The purpose of this privacy policy (“Policy”) is to explain how, when and why Köllisch Gesellschaft für Prozessmanagement mbH collects information about individuals, how, for what purposes and on what grounds these ‘personal data’ are subsequently processed, who processes them and what rights the individuals have in connection with their personal data. The Policy also explains Köllisch Gesellschaft für Prozessmanagement mbH’s practices in using cookies and other technologies for storing information on others’ devices and retrieving information from such devices.
When we refer to “Köllisch Gesellschaft für Prozessmanagement mbH” or use the word “we”, “our” or “us”, we mean the Köllisch Gesellschaft für Prozessmanagement mbH entity that acts as the ‘controller’ of the information we hold about you or the ‘processor’ of the information that a customer has entrusted to us, as explained in more detail under the “identifying the data controller” part of this Policy. The phrase “Köllisch Gesellschaft für Prozessmanagement mbH“ refers to the company: Köllisch Gesellschaft für Prozessmanagement mbH, registered number HRB 705380, based in Konstanz, Germany; and Köllisch Gesellschaft für Prozessmanagement mbH.
By “you” we mean the individual reading this text, i.e., you as a natural person (and not any company or other organisation that you may be associated with).
Some words and phrases in this Policy are in single quotation marks (e.g., ‘controller’, ‘processor’ and ‘data subject’). These are legal terms, having the same meanings as given to them in the EU General Data Protection Regulation, i.e., Regulation (EU) 2016/679 (“GDPR”).
We collect Information about you in the course of negotiating, preparing, concluding and amending agreements between you and Köllisch Gesellschaft für Prozessmanagement mbH. The Information collected may include the data provided in such agreements and any data that you furnish for the purposes of negotiating, concluding or amending those agreements.
The Service has a user invitation feature that can be used for inviting you to become a User. If a User elects to invite you, she will give us your email address and the Service will send you an invitation. We store this email address but not as part of your User profile (as you are not yet a User). It will only become such if you obtain a User Account.
If a User subscribes to a paid Service plan, we ask her to supply us with the full name of the person or entity that will pay for the Service plan, their physical address and, optionally, email address and VAT number (i.e., the registration number of a “taxable person” as respects value added tax). The payer may or may not be the User subscribing to the Service plan, so it is possible for us to receive the above Information about you from another User.
In the case of a paid Service plan, you will supply a third-party payment service provider (who acts independently from us) with such information as they request from you to facilitate your payments to us. We do not collect any information about your methods or instruments of payment, except that, if you give the payment service provider credit card details, the last four digits of the credit card number are stored in the Workspace under subscription billing info. This piece of Information forms part of Workspace Data.
As with most websites and on-demand software solutions (i.e., where software is delivered over the internet in the form of a “service”), certain data are automatically collected when you visit a Website or use a Service application and this Information is recorded in log files. For example, when you log in to the Service, the date and time of your login will be recorded along with your IP address (giving us your approximate location) and a limited user agent string (telling us what type of Service application, e.g., web, desktop or mobile, was used for the login). When you create a data entry via the Service, your Service application type and version may be recorded.
On a more general level, we collect (or have third parties who collect for us) anonymous Information about the use of our Service and customer base. Such data may, e.g., include Information about the number of Users and their distribution (active, passive, paying, non-paying, etc.), User churn, Workspace team sizes, choices between application types, settings, modes of use and Service plans, Service performance, practices and trends in using specific features or components of the Service, the effectiveness of Service messages, and other Information that is not Personal Data.
Accessing resources on Websites may (depending on the site visited, resource accessed, device used and your hardware and software settings), result in the following Information being collected: your IP address, approximate location, Website entry and exit pages, referral sites and keywords, session time and duration, activities on the Website (e.g., pages viewed, links followed, clicks made), web browser type, version and settings (including, e.g., language preferences), device type, name and settings as well as the type and version of its operating system, and your internet service provider or mobile network operator. Some of this Information is collected by the use of cookies, as described in the next section.
When you use our web or cloud applications, visit Websites or retrieve resources (e.g., files or other information) that form part of a Website, certain pieces of data known as cookies are sent to the device you are using and will be stored there. Your web browser stores them either at our request or the request of a third party whose services we use. Each cookie, in one way or another, distinguishes you from other Users and Website visitors. There are also other techniques, such as using web beacons or pixels, whose purpose can be similar to that of some cookies. In this Policy, the word “cookie” designates the objects delivered by those techniques as well.
