About this privacy policy

Personal data is all data which can be used to identify you individually. Your personal data can be processed for various purposes. Essentially, Allthings Technologies AG (hereinafter also referred to as "Allthings" or "We") can divide the data processing processes into the following areas:

In connection with the website www.allthings.me (hereinafter referred to as "Website") or comparable external online presences, such as our social media profile (website and external online presences hereinafter referred to collectively as "online presence"), we process visitor data exchanged between their Internet-enabled terminal devices and the server operated by us, as well as data communicated to us within the framework of the use of the respective online presence. Details can be found in Part B of this Privacy Policy. 

For the purpose of providing the Allthings platform, its functions and content and related applications or micro-applications offered (collectively also referred to as "Services"). More information on this can be found in Part C.
For the purpose of processing or the initiation of contracts, we process the necessary data of our customers and interested parties. You can find more information on this in Part D.
The data of our business partners or suppliers is used exclusively for the direct placing, processing or execution of orders. You will find more information on this under Part D.

For data subjects from the EU, we refer to the respective legal basis of the GDPR. For data originating from Switzerland, the principles of the nDSG apply respectively.

 

Who is responsible for data processing and who can you contact if you have any questions?

The responsible entity within the meaning of GDPR and other national data protection laws of the member states as well as other data protection regulations is Allthings Technologies AG, Lange Gasse 8, 4052 Basel (Switzerland)
Responsible contact person at Allthings is:

Cordula Geng, Head of Compliance

What rights do you have with regard to your personal data?
If your personal data is processed, you may be entitled to the rights described below. If you wish to exercise any rights against Allthings as the responsible party, we recommend that you send them to this address or point of contact:

Allthings Technologies AG,
Lange Gasse 8,
4052 Basel (Switzerland)
support@allthings.me

Right to information

In accordance with Art. 15 GDPR, you can request confirmation from us whether we process any kind of personal data relating to you and obtain information to what extent we process it.

Right to rectification
If personal data concerning you is incorrect or incomplete, you have a right to correction and/or completion pursuant to Art. 16 GDPR.

Right to erasure
If the legal requirements of Art. 17 GDPR are met, you can demand that we delete your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent an immediate deletion, e.g. in the case of legally regulated storage obligations.

Irrespective of the exercise of your right to erasure, we will immediately and completely erase your data in order to fulfill our statutory erasure obligations after the processing purpose has ceased to apply, insofar as there is no legal or statutory retention period to the contrary.

Right to restriction of processing
In the cases specified in Art. 18 GDPR, you may request us to restrict the processing of your data. If you have restricted the processing of your personal data, this data - with the exception of storing it - may only be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of an important public interest of the European Union or a member state.

Right to data portability
According to Art. 20 GDPR, you have the right to request that any data provided by you, which is processed automatically by us on the basis of your consent or in fulfillment of a contract, be handed over to you personally or to a third party in a standard, computer-readable format. If you request the direct transfer of the data to another responsible person, this will only be done as far as it is technically feasible. The right to data transfer does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority assigned to the person responsible.

Right to object
If we process your data on the basis of a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR, you may object to this data processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions (see Art. 21 GDPR). If you file an objection, we will no longer process your personal data concerned unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms or the processing serves the assertion, exercise or defense of legal claims.
If your personal data is processed for the purpose of direct advertising, you have the right at any time to object to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct advertising. If you object, your personal data will no longer be used for direct marketing purposes. You can object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

Right to revoke the declaration of consent under data protection law
Some data processing operations are only possible with your expressed consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time and with future effect. However, the legality of the data processing carried out until the time of revocation remains unaffected by the revocation. Please note that even after revocation of your consent, it may still be possible to process the data concerned in whole or in part on the basis of other legal principles.

Right to lodge a complaint with a supervisory authority
Without detriment to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, workplace or place of presumed infringement, if you are of the opinion that the processing of your personal data violates the GDPR (Art. 77 GDPR in conjunction with § 19 BDSG). A list of data protection officers in Germany and their contact details can be found at the following link:
www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
If you are of the opinion that we violate German or European data protection law when processing your data, we ask you to contact us in order to clarify any questions you may have. Of course, you also have the right to contact the supervisory authority responsible for our company headquarters.
Please note that Allthings Technologies AG, being a Swiss company, is subject to the control of the Swiss data protection authorities. If you have any questions or complaints, please feel free to contact the Swiss data protection authority in charge of Allthings directly:

Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter
Feldeggweg 1
CH - 3003 Bern

Which personal data is processed and from which sources does this data originate?

The source of the personal data

We mainly process the data that we receive directly from the persons concerned within the scope of a business initiation or in the course of the business relationship.

In addition, we process - to the extent necessary for the provision of our services or the fulfilment of a contract with our customers - data that we have received from other companies in our group of companies or partner companies or from locally responsible companies integrated into our sales system with which we have a long-term business relationship:

Allthings GmbH (Merzhauser Strasse 161, DE-79100 Freiburg im Breisgau)

In individual cases, we also process data that we have received or acquired from other third parties such as credit agencies, creditor protection associations or authorities, or that we have taken, received or acquired from publicly accessible sources (e.g. telephone directories, company registers, press, Internet or other media).

Via our website and our services, we process data which we receive during your visit or which you actively communicate to us within the scope of your use (e.g. when using our contact form). Other data is automatically collected by our IT systems when you visit our website or use one of our services. These are mainly technical data (e.g. Internet browser, operating system or time of a page call). This data is collected automatically as soon as you enter our website or call up one of our services. Details can be found under Part B and Part C.

