Introduction
This Data Protection Policy provides information on how we process the personal data of individuals who use the EASE 5 Second Edition software (hereinafter: “Software”) and their rights in this regard.
For any questions or requests in this regard, please feel free to contact our Customer Success Team via email to @email or by phone at +49 (0)30 467 092 – 30.
Overview
1. General
1.1. Data Controller and Data Processor identification
1.2. Definitions
2. Automated data processing via the Software
2.1. To activate and deactivate the Software
2.2. To send Software error information as well as usage data to AFMG
2.3. To notify about available software updates
3. Recipients of the Personal Data
4. Your rights as a Data Subject
1. General
1.1. Data Controller and Data Processor identification
The Data Controller in relation to the processing of personal data via the EASE 5 Second Edition software is AFMG Technologies GmbH (hereinafter: “AFMG”, “we”, and “us”), Borkumstr. 2, 13189 Berlin, Germany. Tel.: +49 (0)30 467 092 – 30, Fax.: +49 (0)30 467 092 – 27, email: @email.
AFMG´s Data Processors in this context are:
• Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (server hosting); and
• IP-Projects GmbH & Co KG, Am Vogelherd 14, 97295 Waldbrunn (server hosting).
1.2. Definitions
Personal Data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
GDPR is an abbreviation for REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Data Controller means the entity that determines the purposes and means for the processing of Personal Data.
Data Processor means the entity that processes Personal Data on behalf of the Data Controller.
Sub-processor means any Data Processor engaged by AFMG’s Data Processors, such as UseResponse, Mailchimp or their affiliates, to assist in fulfilling their obligations with respect to providing services as Data Processor to AFMG.
2. Automated data processing via the Software
2.1. To activate and deactivate the Software
Explanation and purposes of processing
When starting the Software and it is not activated, for instance at its very first start, you are required to activate the Software before it can be used. As part of the activation process, we collect Personal Data from you to generate a license key, which is stored on your computer to verify the proper licensing of the Software.
The following data is collected for this purpose:
- Log-in credentials (email and password)
- Time of log-in and license activation
- License selected by you for activation (if several are available under your account)
- Hardware information (BIOS version, CPU information, etc.) to generate a hardware key on which the license is based
- Possibly further information voluntarily provided by you during the licensing process, such as the computer name.
Except for the information voluntarily provided by you, this data will be used to generate the license key and for support purposes with regard to licensing and will not be further stored. It cannot be reconstructed from the license key.
Additional information provided by you during the licensing process, such as the computer name, is stored for support purposes.
At any moment you can deactivate the Software. This process removes the installed license key from your computer and e.g. allows the software to be activated on a different machine.
The following data is collected for this purpose:
- Log-in credentials (email and password), depending on the setting defined by you or other user during Software activation for “Permission for Software Deactivation”
- Installed license key information
Furthermore, at every startup of the Software, information related to the installed license key is automatically sent to AFMG for verification of its validity. If for any reason the installed license key is no longer valid, it is removed from your computer and the software is deactivated.
The collected Personal Data described in this section will be stored and processed only for as long as it is required for the purposes for which it has been collected, provided no exception as per Art. 17 (3) GDPR applies. Art. 17 (3) GDPR lays out the exceptional conditions for not erasing Personal Data.
Legal basis
The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR. Data processing is necessary for the purpose of fulfilling the contract in order to ensure proper licensing of the software used.
2.2. To send Software error information as well as usage data to AFMG
Explanation and purposes of processing
In order to assist us with the development of the Software, and to allow us to better understand how users utilize the software so that we can make improvements to it, you have the option to provide AFMG with some Personal Data that is collected in an anonymous way, and automatically via the Software.
At first startup, you have the possibility of selecting the type of information that you would like to provide to AFMG via a dialog window:
- Anonymized error information activates the sending of an error log, including time stamps and the Software version number, to AFMG every time a critical error in the Software occurs. This allows AFMG to identify the error incidence and provides information that usually helps us investigating the cause of the problem.
- Anonymized usage data, e.g. session duration activates the sending of anonymous software usage data to AFMG every time the software is closed. At this point, only information regarding the session duration, including time stamps and the Software version number, are collected.
The processing starts only after you select the type of information you would like to provide and press the “Confirm Selected” button, or by pressing the “Allow both” button.
The collected Personal Data described in this section will be collected and stored in pseudonymized form by us until you revoke consent or until the Software development expires. The data will be stored and processed only for as long as it is required for the purposes for which it has been collected, provided no exception as per Art. 17 (3) GDPR applies. Art. 17 (3) GDPR lays out the exceptional conditions for not erasing Personal Data.
Consent
The above data processing takes place on the basis of your consent, given when you mark the type of information to be provided and confirm the selection by pressing the “Confirm Selected” button, or by pressing the “Allow both” button, via a dialog window that appears at Software startup. This window includes the following content:
“We would like to ask for your help!
