Data privacy

All data processing operations for personal data (collection, processing and use) by Haufe Group strictly comply with the statutory data protection regulations. We collect, process and use personal data, among other things, to carry out orders to provide services and to execute the content and functionality of our products, websites and services, as well as to continually improve, only insofar as you have consented to herein, for purposes of advertising and market research.

This Privacy Statement is to inform you about how we handle your personal data. It applies to the collection, processing and use of personal data in the context of the use of the websites of the Haufe Group, including the various shops. In addition, it also applies to our products which are retrievable via our online websites of the Haufe Group - possibly after registration and login for the product. The concept of online products includes such products as Software as a Service (“SaaS”). This means that the product is not stored on the personal computer of the user as software. Rather, the software can be accessed via the internet, so that the services can be provided as required. Finally, this Privacy Statement also applies to the Haufe Group for their websites or external app stores and retrievable Mobile Apps.

Only with your separate agreement to this Privacy Statement (for example, by clicking a checkbox on a web page that refers to this Privacy Statement), do you give your consent that the relevant responsible entity uses the data collected on your web pages for the purposes of advertising and market research on the websites.

1. Personal Data and its Use

In the following cases, we require personal data:

  • When ordering
  • When using our online services and products
  • The use of our communities and forums
  • ‍When you subscribe / unsubscribe to newsletters
  • When contacting us
  • ‍To be able to offer comfort and security features in our shops

We store personal data primarily for business and order processing. For this purpose, we disclose personal data to third parties who act for, or on behalf of, the companies in the Haufe Group (section 11 BDSG [German Federal Data Protection Act], so-called order data management). This is, for example, when suppliers send you your order directly from the factory. These companies are not authorized to use the data released by us for purposes other than those of which we will inform you in this declaration.

We point out that, insofar that we go into an advance payment, e.g. when making a purchase on account, the data entered on a webshop by you (e.g. name and address) will be, if necessary, transmitted to the credit reference agency creditreform eV, Hellersbergerstr. 12, 41460 Neuss (hereinafter “creditreform”), to protect our legitimate interests by obtaining a forecast of the probability of payment / credit information. We obtain, from the creditreform, credit information in the form of probability values that are based on scientifically recognized mathematical and statistical methods, including the involvement of address data, in order to help us. We use the information obtained concerning the statistical probability of default for a balanced decision on the creation, implementation or termination of the contractual relationship.

For the rest, we reserve the right to collect and use, for the purpose of deciding on the establishment, implementation or termination of a contract, probability values to your future ability to make payment, and to entrust agencies with the calculation of such probabilities using scientifically recognized, mathematical and statistical methods. For this purpose, the data you provide for an address will also be used (but not exclusively). Your concerns will be considered in accordance with the statutory provisions.

The processing and use of personal data is necessary in particular for the exclusive personal access to order processing (“My Account”) or for subscribed online products, in order to determine, for example, individual user settings and to modify them. Access to this information is protected by a personal customer login and password.

To prevent the misuse of our internet services, communities and forums, when you visit our internet offers, we collect several standard sets of data (such as IP address, time and duration, operating system, browser, page view).

Only to the extent that you have, in addition, agreed by placing a tick in a checkbox herein separately, will we send different newsletters to you, to inform you about the issues that you are interested in. You may revoke, at any time, your consent to the sending of the newsletter by an order of revocation, which will be shown at the end of every newsletter with a link.You may revoke the collection, processing or use of your personal data for the purpose of sending newsletter also, as described under 2.

2. Responsible Party and Transfer of Data to Third Parties

Responsible party and service provider of this website is the company Haufe Group as given in the Legal Notice. If, hereinafter, the terms “we”, “us” or “Haufe Group” are mentioned, this company is meant. By clicking on the link that carries the name “Legal Notice” and is placed at the bottom of this statement, you can select the Legal Notice with further information.

The Haufe Service Center GmbH processes all personal data centrally for Haufe-Lexware GmbH & Co. KG and affiliates of the Haufe Group, as a data processor. A transfer of personal data within the Haufe Group and to order service providers (suppliers, letter shops) as a data processor will only take place in accordance with the provisions described herein, and is exclusively earmarked.

In the context of data exchange between us and the other Group companies in the Haufe Group, Haufe may allow a data transfer to other European countries. All Group companies of the Haufe Group have an adequate level of data protection within the meaning of sections 4b, c BDSG (German Federal Data Protection Act). All Group companies of the Haufe Group have an adequate level of data protection within the meaning of sections 4b, c BDSG (German Federal Data Protection Act).