Cookies vary by nature and purpose. For instance, a “session cookie” only exists in the temporary memory of your device, i.e., while your Service session or visit to a Website lasts and is usually deleted when your web browser is closed. A “persistent cookie”, on the other hand, has a longer lifespan: it remains on your device until you delete it (i.e., instruct your browser to do so) or until it expires. A “secure cookie” can only be sent over a “secure” (encrypted) connection, making it harder for others to intercept information. A “first-party cookie” belongs to us and a “third-party cookie” belongs to someone other than Köllisch Gesellschaft für Prozessmanagement mbH, e.g., a company providing us with Service or Website analysis services or delivering our messages (such as advertisements) across the internet.
Some of the above cookies are associated with your User Account and certain of your Profile Information, allowing you to log in to the Service and remembering that you are logged in (which makes it possible for you to use the Service, enhances security and helps us to show you the right content). Other cookies allow us (or third parties we have engaged) to recognise and count the number of visitors to a Website, see how they move around the site when using it, which links they follow and who reads what, or to selectively record and analyse how and by what means Users are interacting with our applications (only specific pieces of information are collected, and without identifying the Users). Certain cookies are used to recognise you when you return to a Website, enabling us to personalise our content for you and remember your preferences, e.g., your choice of language. And, quite importantly from the privacy aspect, there are some third-party cookies that gather information about your browsing activities over time and across different websites following your use of ours (in other words, track your online behaviour), which may result in advertisements or other messages being displayed to you based on your browsing history.
You will encounter all of these cookies when interacting with our online applications, Websites or web resources. Cookies are vital to the Service and Websites. You can, however, remove them (individually, in selections or all in one sweep) and it is possible to disallow their use altogether or refuse certain types of them (your browser tools or support pages will tell you how to do that). But, if you disallow first-party cookies, your copy or instance of the Service will not operate properly or may not operate at all and your experience at Websites will be notably poorer or at least not as we intended.
Third-party cookies can usually be managed by the tools provided by those parties. Some of such tools are available here:
https://adssettings.google.com (Google advertising settings);
https://tools.google.com/dlpage/gaoptout (Google Analytics opt-out);
https://www.facebook.com/policies/cookies (Facebook cookie policy and opt-out);
We cannot give you an exhaustive list of the means for opting out of third-party cookies as the service providers who may set such cookies in connection with the Service and Websites change from time to time. Contact us, using the details at the end of this Policy, to learn which third-party cookies may currently be in use on a particular Website or Service application.
The Service and Websites do not respond to web browsers’ “do not track” signals and our data processing practices are not altered upon our receipt of such a signal.
We are not allowed to use cookies unless you agree to it, and by accepting this Policy you have. If the device you are using is not your own (e.g., if you are using the Service or displaying a Website on your employer’s computer or smart device), we expect you to have the owner’s authorization to agree on her behalf with our storing cookies on the device and retrieving information from it as described in this Policy. By using the device, you are confirming to us that you are so authorized.
The Third-Parties we share information with, are Microsoft Corporation and Sendinblue GmbH. This cannot be disabled since the service is only usable by having a Microsoft Office 365 account. Besides that, we use Sendinblue to deliver service notifications to you.
13.1 Marketing Cookies
We use Marketing Cookies which allow us to follow users to other websites to show ads that are relevant and engaging to the individual user. We base this processing on your consent (Art. 6 (1) a GDPR), which you may withdraw at any time with future effect and without detriment amending your settings under this link. We use the following services of third-party providers:
LinkedIn (Insight-Tag):
We also use conversion tracking on our website with LinkedIn Insights Tag, a tool from LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland. For this purpose, the LinkedIn Insight tag is integrated on our website and a cookie is set on your device by LinkedIn. LinkedIn is informed that you have visited our website and your IP address is collected. Timestamps and events such as page views are also stored. This enables us to statistically evaluate the use of our website in order to constantly optimize it. We learn, for example, which LinkedIn ad or interaction on LinkedIn brought you to our website. This allows us to better control how our ads are displayed. For more information on Conversion Tracking, see https://www.linkedin.com/help/linkedin/answer/67595/linkedin-conversion-trackingubersicht. Please be aware that LinkedIn’s data can be stored and processed so that a connection to the respective user profile is possible and LinkedIn can use the data for its own advertising purposes. For more information, please see LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy. You can prevent LinkedIn from analyzing your usage behavior and from displaying interest-based recommendations at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Google (AdWords Pixel):
This website uses cookies from Google AdWords as well as conversion tracking and remarketing codes as part of Google AdWords. Google AdWords places a cookie for conversion tracking when you click on an ad placed by Google. If you visit certain pages on our website, we and Google can see that you clicked on the ad and were redirected to this page. The information obtained using the conversion cookies is used to generate statistics for AdWords customers who use conversion tracking. These statistics tell us the total number of users who clicked on the ad placed by Google and called up a page with a conversion tracking tag. With the remarketing function from Google, we reach users who have already visited our website. In this way we can present our advertising to target groups who are already interested in our products or services.