We want to improve EASE continuously and make it better for everyone. Please support our effort by providing some bits of data in a completely anonymous way:
[ ] Anonymized error information
[ ] Anonymized usage data, e.g. session duration
The information will be sent to our server when an error occurs or when the application is closed. The data will be collected, used and stored as detailed in section 2.2. of our data protection policy.
You can change your preferences and revoke consent at any time via the application settings.
[Confirm Selected] [Allow both]”
You have the possibility of changing the preferences above, and revoking consent granularly through the Software settings at any time with effect for the future.
Legal basis
The legal basis for this data processing is Article 6 (1) sentence 1 lit. a GDPR.
2.3. To notify about available software updates
Explanation and purposes of processing
We provide updates for the Software frequently as part of the end user license agreement (EULA), article 3.2. These typically include bug fixes as well as new functions. Software updates are important in order to deliver bug fixes for critical security issues as well as to ensure proper functioning of the Software.
In order to inform you about the availability of a new version for the Software, the Software connects to the AFMG web server regularly. If the Software detects that the locally installed version is older than the last one made publicly available it indicates so in the main window. The Software will typically make such a request to the AFMG web server once or twice a day while it is running.
When the Software connects with the AFMG web server, information collected and processed through technically automated means is sent to our Data Processor´s servers, which are located in Germany.
The following information is automatically processed:
- The IP address of your computer or other end device (e.g. tablet)
- Date and time of the request
The IP address of your device is necessary for technical reasons, so that the connection to the AFMG web server can be established. The service cannot be accessed and operate properly without this data being processed. In addition, the IP address related to the access is saved in server log files to be used for internal system administration and maintenance, as well as for statistical purposes.
The collected Personal Data described in this section will be stored and processed only for as long as it is required for the purposes for which it has been collected, provided no exception as per Art. 17 (3) GDPR applies. Art. 17 (3) GDPR lays out the exceptional conditions for not erasing Personal Data.
Legal basis
The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR. Data processing is necessary for the purpose of fulfilling the contract in order to inform the user about updates available for the Software.
3. Recipients of the Personal Data
Processors
The storage and processing of the Personal Data collected by automated means via the Software as described in section 2 is carried out by Microsoft Corporation, as well as IP-Projects GmbH & Co KG, on behalf of and based on instructions provided by AFMG. The hosting of the data takes place exclusively on servers within the European Union.
4. Your rights as a Data Subject
You may exercise certain rights regarding AFMG’s processing of the Personal Data that relates to you.
Right to rectification
You have the right to obtain from AFMG the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement (Art. 16 GDPR).
Right to erasure
You have the right to obtain from AFMG the erasure of Personal Data concerning you (Art. 17 (1) GDPR), provided no exception as per Art. 17 (3) GDPR applies.
Within 30 days after we have received your request, we will permanently delete the Personal Data concerning you.
Right to revoke consent
You have the right to revoke consent to the collection and processing of your data at any time and with effect for the future. Consent can be revoked granularly through the Software settings.
Right to object to processing on the basis of legitimate interests
To the extent that processing of data is based on Art. 6 (1) (f) GDPR ("legitimate interests"), you have the right, under Art. 21 GDPR, and on grounds relating to your particular situation, to object at any time to the processing of Personal Data concerning you.
In the case of an objection, AFMG will no longer process the personal data, unless the processing serves the assertion, exercise, or defense of legal claims or AFMG can prove necessary, legitimate grounds for the processing that override the interests, rights, and freedoms of the Data Subject.
Right to access your data
You have the right, under Art. 15 GDPR, to obtain from AFMG confirmation as to whether or not Personal Data concerning you are being processed and, if applicable, to obtain a copy of the Personal Data undergoing processing.
You have the right to request confirmation from AFMG as to whether we are processing Personal Data concerning you. If this is the case, you have the right to access the Personal Data and the information specified in Art. 15 GDPR in conjunction with § 34 BDSG. This shall not apply if:
- The data is only stored because it may not be deleted due to legal or statutory storage obligations; or
- Exclusively serves the purpose of data security or data protection control.
Right to restrict the processing of your data
In certain cases, you have the right to obtain from AFMG restriction of processing of Personal Data concerning you. These cases are laid out in Art. 18 (1) GDPR.
Right to portability
You have the right to receive the Personal Data concerning you, which you have provided to AFMG, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another Data Controller, in the cases laid out in Art 20 (1) GDPR.
Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular within the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of Personal Data relating to you infringes the GDPR (Art. 77 GDPR). Please refer to your local data protection authority for more information. On the European Commission website, you can refer to the list of data protection authorities within the European Economic Area.
Berlin, March 28, 2024
Version: 2.0
We may review and, where necessary, update this data protection policy. If we plan to use the Personal Data of users of the Software for a new purpose, that is incompatible with the original purposes for which consent has been provided, we will update this policy and request consent for the new purpose.