Use of your data for advertising and market research purposes

With the use of your data for advertising and market research purposes we, and the other Group companies of the Haufe Group, will process and use your personal data and other information that we obtain from you, in particular, first name, name, address and e-mail address, to distribute interesting offers and to personalize your shopping experience with us individually, as well as to continuously improve our service.

If, and when, we have received your express permission for this, we and the other Group companies of the Haufe Group will also use your data to send you personalized offers and information, and newsletters about products, services and marketing offers by e-mail. 

These consents can be revoked at any time for the future.

Note

You can object or revoke your consent regarding the collection, processing or use of your personal data for the purposes of advertising, or market and opinion research

Haufe Service Center GmbH
Munzinger Straße 9
79111 Freiburg
E-Mail: service@haufe.de

at any time by sending an informal message. Upon receipt of your objection or revocation, this data is no longer used for advertising, marketing or opinion research purposes.

3. Security of Data

To protect the personal data of our customers, we use a secure online transmission method, the so-called “Secure Socket Layer” (SSL) transmission. This transfer method is supported by most browsers. All data transmitted using this secure method is encrypted before it is sent. Your personal data will be processed solely using security technology, in industry standard (e.g. firewalls, password protection, access control, etc.), protected data centers and computers.

We only retain personal data for as long as is necessary for the purposes for which it was collected or to satisfy legal requirements on reporting, or document retention.

Please note that, in this context, the employee / Haufe Group are not entitled, by phone or in writing, to retrieve your password from you. Therefore, never give your password if you receive such a request. Please note, for the security of your own data, the generally accepted rules when choosing your password, and do not transmit passwords by e-mail, but these changes directly online within our internet offer.

The processing of data that is subject to the legal profession data protection act (e.g. patient data, client data for legal and tax counseling professions), by external service providers may require the consent of the patient or the client. The customer is responsible for ensuring that such a consent is mandatory and, if so, that the appropriate consent declaration is available.

During the execution of SaaS solutions, we can gain access to personal data. In the processing and use of personal data, we may act on a commissioned basis, and are, in accordance with section 11 BDSG (German Federal Data Protection Act), obliged to strictly follow the instructions from the client. The instruction must be in writing. For the admissibility of data collection, processing and use, and for the exercise of the rights of those affected, the customer is responsible.

We can assign access permissions to the data made available, only to our own employees to the extent necessary for their particular task. If one of our employees leaves the company, or there is a change in activity, with the consequence that the employee does not require access to the data of the user, the access rights of this employee are to be deleted immediately.

We undertake to make any copies or other records of the available personal data transferred for processing, or to tolerate such by a third party, or to transfer this to a third party. This does not include copies or other records that are absolutely necessary in the course of proper data processing.

Outside of the instructions given, we may not allow access to this data released for processing for our own purposes, or for the purposes of any third party, or allow any third parties access. If the customer is obligated by applicable data protection regulations against another person to provide information regarding the collection, processing or use of data of this person, we will help to provide this information.

We only use employees and contractors who are obliged to maintain data secrecy.

We back up all data effectively, insofar as this is possible at a technically and economically acceptable cost, against unauthorized access, alteration, destruction or loss, unauthorized transmission, or otherwise unlawful processing and other abuse. If another type of threat to the data and SaaS solution cannot be eliminated with a technical and economical solution of reasonable expense, we reserve the right to delete the damaged data content. We will notify the customer by e-mail to the email address provided, of any such intention.

4. Right to Information and Rectification, Deletion and Blocking

Under the German Federal Data Protection Act, you have a right to free information about your stored data, and a right to rectification, blocking or deletion of data. Excluded from this is data for which the rectification, blocking or deletion is in conflict with statutory or contractual retention periods, as well as data used for the establishment, content formation or change to your contractual relationship with us, or data that must be stored for billing purposes.

If you have questions regarding the use of your data set, please contact our Data Protection Officer.

Haufe Group
Herrn Raik Mickler 
Datenschutzbeauftragter 
Munzinger Straße 9 
79111 Freiburg 
E-Mail: dsb@haufe-lexware.com

5. Cookies

On our website we use so-called cookies (text files which are stored through your visit to a Web page on the user’s computer) that allow us to make your use of our website as enjoyable and efficient as possible. Cookies are small data packets generated by our web server and your computer in communication with the Web server and are stored on the permanent memory (hard drive, memory etc.) of your device (computer, smart phone, tablet, or the like).

