Privacy Statement

1 Preface

Regardless of whether you are a customer, prospective customer, applicant or visitor to our website: We, MOBISYS Mobile Informationssysteme GmbH (hereinafter: “mobisys”, “we”), consider the protection of your personal data of high importance. But what does that mean in particular?
Below, we provide you with an insight into what personal information we collect from you and how we process it. Furthermore, you will receive an overview of your rights under applicable privacy law. In addition, we will give you your contacts if you have any further questions.

2 Who are we?

mobisys supports companies in the worldwide integration and process optimization of SAP Mobility in Plant Maintenance, Production, Logistics and Controlling. Along with SAP consulting companies of our partner program, the customer is advised in all phases of an SAP project.
As responsible within the meaning of applicable privacy laws, we take

MOBISYS Mobile Informationssysteme GmbH
Altrottstraße 26
69190 Walldorf
Email: info@mobisys.de 
Phone: +49 6227 8635-0
Fax: +49 6227 8635-55

all measures necessary under applicable privacy law to ensure the protection of your personal data.

For any questions regarding this Privacy Statement, please contact our Privacy Officer.

MOBISYS Mobile Informationssysteme GmbH
Data Protection Officer Holger Schoennerstedt
Altrottstraße 26
69190 Walldorf
E-Mail: privacy@mobisys.de

3 Scope of the Privacy Statement

By the processing of personal data, the legislator means activities such as collecting, entering, organizing, arranging, storing, adapting or changing, reading out, querying, using, disclosing through transmission, dissemination or any other form of providing, comparising, or linking, restricting, deleting, or destroying personal data.

Personal data is any information that relates to an identified or identifiable natural person.

This privacy statement is about the personal data of customers, prospects, applicants or visitors.

This privacy policy applies to our website: https://mobisys.com, as well as to our portal https://portal.mobisys.com/. Salesforce’s Community Cloud solution is used to provide the portal infrastructure.

4 What personal data do we process?

Your personal data will be collected by us when you get in touch with us, e.g. as an interested party or customer. This may, for example, be done by being interested in our products, by registering for our online services, by contacting us through our communication channels, or by using our products or services as part of existing business relationships.
The following types of personal data are processed by us:

• Information for personal identification
  first and last name, address data, email address, phone number
• Order data
  customer number, SAP installation number, order number, invoice number
• Company-related data
  company name, department, activity, position
• Data about your online behavior
  IP addresses, user names, data about your visits to our website (name of the retrieved website, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the page visitor’s operating system, referrer URL (previously visited page) and the requesting provider, place of access), actions performed on our websites and in our portal.
• Information about your interests and wishes, which you tell us
  via our contact form or via other communication channels
• Information regarding our application process
  about your professional background such as vocational training, previous employers, other qualifications

4.1 Sensitive Data

Sensitive data, thus special categories of personal data such , as information on religious or union affiliation is not collected that way.

4.2 Use of Cookies

You can find more information about the cookies we use in the cookie policy.

4.2.1 What are Cookies?

Cookies are small text files that are stored in the memory of your terminal device via your browser. Cookies store certain information (e.g. your preferred language or page settings), which can be sent back to us by your browser when you return to the website (depending on the lifetime of the cookie). For more information about the cookies we use, please refer to the Cookie Policy (https://mobisys.com/cookie-richtlinie/).

4.2.2 Google Analytics

If you have given your consent, this website uses Google Analytics, a web analytics service provided by Google LLC. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

4.2.2.1 Scope of the processing

Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by means of cookies about your use of this website is generally transferred to a Google server in the USA and stored there. Google Analytics has IP address anonymization enabled by default. Due to IP
anonymization, your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be sent to a Google server in the US and shortened there. According to Google,
the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. During your website visit, your user behavior is recorded in the form of “events”. Events can be:

• Page views
• First visit to the website
• Start of session
• Your “click path”, interacting with the website
• Scrolls (whenever a user scrolls to the bottom of the page (90%))
• Clicks to external links
• Internal search queries
• Interaction with videos
• File downloads
• Viewed / clicked ads
• Language settings

It also includes:

• Your approximate location (region)
• Your IP address (in shorten form)
• Technical information about your browser and the terminal devices you use
  (e.g. language setting, screen resolution)
• Your Internet service provider
• The referrer URL (via which website / advertising medium you came to this
  website)

4.2.2.2 Purpose of processing

On behalf of the operator of this website , Google will use this information to evaluate your use of the website and to compile reports on website activities. The reports provided by Google Analytics serve to analyze the performance of our website and the success of our marketing campaigns.

