Privacy Policy

Usage data

When you visit our websites, so-called usage data is temporarily evaluated on our web server for statistical purposes as a protocol in order to improve the quality of our websites. This data set consists of:

• the name and address of the requested content
• the date and time of the query
• the amount of data transferred
• the access status (content transferred, content not found)
• the description of the web browser and operating system used
• the referral link, which indicates from which page you came to ours

The legal basis for the processing of usage data is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. The processing is carried out in the legitimate interest of providing the content of the website and ensuring a device and browser-optimized display.

Data processing for contract fulfilment

We process the collected data in accordance with article 6, paragraph 1, subparagraph b GDPR for the purpose of contract fulfilment. This also includes the associated customer service. If necessary, personal data are passed on to companies involved in the processing of this contract, e.g. e-commerce providers for payment processing or external suppliers of software components and products.

Storage of the IP address for security purposes

In addition, we store the full IP address transmitted by your web browser for a period of seven days, strictly for the purpose of being able to detect, limit and eliminate attacks on our websites. After this period, we delete or anonymize the IP address. The legal basis for the processing is Art. 6 Para. 1 S. 1 lit. f GDPR.

Data security

We take technical and organizational measures to protect your data as comprehensively as possible from unwanted access. We use an encryption process on our websites. Your information is transferred from your computer to our server and vice versa via the Internet using TLS encryption. You can usually tell this by the fact that the lock symbol in your browser's status bar is closed and the address line begins with https://.

Necessary cookies

We use cookies on our websites that are necessary for the use of our websites.

Cookies are small text files that can be stored and read on your device. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.

We do not use these necessary cookies for analysis, tracking or advertising purposes.

Some of these cookies only contain information about certain settings and are not personally identifiable. They may also be necessary to enable user navigation, security and implementation of the site.

We use these cookies on the basis of our legitimate interest in accordance with Art. 6 (1) sentence 1 lit. f GDPR.

You can set your browser so that it informs you about the placement of cookies. You can also delete cookies at any time using the corresponding browser settings and prevent new cookies from being placed. Please note that our websites may then not be fully displayed and some functions may no longer be technically available.

Consent banner

We use a consent management platform (consent or cookie banner) on our websites. The processing in connection with the use of the consent management platform and the logging of the settings you have made is carried out on the basis of Art. 6 Paragraph 1 Clause 1 Letter f of GDPR, in our legitimate interest in displaying our content according to your preferences and being able to prove your consent(s). The settings you have made, the consents you have given with them and parts of your usage data are stored in a cookie. This means that it is retained for subsequent page requests and your consents can still be traced. You can find more information on this under the heading "required cookies".

The provider of the consent management platform acts as a service provider (contract processor) who is strictly bound to our instructions. A contract processing agreement in accordance with Art. 28 GDPR has been agreed.

Google Analytics

We use the web analysis tool "Google Analytics" to design our websites to meet your needs. Google Analytics creates usage profiles based on pseudonyms. For this purpose, permanent cookies are stored on your device and read by us. This enables us to recognize returning visitors and count them as such.

As part of the Google Analytics service, Google Ireland Limited supports us as a processor in accordance with Art. 28 GDPR. Data processing may also take place by Google outside the EU or the EEA (particularly in the USA). With regard to Google, an appropriate level of data protection is guaranteed due to the adequacy decision (EU-US Data Privacy Framework). Google also undertakes to conclude standard contractual clauses with other subcontractors.

The data processing is based on your consent, provided that you have given your consent via our banner. You can revoke your consent at any time. To do so, please follow this link and make the appropriate settings via our banner.

Third-party tracking technologies for advertising purposes

We use cross-device tracking technologies to show you targeted advertising on other websites based on your visit to our websites and to understand how effective our advertising efforts have been.

The data processing is based on your consent, provided that you have given your consent via our banner. Your consent is voluntary and can be revoked at any time.

We use cross-device tracking technologies so that targeted advertising can be shown to you on other websites based on your visit to our websites and so that we can see how effective our advertising measures were. We also use other services, e.g. for conversions or customer match list uploads, to identify, analyze and specifically address or exclude target groups.

How does tracking work?

When you visit our websites, it is possible that the third-party providers listed below will retrieve recognition features for your browser or your device (e.g. a so-called browser fingerprint), evaluate your IP address, store or read recognition features on your device (e.g. cookies) or gain access to individual tracking pixels.

The individual features can be used by third-party providers to recognize your device on other websites. We can commission the relevant third-party providers to place advertisements that are tailored to the pages you visit on our website.