We receive from you such Information as you provide us when filling in forms (e.g., applications or questionnaires) on a Website or via the Service or when you participate in our Service-related campaigns or programs, sign up to receive notifications, newsletters or other communications from us, request support for the Service, interact with our social media accounts or correspond or otherwise communicate with Köllisch Gesellschaft für Prozessmanagement mbH. If you email us or send us a letter or a message, we may retain a record of such communication, including your name and address, email address or telephone number (as applicable), the content of your communication and our response. We may complement these data with other Information.
Purpose |
Grounds |
Negotiating, preparing, concluding, performing, amending and enforcing our agreements with you (incl. particularly agreements concerning the Service) and exercising our rights under such agreements |
Contractual, Legal, Interest (recovering debts due to us, enjoying and defending our rights, negotiating new terms or amending existing ones to reflect changes in circumstances or to better suit our interests and/or yours) |
Keeping our records updated |
Legal |
Contacting you on matters relating to the Service or your agreements with us or in connection with matters that may affect you, and replying to your communications |
Contractual, Legal |
Delivering messages to you from Users, incl. invitations to become a User |
Interest (performing our agreements with the Users) |
Sending you communications you have subscribed or otherwise agreed to receive |
Interest (providing you with information we find relevant and reasonably believe is of interest to you) |
Investigating Service-related illegal conduct, violations of contract and (actual or suspected) infringements of legal rights or freedoms (yours, ours or those of third parties) |
Legal, Interest (enjoying and enforcing our rights and freedoms) |
Disclosing if and as required by law |
Legal |
Purpose |
Grounds |
Preparing, performing, amending and enforcing our agreements with you |
Contractual, Legal, Interest (recovering debts due to us and defending our rights) |
Informing you about matters concerning your Service plan and payments to us |
Contractual, Interest (keeping you current as to our relationship) |
Managing and executing our sales to you |
Interest (operating our business) |
Financial and tax accounting |
Legal |
Disclosing if and as required by law |
Legal |
Purpose |
Grounds |
Providing the Service |
Contractual |
Ensuring an appropriate level of security as respects the Service and Websites, incl. particularly in terms of data processing |
Contractual, Legal, Interest (keeping our products and services competitive) |
Customising the content, layout and other properties of the Service and Websites for you |
Contractual, Interest (keeping our products and services relevant and enjoyable) |
Improving your Service user experience |
Interest (keeping the Service enjoyable) |
Gaining a better understanding of how you interact with the Service or a Website |
Interest (keeping our products and services competitive) |
Investigating and preventing Service- or Website-related errors, defects, performance and security issues, illegal conduct, violations of contract and (actual or suspected) infringements of legal rights or freedoms (yours, ours or those of third parties) |
Contractual, Legal, Interest (enjoying and enforcing our rights and freedoms) |
Maintaining, improving, otherwise developing and protecting the Service and Websites |
Contractual, Interest (furthering our business, enjoying our rights and freedoms) |
Creating new products and services |
Interest (growing our business) |
Making our communications to you more relevant |
Interest (being relevant to you, thereby contributing to the success of our business) |
Measuring the effectiveness of the messages we address to you |
Interest (making our marketing more effective) |
Learning where our customers come from and where to focus our marketing efforts |
Interest (informing and shaping our business decisions) |
Having our messages delivered across the internet |
Interest (being visible and remembered) |
Disclosing if and as required by law |
Legal |
Purpose |
Grounds |
Same as for Usage Information |
Same as for Usage Information |
Purpose |
Grounds |
Providing the Service |
Contractual |
Performing our agreements with the third parties concerned |
Interest (adhering to contracts) |
Disclosing if and as required by law |
Legal |
Purpose |
Grounds |
Providing the Service |
Contractual |
Keeping our records updated |
Legal |
Responding to your requests, comments and questions |
Contractual, Legal, Interest (being responsive) |
Sending you communications you have subscribed or otherwise agreed to receive |
Interest (providing you with information we find relevant and reasonably believe is of interest to you) |
Offering you the Service or other products or services |
