Privacy Policy

  1. Privacy Policy ATLAS.ti
  2. Controller and Data Protection Officer
  3. ATLAS.ti Software
  4. ATLAS.ti Website
  5. General Data Processing
  6. Data Security and Confidentiality
  7. Legal Basis of the Processing of Personal Data
  8. Data Deletion and Storage Duration
  9. Your Rights
  10. Changes in this Privacy Policy
  11. Contact

Privacy Policy ATLAS.ti

Effective Date December 13, 2021

We at ATLAS.ti Scientific Software GmbH ("ATLAS.ti") take the privacy and protection of personal information very seriously. We recognize that when you provide us with information about yourself, you trust us to handle that information responsibly.

This Privacy Policy describes how ATLAS.ti processes personal data that we collect when you visit our website, contact us by email, telephone or otherwise, use our products, or otherwise interact with us in ways described in this Privacy Policy.

Controller and Data Protection Officer

Controller according to the General Data Protection Regulation (GDPR) is:
ATLAS.ti Scientific Software Development GmbH
Lietzenburger Str. 75
10719 Berlin
Germany
Phone: +49 30 31 99 88 971
E-mail: [email protected]

Our data protection officer is Christian Schmoll, phone: +49 30 31 99 88 971, e-mail:
[email protected].

Every data subject can contact our data protection officer directly at any time with all questions and suggestions regarding data protection.

ATLAS.ti Software

2.1 Basic Data Processing in the Context of Using ATLAS.ti

We process your personal data in the course of purchasing or renting ATLAS.ti, when you register as a user, for license verification, in the course of support, updates, crash reports, and usage analysis (telemetry).

2.1.1 Distribution/Sales of Our Software (cleverbridge)

We distribute our software through cleverbridge Financial Services GmbH, Gereonstr. 43-65, 50670 Cologne, Germany ("cleverbridge"). You leave our website for the purchase process and are redirected to the offer of cleverbridge. cleverbridge acts as its own controller in the sense of the GDPR and does not process your data as our processor.

For further information on data protection at cleverbridge, please refer to cleverbridge's privacy policy: cleverbridge.com/corporate/privacy-policy

2.1.2 Data Collection and Use during Registration

To use ATLAS.ti, you must register. In this case, we collect the personal data that you provide to us in the course of your registration. Which data is collected can be seen from the respective input forms. In the context of registration, this is only your name and your e-mail address. In addition, you must create a password.

User registration is necessary for the fulfillment of the contract, the legal basis for the processing of your data is accordingly the fulfillment of the contract according to Art. 6 para. 1 lit. b) GDPR.

We use the data you provide only to process the contract and provide our services to be provided under the contract. We may also disclose your data to one or more processors who will also use your data exclusively for internal use on our behalf.

We also store your IP address and the date and time of registration in order to prevent misuse of ATLAS.ti and the services offered and to investigate any crimes that may have been committed. The storage of this data is therefore necessary for our own protection.

The legal basis for the processing of personal data for the purposes of abuse prevention and investigation of criminal acts is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR.

2.1.3 User Management (MongoDB)

As a central database we use the software "Atlas" from MongoDB Inc. in the USA. In the database of MongoDB we store your first name and last name, your mail address and your Auth0Id. The data processing is mandatory for the operation of our software in order to provide you with the software.

MongoDB acts for us as a processor on the basis of a data processing agreement pursuant to Art. 28 GDPR. The database is hosted in the EU.

After complete processing of the contract or deletion of your user account, your data will initially be blocked for further use and deleted after expiry of the statutory retention periods, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you within the scope of our data protection declaration.

User registration is necessary for the fulfillment of the contract, the legal basis for the processing of your data is accordingly the fulfillment of the contract according to Art. 6 para. 1 lit. b) GDPR.

2.1.4 License Check

When using the software, we collect data for licensing the respective installation of the software. The software transmits data to us on the basis of which we can check whether the installation used is properly licensed. This data is the license key and limited usage data, which is necessary to determine the proper licensing.

The legal basis for this license check is the fulfillment of the license agreement pursuant to Art. 6 para. 1 lit. b) GDPR.

2.1.5 Telemetry

We collect information about the use of ATLAS.ti. This is called telemetry. This telemetry data includes data about how users interact with ATLAS.ti, for example, which features users use frequently, which settings users adjust, how much time users spend on certain features or activities, how often autocoding is used, for example, how often a network view is created, or whether a project contains few or many codes, etc. In the context of telemetry, we also collect a user ID in order to perform certain usage analyses on a pseudonymized or aggregated basis (e.g., usage of certain functionalities of ATLAS.ti over a certain period of time). We do not collect your name or content data about projects as part of telemetry.

When your terminal device contacts our server to send us the data as part of telemetry, your IP address (your Internet address) is transmitted to us. This is necessary so that you can contact our server at all.