4.2.2.3 Recipients

Recipients of the data are/may be

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as
  processor according to Art. 28 GDPR)
• Google LLC, 1600 Amphitheater Parkway Mountain View, CA 94043, USA
• Alphabet Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities may access the data stored at Google.

4.2.2.4 Third country transfer

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU
standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland,
Google LLC, is based in California, USA. A transfer of data to the United States and an access of US authorities to the data stored at Google cannot be
excluded. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You
may not be entitled to any legal remedies against access by authorities.

4.2.2.5 Duration of storage

The data sent by us and linked with cookies are automatically deleted after 14 months. The deletion of data whose retention period has been reached occurs
automatically once a month.

4.2.2.6 Legal basis

The legal basis for this data processing is your consent pursuant to Art.6 para.1
p.1 lit. a GDPR.

4.2.2.7 Revocation

You can revoke your consent at any time with future effect by accessing the cookie settings on our cookie declaration (at the bottom of our website)
https://mobisys.com/cookie-richtlinie/ (https://mobisys.com/cookie-richtlinie/) and changing your selection there. The legality of the processing carried out on the basis of the consent until the revocation remains unaffected. You can also prevent the storage of cookies from the outset by setting your
browser software accordingly. However, if you configure your browser to reject all cookies , it may limit functionality on this and other websites. In addition, you
can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of
this data by Google, by

a. not giving your consent to the setting of the cookie or
b. downloading and installing the browser add-on to disable Google Analytics HERE (https://tools.google.com/dlpage/gaoptout?hl=de).

For more information on Google Analytics’ terms of use and Google’s privacy
policy, please visit https://marketingplatform.google.com/about/analytics/terms/us/ and
https://policies.google.com/?hl=en.

4.2.3 Pardot Services

We use the Pardot Marketing Automation System (Pardot MAS). Pardot is marketing automation software from Salesforce.com, inc, The Landmark @ One Market Street, San Francisco, CA 94105, USA. Pardot is a special software for recording and evaluating the use of a website by website visitors. Insofar as Pardot processes personal data, the processing is carried out exclusively on our behalf and in accordance with our instructions.

When you visit our website, Pardot MAS records your click path and uses it to create an individual usage profile using a pseudonym. For this purpose, cookies are used that allow your browser to be recognized.

In order to provide you with the most interesting offer or product information possible, it is possible to merge your personal data with the data of a pseudonymized usage profile via the cookies set, provided that you provide personal data, for example, by filling out a form or consent to receive marketing e-mails from us.

4.3 Plug-ins and Tools

4.3.1 YouTube

Our website uses plug-ins from the Google-powered YouTube page. Site operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
When you visit one of our sites containing a YouTube plug-in, you will be connected to the servers of YouTube. It tells the YouTube server which of our pages you have visited. If you are logged in to your YouTube account, you will allow YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account and deleting cookies before logging in.
The use of YouTube is in the interest of an attractive presentation of our online offers.
For more information about how to handle user information, please refer to the YouTube Privacy Policy at: https://www.google.de/intl/de/policies/privacy.

4.3.2 GoToWebinar

To conduct webinars over the Internet, mobisys uses the GoToWebinar software solution from LogMeIn, Inc. 333 Summer Street, MA 02210 Boston, USA.
LogMeIn, Inc. is the data controller for the provision of this service and related data processing.

LogMeIn’s privacy policy can be found at https://www.logmeininc.com/de/legal/privacy:

• Registration for a webinar:
  On our website, when you click the registration button on the webinars, a direct connection to LogMeIn, Inc. infrastructure is established with your browser and a registration page is provided. Registration for a webinar via the mobisys portal page is done via your mobisys portal profile data. Your personal information such as name and email address and company name will be collected / stored by LogMeIn, Inc. and transmitted to the webinar organizer (mobisys).
• Implementation of a webinar:
  To conduct the webinar, LogMeIn, Inc. will use the information provided during registration and establish an encrypted connection between you and the webinar organizer.
  The webinars are recorded regularly to make them available on the mobisys portal page for later retrieval. During and after the webinar statistical data will be collected. If you participate in a webinar, in addition to your registration data, we will receive information about the duration of participation, interest in the webinar, questions asked or answers given for the purpose of further customer service or to enhance the user experience.

