This data privacy statement informs you about the forms in which personal data are processed when visiting the website and when using Paessler AG services and the purposes thereof.
A - GENERAL INFORMATION FOR THE PROCESSING OF YOUR DATA
1. Responsible entity and contact
Responsible for the data processing as described here is Paessler AG.
Postal address: Paessler AG, Thurn-und-Taxis-Str. 14, 90411 Nuremberg
Email: [email protected]
Tel: +49 911 93775-0
Company data protection officer is Sebastian Bonhag. Contact hin via email to [email protected] or letter to the address above.
2. Right to information and of complaint
You have the right to information about your stored personal data as per Art.15 GDPR (§34 BDSG), to removal of your data as per Art. 17 GDPR (§35 BDSG), and to correction of your data as per Art. 16 GDPR. Please submit your request in writing or via a (verified) email address using the aforementioned contact details.
In addition, you have a general right of complaint. The responsible supervisory authority for complaints regarding the data processing of Paessler AG is the Bavarian Data Protection Authority.
3. Right to revocation of consent
If the data processing is based on consent, this consent can be revoked at any time with effect for the future. Submit your revocation in writing or via a (verified) email address using the aforementioned contact details.
B. DATA PROCESSING UPON VISITING THE WEBSITE
1. For the technical provision of the website (§15 par. 1 TMG)
Each time a user accesses a page of this web presence and each time a file is retrieved, data on these operations is stored in a logfile. This data includes the page from which the request originated (if communicated by your browser), the name of the requested file, the date and time of the request, the amount of data transferred, the notification if the request was successful, the description of the browser type used (if communicated by your browser), and the IP address of the machine forwarding the request. The storage of this data exclusively serves internal, system-related, and statistical purposes.
2. For pseudonymized use analysis and advertising success measurement (§15 par. 3 TMG)
This website uses various third-party services to create pseudonymized or anonymous information about the way the website is used and to better match content offers to users. For this purpose, pseudonymized data about the page usage such as the time, duration, and type of the page request, as well as information about the browsers, regional origin, and technology used is transmitted to the respective service. For further details, including the possibility to object, see the specific service.
Google Analytics: Web analytics service of Google Inc. ("Google"). Information about your use of this website is transmitted to a Google server in the USA, where it is stored and used to generate anonymized reports on the use of the website and activities within the online offer. We would like to point out that on this website, Google Analytics has been extended by the code "get._anonymizeIP ();" to ensure an anonymized collection of IP addresses.
You can object to this data processing by installing or allowing an opt-out cookie that prevents data transmission. Alternatively, you can install an extension in your browser that prevents data transfer. Such an extension can be downloaded here https://tools.google.com/dlpage/gaoptout?hl=en.
Kissmetrics: This website uses Kissmetrics, a web analytics service of Space Pencil, Inc. Kissmetrics only uses first-party cookies, which can be removed by deleting your browser cookies. You can disable Kissmetrics tracking by using the opt-out link on the Kissmetrics website: http://www.kissmetrics.com/user-privacy.
Facebook, Instagram, LinkedIn and Twitter: On our website we use the remarketing pixel from multiple social media platforms, including Facebook, Instagram, LinkedIn and Twitter. These pixels mark you as a visitor on our website in an anonymized form, without identifying you as a person and allows us the opportunity to retarget you with advertising while you are using these social media services. To be removed from the various remarketing user groups, please use the following opt-out links:
- Facebook / Instagram: https://www.facebook.com/ads/preferences/edit/
- Linked In: https://www.linkedin.com/help/linkedin/answer/62931?lang=en
- Twitter: https://twitter.com/personalization
Hotjar: We use Hotjar to analyze the usage of our website. Hotjar will capture specific data related to the viewer's interaction with that particular webpage completely anonymous and by random selection. We do not record keypresses or the content of form fields with HotJar. You can deactivate HotJar by following the instructions on https://www.hotjar.com/opt-out.
3. For pseudonymized advertising (§15 par. 3 TMG)
Google Adwords: Advertisements by means of cookies: You can be recognized as a visitor of the website, without your identity being known, via the set cookies so that when you visit other websites, the corresponding advertisements are displayed. In addition, internet users with specific profiles of interest based on their internet usage might be shown the corresponding advertisements. We do not collect any personal data with our cookies or other anonymous IDs. You can object to the collection and use of your data by Google Analytics at any time with effect for the future by making the appropriate Google settings.
4. To integrate social media platforms
Our website uses social media plugins from Facebook, Twitter, Google, LinkedIn, and Share. Your IP address will not be forwarded automatically. It will only be sent, if you click one of the plugins (two-click solution).