Your IP address is not stored as part of the collected data. We use the data collected and processed as part of telemetry to improve the usability, performance, and stability of ATLAS.ti. For example, if we recognize that automatic coding is used frequently, we may consider an easily accessible shortcut for this feature. For example, if we recognize that some processes take too long, we will try to make them run faster. Moreover, we use the data to diagnose errors (type of error and actions that caused it). In other words, this data helps us make ATLAS.ti even better.

The legal basis for the collection of the telemetry data is your explicit consent according to Art. 6 para. 1 lit. a) GDPR.

2.1.6 Usage Analysis

We use analysis services in connection with the use of ATLAS.ti in order to analyze how our software is used by the users and to optimize the software accordingly.

On the one hand, we use the analysis service Google Analytics with IP anonymization. Google Analytics is an analysis service provided by Google Ireland Limited ("Google"). Cookies are set within the scope of Google Analytics. In addition, data is transmitted to Google's servers in the USA. Within the scope of IP anonymization, the collected IP address of the user is shortened by Google within the European Economic Area before being transmitted to the USA. Only in exceptional cases, in the event of technical malfunctions in Europe, will the unabbreviated IP address be transmitted to Google in the USA and shortened there. The transmitted IP addresses are not merged with other data from Google.

You can prevent the storage of cookies by setting your browser accordingly. In addition, you can prevent the collection of data generated by the cookie and related to your use of the online offer to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link, which tells Google Analytics via JavaScript that no data and information about visits to Internet pages may be transmitted to Google Analytics: tools.google.com/dlpage/gaoptout.

For more information on data processing by Google, please refer to Google's privacy policy: google.com/policies/privacy.

When using Google Analytics, personal data may be transferred to a third country outside the EU without an adequate level of data protection. We provide appropriate safeguards for this data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (Standard Contractual Clauses) upon request.

You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: tools.google.com/dlpage/gaoptout

On the other hand, we also use the analysis service Mixpanel, a tool for product analysis provided by Mixpanel, Inc. in the USA. Mixpanel acts for us as a processor on the basis of a data processing agreement pursuant to Art. 28 GDPR. When using Mixpanel, personal data may be transferred to a third country outside the EU or the EEA without a suitable level of data protection. We provide appropriate safeguards for this data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (Standard Contractual Clauses) upon request.
Detailed information on data protection at Mixpanel can be found here: mixpanel.com/legal/privacy-policy

The legal basis for data processing in the context of usage analysis is your express consent pursuant to Art. 6 (1) lit. a) GDPR.

2.1.7 Google Tag Manager

We use Google Tag Manager in connection with the use of ATLAS.ti. Through this service, website tags can be managed via an interface. The Google Tool Manager only implements tags. This means that no cookies are used, and no personal data is collected. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager.

2.1.8 Team Collaboration

When you work in a team using the Team Collaboration feature, your name and email address become available to all team members.

2.2 Support

In the course of support requests or the processing of support requests, personal data of the users who submit the support request is processed. In addition, content may also be transmitted within the scope of support that is required for the provision of the support service, e.g. in order to explain problems in detail. Such transmitted content may also contain personal data under certain circumstances.

The provision of support services to our customers is part of the license agreement. The legal basis for data processing in the context of support is therefore the fulfillment of the contract (Art. 6 para. 1 lit. b) GDPR).

When you request support from ATLAS.ti through the channels we provide, you must describe your problem and provide your email address in order to receive notifications or further questions regarding the resolution of that problem. This support request will usually be forwarded to our relevant experts for review and action. In the evolving discourse (the "ticket"), we may ask you to send further data such as a project, for example, in the case of a canceled project that can no longer be opened and to regain access to this project.

In special cases, it may be necessary for you to establish a direct connection with TeamViewer – of course only with your express consent and under your supervision.

It may be necessary within the scope of support that you provide us with data, e.g. to explain the problem in detail. In this case, a service provider is used for the data transfer or file transfer. This data transfer or data processing takes place on the basis of a data processing agreement in the European Union.

We usually forward support requests from EU citizens to our employees within the EU or EEA. In individual cases, it may be necessary to forward your support request to support specialists outside the EU or EEA in order to answer specific support requests. Insofar as these are unsafe third countries, we have concluded contracts with the respective support specialists for these individual cases that ensure an appropriate level of protection for the processing of your personal data. We will be happy to provide you with proof of the appropriate safeguards (standard contractual clauses/standard data protection clauses) that ensure an appropriate level of data protection at any time upon request.

When using the live chat, when creating support tickets and when processing, managing and storing support requests, the contact data and other content provided by you will be collected and processed. In addition, information on the browser, the IP address and the location of the respective user are processed in the process. This processing is carried out for the management and processing of your support or contact request.

We use service providers on the basis of data processing agreements. In each case, personal data may be transferred to third countries without an adequate level of data protection, in particular to the USA.

For this transfer of personal data to a third country, we provide appropriate safeguards in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (standard contractual clauses/standard data protection clauses) that ensure an adequate level of protection at any time upon request.