4.3.3 LinkedIn (Insight Tag)

We use the conversion tracking with LinkedIn Insights Tag, a tool of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland, on our website. For this purpose, the LinkedIn Insight Tag is integrated on our pages and a cookie is set on your end device by LinkedIn. This informs LinkedIn that you have visited our web pages, whereby your IP address is also collected. In addition, timestamps and events such as page views are stored. This enables us to statistically evaluate the use of our website in order to constantly optimize it. We learn, for example, through which LinkedIn ad or interaction on LinkedIn you came to our website. This allows us to better control the display of our advertising.

You can find more information on conversion tracking at https://www.linkedin.com/help/linkedin/answer/67595/linkedin-conversion-trackingubersicht?lang=en. Please note that the data may be stored and processed by LinkedIn, so that a connection to the respective user profile is possible and LinkedIn can use the data for its own advertising purposes. For more information, please see LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy. You can prevent the analysis of your usage behavior by LinkedIn as well as the display of interest-based recommendations via https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out?lang=en.

5 Processing Your Data

For What Do We Process Your Personal Data – On Which Legal Basis?

5.1 Performance of a Contract

We process your data in order to fulfill our contracts. This also applies to information that you provide to us in the context of pre-contractual correspondence. The specific purposes of the data processing depend on the product and the application submitted and can also be used to analyze your needs and to check which products and services are suitable for you.

5.1.1 Implementation of the Contractual Relationship

For the implementation of the contract we need your name, your address, your phone number or your email address, so that we can contact you.

5.1.2 Offering Goods and Services

We also need your personal data in order to check if and which products and services we can and are allowed to offer you.
Details of the respective purposes of the data processing can be found in the contract documents and our general terms and conditions.

5.1.3 Implementation of the Application Process

We process your data, which you have sent to us as part of your application, to check whether your professional qualifications are suitable for the job advertised. We only use your information for the application process and transfer it to your personal file when the contract is concluded. If it does not come to an agreement, your information will be deleted or destroyed. We will use your candidate information for no other purpose , than to implement the application process. For more information on data processing during the application process, please refer to the Applicant Privacy Statement.

5.2 After Balancing of Interests

We Improve our Services and Offer you Suitable Products.

5.2.1 To Strengthen and Optimize the Customer Relationship

As part of our efforts to continuously improve our relationship with you, we occasionally ask you to participate in our customer surveys. The results of the surveys serve to better tailor our products and services to your needs.

5.2.2 Data Processing and Analysis for Marketing Purposes

Your needs are important to us and we try to give you information about products and services that suit exactly you. For this we use the findings from our joint business relationship as well as from market research. The key goal is to adapt our product suggestions to your needs. In this context, we guarantee that we will always process the data in accordance with applicable privacy laws.

• Important: You can object to the use of your personal data for this purpose at any time.
  What do we exactly analyze and process?
• Results of our marketing actions to measure the efficiency and relevance of our campaigns;
• Information from your visits to our website;
• We analyze the possible needs of our products and services.

5.2.3 Measures that serve your security

• We use your personal data, inter alia, in the following cases:
  In order to protect you or your company from fraudulent activities, we analyze your data. This can be e.g. if you have been the victim of identity theft or if unauthorized persons have gained access to your user account in other ways;
• To improve the reliability of our web applications, our IT support works closely with you in case of technical problems. In this context, we also evaluate logging of site views, actions performed, etc. ;
• To guarantee IT security;
• To be able to record and prove facts in case of possible legal disputes.

5.3 Due to your Consent

If you have consented to the processing of your personal data for one or more specific purposes, we are permitted to process your data. You may withdraw this consent for the future at any time without incurring any costs other than the base rate transmission costs (the cost of your internet connection). However, the revocation of consent does not affect the legality of the processing carried out until the revocation.

