may use various contractual or business partners who are involved or are to be involved in the delivery or service. These partners are contractually bound to maintain confidentiality. In addition, your data will be passed on to authorities or courts if we are legally obliged to do so.
4.6.4 Storage period
The data will only be stored for as long as is necessary to fulfil the mutual contractual obligations. In order to comply with legal obligations (in particular § 147 AO, §§ 238 and 257 HGB), the data will be stored for a period of ten years from the end of the calendar year. In certain cases, the data may be stored for longer, namely for the assertion and defence of legal claims. In particular, contracts and related data are stored for the duration of the business relationship and then deleted after the expiry of the statutory limitation periods (tax and commercial law documents: ten years; other documents three years in accordance with Section 195 of the German Civil Code (BGB)).
4.6.5 Right to object (in cases of legitimate interest)
Under certain circumstances, you have the right to object to processing based on the legitimate interest of the controller.
4.6.6 Necessity of provision
The provision of your data is necessary for the initiation or fulfilment of a contract. The consequences of not providing your data may include delays in processing your enquiry, failure to conclude a contract or termination of the contract. In addition, the provision of your data is necessary for us to fulfil our legal obligations (in particular documentation obligations). Failure to provide your data would mean that we would be unable to comply with our legal obligations, which could result in you being liable for damages in the event of a penalty being imposed on us.
4.7 Assertion, Exercise or Defence of Legal Claims
4.7.1 Purpose
Storage and, where applicable, other processing of personal data for the assertion, exercise or defence of legal claims or in relation to actions taken by courts in the course of their judicial activities.
4.7.2 Legal basis
The legal basis for the processing of your personal data for the purpose described is our legitimate interest (Art. 6(1)(f) in conjunction with Art. 9(2)(f) GDPR). The legitimate interest consists in processing personal data as evidence for asserting and defending legal claims.
4.7.3 Recipients
Your personal data will not be transferred to third parties as a matter of principle. Transfer will only take place if it is necessary for the purpose described. In particular, personal data may be transferred to solicitors, debt collection agencies and courts.
4.7.4 Storage period
The data will only be stored for as long as is necessary to fulfil the described purpose.
4.7.5 Right to object (in the case of legitimate interest)
Under certain circumstances, you have the right to object to processing based on the legitimate interest of the controller.
4.8 Photography and/or video recording at company events
4.8.1 Purpose
As is customary at any event, photos and/or videos are taken at events organised by us. Our aim is not to identify individuals, but purely to document the event. For documentation purposes, the photos and/or videos taken will be stored securely by us and, if necessary, also published on the internet (on our homepage), on our social media channels or in newsletters. They will also be stored for archiving purposes. In addition, we may present the photos/videos taken at future events (e.g. annual/anniversary events).
4.8.2 Legal basis
The processing (the creation, presentation and publication of the photos/videos) is based on our overriding legitimate interest in documenting the events and also storing them in an archive (Art. 6(1)(f) GDPR). This also includes the interest in informing the public, customers and interested parties about events of the group of companies and documenting our own company history with photos and videos for future generations.
4.8.3 Storage period
The photos/videos taken will be stored for as long as they are necessary for the purpose. Photo/video recordings will generally be deleted immediately if they are not suitable for the above-mentioned purposes, would violate the legitimate interests of the person depicted, or in the event of an objection by the person concerned.
4.8.4 Objection
Under certain circumstances, you have the right to object to processing based on the legitimate interests of the controller. If you do not agree with the recording or publication, please inform the photographer on site immediately. You can also contact us after the photo/video recording has already taken place.
4.8.5 Necessity of provision
You are under no obligation to be photographed or recorded.
4.9 Live Streaming, Webinars
4.9.1 Purpose
The purpose is to broadcast selected events live (streaming, video conferencing) and to hold webinars. For selected events, we would like to offer those who cannot be present on site the opportunity to participate in events via live stream or webinars. When broadcasting or recording events, depending on the concept, it may happen that the audience is also streamed or recorded with voice and/or video. You will be notified before the event if audio or video recording is taking place. The recording of the webinar is usually published on social media channels, the customer portal, the Orchestra Community and the websites of soffico GmbH. If you do not want to be recorded, you can deactivate your camera and microphone.
