Data Privacy

Privacy Policy

Thank you for your interest in how we handle your data.

At Citunius, we’re committed to providing you with the highest level of protection for your data and privacy. As a German company, we’ve always been compliant with some of the most stringent data protection laws in the world.

We ensure that the highest safety standards for data storage and processing are always met. We only collect data when it’s truly necessary, and in our customers’ best interests, e.g.: to send you a product activation code via email.

The following outlines how we are applying the guidelines as set out by the new General Data Protection Regulation (GDPR).

Data Protection Policy

  • Introduction
  • How can you contact us?
  • What do we mean by certain terms?
  • What personal data is processed by us?
  • Why and on what legal basis do we store personal data?
  • How do we use cookies, analysis and tracking tools, and social media registrations?
  • Why and who do we share personal data with?
  • How do we collaborate with partners on your behalf?
  • What do we use international partners for?
  • What data protection settings are available?
  • How can you revoke your consent?
  • What are your rights?
  • How do we protect personal data?
  • What possibilities are there for minors to use our services?
  • What other information is important?

Introduction

This Data Protection Policy is intended to provide information on the processing of personal data in our companies. We hereby fulfill our statutory obligations under the Telemedia Act (TMG) and the EU General Data Protection Regulation (EU-GDPR, EU 2016/679), in particular Articles 13 and 14 as well as Article 26(2).

Please read this Data Protection Policy carefully and make sure that you understand it. If you have any further questions or there is something you do not understand, please contact us.

For Citunius the protection of your privacy always has the highest priority. The protection of your personal data is very important to us.

This Data Protection Policy describes how we handle data which may be directly or indirectly related to natural persons (personal data) and which hardware and software is used.

In this document we also explain how we use cookies and analysis tools throughout our websites and in our products and services.

Please note that further information may be added to our Data Protection Policy depending on the product or service concerned.

We comply with relevant privacy laws and this Data Protection Policy at all times. We only share data with others as described in these provisions.

How can you contact us?

You can contact our Data Protection Officer at:

Citunius GmbH
Data Protection Officer
Kapuzinerstrasse 50
55116 Mainz
Germany

Tel: +49 (0) 6131 6932658
Email: mailtsupport@citunius.de

What do we mean by certain terms?

Anonymization

By modifying the data, identification of a natural person is no longer possible.

Activity data

Data stored about the user’s activities.

Analytical tools

Programs allowing analyses of user behavior.

Cloud

Use of IT infrastructures and services that are not kept locally but are hired as a service and can be accessed via a network (e.g. the internet).

Cookies

Cookies are small text files that are stored on your computer or in your browser.

GDPR

General Data Protection Regulation, revision of data protection regulations for the European Union.

Devices

A (portable) object, such as a smartphone, tablet, notebook, or PC, used to access apps or programs and information services.

IP address

An address within the computer network based on the Internet Protocol (IP). This address is assigned to the device and thus allows the device to be addressed and so accessed.

MAC address

Address of each individual network adapter.

my.citunius.de

Administration area within the Citunius software for registered users

Personal data

This information relates to a specific or identifiable natural, living person.

Pseudonymization

Modification of data in such a way that it is no longer possible to allocate it to a certain data subject without additional supplementary information.

Malicious software

Programs developed to cause damage to a device.

Smart

Synonymous for “intelligent, clever” devices (e. g. smartphone, smart TV, smart watch)

SSID

Freely selectable network name.

Web console

Internet based software solution for managing your account or your settings.

What personal data is processed by us?

We process different data when you install or use our products or visit our websites. This may be personal, either directly or indirectly, i.e. by involving other data sources.

Most of the data is collected in a pseudonymized or anonymized form.

This includes the following information:

Information when you visit our websites:

When you visit one of our websites, we may process information on the region you are visiting us from, information on your device, its operating system and browser, your user behavior on our site during the current session, and whether you have visited us before. For this, we use cookies.

Registration information:

To activate or use some of our products or services, you need to create an account („my.citunius.de“). During the process of setting up your Account, we will ask you for certain personal information such as your name, email, and IP addresses, possibly supplemented by your telephone number and address details.

For mobile products, further information is added, e.g. about the device used, your provider, and the operating system.

Support inquiries:

If you contact us for support inquiries, we will store your data in connection with this particular inquiry, such as contact details, information on your hardware and software, and log data. In some cases we may ask you to provide us with additional files generated by analytical tools to handle your support inquiry.

Usage information:

When using our products and services, we collect and process personal data at various points. The respective collection and processing of personal data depends on the product used and the associated services and product features. In some cases, you may deliberately submit or provide us with files for verification. If these contain personal data, processing is carried out in accordance with the guidelines set out in this Data Protection Policy.

