Data Protection Privacy Statement
We are controller according to Article 13 (1)(a) GDPR:
CAS Software AG
represented by Martin Hubschneider (CEO).
CAS Software AG aims to respect and protect your privacy. We have designed our website so that you can visit the web pages of CAS Software AG (hereinafter referred to as website) without being personally identifiable and without any personal information about you being disclosed. If you decide to disclose personal information to us, we undertake to treat it with great care.
Personal data and recipients
The term ‘personal data’ refers to items of information which can give indications as to the identity or private matters of an individual.
Categories of personal data we process:
- personal data (first name, surname)
- contact data (address, email address, phone number and comparable data)
- date of birth (as far as specified by you)
- location (as far as specified by you, e.g., for the claim of place-related services given)
- bank account data (IBAN, BIC) (as far as specified by you)
- Internet Protocol (IP) addresses in anonymized form
- session data as well as data required for the anonymous identification and analysis of your user behavior; these include the IP address and metadata such as the browser you use, the browser language, date and time, user preferences, e.g. by setting cookies
Based on the above definition, it does not include information, which does not give indications as to the identity or private matters of an individual, such as the number of visitors to a website.
Recipients of your personal data:
- companies in the same group
- processors according to Article 4 (8) GDPR
- companies that use anonymous data of users to identify, analyze and exploit the behavior of Internet users for marketing purposes, such as: Matomo, yext, google, wiredminds, econda. This doesn‘t affect your personal contact information.
- advertising partners
- social media services, such as Facebook, and their users
Gathering and use of personal data
The information provided by CAS Software AG is normally freely accessible. No personal registration is required. Personal information is gathered where necessary in order to perform relevant services. This is the case, for example, if you subscribe online to the CAS@WORK customer magazine, or if you request information material or obtain test software. We only use your personal data to enable us to provide you with the services you request.
Part of the data is collected to ensure the proper functioning of the website. Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form. Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
Some of the data collected is used to ensure the error-free provision of the website.
Your personal data will be processed for the following purposes:
a) on the basis of a given consent according to Article 6 (1) (a) GDPR
If you have given consent to the processing of your personal data, this is the legal basis of the affecting processing of data. You can revoke your consent at any time with effect for the future. The legality of the processing based on your consent until your revocation is not affected by this.
b) to fulfil contractual obligations and pre-contractual measures according to Article 6 (1) (b) GDPR
- for the execution of our contracts with you
- for the implementation of measures and activities within the framework of pre-contractual relationships
c) for compliance with legal obligation according to Article 6 (1) (c) GDPR
We process your personal data if this is necessary to fulfil legal obligations (e. g. commercial, tax laws).
d) if processing is necessary for the purposes of the legitimate interests pursued by us or a third party according to Article 6 (1) (f) GDPR
Your personal data may be used by us or by third parties on the basis of a balance of interests to protect a legitimate interest. This is done for the following interests and purposes:
- temporary storage of automatically generated session data in log files
- advertising or market research, provided you have not objected to the use of your data
- the anonymous determination and evaluation of your user behaviour by third parties such as Matomo
- the assertion of legal claims and defence in legal disputes which are not directly attributable to the contractual relationship
- internal and external investigations and/or safety reviews
- operation of social media services
e) your obligation to provide data
It is required that you provide information that is necessary for us to enter into a business relationship or to enter into a pre-contractual relationship or that we are required to collect by law. Without these data, we can not conclude or execute a contract with you. This may also apply to data required later in the business relationship.
Disclosure of data and Consent
When you disclose your personal data to us, you thereby give your consent for us to store and use it within the constraints of the GDPR. The personal information you provide is accessible categorically only to CAS Software AG and to its partners where appropriate.
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
You have the following rights against us if the respective legal requirements are met:
- right of access by the data subject according to Article 15 GDPR,
- right to rectification according to Article 16 GDPR
- right to erasure (‘right to be forgotten’) according to Article 17 GDPR
- right to restriction of processing according to Article 18 GDPR
- right to object according to Article 21 GDPR
- right to data portability according to Article 20 GDPR
Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
Right to information, blocking and deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
Opposition to promotional emails
We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.