2.3 ATLAS.ti Desktop

2.3.1 Updates

During the automatic online update of ATLAS.ti, a connection to our server is established and the following information is sent to the server to check the version you currently have installed for a possible update:

  • Serial number (encrypted)
  • actual version number
  • Number of seats

The legal basis for the temporary storage of the aforementioned data is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. This data is used exclusively for version matching with regard to updates.

2.3.2 Crash Reports

If the software crashes - i.e. no longer works, no longer responds, etc. - both technical and personal data will be collected. - both technical and personal data (e.g. the IP address, the last actions on the user interface that took place before the crash, optionally your e-mail address if you want to be informed about the progress) are collected.

Specifically, the following data is collected and transmitted to us during a system/crash report:

  • Windows username
  • Name of the terminal device
  • Time zone
  • User settings (e.g. language, keyboard)
  • Installation paths
  • Disk information such as available disk space and access rights.
  • Video controller
  • Number of monitors
  • Memory size
  • License information
  • Library location
  • Operating system version

The legal basis for the temporary storage of the aforementioned data is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The data is used exclusively to ensure permanent and troublefree operation of the software and to improve the software.

Only after explicit consent, this data will be shared with ATLAS.ti's technical staff to gain deeper insight into the circumstances of the crash and to enable us to fix any problems in the software that lead to this misbehavior.

The legal basis for the processing of your data according to your consent is Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future.

2.4 ATLAS.ti Web

2.4.1 Data Processing by ATLAS.ti

The data you process with the ATLAS.ti Web is collected and processed by ATLAS.ti on your behalf and solely on your instructions. This data processing by ATLAS.ti is governed by our Data Processing Agreement.

2.4.2 Access Data in Server Log Files

We automatically store access data in so-called server log files every time you call up ATLAS.ti Web in your browser.

The temporary storage of the IP address by the system is necessary to enable delivery of ATLAS.ti Web to your terminal device. For this purpose, your IP address must remain stored for the duration of the session.

This data is used exclusively to ensure the continuous and trouble-free operation of ATLAS.ti Web and to improve the content of ATLAS.ti Web, as well as for transmission to law enforcement authorities in the event of a cyber-attack and to ensure the security of our information technology systems. Your data will not be used for marketing purposes in this context. The data of the server log files are stored separately from all other personal data provided by you.

The legal basis for the temporary storage of your data and the log files is Art. 6 para. 1 lit. c) and lit. f) GDPR. The collection of data for the provision of ATLAS.ti Web and the storage of data in log files is mandatory for the operation of ATLAS.ti Web. Consequently, there is no possibility to object.

2.4.3 Contract Termination and Cancellation

After complete processing of the contract or deletion of your account, your data will initially be blocked for further use and will be deleted after three months have elapsed since access was blocked, unless you request immediate deletion or have expressly consented to further use of your data.

If the data is subject to a legal obligation to retain it, it will be deleted after expiry of this period. The purpose of the storage after access blocking, which is limited to three months, is to give you the option of saving data stored in the Web even after termination of the contract or deletion of your account. The legal basis in this respect is Art. 6 para. 1 lit. f) GDPR, our legitimate interest. Since the storage after blocking the access serves your interest and you can object to this storage, our legitimate interest outweighs your rights and freedoms.

**2.4.4 System Mails

For sending system mails that are required in the context of using ATLAS.ti Web, for example invitations to certain projects etc., we use the mail service mailjet, which is operated by Mailjet GmbH in Germany ("mailjet"). mailjet acts for us as a processor on the basis of a data processing agreement pursuant to Art. 28 GDPR.

System mails are an essential part of the use of ATLAS.ti Web, legal basis for the storage and processing of your data is thus the fulfillment of the contract according to Art. 6 (1) lit. b) GDPR.

Your data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. Accordingly, your email address will be stored as long as the subscription to the cloud service is active.

For further information on data protection, please refer to mailjet's privacy policy: mailjet.de/privacy-policy

2.5 ATLAS.ti Apps for iOS and Android

ATLAS.ti's mobile apps do not collect personal data. This includes location data and documents added to or created by the app.

The only data transmitted when using the apps is general crash report data in the event of a malfunction. This is anonymous data.

This information is transmitted to Apple (configurable in the iOS device settings) and Microsoft/HockeyApp (after confirmation by the user in case of a crash) in order for our developers to diagnose the error and further improve the app. Beyond these general technical reports required to diagnose a crash or malfunction, no data that can be used to identify you or that contains your name, address, or other personally identifiable information is collected, stored, gathered, or transmitted by or through ATLAS.ti's mobile apps.

ATLAS.ti Website

3.1 Log Files

When you visit our website, certain additional data is automatically collected and then temporarily stored in log files (so-called usage data). This data includes your IP address.

The legal basis for the temporary storage of your data and the log files is Art. 6 para. 1 lit. f) GDPR. This data is processed exclusively for internal purposes, such as maintaining our operational capability, preventing fraudulent access to our website or analyzing usage patterns, ensuring the permanent and trouble-free operation of the website and improving the content of our website, as well as for transmission to law enforcement authorities in the event of a cyber-attack and to ensure the security of our IT systems.