We use both our own cookies and cookies from other suppliers (so-called third-party cookies). When using third-party cookies data is collected, processed and used by the respective provider. On our web site, third-party cookies can be used. If you do not want to allow this, you may not only make use of your general right of objection regarding the use of any cookies, but also - without prejudice to - make use of the special rights of objection regarding the use of the various third-party cookies.

Avoidance of Cookies / General Right of Objection: Of course, you can object to the use of our cookies and also the third-party cookies at any time, by setting your browser to not accept cookies. For details of this, please refer to the help function of your internet browser. However, we would like to point out that we cannot rule out that some features of our website will not be (fully) available.

Session Cookies / Persistent Cookies: We use session cookies. With a webshop, for example, this allows for a cross-page shopping cart screen where you can see how many articles are currently in your shopping cart. Session cookies are deleted when you close the browser again.

In addition, the use of persistent cookies is possible to enable us, for example, to store your login information if you - as is the case in particular for online products - only select individual web offers after registration with your user name and password. Then, persistent cookies enable in particular that you can access your data that you already entered, and settings you made if a web page is newly selected. Persistent cookies are stored, therefore, for a limited period and, in particular, serve to make our website more user-friendly, effective and more secure.

6. Transmission of Collected Data to Third Parties

To improve our products, websites and services further and to align them with demand, we collect statistical information on user behavior; personal data is either not submitted, or only in anonymous form if necessary, in accordance with the data protection regulations. We use the following solutions and technologies. Specific inputs of the user are not covered here.

ECONDA GMBH: For the appropriate design and the optimization of these websites, solutions and technologies econda GmbH, Eisenlohr Straße 43, 76135 Karlsruhe, is used to capture and store the anonymous data and, from this data, to create user profiles using pseudonyms. For this purpose, cookies may be used that allow the recognition of an internet browser. User profiles are not merged with information about the bearer of the pseudonym, without the express consent of the visitor. In particular, IP addresses are made unrecognisable immediately after receipt, making an assignment of user profiles to IP addresses not possible. Website visitors may object to the collection and storage of this data at any time in the future by clicking HERE.

Cybot A/S: On some of our websites, we use a so-called "cookie banner" to inform you that cookies are being used. For these banners, we use the "Cookiebot" service by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. Details about how this service uses your data can be found HERE. This service makes it possible to keep track of your consent to the use of cookies, so that the cookie banner is only shown on your first visit to a Haufe Group website. To achieve this, the service stores a cookie under both Cookiebot's domain and the domain of the visited website. The following data are logged and linked to this cookie: your computer's IP address (in shortened form), date and time of agreement, the web browser you were using, the URL of the website you visited and your consent status. Logging this data is a required part of compliance with § 13 Para. 2 German Telemedia Act (TMG), and therefore cannot be revoked.

Furthermore, some of our web pages offered contain advertisements or job offers of third parties for whom we are not responsible. We do not transmit any personally identifiable customer information to these companies. However, these companies sometimes use technologies through which your IP address will be automatically transmitted. These and other technical means are used to measure the effectiveness of advertising / job offers or to make their content more personal. We have neither access nor control over the technologies used. The handling of data by these third parties and those web pages is not covered by this Privacy Statement. Please get in direct contact with these companies in order to learn about their privacy statements.

7. Social Networks

Our internet offer also integrates browser plugins and links to social networks (e.g. Facebook, XING, Google Plus, LinkedIn, Twitter). These social networks are operated solely by third parties which have their registered office, in part, outside of the EU or the EEA - an adequate level of data protection acc. to § § 4b, 4c BDSG may, therefore, not exist. The browser plugins and links are indicated by logos or other notices in our web offerings. When you visit our web pages which contain such a browser plugin, a connection will be automatically established between your device (browser) and the server of the respective social network. In doing so, the information that you have visited our web page will be forwarded to the social network. The visit to our web pages will then be associated with your account if you are logged on to your user account of the social network or log in while on our web pages. By interacting with browser plugins or links, e.g. by pressing a “Like” button or leaving a comment, this information will be transmitted to the respective social network and stored there. The assignment of the data to your account may be prevented logging out from your account (of the respective social network) before visiting our web pages.