4.9.2 Processed data
Various types of personal data may naturally be processed in the context of a webinar. All webinar participants can see or hear the content provided (messages, comments, contributions, etc.). In addition, the following personal data is processed:
- Freely chosen pseudonyms or, where applicable, first and last names of participants
- Email addresses of participants
- Information in log files (in particular IP address, host name, device, connection data, start, duration, participants, organiser, quality information)
You have the option of participating in the webinar using a pseudonym, which guarantees a certain degree of anonymity if desired. The processing of the information in the log files is necessary for trouble-free operation, the performance of error and availability analyses, and the defence against attacks.
4.9.3 Legal basis
The processing, i.e. both the direct transmission and the creation and provision of the recordings, is based on our legitimate interest within the meaning of Art. 6(1)(f) GDPR. The legitimate interest consists in the effective implementation of online events and webinars as well as for marketing purposes.
4.9.4 Recipients
We use the ‘Zoom’ tool for webinars. ‘Zoom’ is a service provided by Zoom Video Communications, Inc., which is based in the United States. The provider of “Zoom” necessarily obtains knowledge of the above-mentioned data to the extent that this is provided for in the contract processing agreement with ‘Zoom’. Zoom is therefore our contract processor.
4.9.5 Third country transfer
Zoom is a service provided by a provider based in the USA. As mentioned above, there is currently an adequacy decision for the USA. Zoom also guarantees an adequate level of data protection by concluding so-called EU standard contractual clauses. As a supplementary protective measure, we have also configured Zoom in such a way that only data centres in the EU, the EEA or safe third countries such as Canada or Japan are used for conducting webinars.
However, data transfer to the USA cannot be ruled out. You can revoke your consent at any time by leaving the webinar. Revoking your consent does not affect the lawfulness of the processing carried out on the basis of your consent until revocation.
4.9.6 Storage period
In the context of streaming, video conferences or webinars, your personal data is transmitted live via the internet. If a recording is made, it is also stored internally or on social networks. This serves the purposes of public relations and external presentation. The recordings are generally stored and published indefinitely as long as there is an interest in publication and no legitimate claims for deletion are asserted. The necessity of storage is reviewed regularly (e.g. every 3 years). Data subjects may object to the processing for reasons arising from their particular situation in accordance with Art. 21 GDPR.
The information in the log files is deleted by Zoom as soon as storage is no longer necessary for the provision or maintenance of the service or at the latest 6 months after collection.
4.9.7 Notice of objection (in case of legitimate interest)
You may have a right to object to processing based on the legitimate interest of the controller.
4.9.8 Necessity of provision
Provision is generally voluntary, but the provision of your data may be necessary for participation in events. The consequences of non-provision may include, for example, no conclusion of a contract and limited or no participation in the events.
4.10 Automatic decision-making
The customer is not subject to any automated decision-making with legal effect on them in relation to the processing operations listed in point 4.
Automatic decision-making (profiling) may only and exclusively take place within the framework of registration and the dispatch of the newsletter using the Maileon program.
4.11 Transfer to third countries
Unless otherwise specified in the individual processing activities, your data will generally be processed domestically and/or within the EU. However, we would like to inform you that soffico receives support from Infomeis Co., Ltd in Thailand for programming and support activities, which enables access to the following data: Master data (last name, first name, address), contact details (name, email address, address, customer number), customer data (customer number, contact details (name, address, email), project data, project team). For this purpose, soffico has agreed standard contractual clauses with Infomeis Co., Ltd. in accordance with Art. 46 GDPR. If you require information about this contract (e.g., access) or further information, please contact us.
5. Social media
In general, usage data on social media is processed for advertising and market research purposes. For example, social media providers can create their own usage profiles based on various user interests and subsequently use these usage profiles to place targeted advertisements within and outside of social media. For these purposes, social media also uses cookies in which the usage behavior and interests of users are stored. Furthermore, these usage profiles may also contain data on users as members of the respective social media platforms, provided they are logged in to them (hereinafter referred to as “usage data”).
For a detailed description of the respective data processing and the options for objection or revocation, please refer to the data protection information of the respective social media platform (see section Social media in detail below).
In addition, we also process your username, name, contact and communication data in the course of our social media presence, provided that you contact us and share this data with us.
5.1 Purposes
We use our social media presence to provide information about ourselves, job vacancies, and our products or services, and, of course, to connect and communicate with users. In addition, we receive statistical evaluations of usage data collected by the respective social media platform in anonymized form so that we can better tailor our offerings to your interests.