According to Article 21 (1) GDPR you have the following right against us to object if the respective legal requirements are met:
„The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.“
Providently we do inform you about your further possible right to object according to Article 21 (2) GDPR:
„Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.“
Right to file complaints with regulatory authorities
You have a right to lodge a complaint with a supervisory authority (Article 77 GDPR). The supervisory authority responsible for us is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit
Königstrasse 10 a
Transfer of data
CAS Software AG will treat your personal data in strict confidence, and will not disclose it to third parties under any circumstances (except for partners of the CAS Group).
Transfers of personal data to third countries
We only transfer your data to countries outside the European Economic Area – EEA (third countries) if this is required by law or under the following conditions of Article 49, paragraph 1, subsection 1 GDPR:
a) you have explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards;
b) the transfer is necessary for the performance of a contract between you and us or the implementation of pre-contractual measures taken at your request;
c) the transfer is necessary for the conclusion or performance of a contract concluded in your interest between us and another natural or legal person;
d) the transfer is necessary for important reasons of public interest;
e) the transfer is necessary for the establishment, exercise or defence of legal claims;
f) the transfer is necessary in order to protect the vital interests of you or of other persons, where you are physically or legally incapable of giving consent;
g) the transfer is made from a register which according to Union or Member State law is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions laid down by Union or Member State law for consultation are fulfilled in the particular case.
Countries outside of the European Union may be considered unsafe third countries in terms of data protection. The recipients of the data are often not subject to the standards of the EU GDPR. We therefore have no influence on how such recipients handle your data or the extent to which and for what purposes the data is further processed in the third country.
Duration of data storage
We store the data given by you other than by consent according to Article 6 (1) (a) GDPR for the following duration:
- session data until completion of the session
- As long and as far as this is necessary for the duration of our business relationship. This also includes the initiation and execution of a contract.
- If we are obliged to do so on the basis of storage and documentation obligations, e. g. in accordance with the German Civil Code (BGB), the German Commercial Code (HGB) or the Tax Code (AO). The periods for storage or documentation specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Data collection on our website
Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) GDPR. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time. The data processed before we receive your request may still be legally processed.
Analytics and advertising
Our website uses pixel-counting technology from wiredminds GmbH (www.wiredminds.de) to analyze visitor behavior.
This website uses Google Analytics, a web analytics service. Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, operates it.
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United Staes. Only in exceptional cases, the full IP address is sent to a Google server in the US and be shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Interente usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl-en.
By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
Objecting to the collection of data
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.
By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
Demographic data collection by Google Analytics
This website uses Google Analytics’ demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section “Refusal of data collection”.
This website uses the WordPress Stats tool to perform statistical analyses of visitor traffic. This service is provided by Automattic Inc., 60 29th Street # 343, San Francisco, CA 94110-4929, USA.
WordPress Stats cookies remain on your device until you delete them.
The storage of “WordPress Stats” cookies is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
You can object to the collection and use of your data at any time with future effect by clicking on this link and setting an opt-out cookie in your browser: https://www.quantcast.com/opt-out/.
If you delete the cookies on your computer, you will have to set the opt-out cookie again.
Google Analytics Remarketing
Our websites use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behavior on one device (e.g. your mobile phone), on other devices (such as a tablet or computer).
Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging.
To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.
You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb/.
The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google per Art. 6 (1) (a) GDPR. For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing anonymous user behavior for promotional purposes.
Google AdWords and Google Conversion Tracking
This website uses Google AdWords. AdWords is an online advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”).
As part of Google AdWords, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that your internet browser stores on your computer. These cookies expire after 30 days and are not used for personal identification of the user. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page.
Each Google AdWords advertiser has a different cookie. Thus, cookies cannot be tracked using the website of an AdWords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can opt-out of this by easily disabling the Google Conversion Tracking cookie by changing your browser settings. In doing so, you will not be included in the conversion tracking statistics.
Conversion cookies are stored based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
On our website, data is collected and stored using Bing Ads technologies, from which user profiles are created using pseudonyms. This is a Microsoft Corporation service, One Microsoft Way, Redmond, WA 98052-6399, USA.