Your data will not be evaluated for marketing purposes in this context. In the aforementioned purposes also lies our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f) GDPR.

The data of the log files are stored separately from all other personal data provided by you. The collection of data for the provision of the website and the storage of data in log files is necessary for the operation of our website. Consequently, there is no possibility to object.

3.2 Cookies and Other Tracking Technologies

On the website we use technologies such as cookies, beacons, tags and scripts. These technologies are used to analyze trends, administer the Site, track users' movements around the Site, and gather demographic information about our users. We also have the ability to obtain aggregate usage reports through the providers of these technologies.

Many cookies contain a so-called cookie ID. It consists of a string of characters by which websites and servers can be assigned to a specific browser in which the respective cookie was stored. The purpose of using technically necessary cookies is to simplify the use of our website and software for you (e.g. your settings are stored). Some functions cannot be offered without the use of cookies. For these, it is necessary that your browser is recognized even after a page change. In case of nonacceptance or deactivation of cookies, the functionality of our website and software may be limited.

The legal basis for the processing of personal data using necessary cookies is Art. 6 para. 1 lit. f) GDPR.

When calling up our website, you will be informed about the use of cookies. You can declare your consent to the processing of personal data used in this context within the framework of the so-called cookie banner. In this context, there is also a reference to this privacy policy. You can withdraw your consent at any time with effect for the future.

The legal basis for the processing of personal data using cookies that are not necessary for the operation of our website is, in the presence of your consent in this regard, Art. 6 para. 1 lit. a) GDPR.

Cookies are stored on your terminal device and transmitted to our website. You therefore have control over the use of cookies. You can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally or set it so that the setting of cookies is prevented and thus permanently object to the setting of cookies. In addition, you can delete cookies that have already been set at any time via your browser. A comprehensive objection to online marketing cookies can also be declared via http://www.youronlinechoices.com/, among other places. This also applies to all third-party providers listed by us in this privacy policy that set cookies.

3.3 Web Analytics (Google Analytics)

We use web analytics services on our website or on parts of the website to record how our website is used by its visitors and to optimize the website and its presentation.

We use the web analytics service Google Analytics with IP anonymization. Google Analytics is a web analytics service provided by Google Ireland Limited ("Google"). Cookies are set as part of Google Analytics. In addition, data is transmitted to Google servers in the USA. Within the scope of IP anonymization, the collected IP address of the user is shortened by Google within the European Economic Area before being transmitted to the USA. Only in exceptional cases, in the event of technical faults in Europe, will the unabbreviated IP address be transmitted to Google in the USA and shortened there. The transmitted IP addresses will not be merged with other data from Google.

You can prevent the storage of cookies by setting your browser accordingly. Furthermore, you can prevent the collection of the data generated by the cookie and related to your use of the online offer to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link, which informs Google Analytics via JavaScript that no data and information on visits to Internet pages may be transmitted to Google Analytics: tools.google.com/dlpage/gaoptout.

Further information on data processing by Google can be found in Google's Privacy Policy: google.com/policies/privacy.

When using Google Analytics, personal data may be transferred to a third country outside the EU without an adequate level of data protection. We provide appropriate safeguards for this data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) upon request.

The legal basis for this data processing is your express consent pursuant to Art. 6 (1) lit. a) GDPR.

You may prevent the use and storage of cookies as well as prevent Google from recording and processing the data generated by the cookies and pertaining to your use of the website (including your IP address). Simply download and install a browser plug-in available at the following link, and select the appropriate settings on your browser software:
tools.google.com/dlpage/gaoptout

3.4 Google Tag Manager

We use Google Tag Manager on our website. Through this service, website tags can be managed via an interface. The Google Tool Manager only implements tags. This means that no cookies are used, and no personal data is collected. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager.

3.5 YouTube

YouTube videos are embedded on our website. These are provided, via a plugin, by Google Ireland Ltd. in Ireland ("YouTube"). We use the "extended privacy settings" for embedded YouTube videos, which means that YouTube does not set cookies.

Nevertheless, when you visit a website with the YouTube plugin, a connection to YouTube is inevitably established and your IP address is transmitted to YouTube in the process.

When using YouTube, personal data is transferred to a third country outside the EU. For this transfer of personal data to a third country, we provide appropriate safeguards in accordance with Art. 46
GDPR. We will be happy to provide you with proof of the appropriate safeguards (standard contractual clauses/standard data protection clauses) that ensure an adequate level of protection at any time upon request.

For more information about YouTube privacy, please visit YouTube's Privacy and Security Center: support.google.com/youtube/topic/2803240

The legal basis for this data processing when using YouTube is Art. 6 para. 1 lit. f) GDPR. Our overriding legitimate interest is the integration of videos and the associated optimization of the interactivity of our website and our customer interactions.

