Data Protection Statement
As an SME sized provider of software solutions, PiSA sales GmbH provides information on customer relationship management (CRM) and any-relationship management (XRM) products on its website. It is very important to us to carefully handle personal information. When we process your personal data, we comply with the statutory regulations and protect your privacy. In the following statement, we would like to provide you with information on the handling of your data.
You can print this document or save it using the usual functionality in your browser (in most cases: File / Save as). You can also download and archive this document in PDF format by clicking here. To open the PDF file, you will need the programme Adobe Reader (www.adobe.com) or comparable programmes that execute the PDF format.
1. Contact person
In accordance with the EU General Data Protection Regulation (GDPR), the contact person and so-called controller for the processing of your personal data when you visit this website is
PiSA sales GmbH
Germany (hereinafter: PiSA sales)
Tel: +49 (0)30 81 07 00-0
Fax: +49 (0)30 81 07 00-99
You can also contact our Data Protection Officer at any time if you have questions on data protection in connection with our products and services or the use of our website. The Data Protection Officer can be contacted at the above postal address as well as at the e-mail address specified above (keyword: “Attn. Data Protection Officer”).
2. Processing of personal data
Personal data are collected, processed and used when you use or interact with our website (e.g. by completing and sending the contact form).
2.1. Personal data
Personal data are information that relates to an identified or identifiable person. This primarily includes all information that would make it possible to identify you, for example your name, telephone number, address or email address.
2.2. Informational use
With the exception of the data transferred by your browser to enable your website visit, we do not collect any personal data if you use our website purely for informational purposes – i.e. if you do not register to use the Customer Portal or transfer any information to us by other means. In particular, the access data includes:
- IP address of the requesting device,
- date and time of the query,
- address of the visited website and the inquiring website,
- information on the browser and operating system used and
- online IDs (e.g. device IDs, session IDs).
The processing of this access data is necessary to enable the website to be visited and to guarantee the permanent functionality and security of our systems. To produce statistical data on the use of our website, to further develop our website with regard to the usage habits of our visitors (e.g. if there is an increase in the proportion of mobile devices accessing the pages) and to generally administratively maintain our website, the access data is also temporarily stored in internal log files for the purposes described above. Art. 6 Para. 1 Sentence 1 lit. b GDPR constitutes the legal basis for this.
The information stored in the log files does not allow any direct conclusion to your person; we particularly only store the IP addresses in abridged, anonymised form. The log files are stored for seven (7) days and archived after subsequent anonymisation.
2.3. Customer Portal
In the PiSA sales Customer Portal, you as the customer have access to an FAQ database and a comprehensive collection of video tutorials, amongst other things, and you can check the status of support requests. A user name and password are required to access the portal. These can be requested from your CRM Officer. There is no obligation to use your real name: you may also use a pseudonym. When you use our portal, we store the data required for the fulfilment of the contract and data voluntarily provided by you for the duration of your use of the portal, unless you erase these data prior to this. With the exception of your user name, you can manage and change all the information in the secure customer area. Art. 6 Para. 1 Sentence 1 lit. b GDPR constitutes the legal basis for this.
You are obliged to keep your access data confidential and to not grant any unauthorised third parties access to them. PiSA sales will similarly treat access data as strictly confidential, will not disclose this data to third parties and will never ask users for their passwords.
2.4. Contact form and other forms of interaction
In addition to purely informational use of the website and the Customer Portal, there are various possibilities for interacting with us and we offer services that you can use if they are of interest to you. These include the contact form, live chat, event registration and the call-back function. To use these functions, you must provide further personal data that we use and store to be able to provide the service in question. We will only use the data for the underlying purpose and in accordance with the principles of data protection legislation. Art. 6 Para. 1 lit. b GDPR constitutes the legal basis for this.