This service enables us to track the activities of users on our website when they come to our website via ads from Bing Ads. If you access our website via such an advertisement, a cookie is placed on your computer.
A Bing UET tag is integrated on our website. This is a code used in connection with the cookie to store some non-personal data about the use of the website. This includes the time spent on the website, which areas of the website were accessed and which ads brought the user to the website. Information about your identity is not collected.
The information collected is transmitted to Microsoft servers in the United States and stored there for a maximum of 180 days. You can prevent the collection of data generated by cookies and related to your use of the website and the processing of this data by simply deactivating cookies. This may restrict the functionality of the website.
In addition, Microsoft may be able to track your usage across multiple electronic devices through cross-device tracking, enabling you to display personalized advertising on or in Microsoft Web pages and apps. You can deactivate this behavior under http://choice.microsoft.com/de-de/opt-out.
Use of Social Plugins
Our website uses so-called social plugins provided by selected platforms (Facebook, YouTube, Twitter, LinkedIn, Instagram). The plugins are usually identifiable by a logo and an additional text.
Facebook Plugins (Like & share button)
Our website includes plugins for the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognized by the Facebook logo or the Like button on our site. For an overview of Facebook plugins, see https://developers.facebook.com/docs/plugins/.
If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account.
By using the website, you consent to the processing of data about you by Facebook in the manner and for the purposes described above.
Our website uses a button provided by YouTube to embed videos. YouTube is an offer provided by Google Inc, which is operated by YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066 in the USA. When entering this website, your browser establishes a direct connection to the servers of YouTube. The contents of the “YouTube” button are transmitted directly to your browser and the browser embeds it in the website. We therefore have no influence on the scope of the data that YouTube gathers using the button.
If you are a YouTube member and do not want YouTube to gather the data concerning your visit to our website and to connect it to your member data already stored by it, please log off YouTube before entering our website.
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. The plugins are identifiable by the Twitter logo (stylized blue bird) or the addition “Tweet” or “Follow”. Using Twitter and the “Re-Tweet” or “Tweet” functionality links the website you visit to your Twitter account and shares it with other users. During this, data is also transmitted to Twitter.
Please note that we, as providers of the website, do not receive any information on the contents of the transmitted data and its use by Twitter. According to the latter, only the IP address of the user and the URL of the respective website is transmitted when including the button, but not used for any purposes other than displaying the button.
For more information on this you are encouraged to read Twitter’s Data Privacy Statement at https://twitter.com/en/privacy.
If you are a Twitter member and do not want Twitter to connect the data concerning your visit to our website with your Twitter user account, please log off Twitter before entering our website.
Our site uses functions from the LinkedIn network. The service is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time one of our pages containing LinkedIn features is accessed, your browser establishes a direct connection to the LinkedIn servers. LinkedIn is informed that you have visited our web pages from your IP address. If you use the LinkedIn “Recommend” button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our website to your user account. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it will be used by LinkedIn.
Our website contains functions of the Instagram service. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
If you are logged into your Instagram account, you can click the Instagram button to link the content of our pages with your Instagram profile. This means that Instagram can associate visits to our pages with your user account. As the provider of this website, we expressly point out that we receive no information on the content of the transmitted data or its use by Instagram.
All information given on the CAS Software AG website is provided without guarantee. We cannot guarantee that data is complete and up-to-date at all times. Be advised that the website may contain technical inaccuracies or typographical errors.
We reserve the right to change or update the information given on the website at any time without prior notification. CAS Software AG can under no circumstances be made liable to you or to third parties for any direct, indirect, specific or miscellaneous loss consequential to use of this website or any linked to it. Any liability for loss of profit, loss of production or loss of computer programs or other data held in your information systems is likewise excluded. This also applies where we are expressly advised of the possibility of such loss.
If you have any questions or suggestions in relation to data protection, please e-mail us at:
Contact details of our data protection officer:
Thomas Heimhalt (External Data Protection Officer)
DATENSCHUTZ perfect GbR
Changes to this statement
CAS Software AG reserves the right to change this Data Protection Statement at any time within the constraints of the applicable law.
Version: May 2018