Here are a few examples:

Citunius Business Bot Platform and related Citunius Integrations

Citunius advises the customer explicitly that the data protection and data security for data transmissions in open networks such as the Internet can not be guaranteed in current state of art. According to the law, Citunius has taken all appropriate technical and organizational measures to protect personal information from misuse and unauthorized access. However, third parties may be technically able to monitor the data transmission over the Internet which is outside the access range of Citunius. The customer is responsible for protecting the privacy compliant use of Citunius to end customers.

Citunius Software Updater

Citunius Software Updater checks if your locally installed programs are up-to-date. If outdated programs are detected, Citunius Software Updater notifies you about the potential safety risks or installs the respective updates automatically. Version status verification is only performed locally. No data on installed programs is sent to Citunius.

Why and on what legal basis do we store personal data?

Processing purposes:

We process your data, whether it can be traced back directly or indirectly to a natural person or not, for the following purposes:

  • To fulfill our contractual obligations to you.
  • For correct operation of our products and services.
  • For convenient and straightforward use of our products and services.
  • To improve and optimize the features, security, and stability of our products and services.
  • For administrative purposes.
  • To offer you optimized advertising and product information.

Contract initiation and performance:

In general, we only store personal data needed to fulfill our contractual obligations to you (Article 6 I b) GDPR). If personal data supplied by third parties is processed, the processing is carried out on the contractual basis and additionally according to Article 6(1)f. GDPR.

Consent:

Your consent is required for the processing of certain data. In these events we will inform you expressly about the situation and provide you with the opportunity to allow us to process this data.

In these cases we will inform you about the purpose of the data processing and about your right of revocation.

Storage and deletion periods:

We store personal data only to the extent required to fulfill the purpose. The storage period depends on legal requirements and the duration of the contractual relationship.

Should the data no longer be used, it will be anonymized and/or deleted in accordance with legal regulations.

Should you wish to have your data deleted, please note that we are able to block your data immediately but for legal reasons or due to technical restrictions it may take up to 180 days to permanently delete your data from the live systems.

Further, please note that after the confirmation of your deletion request it is not possible to restore your data.

How do we use cookies, analysis and tracking tools, and social media registrations?

When you use a product or service, cookies are uploaded to your browser. Cookies may be used to identify your browser so that our website is displayed correctly. We also use cookies at various points on our website to analyze the use of our website and thereby optimize it.

In addition to our own systems, we also use the following third-party tools for marketing purposes and to make your visit to our websites or the use of our products/services more user-friendly.

Analytical tools:

Google Analytics

We use Google Analytics, a web analysis service from Google (Google Inc.). Google Analytics uses cookies that enable us to analyze your use of our websites. The data generated by cookies about your use of our website is generally processed on European servers in accordance with GDPR guidelines. Google may transfer the data to a server in the USA and store it there. Prior to this, however, Google will shorten your IP address if it originates in a member state of the European Union or in other signatory states to the Agreement on the European Economic Area and thus make it anonymous (Google’s anonymizeIp process). The entire IP address is transferred to a Google server in the USA and saved there only in exceptional cases. This anonymization ensures that your IP address cannot be traced back to you. Google uses this data to evaluate your use of the website, to generate reports on website activities for Citunius, and to provide other services associated with website and internet use. Google can transfer this information to third parties, where appropriate, if legally mandated or if Google contracts with third parties to process such data. Google will not associate your IP address with other Google data.

You still have the option to prevent Google from collecting data generated by cookies and relating to your use of the website (including your IP address) as well as from processing this data by downloading and installing a browser plug-in provided by Google.

Further information on Google Analytics can be found here.

Why and who do we share personal data with?

Your personal data will not be transmitted to third parties for reasons other than those listed below.

We will only disclose your personal data to third parties, if:

  • You have expressly given us your consent for this,
  • it is legally permissible and necessary for the execution of our contractual relationships with you,
  • data transmission is based on a legal obligation, as well as
  • data disclosure is justified by a particular interest and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data at this time.

We share personal data with the following recipients or categories of recipients for the aforementioned reasons:

  • Employees (internal and external)
  • IT infrastructure service providers
  • Payment processors
  • Support service providers
  • Software service providers
  • Providers of analysis tools
  • Public authorities

Here are a few examples:

  • SurveyMonkey (SurveyMonkey Europe UC) – we use this platform to conduct surveys such as on your product satisfaction. For your protection, personal data is processed in a pseudonymized form.

How do we collaborate with partners on your behalf?

We collaborate with partners for selected products and services by sharing the responsibilities according to. We jointly define the purpose and means of processing with these companies. For this, personal data may also be forwarded. In accordance with the GDPR, both companies are then responsible for this processing and/or the legally compliant handling of your data.

What do we use international partners for?

We use a global IT infrastructure including computers, cloud-based servers, networks, and software solutions of international companies to provide our services.

These partners are based in different countries, partly also outside the European Union. In these countries, the same level of data protection is not always governed by and established in law as in the European Union. For this reason, we have taken a number of measures in accordance with the GDPR to ensure the highest possible protection of your personal data. These are:

  • Cooperation with organizations in countries recognized by the EU Adequacy Decision
  • Cooperation with organizations according to the EU-US Privacy Shield
  • Cooperation with organizations based on the EU Standard Contractual Clauses
  • Cooperation with organizations based on agreed guarantees

Compliance with statutory obligations and requirements is guaranteed by our partners.