2.5. Google Maps
This website uses Google Maps, a map analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, US (“Google”). To be able to integrate the Google map material we use and to display it in your web browser when you visit the contact page, your web browser must connect to a Google server which may also be located in the United States. In the event that personal data is transferred to the USA, Google has submitted itself to the EU-US Privacy Shield. By this, Google receives the information that the contact page of our website has been accessed from the IP address of your device. Based on our legitimate interest in integrating a map service to reach us, Art. 6 Para. 1 Sentence 1 lit. f GDPR constitutes the legal basis for this.
You can apply for vacancies with by e-mail to firstname.lastname@example.org The purpose of the data collection is to enable the selection of applicants for the possible establishment of an employment relationship. To process your application, we collect the data you provide (usually your first and family name, e-mail address, application documents such as certificates and CV, the earliest possible job starting date and salary expectation). We would like to point out that confidentiality cannot be guaranteed if applications are sent unencrypted by e-mail. As a rule, you can also apply for our positions via a postal service. Art. 6 Para. 1 Sentence 1 lit. b and Art. 88 Para. 1 GDPR in conjunction with Section 26 Para. 1 Sentence 1 BDSG constitute the legal basis for processing your application documents.
If no employment contract with the applicant is concluded with PiSA sales GmbH, the data provided to us will be stored for a period of six (6) months (pursuant to Allgemeines Gleichbehandlungsgesetz – General Act on Equal Treatment – AGG) and will be automatically erased after notification of a rejection.
2.5. Transmission of data to third parties
Data collected by PiSA sales is only transmitted to third parties if this is required in order to process the contract or for invoicing purposes, or if you have previously consented to it. The data transmitted in this way may be used by our service providers solely to fulfil their duties. Our service providers are carefully selected by us and they are contracted in writing. They are bound to our instructions and regularly monitored by us. No other use of the information is permitted or made by the service providers entrusted by us.
3. Transfer of data to third parties
The data collected by us will only be transferred if:
- you have given your express consent pursuant to Art. 6 Para. 1 Sentence 1 lit. a GDPR,
- the transfer is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not transferring your data pursuant to Art. 6 Para. 1 Sentence 1 lit. f GDPR,
- we are legally obliged to transfer them pursuant to Art. 6 Para. 1 Sentence 1 lit. c GDPR or
- this is permitted by law and is required for the processing of contractual relationships with you or for the implementation of pre-contractual measures that are made at your request pursuant to Art. 6 Para. 1 Sentence 1 lit. b GDPR.
Part of the processing may be carried out by our service providers. These may include, in addition to the service providers mentioned in this Data Protection Declaration, data centres that store our website and databases, IT service providers that maintain our systems and consulting firms. If we transfer data to our service providers, they may use the data exclusively for the fulfilment of their tasks. Our service providers are carefully selected and commissioned by us. They are contractually obligated to follow our instructions, have appropriate technical and organisational measures in place to protect the rights of the data subjects and are regularly monitored by us.
The service providers Deutsche Telekom AG (https://www.telekom.de) and Nimblu (https://www.nimblu.com) are commissioned on a contractual basis exclusively with our customers to host customer applications in a cloud, where personal data may play a role, by contractual processing.
In addition, data may be transferred in connection with official inquiries, court orders and legal proceedings if it is necessary for legal prosecution or enforcement.
Cookies are small files that are stored on your data processing medium. They store certain settings and data that are exchanged with our system via your browser. Cookies cannot execute any programs or transfer viruses to your computer. They serve to make the online services offered more user-friendly and efficient overall.
Essentially, there are two types of cookies: so-called session cookies, which are erased as soon as you close your browser (= at the end of the session), and temporary/permanent cookies, which are stored for longer periods or indefinitely on your data processing medium. Storing this data assists us in designing our website and makes it easier for you to use, for example, by storing certain information that you have entered so that you do not have to re-enter it repeatedly.
In the security settings of your browser, you can erase the cookies at any time and
configure your browser settings according to your wishes (e.g. to accept third party cookies or to reject all cookies). Generally, the help function in the menu bar of your web browser will show you how you can reject new cookies and erase any cookies already received. However, we would like to point out that in such case you may not be able to use all the functions of our website.
