Privacy Policy

Data Protection Policy

Protecting your personal data when collecting, processing and using it by virtue of you visiting our homepage is an important matter for us. At usedSoft Deutschland GmbH (hereinafter 'usedSoft'), particularly high importance is placed on protecting personal data. We would therefore like to use this opportunity to inform you about data protection in our company. It goes without saying that we comply with the statutory provisions of the General Data Protection regulation (GDPR), the German Federal Data Protection Act (BDSG), the Digital Services Act (Digitale Dienste Gesetz - DDG), and other provisions under data protection legislation.

What data of yours usedSoft collects, how it is handled, and to whom it is made available etc. is summarised in the following data protection policy:


Name and address of the controller

The controller in the sense of the General Data Protection Regulation, other domestic data protection legislation of the Member States, other provisions under data protection legislation is:

usedSoft Deutschland GmbH
Feldstraße 40
44141 Dortmund
Germany

Phone: +49 231 9999 1000
Fax: +49 231 9999 1005
Email:
[email protected]


Direct contact with a point of contact regarding data protection

The controller has appointed an external data protection officer and internal data protection coordinator for the company. For all questions about data protection such as requests for information, applications for access, or objections to data processing, please contact:

Mprotect365 GmbH
Nordstr. 17-21
04105 Leipzig
Germany

E-Mail: [email protected]


Collecting and processing data

No data about you is collected by the usedSoft website (https://www.usedsoft.com) (for example first name, surname, address, telephone number, email address etc.) unless you provide us with such data on a voluntary basis (for example by completing our form on the website, survey, order etc.) or, as may apply, you have consented to the collection or processing of your data, or the corresponding legal provisions about protecting your data allow this.

usedSoft will not knowingly collect data of children without expressly pointing out that such data should only be provided with the consent of the parents if applicable legal provisions provide for this. In principle, data of children is only used or disclosed by usedSoft where permitted by law, for obtaining parental consent required by law, or for protecting children. Applicable national provisions and cultural customs are to be borne in mind here for the term 'child/children'

 

Collecting and processing data when making contact with regard to business relationships or, as may apply, entering into a contract 

If you make contact with us, for example for buying or selling products, we will collect the following information about you and, where applicable, your colleagues where they also contact us:

  • salutation, first name, surname
  • a valid email address
  • address
  • telephone number (land line and/or mobile)
  • information necessary for processing your specific enquiry.

This data is collected

  • to be able to identify you as our (potential) client
  • to be able to advise you appropriately
  • for corresponding with you
  • for invoicing
  • for processing any liability claims in place as well as asserting any other claims resulting from the business relationship.

Data is processed in line with your enquiry and is required in accordance with Article 6 (1, 1, b) GDPR for the stated purposes, for the appropriate drawing up of a contract, and mutual compliance with obligations resulting from the business relationship.

Personal data collected by us during commissioning is stored for processing a purchase and/or sale, and then until expiry of the statutory duties of retention. It is then erased. By way of example, a duty of retention exists if we are bound by Article 6 (1, 1, c) GDPR to storage due to duties of retention and documentation under fiscal and commercial legislation (resulting from the German Commercial Code, the German Criminal Code or the German Fiscal Code). Storage (over and beyond this) is also possible if you have consented to such in accordance with Article 6 (1, 1, a) GDPR.

In addition, the advice in this data protection policy applies accordingly, in particular with regard to your rights as a data subject.


Purpose

In order to enable expeditious electronic communication, usedSoft can be reached via a contact form or by email. Where a data subject makes contact with usedSoft by email or via a contact form, personal data provided by the data subject is automatically stored.

Where you have provided usedSoft with personal data, usedSoft only uses it for responding to your enquiries, performing contracts entered into with you, and for technical administration. Your personal data is only disclosed or otherwise transmitted to third parties if required for the purposes of performing a contract (in particular the forwarding of order details to suppliers), for invoicing purposes, or you have consented to it beforehand. You have the right to revoke consent granted with future effect at any time.

Personal data provided on a voluntary basis is stored on the basis of Article 6 (1, a) GDPR for the purposes of processing the enquiry and/or contacting the data subject. Where the enquiry is made with regard to performing a contract or implementing pre-contractual measures, the legal basis is Article 6 (1, b) GDPR. Personal data is not forwarded to third parties unless the data subject has consented to disclosure in advance or disclosure is necessary as part of the payment process.

In addition, for tending to the client relationship it may be necessary for usedSoft or a third party on behalf of usedSoft to use personal data to inform the data subject about usedSoft offers of use to the business activity of the data subject, or for the online collection of data used by usedSoft for better serving the requirements of the data subject. In this case, processing is on the basis of Article 6 (1, f) GDPR.

Stored personal data is erased if you revoke your consent to storage, if knowledge of it is no longer required for performing the purpose pursued with the purpose, or if its storage is not permitted for other legal reasons.

 

Use for a specific purpose

usedSoft will only collect, process or use personal data provided online by you for purposes of which you have been informed under this data protection policy or otherwise expressly informed where collection, processing or use

  • is in direct connection with the original purpose of collecting the personal data,

  • required for processing, negotiating and performing a contract with you,

  • required due to legal obligations, or official or court order,

  • required for substantiating or protecting legal claims, or for defending against actions, serving to prevent abuse or other unlawful activity, for example intentional attacks on the usedSoft server systems for guaranteeing data security.

 

Details specific to communication or use

If you resort to telecommunications services on the usedSoft website, details specific to communication (e.g. internet protocol address) or, as may apply, details specific to use (e.g. details about the start and duration of use as well as telecommunications services used by you) are automatically created using technical resources. These may draw conclusions about personal data. Where collection, processing and use of your communication details specific to your communication or, as may apply, use is mandatory, it is subject to the statutory provisions regarding data protection.

 

Automatically collected non-personal data

If you access the usedSoft website, information is automatically collected on an occasional basis (i.e. not via registration) that is not assigned to a specific person (for example internet browser and operating system used; domain name of website from where you were directed; number of visits; average stay; pages accessed). usedSoft uses this information for determining the attractiveness of the usedSoft website, and improving its content and performance. 

 

Disclosing personal data to third parties

Contractual provisions may require personal data to be disclosed to third parties. By way of example, this may enable the sending of goods by providing the shipping partner with the name and address of the recipient. The data subject failing to provide personal data or revoking consent results in the contract not being able to be performed, or not being able to be performed properly.

In addition, the provision of personal data is in part prescribed by law, for instance under tax law.

Under no circumstances will personal data be sold or otherwise marketed to third parties.

 

Data erasure and storage duration

Personal data of the data subject is erased or blocked as soon as the purpose of storage no longer exists. Storage may also occur if provision is made by European or national legislators in European Regulations, laws or other requirements to which the controller is subject. In this case, processing occurs on the basis of Article 6 (1, c) GDPR. Once the storage period intended by law has expired, the corresponding personal data is erased unless there is a requirement for continued storage of the data for entering into or performing a contract.

 

Security

By means of technical and organisational security measures, usedSoft ensures that your personal data is protected against unintended or unlawful erasure, alteration or loss, and against unlawful disclosure or unlawful access. 

 

Links to other websites

The usedSoft website contains links to other websites. usedSoft is not responsible for the data protection policies of these other websites. usedSoft evaluates in an anonymous manner those links that have been clicked on for statistical purposes. In this way, the specific person having clicked on the link cannot be identified.

 

Cookies

If you visit the usedSoft website, usedSoft may place information on your computer in the form of cookies that automatically recognise you on your next visit. By way of example, cookies allow a website to adapt a website to your interests or save your password so that you do not have to re-enter it every time. If you do not want usedSoft to recognise your computer, set your internet browser in such a way to delete cookies from your computer hard drive, block all cookies, or warn you before a cookie is saved.

 

Automated decision-making and profiling

As a responsible company, usedSoft rejects automatic decision-making or profiling.

 

Newsletter subscription and data protection provisions for using MailChimp

usedSoft will use the information that you provide in the newsletter form for staying in contact with you and providing you with updates and marketing information. usedSoft arranges this service in part via a mailing service provider.

usedSoft sends its newsletter by means of the 'MailChimp' mailing service provider, a newsletter mailing platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA, as part of the Intuit-Group. By subscribing to our newsletter, you consent to receive the newsletter and at the same time give your consent to the use of the delivery service provider "MailChimp" and to a statistical collection of your reading behaviour, without an adequacy decision of the European Commission pursuant to Regulation (EU) 2016/679 regarding the adequacy of the level of protection for the transfer and processing of this data outside the European Economic Area (EEA), but standard contractual clauses approved by the European Commission are used to ensure an adequate level of protection for the transfer and processing of such data outside the European Economic Area (EEA) in accordance with Regulation (EU) 2016/679.

The data MailChimp privacy policy can be viewed here: https://www.intuit.com/privacy/statement/. MailChimp is used on the basis of your consent in accordance with Article 6 Para. 1 Sub-para. 1 Lit. a and Article 49, Para. 1 Lit. a of the GDPR, our legitimate interests in accordance with Article 6 Para. 1 Lit. f of the GDPR and an order processing agreement in accordance with Article 28 Para. 3 Sentence 1 of the GDPR. According to its own information, MailChimp will use the data of the recipient for optimising or improving its own services, for example for technical optimisation of the mailing and representation of the newsletter, or for statistical purposes. However, the mailing service provider does not use data of our newsletter recipients for making contact itself or disclosing the data to third parties.

The email addresses of our newsletter recipients as well as other data of theirs described in this respect is stored on MailChimp servers in the USA. MailChimp uses this information to mail and evaluate the newsletter on our behalf. In addition, according to its own information, MailChimp is able to use this data to optimise or improve its own services, for example to optimise mailing technology and represent the newsletter, or for commercial purposes to determine from what countries the recipients originate. However, MailChimp does not use the data from our newsletter recipients to make contact itself or forward to third parties.

About statistical collection and analysis by MailChimp in detail:

Our newsletter contains a so-called web beacon, i.e. a pixel-sized file called up by a MailChimp server when the newsletter is opened. When called up in this way, technical information, such as information about the browser and your system as well as you IP address at the time of being called up is collected. This information is used for technical improvement of the services by means of the technical data or of the target groups and their reading habits by means of its place of access (determinable with the help of the IP address) or the times of access.

Statistical collection also includes the determination of whether you have opened the newsletter, and what links have been clicked by you. For technical reasons, this information can indeed be assigned to individual newsletter recipients. Nevertheless, it is neither our intention, nor that of MailChimp, to monitor individual users. The evaluations serve usedSoft much more to identify the reading habits of the newsletter recipients and adapt the newsletter content accordingly, or to send different content according to the interests of the newsletter recipients.

You can cancel subscription to the newsletter at any time. Your consent to storing personal data that you granted usedSoft for mailing the newsletter can be revoked at any time. There is a corresponding link in every newsletter for the purpose of revoking consent. In addition, there is the possibility of you turning directly at any time to usedSoft via the contact options on this website for cancelling mailing of the newsletter.

 

Information about analysis tools

As explained in detail below, only with your consent will cookies be used and/or social plugins activated and, in turn, personal data processed in order to be able to analyse how our website is used.

Google Analytics

This website uses Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter 'Google'). Google Analytics uses cookies, text files stored on your computer that enable the use of the website to be analysed. As a rule, information generated by the cookie about your use of the website is sent to and stored on a Google server in the USA. In the event of IP anonymisation being enabled on this website, your IP address is however abbreviated by Google within Member States of the European Union or in other signatory states to the Agreement on the European Area beforehand. Only in exceptional cases is the full IP address sent to a Google server in the USA and abbreviated there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, compile reports about website activity, and provide the website operator with additional services associated with use of the website and the internet. The IP address provided by your browser under Google Analytics is not combined with other data from Google. You can prevent the storage of cookies by appropriately setting your browser software. In this case however, usedSoft points out that you may not be able to use all functions of the usedSoft website to their full extent. You can also prevent the collection of data generated by the cookie and referring to your use of the website (including your IP address) for Google, as well as processing of this data by Google by downloading and installing the browser plugin available under the following link:  http://tools.google.com/dlpage/gaoptout?hl=de

In view of the discussion about the use of analysis tools with full IP addresses, usedSoft would like to point out that the usedSoft website uses Google Analytics with the extension '_anonymizeIp()' and therefore only further processes IP addresses in an abbreviated format to rule out them being linked directly to a person.


Google AdWords Conversion Tracking

This website uses Google AdWords Conversion Tracking, a web analysis service from Google Ireland Limited ('Google'). Google AdWords Conversion Tracking also uses cookies, that are stored on your computer and enable analysis of the use of the website. Information generated by the cookie about your use of this website is sent to and stored on a Google server in the USA. Google will use this information to evaluate your use of the website, compile reports about website activities for the website operator, and for providing additional services associated with use of the website and internet. Google will also send this information to third parties provided that this is provided for by law, or where third parties process this on behalf of Google. Under no circumstances will Google combine the data with other data from Google. You can generally prevent the use of cookies if you prohibit the storage of cookies in your browser. They will then not be included in conversion tracking statistics. You will find further information as well as the Google privacy policy under: http://www.google.com/policies/technologies/ads/https://policies.google.com/privacy?gl=en


Google Remarketing

This website uses the remarketing function of Google Ireland ('Google'). This function serves to present advertisements of interest to visitors to the website as part of the Google advertising network. In doing so, the browser of the visitor to the website stores so-called cookies - text files stored on your computer that enable the visitor to be identified if it access this website belonging to the Google advertising network. Adverts can be presented on these sites to the visitor that refer to content previously accessed by the visitor on websites that use the Google remarketing function. According to its own information, Google collects no personal data in this process. Nevertheless, should you not want the Google remarketing function, you can invariably disable it by adjusting the corresponding settings under http://www.google.com/settings/ads. Alternatively, you can disable the use of cookies for interest-specific advertising via the advertising network initiative by following the instructions under http://www.networkadvertising.org/managing/opt_out.asp.


Information about social plugins using 'Shariff'

Normal social media buttons pass user data every time pages are accessed to Facebook & co., and provide the social networks with precise information about surfing habits (user tracking). You need to be neither logged in nor on the network in this respect. By contrast, a Shariff button only establishes direct contact between the social network and the visitor if the latter actively clicks on the social plugin button in question (source and more information: www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html). Only if you interact with one of the plugins, for example by clicking on the 'Share' or 'Tweet' button, is this information sent directly to and stored on a server of the respective network. This information is also published via your profile and shown to your contacts.

By employing the data-protection-friendly 'Shariff solution' this website uses social plugins from Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter 'Meta'). If you access pages containing such a plugin, after clicking on the social plugin data about your visiting habits is sent to the Meta server. The website operator has no influence over the type and scope of the data collected and sent to Meta. Being logged into Facebook allows Meta to assign your visit to your Facebook account. You will find further information about the Facebook privacy policy under: https://www.facebook.com/about/privacy/.

By employing the data-protection-friendly 'Shariff solution, the website also uses social plugins from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter 'Google'). If you access pages containing such a plugin, after clicking on the social plugin data about your visiting habits is sent to Google servers. The website operator has no influence over the type and scope of the data collected and sent to Google. Being logged into Google allows Google to assign your visit to your Google account. You will find further information about data protection with the Google +1 button under: https://developers.google.com/+/web/buttons-policy.

By employing the data-protection-friendly 'Shariff solution', this website also uses plugins from Twitter Inc., 1355 Market St., Suite 900, San Francisco, CA 94103, USA (hereinafter 'Twitter'). If you access pages containing such a plugin, after clicking on the social plugin data about your visiting habits is sent to the Twitter server. The website operator has no influence over the type and scope of the data collected and sent to Twitter. Being logged into Twitter allows Twitter to assign your visit to your Twitter account.