What does cross-device tracking mean?

If you log in to the third-party provider using your own user data, the respective recognition features of different browsers and devices can be linked to one another. For example, if the third-party provider has created a separate feature for the laptop, desktop PC or smartphone or tablet you use, these individual features can be assigned to one another as soon as you use a third-party service with your login data. In this way, the third-party provider can also control our advertising campaigns in a targeted manner across different devices.

Which third-party providers do we use in this context?

Below we list the third-party providers with whom we work for advertising purposes. If the data is processed outside the EU or EEA (particularly in the USA) in this context, we provide information on the level of data protection in the table below.

Contact form

You have the option of contacting us using our contact form. To use our contact form, we first need the data marked as mandatory.

We use this data on the basis of Art. 6 Paragraph 1 Clause 1 Letter f of GDPR to answer your inquiry.

You can also decide for yourself whether you want to provide us with further information. This information is provided voluntarily and is not absolutely necessary for contacting you. We process your voluntary information based on your consent.

Your data will only be processed to answer your request. We will delete your data if it is no longer required and there are no statutory retention periods. This is usually the case 3 days after the request has been processed.

If your data transmitted via the contact form is processed on the basis of Art. 6 Paragraph 1 Clause 1 Letter f of GDPR, you can object to the processing at any time. In addition, you can revoke your consent to the processing of the voluntary information at any time. To do so, please contact the email address provided in the imprint.

Embedded videos

We embed videos on our websites that are not stored on our servers. However, for data protection reasons, when you visit our websites, no third-party content is loaded and the third-party provider does not receive any information.

Third-party content will only be reloaded if you give your consent via our banner. This gives the third-party provider the information that you have accessed our site and the usage data technically required in this context. The third-party provider is also then able to implement tracking technologies. We have no influence on the further data processing by the third-party provider. Your consent includes the reloading of third-party content.

Embedding is based on your consent, provided you have given your consent via our banner. If the data is processed outside the EU or EEA (particularly in the USA) in this context, we provide information on the level of data protection in the table below.

Google Consent Mode

We use Google Consent Mode V2 (Basic Mode). This means that your IP address is transmitted to Google regardless of your settings in the banner. However, this is deleted by Google immediately after collection and is not logged. The processing is carried out in our legitimate interest in being able to better control and use certain functions of the Google services used on the website that require consent. The legal basis for the processing is Art. 6 Para. 1 S. 1 lit. f GDPR.

Newsletter registration and dispatch

You can subscribe to a newsletter on our website. Please note that we require certain data (at least your email address) to register for the newsletter.

The newsletter will only be sent if you have given us your express consent. After placing your order, you will receive a confirmation email to the email address you provided (so-called double opt-in). You can revoke your consent at any time. You can easily revoke your consent using the unsubscribe link in every newsletter, for example.

As part of the newsletter registration, we store additional data in addition to the data already mentioned, provided that this is necessary so that we can prove that you have ordered our newsletter. This may include storing the full IP address at the time of ordering or confirming the newsletter, as well as a copy of the confirmation email sent by us. The corresponding data processing is carried out on the basis of Art. 6 Paragraph 1 Clause 1 Letter f of GDPR and in the legitimate interest of being able to account for the legality of sending the newsletter.

Direct advertising

If we receive your email address in connection with the sale of a product or service, we will use the address for direct advertising for our own similar products or services, unless you have objected to the processing. When collecting the address and each time it is used, we will clearly state that you can object to the use at any time without incurring any costs other than the transmission costs according to the basic rates.

The data is used on the basis of Art. 6 Paragraph 1 Clause 1 Letter f of GDPR and in the interest of promoting the sale of our goods or services. You can easily object, for example, using the unsubscribe link in every email.

Integration of other technical third-party content and functions

We use the technical functions and content from third parties listed below to display our websites.

When you visit our website, content from the third-party provider that provides these functions and content is loaded. This gives the third-party provider the information that you have accessed our website and the usage data that is technically required in this context.

We have no influence on the further data processing by the third-party provider.

The embedding is based on Art. 6 Paragraph 1 Clause 1 Letter f of GDPR and in the interest of making our website as appealing and informative as possible.

Please note that the use of third-party content and features may result in your data being processed outside the EU or EEA (in particular in the USA). For transfers to the USA, an appropriate level of data protection is guaranteed due to the adequacy decision (EU-U.S. Data Privacy Framework).

Retention time

Unless we have already informed you in detail about the storage period, we delete personal data when it is no longer required for the aforementioned processing purposes and there are no legitimate interests or other (legal) reasons for storage that prevent deletion.