4.1. Cookies at PiSA sales
Most of the cookies that we use are session cookies and are automatically erased from your hard drive at the end of the browser session. In addition, we use permanent cookies that remain on your hard drive. On a return visit, these cookies enable us to automatically recognise that you have visited our website before and which form of input and settings you prefer (for example, which language you have selected in the PiSA sales Customer Portal). These cookies are stored on your hard drive and erase themselves automatically after a specified period.
The cookies that we use cannot be associated with any identified person and hence cannot be associated with you. When the cookie is activated, it is assigned an identification number. It is not possible at any time to associate your personal data with this identification number, and no such association is made. Your name or any similar data that would enable the cookie to be associated with you are not stored.
Based on our legitimate interest in the needs-oriented design and continuous optimisation of our website, Art. 6 Para. 1 Sentence 1 lit. f GDPR constitutes the legal basis for the data processing described in the following section.
In the following list of technologies we use, you will also find information on the possible contradictions with regard to our analysis measures using an opt-out cookie. Please note that after erasing all cookies in your browser, or if you use another browser and/or profile at a later point, an opt-out cookie must be set again.
4.2. Web analytics with Google Analytics
Google will use this information gathered from the cookies for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. This information may also be transferred to third parties in accordance with the law or if a third party is processing these data on behalf of Google.
As described above, you can configure your browser so that it rejects cookies, or you can prevent the collection and processing of data generated by cookies related to your use of this website (including your IP address) as well as processing by Google by downloading and installing a Browser-Add-On provided by Google. Alternatively to the browser add-on, or if you access our website using a mobile device, please use this opt-out link. This will prevent Google Analytics from collecting data within this website in the future (the opt-out only works in the browser and only for this domain). If you erase your cookies in this browser, you must click this link again.
4.3 Web analytics with wiredminds Leadlab
This website uses wiredminds Leadlab, a web analytics service for marketing and website optimisation purposes provided by wiredminds AG, Lindenspuerstrasse 32, D-70176 Stuttgart, Germany (“wiredminds”). Data are collected, processed and stored from which user profiles are created using a pseudonym. Where possible and feasible, the user profiles are completely anonymised. Cookies may be used for this purpose. The collected data, which may also contain personal data, are transferred to wiredminds or collected directly by wiredminds. Wiredminds may use information left behind by visits to the websites to create anonymous and pseudonymous user profiles. Without the express consent of the data subject, the data collected in this way are not used to personally identify visitors to the website nor are they combined with the pseudonym’s personal data. Insofar as IP addresses are collected, they are anonymised immediately after collection by erasing the last block of numbers.
Consent to the collection, processing and storage of data may be refused at any time with future effect. For this, you can click here to exclude yourself from tracking
You can find further information on wiredminds and data protection in wiredmind´s data protection declaration.
5. Social plug-ins for share function
PiSA sales GmbH itself does not collect any personal data using the social plug-ins or via their use. PiSA sales GmbH uses the so-called Shariff solution to prevent data being transferred to service providers in the USA without the user’s knowledge. This solution ensures that no personal data are transferred to the providers of the individual social plug-ins when you visit the PiSA sales website. Data can only be transferred to the service provider and stored there if you click on one of the social plug-ins.
You can find more information on the Shariff solution here on the pages of the provider, Heise Medien GmbH & Co KG.
The service provider then receives the information that you have called up the corresponding subpage of our online offer. You do not need to have an account with or be logged in to this service provider. If you are logged in with the service provider, these data are assigned directly to your account. If you click on one of the social plug-ins and, for example, link to the page, the service provider also stores this information in your user account and publicly informs your contacts.
If you do not wish to be assigned to your profile with the service provider, you must log out before clicking on one of the social plug-ins.
- Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, US, data protection declaration.
- Google LLC., 1600 Amphitheater Parkway, Mountainview, California 94043, US, data protection declaration.