3.6 Social Media Buttons

Social media buttons of various social media networks (e.g. Facebook, YouTube and/or LinkedIn) are integrated on our website. If you click on one of these social media buttons, you will be redirected to our pages on the respective social media network. In this case, the provider of the respective social media network receives the information that your browser has accessed the corresponding page of our website, even if you do not have a profile with the respective social media network or are not logged in there. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider. If you click on a social media button and are either logged in to the respective social media network or then log in to the page of the respective social media network, the transmitted information can be assigned to your account with the social media network.

For information on the purpose and scope of data collection and processing by the providers of the respective social media network, the provider identification, a contact option, and your rights and setting options for data protection, please refer to the respective data protection information of the providers of the social media networks.

The legal basis for the integration and use of the social media buttons is Art. 6 para. 1 lit. f) GDPR. Our overriding legitimate interest is the marketing of our offers and our website.

3.7 Social Media Pages ("Fan Pages")

We maintain a publicly accessible profile on various social media networks, e.g. Facebook, YouTube and/or LinkedIn ("social media pages" or "fan pages").

If you visit our social media pages and are logged in to the respective social media network, the provider of the respective social media network can analyze your usage behavior and assign the information collected to your account with the social media network and enrich it there. Even if you are not logged in or if you do not have an account with the respective social media network, personal data may be collected by the provider of the respective social media network, for example your IP address or data collected via a cookie.

The operators of the social media networks can use this data to create user profiles. Based on your user profile, you can then be shown interest-based advertisements both on the websites of the social media network and on other websites.

If you visit one of our social media pages, we are jointly responsible with the provider of the social media network for the collection and processing of your personal data that takes place there. For information about the collection and processing of your personal data that takes place there, we refer you to the data protection information of the respective social media network. We do not have any further information on this.

We will be happy to provide you with information on the appropriate safeguards for data transfers to third countries pursuant to Art. 46 GDPR at any time upon request.

You can assert your data subject rights in accordance with Chapter III. of the GDPR (right to information, correction, deletion, restriction of processing, data portability, etc.) both against us and against the provider of the respective social media network. In this context, we would like to point out that we can only influence the processing of personal data and the implementation of data subject rights within the framework of our social media pages within the scope of the possibilities made available to us by the respective provider.

The legal basis for our use of social media pages is Art. 6 para. 1 lit. f) GDPR. Our overriding legitimate interest is the presence and marketing of our products and services on the Internet.

General Data Processing

4.1 Contact Form

When you fill out one of the contact forms on our website, we collect and store your name, company name, country, email address, description and details of your request, and any other information you provide.

The legal basis for the processing of the data transmitted in the context of the transmission of a contact form is Art. 6 para. 1 lit. f) GDPR. If the contact is directed towards the conclusion of a contract, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.

We use the personal data you provide exclusively for processing your specific request. The data provided will always be treated confidentially. Your data may be stored in our Customer Relationship Management System (CRM system).

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

For the personal data from the input mask of the contact form, this is the case when the respective conversation with you has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

If you contact us, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued.

4.2 E-mail and Telephone Contact via RingCentral

When you contact us by email or telephone, or when you use one of the email addresses or telephone numbers provided on the Site, we collect your company name, country, email address, the description and details of your inquiry, and any other information you voluntarily provide to us in connection with such communication.

To process your telephone inquiries, we use the RingCentral service, which is operated by RingCentral, Inc. in the USA. RingCentral processes the personal data processed when using RingCentral on our instructions as a processor on the basis of a data processing agreement pursuant to Art. 28 GDPR.

When using RingCentral, personal data may be transferred to a third country outside the EU. If there is no adequacy decision of the EU Commission for the respective third country, we ensure that appropriate safeguards are provided for the transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (standard contractual clauses/standard data protection clauses) that ensure an adequate level of protection at any time upon request.

For more information on data protection, please refer to RingCentral's privacy policy ringcentral.com/legal/privacy-notice.html.

The legal basis for the processing of the transmitted data is Art. 6 para. 1 lit. f) GDPR. If the contact is directed towards the conclusion of a contract, the legal basis for processing is Art. 6 (1) lit. b GDPR.

We use the personal data you provide exclusively for processing your specific request. The data provided will always be treated confidentially. Your data may be stored in our CRM system. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

For personal data from communication by e-mail or telephone, this is the case when the respective conversation with you has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

If you contact us, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued.

4.3 CRM System Zoho

We use the Customer Relationship Management System (CRM system) of Zoho Corporation in the USA to store our customer data.

In our CRM we store your name, your contact details, your requests including your support requests.In doing so, Zoho processes the personal data processed when using Zoho on our instructions as a processor on the basis of a data processing agreement pursuant to Art. 28 GDPR.

When using Zoho, personal data is transferred to a third country outside the EU. If there is no EU Commission adequacy decision for the respective third country, we ensure that appropriate safeguards are provided for the transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (standard contractual clauses/standard data protection clauses) at any time upon request.