5.2 Legal basis
The legal basis for communication is either the initiation of a contract or the fulfillment of a contract (Art. 6 (1) (b) GDPR), insofar as you contact us for this purpose, or our legitimate interest (Art. 6 (1) (f) GDPR) in responding to other inquiries.
The legal basis for processing in joint responsibility with the respective social media platform is our legitimate interest (Art. 6 (1) (f) GDPR) in the above-described processing of data for analysis and marketing purposes in order to continuously improve our presence on social media.
5.3 Joint responsibility
As we operate various social media accounts (see a detailed list in the section “soffico GmbH’s social media accounts” below), we take current developments in the area of data protection on social media very seriously. We therefore inform you that, based on the current case law of the European Court of Justice, joint responsibility within the meaning of Art. 26 GDPR exists between the operator of a media presence and the respective provider of this social media platform for the processing of your usage data. We have taken the necessary precautions for this joint responsibility, insofar as this has been made possible by the respective provider.
At this point, we would like to point out that the primary processing of your usage data on social media takes place at the respective provider of this social media and that we receive this data – if at all – exclusively in anonymized form and therefore the primary responsibility for this under the GDPR lies with the provider of the social media. We therefore recommend that you assert your rights as a data subject in this context directly with the respective social media provider. The corresponding links to the providers’ data protection information can be found in the Social Media section below. You can also assert your rights as a data subject in this context vis-à-vis us within the scope of our joint responsibility. In this case, we will immediately contact the respective social media provider.
5.4 Recipients
Your personal data may be forwarded to external processors, but in any case not to third parties.
5.5 Transfer to third countries
In the case of the social media platforms Facebook, Instagram, LinkedIn, and YouTube (Google), it may happen that usage data is processed outside the European Union, specifically in the USA. This is permissible under the EU-US data protection framework (EU Commission adequacy decision of July 10, 2023) in accordance with Art. 45 GDPR and/or on the basis of standard contractual clauses in accordance with Art. 46 (2) (c) GDPR.
5.6 Storage period
We generally process your data, which we process when you contact us via social media, until your account is deleted from the respective social media platform, unless longer storage is necessary for the purpose of processing, legal provisions, or to assert or defend rights. Your data will be deleted as soon as none of these reasons apply.
We receive and process usage data exclusively in anonymized form. For more detailed information on the storage period, please refer to the privacy policy of the respective social media platform.
5.7 Right to object (in cases of legitimate interest)
Under certain circumstances, you have the right to object to processing based on the legitimate interest of the controller.
5.8 Necessity of provision
If your use is for the purpose of establishing contact to initiate a contract, the provision of your data is necessary for the conclusion of the contract. If your use is for other reasons, you are not obliged to provide your data. Failure to provide your data when contacting us for the purpose of initiating a contract would mean that we would not be able to process your contact request. Failure to provide your data when using our services for other reasons would not have any negative consequences for you.
5.9 soffico GmbH’s presence on social media
6. Your rights
If your personal data is processed (collected, recorded, stored, evaluated, modified, read, queried, disclosed, disseminated, compared, linked, restricted, deleted, destroyed, etc.), you are a data subject within the meaning of the GDPR. As a data subject, you have the following rights vis-à-vis any controller who processes your personal data:
- Right of access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection (Art. 21 GDPR)
Withdrawal of consent
You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawing your consent does not affect the legality of the processing carried out on the basis of your consent prior to withdrawal.
Complaints
If you believe that the processing of your personal data violates data protection law or that your data protection rights have been violated in any other way, please contact us. This will enable us to address your concerns. You also have the right to contact the competent data protection authority.
7. Contact
Your trust is particularly important to us. If you have any further questions about data protection in connection with soffico, please feel free to contact us using the following contact details.
The responsible body for data processing on this website is:
soffico GmbH
Management Board Harald Wenger, Rica Holzmann, Prof. Dr. Hafenrichter
Karl-Drais-Str. 4e
D – 86159 Augsburg
Phone: +49 (0)821 455 901 00
E-mail: info@soffico.de
data protection officer
Dr. Sebastian Kraska
Marienplatz 2
D – 80331 München
Phone: +49 (0)89 1891 7360
E-mail: email@iitr.de
We would like to point out that by using this website, you must observe copyrights, name rights, trademark rights, and other rights of third parties. You agree to refrain from any misuse of the entire content (in particular images, videos, texts, and trademarks).
8. Withdraw consent
You can revoke all consents given here.
Withdraw consent
As of: 05.11.2025