We use WhatsBroadcast to send messages to our customers via messenger platforms like WhatsApp, Facebook Messenger and others. This service is only available after registration in the registration-widget of the desired messenger service (https://www.whatsbroadcast.com/privacy-policy-wbc).
C - DATA PROCESSING UPON USE OF THE INDIVIDUAL WEB SERVICES
1. When registering for the newsletter
When registering for the newsletter, we collect and store the provided email address and name to send you information about our products, new features, and offers. Your email address is not used for other purposes or passed on to third parties.
Your consent to the use of your email address for receiving our newsletter can be revoked at any time with effect for the future by clicking the "Unsubscribe" link at the end of the newsletter.
2. When purchasing and installing trial and freeware (Art. 6 par. 1 lit. b GDPR)
For the use of trial and freeware and their operation, we collect and store your email address. Paessler uses this information to send you your license key, to guide you through the installation, to clarify typical questions that arise during installation, and to clarify the status of the installation. This is necessary for purposes of determining and correcting the support requirement during the installation and operation of the software, and to clarify the further use after the end of the test phase. Contacting can also take place over the telephone. Telephone numbers are only collected from publicly available sources.
3. When using contact forms (Art. 6 par. 1 lit. b GDPR)
HubSpot: When using the contact form, your e-mail address, your other contact details, your occupation, and the details of your request will be collected and processed. The data are processed with the help of the service provider HubSpot and we store them for 12 months. After this period your data will be deleted unless you have been in contact with Paessler AG by e.g. visiting the a website of Paessler AG, downloading content, sending us an email etc.
4. When registering for online training (Art. 6 par. 1 lit. b GDPR)
For processing the payment of the course fees, your payment details such as credit card data and VAT ID are collected and forwarded to the companies Shopify and Sufio, which process the payment. For more information on the privacy policies of Shopify and Sufio, visit https://www.shopify.com/legal/privacy and http://www.sufio.com/privacy-policy.
5. When registering an account for our knowledge-base (Art. 6 par. 1 lit. b GDPR)
When you register for our knowledge-base, we store your email address and other data you provide. Registration is independent from any other service. A registration is only necessary, if you want to write a question. You can send the question to our support team as an alternative.
D - DATA PROCESSING UPON PURCHASE OF SOFTWARE / SERVICES
1. For registration / account use (Art. 6 par. 1 lit. b GDPR)
During the purchase of a service, an email address and a password are used to set up an account ("registration"). The data are used to provide you access to your orders and contracts and to process the software purchase.
Upon registration and each time a registered user logs in, session cookies are stored on your machine in order to make the visit to our website more appealing and to enable the use of certain functions. These do not include any personal data, only your session ID, which is assigned to you during your visit. This session ID is used to reference internally stored data, such as information on the contents of your shopping cart so that if you visit our website at a later time, you can comfortably continue shopping. The generated cookies have an expiration time of 90 days.
2. To process the order (Art. 6 par. 1 lit. b GDPR)
During the ordering process, we collect and store information about your identity and your contact details (in particular, your first and last name, address, telephone number, and email address), as well as information about your purchase and payment method, including bank or credit card data.
This information is used to complete the order, including payment, and to provide the software and purchased services. This includes providing updates so that you can download the most recent version of the software at any time, free of charge, and providing upgrade offers and other services of Paessler AG.
Your email address is also required to review your license and provide you with registration keys or download links, as well as to inform you about the status of maintenance contracts.
Within the ordering process, we use the popular Transport Layer Security (TLS) encryption method in conjunction with the highest encryption level supported by your browser. Typically, this is 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit technology instead. A closed lock or a key symbol in the status bar of your browser denotes whether a single page of our website is encrypted.
SaleCycle: Our shop uses SaleCycle to send an email with a cart reminder to users who do not complete their checkout and already provided their email address in the checkout process. (http://www.salecycle.com/privacy-policy/)
SendGrid: To reliably send the invoice and licence emails, we use the service of SendGrid. (https://sendgrid.com/policies/privacy/).
3. For payment transactions (Art. 6 par. 1 lit. b GDPR)
Your address and your payment information will be sent to the executing payment and billing service providers:
For PRTG on premises, the credit card information is processed by the payment service provider Computop Wirtschaftsinformatik GmbH, Schwarzenbergstr. 4, 96050 Bamberg, Germany; the acquirer Concardis GmbH, Helfmann-Park 7, 65760 Eschborn, Germany; and American Express Payment Services Europe Limited, Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany.