The legal basis for the processing of personal data is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. We store this data in order to provide you as our customer with optimal support and to simplify our internal organization.

The legal basis for the processing of your data after your consent is Art. 6 para. 1 lit. a) GDPR.

For more information about Zoho's privacy practices, please see Zoho's Privacy Policy at zoho.eu/privacy.html.

4.4 Newsletter

Registration for the Newsletter

On our website you can register to receive a newsletter by e-mail. Our newsletter is published regularly and contains new offers on our website and news about us, information about dates of workshops, webinars, conferences, seminars, and other events and activities related to ATLAS.ti or its partners as well as other organizations in the field of QDA and data analysis or similar, tips and tricks about the software, best practices and case studies as well as general application examples of the different software licenses, promotions, price changes, updates and upgrades, product tutorials, and other information in the field of data analysis.

During registration, the data from the input mask, the IP address of the calling computer and the date and time of registration are transmitted to us. For the processing of the data, your consent is obtained during registration and reference is made to this data protection information.

In order to verify that a registration for the sending of a newsletter is made by the actual owner of an e-mail address, we use the so-called "double opt-in" procedure. Here, after registration of an e-mail address, a confirmation e-mail is sent to the registered e-mail address. Registration for the newsletter is only completed when a confirmation link contained in the confirmation e-mail is activated. The IP address of the calling computer and the date and time of activation of the confirmation link are also transmitted to us.

The registration for the newsletter can be terminated at any time by using the unsubscribe link included in each newsletter or by contacting us at the contact details above.

The legal basis for the processing of data after registration for the newsletter is your consent pursuant to Art. 6 para. 1 lit. a) GDPR.

E-mail Newsletter as Part of an Existing Customer Relationship

If you register as a user of our software and enter your e-mail address, this may subsequently be used by us to send you our e-mail newsletter if you have not objected to such use. In such a case, only direct advertising for our own similar goods or services will be sent via the e-mail newsletter.

You can object to the use of your e-mail address at any time, without incurring any costs other than the transmission costs according to the basic rates, by using the unsubscribe link contained in each newsletter or by contacting us at the above contact details.

The legal basis for sending the newsletter as a result of the sale of goods or services is our legitimate interest in direct advertising pursuant to Art. 6 para. 1 lit. f) GDPR.

Newsletter Analytics

A statistical evaluation of usage data may be carried out for our newsletters. For this purpose, we may record both the openings of the e-mail and the internal clicks. This information serves the purpose of measuring and optimizing the success of our newsletter campaigns by making the newsletter content more relevant to our target group.

The legal basis for this analysis is Art. 6 para. 1 lit. a) GDPR.

Newsletter Service Provider

We use the external service provider CleverReach in Germany as a processor for sending and analyzing our newsletter on the basis of a data processing agreement pursuant to Art. 28 GDPR.

4.5 Cloudflare

Cloudflare is a traffic optimization and distribution service provided by CloudFlare Inc. in the USA. Cloudflare allows us to distribute content across servers in different countries and optimize our own performance, in particular, improve website loading time.

By using Cloudflare, all traffic through atlasti.com, i.e. communication between atlasti.com and the user's browser, is filtered.

When using Cloudflare, it is technically mandatory for Cloudflare to process your IP address in order to provide the service. Your IP address is only stored during the session and deleted afterwards.

When using Cloudflare, personal data is transferred to a third country outside the EU. If there is no adequacy decision of the EU Commission for the respective third country, we ensure that ppropriate safeguards are provided for the transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate safeguards (standard contractual clauses/standard data protection clauses) at any time upon request.

The legal basis for the processing of personal data is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is to optimize the loading times of the website.

For more information on data protection, please refer to Cloudflare's privacy policy: cloudflare.com/security-policy

4.6 Sweepstakes

When participating in one of our sweepstakes, we collect and process the personal data provided by the participant as part of the participation in the sweepstake, usually this is first name, address and email address.

We collect this data to enable participation in the sweepstake, to carry out the sweepstake, to inform the participant of a prize, if applicable, and to send the participant a possible prize.

We process the personal data of the participants to carry out the sweepstake and to determine and notify the winners. Insofar as the participants provide information as part of their participation that is not required for participation in the respective sweepstake, this is done on a voluntary basis.

If you do not provide us with the data required to participate in a sweepstake, it will not be possible to participate in the sweepstake or to contact you regarding a prize notification.

The legal basis for the data collection and data processing is Art. 6 para. 1 lit. b) GDPR.

4.7 Applications

We collect and process the personal data provided to us by an applicant for the purpose of carrying out the application process. The data requested as mandatory fields are required for the implementation of the application process. All other information is voluntary. Applicant data is only made available to those persons and positions in our company who prepare the hiring decision or are involved in it.

If we conclude an employment contract with an applicant, the data provided will be processed for the purpose of implementing the employment relationship in compliance with the statutory provisions.

If an employment relationship is established, we store the applicant data for as long as it is required for the employment relationship and to the extent that legal regulations justify an obligation to store it.