5.3.1 Emailing

You have the possibility to register for our newsletter via our website. For sending we only need your email address, all other information is voluntary. You will receive our newsletter only after successful completion of a double opt-in procedure. You have the right at any time to view your consent form or unsubscribe from the newsletter. Corresponding links are implemented in every accompanying mailing to our newsletter. In the case of cancellation of our newsletter, we will immediately delete your contact details from our newsletter distribution list.

The legislator has certain requirements for the effectiveness of electronic consent, as it is used to sign up for the newsletter. This includes the logging of your declaration of consent. We therefore record the date and time of the consent, the text of the declaration of consent, the fact that the checkbox was selected, your email address and all other optional information. We only collect this information in order to comply with legal obligations.

Emails sent with Pardot MAS contain so-called web beacons. These are tiny graphics that allow us to analyze user behavior, such as opening and reading emails and clicking on links. This allows us to make our offered content more relevant and interesting for you.

5.4 Due to Legal Requirements or in the Public Interest

As a company, we are subject to a wide variety of legal requirements (for example, from tax legislation). In order to comply with our legal obligations, we process your personal data.

6 Where We Transfer Data and Why

6.1 Use of Data within mobisys

Within mobisys, only those entities gain access to your personal data that need these data to fulfill our contractual or legal obligations, or to protect our legitimate interests.

6.2 Use of Data outside mobisys

We respect the protection of your personal data and will only share information about you if required by law, if you have consented, or to fulfill contractual obligations.
For example, the following recipients may be required by law to disclose your personal data:

• Public authorities or supervisory authorities, e.g. tax authorities, customs authorities;
• Judicial and law enforcement authorities, e.g. police, courts, prosecution;
• Lawyers or notaries, e.g. in litigations;
• Auditor

In order to fulfill our contractual obligations, we cooperate with other companies. This includes:

• Partner companies (reselling)
• Transport service providers and forwarding agencies
• Organizer and training service provider, if you have registered for us at certain fairs or events;
• Banks and financial service providers to handle all financial matters.

Own service providers

To make our operations efficient, we rely on the services of external service providers who may receive personal information from you, including IT service providers, printing and telecommunications service providers, collections, consulting or distribution companies, for the purposes described.

• Important: We pay close attention to your personal data!

In order to ensure that the same data protection standards as in our company are adhered to by the service providers, we have entered into corresponding order processing contracts. These contracts regulate inter alia:

• that third parties only have access to the data they need to perform the tasks assigned to them;
• that only employees who have explicitly committed to complying with the data protection regulations will receive access to their data from the service providers;
• that the service providers comply with technical and organizational measures that ensure data security and data protection;
• what happens to the data when the business relationship between the service provider and us is terminated.
  For service providers located outside the European Economic Area (EEA), we take special security measures (for example, through the use of special contract clauses) to ensure that the data are treated with the same degree of prudence as in the EEA. We regularly check all our service providers for compliance with our specifications.

6.3 Links on Social Media Platforms

On our website we use Social Plug-ins of various social networks (Facebook, Twitter, Youtube, XING, kununu, LinkedIn, Google+). If you visit a page on our website that contains such a plug-in, your browser establishes a direct connection to the servers of the respective provider. The content of the plug-in is transmitted by the provider directly to your browser and integrated into the page. Through this integration, the provider receives the information that your browser has accessed the corresponding page, even if you do not have a profile with this provider or are currently not logged in there. This information (including your IP address) is transmitted by your browser directly to a server of the provider (usually in the US) and stored there. If you are logged in with the provider, he can immediately allocate the visit to our website to your profile. If you interact with the plug-ins, for example, press a button or leave a comment, this information is also transmitted directly to a server of the provider and stored there. The respective provider may publish this information on your profile or show to your contacts.

If you do not want the providers to assign the data collected via our website directly to your profile in the respective social network, you must log out of the corresponding network before you visit our website.

Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Facebook Privacy Policy: https://www.facebook.com/policy.php

Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. Twitter Privacy Policy: https://twitter.com/de/privacy

XING is operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Deutschland. Xing Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung

Kununu is operated by kununu GmbH, Neutorgasse 4-8, Top 3.02, A – 1010 Wien. kununu Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung

LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

YouTube is operated by YouTube LLC, part of Google Inc., based in San Bruno, California, USA. YouTube Privacy Policy: https://policies.google.com/privacy?hl=de&gl=de

Very important: On no account do we sell your personal data to third parties!