4. For credit assessment and payment delay (Art. 6 par. 1 lit. b and f GDPR)
When paying via invoice, a credit assessment check is carried out before this type of payment is granted due to prevailing justifiable protection of interests. For this purpose, information about your creditworthiness is collected from credit agencies and used for evaluation purposes. If you object to the collection of your credit information, please choose another payment method.
If your payment is delayed, we reserve the right to transfer your personal data to a debt collection agency or to a law firm commissioned by us to ensure the collection of the outstanding amounts. This data transfer is subject to the requirements as per § 28a BDSG.
5. Anonymized for software updates and generation of usage statistics
Software products from Paessler AG can periodically connect to Paessler AG servers to check for newer software versions or important security updates. During this connection, impersonal information about the PRTG installation (for example, sensor count) is transmitted. We store and use this information, for instance, to optimize the delivery of updates as well as for statistical analysis.
We also use Google Analytics to collect statistical information about the use of the graphical user interfaces of PRTG to improve the user experience. This information is transmitted to a Google server in the USA, where it is stored and used to generate anonymized reports. This information is not associated with a single user. The user can terminate or resume his/her participation in this statistical data collection at any time by turning this function off or on in the PRTG settings. For PRTG hosted by Paessler the user can use the opt-out mechanism described in section B.2.
We also generate statistics about the actual use of our software products and apps for mobile devices. This can provide us with valuable information for the continuous development of our products. The information is collected and generated in an anonymized form only.
6. For advertising purposes (Art. 6 par. 1 lit. f GDPR)
Paessler uses your data and your email address to send you offers for other services and products. You can object to this at any time. Please send a complaint to [email protected].
We use TrustPilot as our customer review service. We add personalized URLs to some emails and webpages. Only when you click on such a link, your name and email address is transferred to TrustPilot. TrustPilot will only store your data, if you choose to create an account.(http://legal.trustpilot.com/end-user-privacy-terms)
Data Protection Agreement PRTG hosted by Paessler
DATA PROTECTION AGREEMENT (JOB PROCESSING) PRTG hosted by Paessler
between the Contracting Authority (Client)
and Paessler AG, Thurn-und-Taxis-Straße 14, 90411 Nuremberg/Germany (Paessler)
1. Object and Duration of Contract, Legal Framework
The Client instructs Paessler with processing individual-related data for delivery of PRTG network monitoring services. The duration of this agreement corresponds to the PRTG operation life. This data protection agreement shall be part of the contractual regimes of PRTG hosted by Paessler.
2. Nature of Data, Parties Concerned
Paessler processes monitoring data of the Client. Such are PRTG-created data of the Client’s applied devices and sensors including data of scope, duration and time of network traffic, data of device identification including IP address and device ID, data of Client accounts using the network as well as data of utilisation of the PRTG account. The Client determines to what extend such monitoring data shall be personalised by selection of applied devices and sensors.
The processing of monitoring data affects users of the devices and network components applied and created by the Client.
3. Rights and Responsibilities of Client
Assessing the legitimacy of data processing in accordance with article 6 section 1 of GDPR (General Data Protection Regulation) as well as safeguarding the rights of any party concerned in accordance with article 12 to 22 of GDPR shall be the responsibility of the Client.
4. Scope, Type, Purpose of Data Processing and Directives
- The following provisions are final directives regarding the monitoring transferred.
- The data shall be processed by Paessler merely for carrying out, executing and supporting PRTG services. This includes technical provision of PRTG components, guarantee of a flawless operation and monitoring of risks by Paessler.
- Paessler is allowed to use personal data in order to detect potential problems within the Client’s network entity and take defensive measures in consequence.
- In pursuance of the purpose, Paessler is authorised to read and evaluate the data. Paessler is allowed to log into running PRTG entities in order to analyse existing problems. A user-referred evaluation shall take place if certain user behaviour has been acknowledged as cause for malfunction. Paessler shall inform merely the Client if a certain user or user behaviour has been detected as cause for any problems.
- Processing of personal data for other purposes, especially the transfer to third parties for other purposes than the agreed purpose, is not allowed. Furthermore, processing shall not include any provision of information to third parties or users of devices and network components applied by the Client. In particular cases, this shall require separate commission.
- Copies or duplicates of data shall not be created without prior knowledge of the Client. This does not include backup copies that are required for ensuring smoothly running operation (backup mechanisms and restoring mechanisms) or guaranteeing proper data processing or compliance with any legal archiving duties.