Applications, especially via HCM4all

We process your data within the scope of our applicant management for the purpose of deciding on the establishment of an employment relationship in accordance with § 26 German Federal Data Protection Act (BDSG). We process the data you provide within the context of your (online) application exclusively for the purpose of selecting applicants. Data processing for other purposes does not take place.

You yourself determine the scope of the data you wish to transmit to us as part of your application. Applications are transferred to our personnel department in electronic form and processed as quickly as possible. These transfers are encrypted. Applications are then normally forwarded to the heads of the responsible departments at our company. Beyond that, no additional transfers of your data will be made. Your data will be treated confidential at our company. If your application is unsuccessful, your documents will be deleted after six months.

With your express consent, we will store your data for an additional 24 months in our applicant or talent pool to consider it in future job advertisements.

The talent pool is managed by the entire //CRASH group of companies that consists of the following companies:

• Ashampoo GmbH & Co. KG
• Personizer GmbH & Co. KG
• CleverReach GmbH & Co. KG
• //CRASH Service Gesellschaft mbH & Co. KG

In case your application is considered for another vacant position at the //CRASH group of companies, we will forward your application documents to the respective department and contact you by phone or e-mail if necessary. Your data will be processed based on art. 6 para. 1 lit. a, 7 GDPR in connection with § 26 paragraph 2 German Federal Data Protection Act. Your declaration of consent includes the processing of all data that you have made available to us within the scope of the application procedure. In addition, data that was necessary to process the application (correspondence, handwritten notes from job interviews, etc.) will also be processed and stored. Additionally, we may process job-related information made publicly available by you, such as a profile on business-related social media networks or online job portals.

Your data is only accessible to selected employees within the //CRASH group of companies who are involved in filling vacant positions. Your data will only be passed on within the //CRASH group of companies to the extent necessary for the application process. Your data will not be passed on to third parties or used for other purposes.

Unless you revoke your consent to the processing of your data in the talent pool, your data will be completely deleted after 24 months at the latest. You will not be informed about the deletion of your data.

You can revoke your consent informally at any time, e.g. by sending an e-mail to hr@crash.immo.

We use software provided by HCM4all GmbH, Trogerstraße 48, 81675 Munich, to carry out the application process. We have furthermore concluded appropriate data protection agreements with HCM4all (also compliant with EU standard data protection clauses) which oblige the service provider to process data from our applicants strictly as instructed, protect it, and not share it with third parties. HCM4all takes further technical precautions to protect all personal data. No personal data will be transferred to third parties within the meaning of Art. 4 (10) GDPR.

eCommerce

In order to process an order we need your address data, your date of birth, e-mail, telephone number (if applicable), the total purchase price, purchase order date and information about the handling of payments.

• To secure your information in transmission we use Secure Sockets Layer software (SSL) where needed. This software encrypts the information you submit.
• Of course this is also true for credit card payments. The credit card information is only stored temporarily and deleted after being handed on to the respective payment provider
• It is important for you to take precautions against unauthorized access to your password and your computer. If you share your computer with others, you should remember to always log off after each session.

You can have your data deleted at any time. We use your data only to process your order, i.e. only information implicitly necessary for possible claims for reimbursement is collected and handled.

Software Installation and Activation

Activation, trial extension and unlocking of free software is achieved through an activation routine at program launch. This process requires an Ashampoo-registered email address and password. Alternatively, a license key can be used. Activation of a full version software requires an active Internet connection. During the process, a connection to a licensing server is established and a validity check performed. Invalid licenses / license keys or keys that have been used multiple times will result in the display of a licensing error in the program that will disappear once the program has been activated successfully. The validity of a product license will be automatically checked online at regular intervals.

The following information is transmitted when you activate a program with a license key:

• The license key
• A checksum
• The product code
• The version numbers
• The language setting

You can check your current license keys at any time. Just visit MyAshampoo at https://www.ashampoo.com/login. Your personal MyAshampoo data is protected against unauthorized access, you can log in with your email address and a password you choose yourself. Your personal data will be stored anonymously unless you choose to enter your name, which is entirely optional. Our privacy policies for managing your data are very strict and we will never share your information with any third parties.

The legal basis for the processing is Art. 6 Para. 1 S. 1 lit. f GDPR.

We delete personal data if it is no longer required for the aforementioned processing purposes and there are no legitimate interests or other (legal) reasons for retention that prevent deletion.