- LinkedIn Corporation, LinkedIn Corporation, 1000 W. Maude Ave, Sunnyvale, California 94085 US, data protection declaration.
- XING SE, Dammtorstrasse 30, D-20354 Hamburg, Germany, data protection declaration.
- Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, US, data protection declaration and other information on data collection.
We use the so-called double opt-in process for subscriptions to our newsletter, i.e. we only send you the newsletter by email after you have confirmed that you would like to receive our newsletter by clicking a link in our email notification. If you confirm that you would like to receive the newsletter, we store your email address until you unsubscribe from the newsletter. The data are stored solely in order to be able to send you the newsletter.
We use so-called newsletter tracking in our newsletters. Recipient reactions (opening a mailing, clicking on text and image links, downloading images with an e-mail program) are recorded and anonymously stored for statistical purposes. It is not possible to draw any conclusions on individual users from the stored data.
By subscribing to our newsletter, you agree to the receiving it and the procedures described.
It goes without saying that you can unsubscribe from our newsletter at any time. Alternatively, you can contact us at the contact details listed under Point 1. Art. 6 Para. 1 lit. a GDPR constitutes the legal basis of your consent to the processing.
7. Storage period
In general, we only store personal data for as long as necessary to fulfil any contractual or statutory obligations for which we have collected the data. Unless we need the data until the end of the statutory limitation period for purposes of proof for civil law claims or due to statutory retention obligations, we afterwards immediately erase the data.
For evidentiary purposes, we must keep contract data for another three (3) years following the end of the year in which the business relationship with you ends. At the earliest at this point in time, any claims following the statutory period of limitation become statute-barred.
Even after that, we still have to store some of your data for accounting reasons. We are obliged to do so on the basis of statutory documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act and the German Money Laundering Act. The periods specified there for retaining documents are two (2) to ten (10) years.
In the event of an applicant rejection/non-employment, the data and media of persons who apply for vacancies to PiSA sales are automatically erased after a period of six months.
8. Your rights
You have the right at any time to request information about the processing of your personal data by us. In providing you with information, we will explain the data processing and provide you with an overview of the data stored on you. If data stored with us are incorrect or no longer up-to-date, you are entitled to have this data rectified. You may also request that your data be erased. If, in exceptional cases, erasure is not possible due to other legal regulations, the data will be blocked so that it is only available for this legal purpose. You may also have the processing of your data restricted, e.g. if you believe that the data we have stored is incorrect. Additionally, you have the right to data portability, i.e., we will send you upon request a digital copy of the personal data you have provided us with.
To exercise your rights as described here, you may contact the above contact details at any time. This also applies if you wish to receive copies of safeguards to prove an adequate level of data protection.
Finally, you have the right to lodge a complaint with our data protection supervisory authority. You may exercise this right before a supervisory authority in the Member State in which you are staying, working or suspect of infringing. In Berlin, the registered office of PiSA sales GmbH, the responsible supervisory authority is located at: Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berlin Commissioner for Data Protection and Freedom of Information), Friedrichstrasse 219, D-10969 Berlin, Germany.
9. Right of revocation and objection
You have the right at any time to revoke your consent. As a result, we will no longer continue to process data based on this consent in the future. The revocation of consent shall not affect the legality of the processing carried out on the basis of your consent prior to revocation.
If we process your data on the basis of legitimate interests, you have the right at any time to object to the processing of your data for reasons arising from your particular situation. We will fulfil your wishes if you object to data processing for direct marketing purposes; you have a general right of objection and do not have to state any reasons for this.
If you would like to make use of your right of revocation or objection, you only need to send an informal message to the above-mentioned contact information.
10. Data security
To ensure data security, and in particular to protect your personal data against any risks during data transfers and against third parties gaining knowledge of your personal data, we use state of the art technical measures. These measures are updated as appropriate to the current state of the art.
11. Amendments to this Data Protection Declaration
We may update this Data Protection Declaration from time to time, for example when we adapt our website or amend any legal or regulatory requirements.
As of May 2018