- Under normal circumstances, the server shall be operated in an EU member state. Should there exist several location options, the Client shall determine the server location’s region upon commission.
5. Technical and Organisational Protective Measures
- Paessler shall guarantee a protection level for the parties concerned by data processing appropriate to the nature and extent of the risk for rights and liberties. This shall include the protective aims of article 32 section 1 of GDPR, such as confidentiality, integrity and availability of systems and services as well as their resilience regarding type, scope, circumstances and purpose of processing, in a way that appropriate technical and organisational corrective measures will reduce the risk in perpetuity.
- This shall include taking technical and organisational measures in accordance with article 32 GDPR in order to guarantee confidentiality, integrity, availability and resilience of systems and services as well as prevention of abusive use and disclosure of data. Such measures must be appropriate and proportionate and also conform to up-to-date technology. The measures to be taken have been described and documented.
- The measures are subject to technical progress and developments. Alternative measures may be implemented if the protective level of the measures defined is not being undercut.
6. Specific Responsibilities of Paessler
- Paessler shall process data in conformance with the Client’s instructions unless Paessler is bound by EU law or law of a member state to process data otherwise (for instance due to investigations by prosecution offices or state security); should this occasion arise, Paessler shall inform the Client of these legal requirements before data procession unless the law in question prohibits such notification for important public reasons (article 28 section 3 sentence 2 letter a of GDPR).
- All Paessler employees responsible for order completion are subject to an obligation of confidentiality or obligation of silence. They were made familiar with the relevant rules concerning confidentiality, especially given the subject matter of this agreement.
- Paessler shall regularly check the rules laid down in this agreement, especially regarding implementation and – if necessary – amendment of protective measures in order to guarantee that data procession within their area of responsibility follows the requirements of the valid data protection legislation and assure protection of the entities concerned. Paessler may prove adoption of sufficient protective measures by presenting certificates.
7. Subcontractual Relations
- The Client shall agree to involvement of subcontractors for processing of data on condition that these subcontractors are bound by this agreement and capable of meeting the agreed requirements to the processing of data. The subcontractors involved are listed in annex 1.
- Paessler shall inform the Client of all changes regarding involved subcontractors. Should the Client not consent to a subcontractor, they may cancel the PRTG service by exceptional right of termination and end any processing of data.
8. Protection Violations and Reporting Duties
- Paessler is obliged to notify security breaches in their range of control and organisation affecting personal data provided by the Client promptly to the Client (article 4 point 12 GDPR). For this purpose, Paessler shall notify the Client immediately of the respective event through the e-mail address listed and stored in the contact data.
- Paessler – in consultation with the Client – shall take appropriate measures to safeguard data and also take provisional measures to mitigate possible negative effects.
- The Client is responsible for reporting that is possibly resulting from article 33 section 1 and article 34 GDPR.
9. Deletion of Data
- The monitoring data shall be stored for 12 months and overwritten afterwards.
- After determination of PRTG services, monitoring data shall be deleted six months after the contractual end at the latest. A dispute between the parties regarding contractual services or unresolved claims may result in data being withhold for evidentiary purposes.
10. Rights of Parties Concerned
- In so far as their means allow, Paessler shall support the Client with their obligations to implement the rights of data subjects.
- At the request of the Client, Paessler shall delete personal data involved in data processing. Furthermore, Paessler may correct or delete data or restrict data processing (block) merely upon documented instruction by the Client.
- If a data subject contacts Paessler directly regarding their rights (for instance information, correction or deletion of their data), Paessler shall transmit this request to the Client without delay.
11. Obligation to Secrecy
The parties commit to treating all information regarding protective measures of the other party and received within the contractual relationship confidentially as trade and business secrets. This obligation to secrecy shall continue even after the end of the contractual relationship.
12. Formal Requirements, Severability Clause
(1) Amendments or supplements to this agreement shall be binding only if made in writing.
(2) If a determination of this agreement should be ineffective or become ineffective, this shall not affect the overall effectiveness of this agreement.
The contractual parties shall endeavour to replace the invalid or unenforceable provision by a valid and enforceable provision.
Annex 1: Subcontractors
Status as of 6 February 2018.
Paessler shall integrate the following subcontractors into the processing of data:
Amazon Web Services Inc.
410 Terry Avenue North
Seattle WA 98109, USA
Hosting of Client entities as well as the Client portal my-prtg.com
132 Hawthorne St
San Francisco, CA 94107, USA
Managing error messages
1801 California Street, Suite 500
Denver, Colorado 80202, USA
E-mail transmission for operating my-prtg.com