If no employment contract is concluded with an applicant, we store the applicant data for a maximum of three months on the basis of our overriding legitimate interest in enabling the defense of claims or a preservation of evidence function under the General Equal Treatment Act (AGG). After this period has expired, the application documents are deleted unless the applicant has expressly consented to longer storage.

The legal basis for the processing of application documents is Art. 6 para. 1 lit. b) GDPR (in Germany in conjunction with Section 26 para. 1 BDSG).

If the applicant has given us separate consent, we will store the data submitted as part of the application in our applicant pool for a further 2 years after the end of the application process in order to identify future positions of potential interest to the applicant and, if necessary, to contact the applicant in this regard. After this period, the data will be deleted.

Such consent to the storage of application data in our applicant pool can be withdrawn at any time for the future. To do so, please send us an e-mail to the contact details given above.

The legal basis for storing the application documents in our applicant pool is, if applicable, the applicant's consent pursuant to Art. 6 para. 1 lit. a) GDPR.

4.8 Trainings, Video Conferences and Webinars

If you participate in one of our trainings, a video conference organized by us, a webinar or an online meeting, etc. (hereinafter "video conferences"), we will process your personal data. (hereinafter "video conferences"), we process your personal data in the context of your participation.

When participating in a video conference, various categories of data are processed. The scope of the data also depends on the data you provide before or during participation in a video conference. If you participate in a videoconference organized by us, you must usually provide at least one name when registering. However, you can also use a pseudonym. Your IP address is also processed to enable your participation and login information and device/hardware information is stored. Email address and profile picture are also processed, if provided. If you dial in by phone, your phone number and IP address, if any, will be processed.

In order to enable participation in the video conference, data from the microphone of your terminal device as well as from any video camera of the terminal device and, if you share your screen, information from this "screenshare" will be processed. You can turn off or mute the camera or microphone yourself at any time. Whether and which parts of your screen are shared is always up to you.

Audio and video recordings of the video conference can be created. In this case, MP4 files of all video, audio and presentation recordings are processed. There is always an indication of the recording if one is made and, if necessary, the express consent of the participants to the recording is always obtained.

You may have the option of using the chat, question or survey functions in a video conference. In this respect, the text entries you make are processed in order to display them in the video conference and, if necessary, to log them.

Insofar as personal data of our employees is processed, Section 26 of the German Federal Data Protection Act (BDSG) is the legal basis for data processing, provided that German law is applicable to the processing of employee data.

If German law is not applicable to the processing of employee data or if, in connection with participation in video conferences, the processing of personal data is not necessary for the establishment, performance or termination of the employment relationship, but is nevertheless an elementary component of participation in a video conference, our overriding legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR is the legal basis for the data processing. Our legitimate interest in these cases is the effective implementation of video conferences.

Furthermore, the legal basis for data processing when conducting video conferences is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted in the context of contractual relationships or with a view to initiating a contractual relationship (for example, in the case of videoconferences with our clients in the context of the implementation of a project or participation in a webinar).

Furthermore, the legal basis for data processing in the context of your participation in a video conference organized by us is our overriding legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR.

Our legitimate interest in these cases is the effective implementation of video conferences. We use one or more service providers as processors for the performance of video conferences on the basis of a data processing agreement pursuant to Art. 28 GDPR.

Personal data may be transferred to a third country outside the EU. If no adequacy decision of the EU Commission exists for the respective third country, we ensure that appropriate safeguards are provided for the transfer in accordance with Art. 46 GDPR.

We will be happy to provide you with proof of the appropriate safeguards (standard contractual clauses/standard data protection clauses) that ensure an appropriate level of data protection at any time upon request.

Data Security and Confidentiality

To ensure customer security at the highest level, we comply with applicable industry regulations and laws. Thus, we use commercially reasonable and appropriate physical, electronic, and managerial measures and procedures to secure and protect your personal information during collection, transmission, and storage. Your information is accessible only to authorized individuals who are familiar with ATLAS.ti's privacy policies. Nevertheless, no company, including ATLAS.ti, can completely eliminate security risks associated with personal data.

Data Deletion and Storage Duration

Your personal data will be deleted or blocked as soon as the purpose of the storage no longer applies, or you withdraw your consent. In addition, storage may take place if this has been provided for by the European or national legislator in regulations, laws or other provisions to which the controller is subject. If the purpose of storage ceases to apply, if you withdraw your consent or if a storage period prescribed by the competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions, unless there is a necessity for further storage of the data for the conclusion or performance of a contract. In order to give you the option of backing up data stored in the web even after termination of the contract or deletion of your user account, we delete it after three months have elapsed since access to the user account was blocked, unless you object to the storage or consent to a longer storage of the data.