7 Are you Required to Provide us with Personal Data?

In the context of the business relationship between you and mobisys, we require the following categories of personal data:

• all necessary data for the establishment and execution of a business relationship;
• data required to fulfill contractual obligations;
• data that we are legally required to collect.

Without this data, we are unable to enter into or execute contracts with you.

8 Deletion Period

In accordance with applicable data protection regulations, we do not store your personal data longer than we need it for the purposes of the respective processing. If the data is no longer required for the fulfillment of contractual or legal obligations, they are regularly deleted by us, unless their temporary retention is still necessary. The following reasons may exist for further retention:

• There must be adherence to commercial and tax-related retention requirements: The retention periods primarily according to the provisions of the Commercial Code and the Tax Code are up to 10 years.
• To obtain evidence in the event of litigations within the statutory limitation provision: limitation periods can be up to 30 years in civil law, whereby the period of limitation begins after three years.

9 Your Rights

As part of the processing of your personal data, you also have certain rights. More details can be found in the corresponding provisions of the General Data Protection Regulation (Articles 15 to 21).

9.1 Right to Access and Rectification

You have the right to obtain information from us as to which of your personal data we process. If this information is no longer correct, you can request the correction of the data from us, in case of incomplete information, its addition. If we have passed on your data to third parties, we will inform the corresponding third parties in the appropriate legal situation.

9.2 Right to Erasure

In the following circumstances you can request the immediate deletion of your personal data:

• If your personal data is no longer needed for the purposes for which it was collected;
• If you have withdrawn your consent and there is no other legal basis for data processing;
• If you object to the processing and there are no legitimate reasons for data processing;
• If your data is processed unlawfully;
• If your personal data needs to be deleted to fulfill legal obligations.
• Please note that before deleting your data, we must verify that there is no legitimate reason to process your personal data.

9.3 Right to Restriction of Processing (“Right to Blocking”)

For one of the following reasons, you may require us to restrict the processing of your personal data:

• If you deny the accuracy of the data until we have had the opportunity to verify the accuracy of the data;
• If the data is processed unlawfully, but instead of deletion, you only require the restriction of the use of personal data;
• Although we no longer need your personal data for the purposes of processing, you still need it to assert, exercise or defend your rights;
• If you have objected to the processing and it is not yet clear whether your legitimate interests outweigh ours.

9.4 Right to Object

9.4.1 Case-specific Right to Object

If the processing is in the public interest or on the basis of a balance of interests, you have the right to object to the processing for reasons that arise from your particular situation. If we do so, we will not process your personal data unless we can prove compelling legitimate reasons for processing your data that override your interests, rights and freedoms, or because your personal information is used to assert, exercise or defend legal claims. The objection does not preclude the lawfulness of the processing up to the time of the objection.

9.4.2 Marketing Objection

In cases where your personal data is used for marketing purposes, you can object to this form of processing at any time. We will no longer process your personal data for these purposes.

The objection can be free of form and should be addressed to:

MOBISYS Mobile Informationssysteme GmbH
Altrottstraße 26
69190 Walldorf
Email: info@mobisys.de
Phone: +49 6227 8635-0

9.5 Right to Data Portability

You have the right to receive personal data you have given us for processing on request in a portable and machine-readable format.

9.6 Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)

We try to process your requests and claims as quickly as possible in order to protect your rights accordingly. However, depending on the frequency of requests, it may take up to 30 days before we can inform you about your concern.

If it takes longer, we will promptly notify you of the reasons for the delay and discuss the further procedure with you.
In some cases we are not allow or may not give you any information. If legally permissible, we will inform you of the reason for the refusal of the information.
However, if you are not satisfied with our responses and reactions or believe that we are violating applicable data protection laws, you are free to file a complaint with both our Privacy Officer and the appropriate supervisory authority. The supervisory authority responsible for us is:

The State Representative for Data Protection and Freedom-of-Information Baden-Württemberg
Mailbox 10 29 32 70025 Stuttgart
Phone: 0711/61 55 41-0
Fax: 0711/61 55 41-15
Email: poststelle@lfdi.bwl.de

10 Modification to the Privacy Statement

We reserve the right to change this privacy statement at any time in accordance with the applicable privacy policy regulations. The current status is September 2023.