Interest (growing our business) |
Improving or otherwise developing the Service, our other products and services and Websites |
Interest (keeping our products and services competitive) |
Creating new products and services |
Interest (growing our business) |
Improving customer relationships and experiences |
Interest (growing our business) |
Disclosing if and as required by law |
Legal |
You have the right to enquire and get a confirmation from us as to whether or not we process any of your Personal Data. Where we do, you may request access to those data and have us give you a copy of them. A User can access most of the Personal Data we have about her by logging into her User Account and going to her profile page (we have what you see there), and it may well be that these are the only Personal Data we maintain on her. If you wish to be certain or have no User Account, please use the contact details at the end of this Policy to exercise your ‘right of access’.
If the Personal Data we have about you is incorrect, you have the right to request that we correct those data, and, in some circumstances, you may have the right to require that your incomplete Personal Data be completed (but in each of these cases we may need to verify the accuracy of the information you provide to us). As with the ‘right of access’, Users can and are encouraged to update the Personal Data under their User Accounts themselves.
You have the right to request that we delete or remove the Personal Data we have on you where there is no good reason for us continuing to process them. Please note that we may not always be able to comply with your request as there may be specific legal reasons which warrant the processing. Should this be the case, we shall inform you accordingly at the time of your request.
You have the right to object to our processing of your Personal Data where the processing is based on Interest and there is something about your particular situation that makes you want to object to processing on this ground as you feel it impacts your interests or fundamental rights and freedoms. There may, however, be occasions where we demonstrate that we have compelling legitimate grounds to process your Personal Data (i.e., that our legitimate interests or those of a third party override yours and your fundamental rights and freedoms) and thus dismiss your objection. In case we are processing your Personal Data for direct marketing purposes, you may object to that processing at any time and we shall no longer process your Personal Data for such purposes.
You have the right to request that we suspend the processing of your Personal Data where any of the following applies: (a) you have contested the accuracy of the data and the same needs to be verified; (b) the processing is unlawful but you do not want us to erase the data that we are processing; (c) you need us to maintain the data even though we no longer require them as they are necessary for your establishment, exercise or defence of legal claims; or (d) you have objected to processing as described under section 45 but we need to verify whether we have overriding legitimate grounds for processing.
If our processing of your Personal Data which you have provided us is based on a Contractual ground or on Consent and the processing is carried out by automated means, you are entitled to have us make those data available to you in a structured, commonly used and machine-readable format so that you could transmit them to someone else (another ‘controller’). You may also ask us to transmit these data to that other ‘controller’ directly, and we shall do so, if technically feasible.
If we are processing your Personal Data based on Consent, you may withdraw that consent at any time (but this will not affect the lawfulness of any processing activities carried out based on your consent before its withdrawal).
We may revise this Policy from time to time to reflect changes to the Service, Websites, applicable laws, regulations or standards or other changes that may occur in our business. We shall post the revised Policy (or, as the case may be, our new privacy policy) on the same webpage where we published this Policy or on such other webpage as we then may habitually use for publishing materials such as the Policy. We may also use the Service, email or other means for notifying Users of such policy changes. The revised Policy (or, as applicable, the new one) will be effective when posted as described unless the document itself specifies a later time for its entry into force.
Feel free to get in touch with us if you have any questions about this Policy or our data processing practices or if you would like to exercise any of your ‘data subject’ rights with respect to the Personal Data we maintain on you.
Email us: [email protected]
Call us: +49 (0) 7531 – 9783000
Write to: Köllisch Gesellschaft für Prozessmanagement mbH: Reichenaustraße 11a, 78467 Konstanz, Germany