OpenAI

Some of our products use the OpenAI API to implement and extend some of their functionality. The API is provided by OpenAI Ireland Ltd, 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland and its associated entities.

Our primary objective in integrating the OpenAI API into our applications is to enhance user interactions and deliver valuable features. For instance, the API may be utilized to facilitate advanced natural language processing or other sophisticated functionalities within the application.

Data used by the OpenAI API is strictly used for delivering its services to us and is not shared with third parties for purposes unrelated to the application's features. It is also not used to train future AI models.

Ashampoo AI Assistant uses the OpenAI API to generate the responses to your input and perform the tasks you request. The text you enter or paste (either manually or via macros) is sent to OpenAI for processing.

Detailed information is available: OpenAI's Privacy Policy

IT infrastructure hosting

Our IT infrastructure (databases or servers) is hosted by the following cloud infrastructure provider:

• Microsoft Ireland Operations Ltd. (MS), One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland
• Amazon Web Services (hereafter called "AWS") of Amazon Web Services EMEA SARL, based at 38 Avenue John F. Kennedy, L-1855, Luxembourg,
• Google Cloud Platform (hereinafter "GCP") of Google Cloud EMEA Ltd., established at 70 Sir John Rogerson's Quay, Dublin 2, Ireland

The providers guarantee the data is exclusively stored and processed in EU territory exclusively (data access to fulfill legal obligations exempted). Products and data centers are certified in accordance with international standards (ISO 27001, ISO 27017, ISO 27018, PCI DSS, depending on the service). The data is protected against foreign access by means of the most current technologies. Further details on data processing through the providers are available at:

• MS: https://privacy.microsoft.com/privacystatement
  https://privacy.microsoft.com/privacy-questions
• AWS: https://aws.amazon.com/de/privacy/?nc1=f_pr
• GCP: https://cloud.google.com/terms/data-processing-terms?hl=de
  & https://cloud.google.com/security/gdpr/resource-center?hl=de

Stitch

We use the data processing services provided by Stitch Inc., 1339 Chestnut St. Suite 1500, Philadelphia, PA 19107, USA to manage and control some of our internal data flows. Stitch copies data (including personal data) from one place (for example, a database or a cloud service provider) to a different place (usually another database or service) inside our company's IT structure.

Stitch asserts that it complies with the EU privacy provisions of the GDPR. More information can be found here: https://www.stitchdata.com/images/terms-addendum-amendment-ccpa.pdf

Youth protection

Ashampoo's services are not intended for children and should not be used by them. Ashampoo does not knowingly collect personal data from children and does not send you a request to enter such data. Although visitors of all ages can use our website, we do not intentionally collect personal information from anyone under the age of 16. If we become aware, for example through a parent or guardian, that a child under the age of 16 has illegitimately registered with Ashampoo using false information, we will immediately delete the account and all associated personal data.

Your rights as a data subject

When processing your personal data, the GDPR grants you as the data subject certain rights:

Right to information (Article 15 GDPR)

You have the right to request confirmation as to whether or not personal data concerning you are being processed; if so, you have the right to access this personal data and to the information detailed in Art. 15 GDPR.

Right to rectification (Article 16 GDPR)

You have the right to request the immediate rectification of inaccurate personal data concerning you and, if necessary, the completion of incomplete data.

Right to erasure (Article 17 GDPR)

You have the right to request that personal data concerning you be deleted immediately if one of the reasons listed in detail in Art. 17 GDPR applies.

Right to restriction of processing (Article 18 GDPR)

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to processing, for the duration of the review by the controller.

Right to data portability (Article 20 GDPR)

In certain cases, which are detailed in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request that this data be transmitted to a third party.

Right of withdrawal (Art. 7 GDPR)

If the processing of data is based on your consent, you are entitled to revoke your consent to the use of your personal data at any time in accordance with Art. 7 Para. 3 GDPR. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.

Right to object (Article 21 GDPR)

If data is collected on the basis of Art. 6 Paragraph 1 Clause 1 Letter f GDPR (data processing to safeguard legitimate interests) or on the basis of Art. 6 Paragraph 1 Clause 1 Letter e GDPR (data processing to safeguard the public interest or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you violates data protection regulations. The right to lodge a complaint can be asserted in particular with a supervisory authority in the member state of your habitual residence, your place of work or the place of the alleged violation.

Assertion of your rights

Unless otherwise stated above, please contact the office stated in the imprint to assert your rights as a data subject.

Contact details of the data protection officer

Our external data protection officer will be happy to provide you with information on data protection using the following contact details: