Data Privacy policy
We attach utmost importance to the protection and security of your data. We therefore undertake to protect your privacy and to treat your data confidentially. At this point we would like to inform you of the specific personal data of yours that are collected in relation to the use of the software companionSUITE and the corresponding purposes of processing.
I. Data controller
This software is developed and provided by Zumtobel Group AG, Höchsterstrasse 8, 6850 Dornbirn, Austria, FN 62309 g, which is also the data controller within the meaning of the EU General Data Protection Regulation (hereinafter referred to as “GDPR”).
No data protection officer has been appointed by the data controller since the legal requirements for mandatory appointment are not met.
However, inquiries regarding data protection and the use of your personal data can be sent to the following e-mail address and will be handled by us in accordance with the legal requirements: [email protected].
II. Data used / processing purposes / retention period
The categories of data we use and the purposes pursued through the use of this data are described below. As far as possible, you will also find information on the storage period of the respective data.
Each time this website is accessed, access data is stored in a log file, the server log. The data record stored in this log file contains the following information: Date and time of access, IP address, session ID, accessed website, name of the website from which the website was accessed and information about the browser used.
We evaluate these log files only in the event of misuse of our website. We reserve the right to subsequently check the log files of those users about whom there is a concrete suspicion of using our website in violation of the law and/or the contract. In general, we cannot attribute these data to a specific person. Should such an attribution be possible, we will only use these data in cases where there is a corresponding legal basis (weighing of interests in individual cases).
Registration and provision of the software
- When you register for free licence (BETA version), your personal data will be used for using the software according to the licence rights you have acquired.
- Zumtobel expressly points out that an Internet connection is mandatory for using the software; Registration requires the transmission of various information about the computer you are using and the system environment in which the software is to be operated. This information may include personal data, as described in detail below.
- During the usage of companionSUITE, the following data is automatically collected by Zumtobel for the purpose of verification and system usage and then stored: the name entered by you, the e-mail address entered by you, and language of correspondence entered by you.
Zumtobel uses the information for the purpose of providing companionSUITE during the term of the contract and for handling support requests. This data processing is required in accordance with Art. 6 para. 1 p. 1 lit. b GDPR for the processing of contractual relationships with you. The data will not be passed on to third parties. The data is stored for the duration of the contract. In the case of the use of a demo licence, the data will be stored until the release of a new licence version (approx. every 2 years).
- In addition, Zumtobel processes the aforementioned information for the purpose of verifying compliance with the terms of the licence. Zumtobel will check the legality of the licence at regular intervals by means of online checks on the Zumtobel server. Should an online check show that no lawful licence exists, Zumtobel will exercise its rights in accordance with the applicable licence conditions. With regard to this data processing, Zumtobel has an overriding legitimate interest in checking compliance with the licence conditions in order to prevent misuse and conduct in breach of contract. This data processing is therefore justified pursuant to Art. 6 (1) sentence 1 lit. f GDPR.
III. Recipients and recipient categories of data
We do not transfer your personal data to third parties for purposes other than those listed below. We only pass on the personal data we have collected to third parties if:
- you have given your express consent to do so in accordance with Art. 6 (1) p. 1 lit. a GDPR,
- this is legally permissible and necessary according to Art. 6 Para. 1 S. 1 lit. b GDPR for the processing of contractual relationships with you,
- in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, or
- the disclosure is necessary for the assertion, exercise or defence of legal claims pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
In connection with the operation of the software, the following processors act on behalf of the data controller:
Hosting provider website: Zumtobel Group AG
In addition, we refer to the explanations in Section VIII., which describes in detail the use of your data by social networks.
In addition to the specifically listed recipients, other processors may also be used in connection with the provision of the software in the future.
A transfer of data to group companies is carried out based on any consent granted to the recipients named in the consent.
IV. General principles for processing personal data
We comply with the statutory data protection regulations without restriction.
The data protection regulations of the European Union and the national laws derived from them apply to the storage, processing and use of personal data. The legal basis for the processing of the respective personal data can be seen from the above list.
In some cases, personal data may be provided to processors, if they offer sufficient guarantee for a lawful and secure use of data and if they contractually undertake to comply with the principles described in this privacy policy and the statutory regulations.
We reserve the right to transfer personal data to other companies in the context of restructuring or company mergers if they also undertake to adhere to the principles of action described here and are either based in the European Union or in a third country with adequate data protection.
We also reserve the right to pass on personal data to third parties if we are forced to do so by law, by a judicial decision by the court of competent jurisdiction or by an order of the competent authority, or if we are forced, as a result of actions or omissions on your part, to have our rights, our property or our assets protected or enforced by the competent authorities.-
In the procurement of data, we restrict ourselves to what is necessary and reasonable.
If we collect personal data, we will explain to you in each case for what purposes we use the data.
In individual cases, we only collect personal data to the extent necessary to achieve these purposes. If further use of personal data is no longer necessary, the data will be deleted.
V. Your rights in relation to the data used
If and insofar as we use personal data concerning you, you are entitled to the following rights in particular with regard to such data:
- Right of access to information (Art 15 GDPR): You may at any time request information as to whether and which personal data concerning you are being used by us, for what purposes the data are being processed, where the data originate, to which recipients the data may be transmitted and how long such data are stored by us.
- Right of rectification (Art. 16 GDPR): If you discover that personal data concerning you are inaccurate, you may request the rectification of such data at any time. If data are incomplete from your point of view, you can also request that data be supplemented.
- Right of erasure (Art. 17 GDPR): If you believe that the use of your personal data is no longer necessary or that it is carried out without a sufficient legal basis or is unlawful for other reasons, you can request the erasure of these data.
- Right to restriction of the use of data (Art. 18 GDPR): Instead of erasure of data, you can also demand restriction of the use of data, if data are used unlawfully. In particular, you can also demand such a restriction of the use of data if you dispute the accuracy of data or have lodged an objection to the use of data.
- Right to data portability (Art. 20 GDPR): With regard to personal data that you have provided yourself and that are used on the basis of a contract or consent, you can demand that these data be made available to you in a structured, common and machine-readable format. You may also request that this data be transferred directly to another data controller.
- Right to file a complaint with a supervisory authority (Art. 77 GDPR): If you believe that your rights have been violated in relation to personal data concerning you, you have the right to file a complaint with a supervisory authority. In particular, you may contact the supervisory authority responsible for your place of residence, your place of work or the place where the suspected violation occurred. In Austria, the responsible supervisory authority is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna.
Separately, we would like to point out your right of objection (Art. 21 GDPR): If reasons arise from your particular situation which make the use of your personal data, which we use on the basis of a legitimate interest, impermissible, you have the right to object to such use of data. If your personal data is used for direct marketing purposes, you have the right to object in any case.
If you have any questions or are unclear about your rights regarding your personal data, you can contact us at any time at the following e-mail address: [email protected].
VI. Security measures to protect your data
To protect your data, we have taken special technical and operational security measures which are regularly reviewed and adapted to technological progress.
VII. Changes to the data protection policy
Since changes in the law or changes in our internal company processes may make it necessary to adapt this data protection policy, which we reserve the right to do accordingly, we ask you to read this data protection policy regularly.
VIII. Cookies
We use cookies on our website to enable the use of certain functions of the website, to analyse how users use our website and to provide certain third-party services.
These are small text files that are stored on your computer. Most of the cookies we use are deleted from your hard drive at the end of the browser session (so-called session cookies). Other cookies remain on your computer and enable us to recognise your computer during your next visit (so-called persistent cookies). In addition, cookies from third parties are also used on our website.
You can prevent the storage of cookies by adjusting your browser settings accordingly. However, we would like to point out that in this case, you may not be able to use all functions of this website to their full extent.
If you do not wish our cookies to be stored on your computer, please deactivate the storage of cookies in your browser for our website or set your browser so that cookies are generally not stored on your computer. You can also use your browser to delete cookies that have already been stored.
The collection and transmission of this data is based on the consent you have given, of which you were expressly notified when you visited our website.
Deactivating the use of cookies may require a permanent cookie to be stored on your computer. If this cookie is subsequently deleted by you, you must perform the deactivation again.
Google Tag Manager
Description of Service
This is a tag management system. Via Google Tag Manager, tags can be integrated centrally via a user interface. Tags are small sections of code that can track activities. Script codes of other tools are integrated via the Google Tag Manager. The Tag Manager allows to control when a particular tag is triggered.
Processing Company
Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data Protection Officer of Processing Company
Below you can find the email address of the data protection officer of the processing company.
https://support.google.com/policies/contact/general_privacy_form
Data Purposes
This list represents the purposes of the data collection and processing.
- Tag Management
Technologies Used
This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.
- Website tags
Data Collected
This list represents all (personal) data that is collected by or through the use of this service.
- Aggregated data about tag firing
Legal Basis
In the following the required legal basis for the processing of data is listed.
- Art. 6 para. 1 s. 1 lit. a GDPR
Location of Processing
This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.
European Union
Retention Period
The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.
The data will be deleted as soon as they are no longer needed for the processing purposes.
Transfer to Third Countries
This service may forward the collected data to a different country. Please note that this service might transfer the data to a country without the required data protection standards. If the data is transferred to the USA, there is a risk that your data can be processed by US authorities, for control and surveillance measures, possibly without legal remedies. Below you can find a list of countries to which the data is being transferred. For more information regarding safeguards please refer to the website provider’s privacy policy or contact the website provider directly.
- Singapore
- Taiwan
- Chile
- United States of America
Data Recipients
In the following the recipients of the data collected are listed.
- Alphabet Inc., Google LLC, Google Ireland Limited
Click here to read the privacy policy of the data processor
https://policies.google.com/privacy?hl=en
Click here to read the cookie policy of the data processor
https://policies.google.com/technologies/cookies?hl=en
Usercentrics Consent Management Platform
Description of Service
This is a consent management service. Usercentrics GmbH is used on the website as a processor for the purpose of consent management.
Processing Company
Usercentrics GmbH
Sendlinger Str. 7, 80331 Munich, Germany
Data Protection Officer of Processing Company
Below you can find the email address of the data protection officer of the processing company.
[email protected]
Data Purposes
This list represents the purposes of the data collection and processing.
- Compliance with legal obligations
- Consent storage
Technologies Used
This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.
- Local storage
- Pixel
Data Collected
This list represents all (personal) data that is collected by or through the use of this service.
- Opt-in and opt-out data
- Referrer URL
- User agent
- User settings
- Consent ID
- Time of consent
- Consent type
- Template version
- Banner language
- IP address
- Geographic location
Legal Basis
In the following the required legal basis for the processing of data is listed.
- Art. 6 para. 1 s. 1 lit. c GDPR
Location of Processing
This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.
European Union
Retention Period
The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.
The consent data (given consent and revocation of consent) are stored for one year. The data will then be deleted immediately.
Data Recipients
In the following the recipients of the data collected are listed.
- Singapore
Data Recipients
In the following the recipients of the data collected are listed.
- Usercentrics GmbH
Click here to read the privacy policy of the data processor
https://usercentrics.com/privacy-policy/
Stored Information
- Name: uc_settings; This holds the ControllerID and SettingsID, the language, settings version and services with their consent history.; Type: web; Domain: usercentrics.com;
- Name: uc_user_interaction; This is used to signal whether a user has already given consent.; Type: web;
Google Analytics
Description of Service
This is a web analytics service. With this, the user can measure the advertising return on investment “ROI” as well as track user behavior with flash, video, websites and applications.
Processing Company
Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data Protection Officer of Processing Company
Below you can find the email address of the data protection officer of the processing company.
https://support.google.com/policies/contact/general_privacy_form
Data Purposes
This list represents the purposes of the data collection and processing.
- Marketing
- Analytics
Technologies Used
This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.
- Cookies
- Pixel
- JavaScript
Data Collected
This list represents all (personal) data that is collected by or through the use of this service.
- Click path
- Date and time of visit
- Device information
- Location information
- IP address
- Pages visited
- Referrer URL
- Browser information
- Hostname
- Browser language
- Browser type
- Screen resolution
- Device operating system
- Interaction data
- User behaviour
- Visited URL
- Cookie ID
Legal Basis
In the following the required legal basis for the processing of data is listed.
- Art. 6 para. 1 s. 1 lit. a GDPR
Location of Processing
This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.
European Union
Retention Period
The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.
The Retention Period depends on the type of the saved data. Each user can choose how long Google Analytics retains data before automatically deleting it.
Transfer to Third Countries
This service may forward the collected data to a different country. Please note that this service might transfer the data to a country without the required data protection standards. If the data is transferred to the USA, there is a risk that your data can be processed by US authorities, for control and surveillance measures, possibly without legal remedies. Below you can find a list of countries to which the data is being transferred. For more information regarding safeguards please refer to the website provider’s privacy policy or contact the website provider directly.
- United States of America
- Singapore
- Chile
- Taiwan
Data Recipients
In the following the recipients of the data collected are listed.
- Google Ireland Limited, Alphabet Inc., Google LLC
Click here to read the privacy policy of the data processor
https://policies.google.com/privacy?hl=en
Click here to read the cookie policy of the data processor
https://policies.google.com/technologies/cookies?hl=en
Click here to opt out from this processor across all domains
https://tools.google.com/dlpage/gaoptout?hl=en
Storage Information
- Maximum age of cookie storage: 2 years
Stored Information
- Name: __utmb; This cookie is used to track the time of the visit.; Type: cookie; Duration: Session;
- Name: _ga; This cookie is used to distinguish between users.; Type: cookie; Duration: 2 years;
- Name: _gid; This cookie is used to identify the user.; Type: cookie; Duration: 1 day;
- Name: __utma; This cookie is used to record the time and date of the first visit, the total number of visits and the start time of the current visit. ; Type: cookie; Duration: Session;
- Name: __utmz; This cookie is used to record where the visitor came from. ; Type: cookie; Duration: Session;
- Name: IDE; This is used to show personalised ads. ; Type: cookie; Duration: 1 year, 1 month;
- Name: CONSENT; This is used to store the consent choices of the user. ; Type: cookie; Duration: 2 years;
- Name: __utmt; This is used to throttle the request rate. ; Type: cookie; Duration: 10 minutes;
- Name: _gat; This is used to read and filter requests from bots.; Type: cookie; Duration: 1 minute;
- Name: __utmc; This is used to store the time of the visit.; Type: cookie; Duration: 30 minutes;
Last updated: August 2023