Further, in certain specific cases your personal data may be forwarded to third countries based on your express consent.

What data protection settings are available?

Our products offer you a number of options and settings. These are usually explained to you when you first use or register for them. It is quite possible that by changing the settings, certain services may no longer function properly.

How can you revoke your consent?

If you have given us your consent to process certain data, e.g. to receive a newsletter or third-party offers, you have the right to revoke this consent – also in part – at any time. You can usually do so at my.Citunius.com or by contacting us directly.

If data processing is based on a weighing of interests pursuant to Article 6(1)f. GDPR, you have the right to object to the processing insofar as there are reasons for this arising from your particular situation or if it constitutes direct advertising.

In the case of direct advertising, you have a general right to object without having to provide information on the particular situation. Please inform us of your objection in writing (e.g. email) or by telephone.

What are your rights?

You have the following rights in connection with your personal data, subject to possible legal restrictions:

The right to be informed, rectification, erasure, restriction of processing, portability, and object.

At this point, we expressly point out that we reserve the right to perform an identity check of the individual submitting the inquiry, in accordance with legal requirements, and also to take further measures to clearly verify the inquirer’s identity.

Anonymous users of our products and services:

If you use our products and services anonymously, i.e. without having registered by providing your email address, we will not be able to perform the necessary and legally required identity check within the scope of your legal request. In accordance with Article 11(2) GDPR we therefore reject the exercise of any claims of the data subject according to Articles 12 to 22 GDPR, unless the data subject provides information allowing their identification in order to exercise their rights laid down in the aforementioned articles.

Right to information:

If you would like to know what personal data we hold on you, we offer this function in my.Citunius.com. Here you will find an overview of the records stored by us, such as your name, email address, and postal details. For safety reasons and due to regulations we may pseudonymize certain data, such as credit card details.

You will receive this activity data on request via email. The provision of this information may take some time, depending on the scope of the activity data.

Right to rectification:

You will find an overview of the records stored by us, such as your name, email address, and postal details, in the administration section of our software. If you find that this information is incorrect, you can change it yourself. For all other rectifications, please contact us in writing (e.g. email).

Right to erasure:

Should you wish to delete your data, you have the option to do so in the administration section of our software. We will then erase your data in accordance with legal requirements.

However, we would like to point out that we are legally obliged to store certain data for longer periods of time (e.g. the retention periods for accounting documents are currently 10 years (The Fiscal Code of Germany)).

Additionally, we would like to point out that we are able to block your data immediately but due to technical restrictions, it may take up to 180 days to permanently delete your data, provided there are no legal obligations and statutory rights preventing deletion.

Further, please note that after the confirmation of your deletion request it is not possible to restore your data.

You may continue using parts of our software as an anonymous user.

Right to restriction of processing:

You have the right to restrict the processing of your personal data. To this end, please inform us of the categories of data affected by your request and the reasons for your request. We will examine the facts immediately and inform you of the result.

Right to data portability:

Please let us know in text form (e.g. email) which data you would like to transfer to whom. We will examine your request immediately and inform you of the result.

Right to lodge a complaint:

If you are dissatisfied with our efforts in connection with data protection, you have the right to lodge a complaint with the data protection supervisory authority responsible in your country. For example, in Europe

  • The State Data Protection and Freedom of Information Officer in Baden-Wuerttemberg
  • PO Box 10 29 32, 70025 Stuttgart
  • Königstrasse 10a, 70173 Stuttgart

is responsible for Citunius.

How do we protect personal data?

We have put in place safeguards that are state-of-the-art in the software industry and meet the requirements of data protection legislation to protect your personal data. These are continuously checked and, if necessary, adapted. The objective is to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or unauthorized knowledge or access by third-parties.

To transfer data between our websites, our applications and backends, communication is encrypted using the SSL (Secure Socket Layer) procedure.

We protect the systems and processing by a series of technical and organizational measures. These include data encryption, pseudonymization and anonymization, logical and physical access restriction and control, firewalls and recovery systems, and integrity testing.

Our employees are regularly trained in the sensitive handling of personal data and are obliged to observe data secrecy in accordance with legal requirements.

What possibilities are there for minors to use our services?

Our products and services may not be ordered or installed by minors.

What other information is important?

Public information:

Remember that the data you send to forums or blog such as https://blog.citunius.de/ will be classified and treated as information that is “manifestly made public”. If you are active in our forums, there is a risk that others may find and use the information you provide. Be careful and handle your personal information in a responsible manner when online in a public forum.

Changes to this Data Protection Policy:

This Data Protection Policy is revised on an ad-hoc basis to adapt it to current developments in relation to our company, our products and services, legal requirements, and social developments.

Effective: May 21, 2018