Your Rights

Right of Access

You also have the right to receive from us at any time, free of charge, information about the personal data stored about you and a copy of this information. You also have a right of access to the following information:

  • the purposes of processing,
  • the categories of personal data that are processed,
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations,
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration,
  • the existence of a right to obtain the rectification or erasure of personal data concerning him or her, or to obtain the restriction of processing by the controller, or a right to object to such processing,
  • the existence of a right of appeal to a supervisory authority,
  • if the personal data are not collected from the data subject: all available information on the origin of the data as well as,
  • the existence of automated decision-making, including profiling, pursuant to Art. 22 para. 1) and 4 GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

Furthermore, you have the right to be informed whether personal data has been transferred to a third country or to an international organization. If this is the case, you also have the right to obtain information about the appropriate safeguards in connection with the transfer.

Right to Rectification

You have the right to request the immediate correction and/or completion of any inaccurate or incomplete personal data concerning you. We shall carry out the correction without delay.

Right to Restriction of Processing. You have the right to request us to restrict processing if one of the following conditions is met:

  • The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data.
  • The controller no longer needs the personal data for the purposes of processing, but the data subject needs it for the assertion, exercise or defense of legal claims.
  • The data subject has objected to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.

Where the processing of personal data concerning you has been restricted, such data may be processed, with the exception of their storage, only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.

Right to Erasure

You have the right to request that we erase the personal data concerning you without delay, provided that one of the following reasons applies and to the extent that the processing is not necessary:

  • The personal data were collected or otherwise processed for such purposes for which they are no longer necessary.
  • The data subject withdraws the consent on which the processing was based pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR and there is no other legal basis for the processing.
  • The data subject objects to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 para. 2 GDPR.
  • The personal data have been processed unlawfully.
  • The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
  • The personal data was collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

If the personal data have been made public by us and we as a controller are obliged to erase the personal data pursuant to Art. 17 para. 1 GDPR, we shall implement reasonable measures, including technical measures, taking into account the available technology and the cost of implementation, in order to inform other data controllers which process the published personal data that the data subject has requested from those other data controllers the erasure of all links to the personal data or copies or replications of the personal data, unless the processing is necessary.

The right to erasure does not exist insofar as the processing is necessary:

  • to exercise the right to freedom of expression and information;
  • for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h) and lit. i) GDPR and Art. 9 para 3 GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the right to erasure is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
  • for the assertion, exercise or defense of legal claims.

Notification Obligation

If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients.

Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lt. b) GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Art. 20 para. 1 GDPR, you have the right to have the personal data transferred directly from us to another controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

RIGHT TO OBJECT

YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA CARRIED OUT ON THE BASIS OF ART. 6 PARA. 1 LIT. E) OR LIT. F) GDPR. THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS.

WE WILL NO LONGER PROCESS THE PERSONAL DATA IN THE EVENT OF AN OBJECTION, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING. THIS ALSO APPLIES TO PROFILING, INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT TO US PROCESSING YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA FOR SUCH PURPOSES.

YOU ALSO HAVE THE RIGHT TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA WHICH IS CARRIED OUT BY US FOR SCIENTIFIC OR HISTORICAL RESEARCH PURPOSES OR FOR STATISTICAL PURPOSES PURSUANT TO ART. 89 ABS. 1 GDPR, UNLESS SUCH PROCESSING IS NECESSARY FOR THE PERFORMANCE OF A TASK CARRIED OUT IN THE PUBLIC INTEREST.

TO EXERCISE THE RIGHT TO OBJECT, YOU MAY CONTACT US AT ANY TIME. YOU ARE ALSO FREE TO EXERCISE YOUR RIGHT TO OBJECT IN CONNECTION WITH THE USE OF INFORMATION SOCIETY SERVICES, NOTWITHSTANDING DIRECTIVE 2002/58/EC, BY MEANS OF AUTOMATED PROCEDURES USING TECHNICAL SPECIFICATIONS.

Right to Withdraw Consent

You have the right to withdraw your consent to the processing of personal data at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.

Automated Individual Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, provided that the decision is

  • is not necessary for the conclusion or performance of a contract between you and us, or

  • is permitted by legislation of the Union or the Member States to which we are subject and such legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or

  • is done with your express consent.

  • Is the decision

  • necessary for the conclusion or performance of a contract between you and us or

  • it is done with your express consent,

  • we take reasonable measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person on our part, to express our own point of view and to contest the decision.

Right to Complain to a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

Legal or contractual requirements to provide the personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of nonprovision.

We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary for the conclusion of a contract that you provide us with personal data, which must subsequently be processed by us. For example, you are obliged to provide us with your personal data if you conclude a contract with us. Failure to provide your personal data would mean that the contract with you could not be concluded.

Changes in this Privacy Policy

This Privacy Policy is an active document. We may update this Privacy Policy to reflect changes in our data practices. We encourage you to periodically visit the site to review our most current privacy policy.

Contact

Please address your written request to:

ATLAS.ti Scientific Software Development GmbH
Lietzenburger Straße 75
10719 Berlin
Germany

If you have any questions or comments about our privacy policy, please send an email to: [email protected].