Please find purpose and scope of data collection through social networks and the local further processing and use of your data as well as your rights in this respect and settings options for protecting your privacy in the respective Privacy Statements of the operators:

Facebook: HTTP://WWW.FACEBOOK.COM/POLICY.PHP 
Provider: Facebook Inc., 1601 Willow Road, Nelo Park, CA 94025, USA

XING: HTTPS://WWW.XING.COM/PRIVACY  
Provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland

GooglePlus: HTTP://WWW.GOOGLE.COM/INTL/DE/PRIVACY/ 
Provider: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA  ~C

LinkedIn: HTTP://WWW.LINKEDIN.COM/LEGAL/PRIVACY-POLICY 
Provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA

Twitter: HTTP://TWITTER.COM/PRIVACY/ 
Provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA

We also use the “user action pixel” from
Facebook Inc.
1601 S. California Ave, 
Palo Alto, CA 94304, USA 
(“Facebook”) 
in our Internet sites. This makes it possible to track users’ behavior after they click on a Facebook ad and are redirected to the provider’s website. This process allows us to evaluate the effectiveness of Facebook ads for statistical and market research purposes, and can help to optimize future advertising activities. The data we collect are anonymized, and therefore cannot be used to determine users’ identities. These data are saved and processed by Facebook, however. Therefore, it is possible to trace them back to the user’s profile, allowing Facebook to use the data for its own advertising purposes in accordance with Facebook’s data use policy (HTTPS://WWW.FACEBOOK.COM/ABOUT/PRIVACY/). Your data may be used to let Facebook and its partners activate advertisements on Facebook and elsewhere. A cookie may also be saved on your computer for this purpose.

Only users older than 13 years of age can consent to the use of the user action pixel. If you are younger than this, please ask a parent or guardian for permission.
Please click here if you wish to withdraw your consent: HTTPS://WWW.FACEBOOK.COM/SETTINGS/?TAB=ADS

8. Collection, Processing and Use of Personal Data in the Registration and Use of our Mobile Apps (e.g.: Quicken Mobile)

Purpose and Scope of the Collection, Processing and Use of Personal Data: If you want to use the services of one of our Mobile Apps e.g. via smart phone, to be able to carry any of our products on the go, it is necessary for the use of the functions of the respective Mobile App that data be collected, processed and used. Depending on the type of Mobile App, this may also involve a collection, processing or use of sensitive data, such as financial data. This holds especially true for the Quicken Mobile App, which processes information about your income and expenses, accounts and account balances and transfers and also allows the input of TANs for online banking. Due to the sensitivity of such data, it is imperative that you protect your device against unauthorized access and you be cautious that no unauthorized third party can gain access to this data obtained. In that regard, please also note the safety instructions of the BSI on THEME ONLINE-BANKING.

Data Processing by our Provider: Your input to use the mobile app of (personal) data is will be stored and processed in data centers of our provider. The provider uses the information only for the provision of the services. These includes in particular maintenance and repair work. In carrying out this work, it cannot be excluded in every case that the relevant employees of the provider or its subsidiaries and subcontractors will gain knowledge of your (personal) data. In this case, your data may be collected, processed and used in countries outside of the European Union and the European Economic Area.

Mobile Devices: As a precaution, we would like to point out that, when using our products, web offerings and services via so-called mobile devices (smart phones, mobile phones, tablets, etc.), precise location data may be collected, used and shared, including the geographic location of your mobile devices. In addition, further data may be collected, processed and used as part of the conditions of use of your respective telecommunications provider.

9. Collection, Processing and Use of Personal Data when Using our Online Products

As far as you use online products from us, the collection, processing and use of (personal) data is necessary. These fees associated with the use, processing and use of online products, will be used exclusively for carrying out the functions of the products. Your input to use an online product of (personal) data will be stored and processed in data centers of our providers. The providers use the data only for the provision of the services. These includes in particular maintenance and repair work. In carrying out this work, it cannot be excluded in every case that the relevant employees of the provider or its subsidiaries and subcontractors will gain knowledge of your (personal) data.

In addition, all online products to improve the application also use their own cookies. You can object to the use of cookies. To do this, please proceed as explained under 5 above.

10. Hyperlinks to Other Websites

Some of our web pages contain hyperlinks to other websites that are not operated by the Haufe Group. We do not control these websites and are not responsible for their content nor their handling of personal data.

11. Changes to this Privacy Policy

Due to current circumstances, such as a change in the relevant data protection policy, we will - if necessary - update this Privacy Policy.

Policy Version as at: July 2017