We would like to point out that despite the aforementioned measures for the protection of your personal data, an adequacy decision from the European Commission as per Regulation (EU) 2016/679 is not available for the USA, that the websites of the aforementioned plug-in providers, as amended from time to time, show how they use standard contractual clauses approved by the European Commission to ensure an adequate level of protection for the transfer and processing of such data outside the European Economic Area (EEA) in accordance with Regulation (EU) 2016/679. In accordance with Article 6 Para. 1 Sub-para. 1 Lit. a and Article 49 Para. 1 Lit a of the GDPR, your consent forms the legal basis for the transmission of data to the USA referred to in this section and its processing there, including the use of cookies and/or social plugins. You can revoke your consent at any time with future effect.  We implement appropriate measures in order to ensure that your personal data continues to be protected and secure in accordance with the relevant data protection regulations.


Payment processing advice

As an external payment service provider, we use BS PAYONE GmbH (‘Payone’), Lyoner Straße 9, D-60528 Frankfurt/Main, via whose platforms we and users are able to perform payment transactions.

When performing orders, we use this payment service provider on the basis of Article 6 (1 b) GDPR. We also use the external payment service provider on the basis of our legitimate interests in accordance with Article 6 (1, f) GDPR to offer our users effective and secure payment options.

Data processed by the payment service provider includes master data such as name and address, bank details such as account numbers or credit card numbers, passwords, TANs and check numbers, as well as contract-, amount- and recipient-specific details. The details are required for performing transactions. Nevertheless, data provided is only processed by the payment service provider and stored with them. In other words, we receive no account- or credit-card-specific information, rather merely information confirming or refusing payment. Under certain circumstances, data is forwarded by the payment service provider to credit agencies. This is forwarded for the purpose of checking identity and creditworthiness. In this respect, we refer to the T&Cs of the payment service provider, available at: https://www.payone.com/allgemeine-geschaeftsbedingungen/. You will find the Payone data protection policy at: https://www.payone.com/datenschutz/.

The terms and conditions and data protection policy of the payment service provider apply to payment transactions, available on the respective website or, as may apply, in the respective transaction applications.

 

Legal bases for processing personal data

Where we obtain consent of the data subject for processing personal data, Article 6 (1, a) EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data required for performing a contract whose party is the data subject, Article 6 (1, b) GDPR serves as the legal basis. This also applies to processing required for implementing pre-contractual measures.

Where processing personal data is required for performing a legal obligation to which our company is subject, Article 6 (1, c) GDPR serves as the legal basis.

In the event of essential interests of the data subject or another natural person making processing of personal data necessary, Article 6 (1, d) GDPR serves as the legal basis.

Where processing is required for guaranteeing a legitimate interest of our company or a third party, and the interests and fundamental rights and freedoms of the data subject do not outweigh the first-stated interest, Article 6 (1, f) GDPR serves as the legal basis for the processing.

 

Rights of the data subject

The data subject is in principle entitled to the following rights under GDPR:

  • Right of confirmation and access (see Article 15 GDPR) 
  • Right of rectification (see Article 16 GDPR) 
  • Right to revoke consent under data protection legislation (see Article 7 GDPR) 
  • Right to erasure ('right to be forgotten', see Article 17 GDPR) 
  • Right to restriction of processing (see Article 18 GDPR) 
  • Right to object (see Article 21 GDPR) 
  • Right to data portability (see Article 20 GDPR) 
  • Right to lodge a complaint with a supervisory authority (see Article GDPR) 

In order to exercise one or more of these rights, please click on the 'Contact' link in the right-hand column or in the footer and contact us. You can send a message with your concerns to the email or postal address shown in the Legal Notice.

 

Express reference to the right to object in accordance with Article 21 GDPR

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.>Where personal data is processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Release: 6/2024