Categories of personal data
Among the personal data that we regularly process are personal master/contact data such as: First and last name, address, e-mail address, telephone number, fax, position in the company.
In addition, we also process the following other personal data, depending on the order or the services to be rendered:

• Information on the type and content of our business relationship such as contract data, order data, sales and document data, customer and supplier history, consulting documents.
  Advertising and sales data,Documentation data (e.g. consultation protocols, data from service meetings or support cases)
• Information from your electronic dealings with us (e.g. IP address, log-in data)
• other data that we have received from you in the context of our business relationship (e.g. in discussions with customers),the documentation of declarations of consent
• Photos taken at public events

 

For what purposes and on what legal basis will the data be processed?

We process your data in accordance with the provisions of the Data Protection Regulations that apply as amended, in particular on the following bases:

Fulfilment of (pre-)contractual obligations (Art. 6 para. 1 lit.b GDPR)
Personal data is processed on the basis of Art. 6 para. 1 lit. b GDPR in order to fulfil contractual obligations of Allthings, in particular in connection with the sale and distribution of our goods and services as well as all activities customarily required for the operation or administration of Allthings (e.g. customer administration).The data may also be processed on a pre-contractual level within the framework of a business relationship with Allthings or in the course of other contractual relationships with Allthings.
Art. 6 para. 1 lit. b GDPR, for example, is the legal basis in the following cases:

• Creation and maintenance of a customer or supplier account
• Keeping customer/prospect files or our customer/prospect database
• Sending of information
• Offering and selling Allthings software products
• Offering and implementing our services (e.g. training, consulting and support services)
• Details for the purpose of this data processing can be found in the respective contract documents and terms and conditions.

Safeguarding legitimate interests (Art. 6 para. 1 lit.f GDPR)
On the basis of a weighing of interests, data processing may take place beyond the actual fulfilment of a contract in order to safeguard the legitimate interests of Allthings or third parties. This is permissible, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail. Data processing to safeguard legitimate interests is carried out in the following cases, for example:

• Transmission of data to companies affiliated with us
• Use of strictly necessary cookies or comparable technologies within the meaning of Section 25 (2) TDDDG
• Execution of payment transactions via external service providers
• Use of debt collection service providers and lawyers to collect receivables and/or enforce them in court
• Assertion of other legal claims and defense in legal disputes
• Advertising or marketing
• Market and opinion surveys
• Image and sound recordings at public events (e.g. trade fairs, open days, workshops, industry events)
• Measures for business management and further development of our services;
• Maintaining databases on customers/prospects and service providers to improve our offering
• Carrying out a risk assessment (due diligence) in the context of any company restructuring or a company acquisition or sale
• Ensuring the IT security and IT operations of our companyMeasures for building and plant safety

Fulfilment of legal obligations (Art. 6 para. 1 lit.c GDPR)
The processing of your data may be necessary in part for the purpose of fulfilling various legal obligations and requirements to which we are subject, e.g. from commercial law or tax law.

Consent (Art. 6 para. 1 lit.a GDPR):
If a service used by us in any way stores information in the terminal equipment of users from Germany or accesses such information, consent is required in accordance with Section 25 (1) sentence 1 TTDSG. If the service functions without any access to the terminal equipment, the GDPR is relevant. If we request your consent within the scope of the GDPR, this is done on the basis of Art. 6 para. 1 lit. a in conjunction with Art. 7 GDPR. Art. 7 GDPR.
If, in individual cases, you have given us your consent to process your data, it will be processed in accordance with the purposes and to the extent agreed in the declaration of consent. Consent given, e.g. for sending a newsletter, can be revoked at any time with effect for the future. For this purpose, please contact the contact support@allthings.me. Please note that processing which took place before the revocation is not affected by the revocation and under certain circumstances data processing may continue to be possible at least partially on the basis of another legal basis.
For this purpose, we use your data for the following purposes, for example:
Quality assurance: In order to continuously improve our services, our products and our services for you, we conduct surveys to your satisfaction, as well as your experiences from your contractual relationship.
General and personalized advertising by email, fax or telephone.
If you have given us a SEPA Direct Debit Mandate, we will use your bank details. We collect open amounts via the SEPA Direct Debit Mandate in accordance with the contractual agreements.

Who receives my data?
At Allthings, those employees or organizational units who need your data to fulfill our contractual and legal obligations or to process or pursue our legitimate interests receive it.
Your data will be forwarded to companies for the initiation or execution of a contractual relationship (e.g. provision of a service or sale of goods) in accordance with Art. 6 para. 1 lit. b GDPR or - depending on the type of concrete contractual relationship - and on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, in particular to companies which we regularly use in connection with the provision of our service or for contract execution. This applies to the following recipients or recipient categories:

• IT service providers (e.g. email service providers, web hosting companies)
• Affiliated companies
• Partners (for example, sales partner, advertising partner)
• Communication provider (e.g. telephone providers)
• Payment service provider
• Shipping and logistics service providers
• Chartered accountant
• Tax and legal advisors

If we use a service provider for the purpose of order processing ( so-called order processing according to Art. 28 GDPR or order processing according to Art. 9 FADP), we nevertheless remain responsible for the protection of your data. To the extent required by law, contract processors are contractually obligated by an order processing agreement to treat your data confidentially and to process it only within the scope of providing the service. The processors commissioned by us will receive your data insofar as they require the data for the performance of their respective services.
Your data will only be transferred to state institutions and authorities or collected for this purpose within the framework of mandatory national legal provisions or if you have commissioned us to do so.

How long will my data be stored?
Your personal data will only be used for the purpose for which you provided it to us or for which you gave us your consent and will be stored until this specific purpose has been fulfilled. After complete processing of the purpose, or as soon as you request us to delete your data, your data will only be stored as long as it is necessary due to statutory limitation periods or retention periods (in particular tax and commercial law nature). However, the data will be deleted at the latest after expiry of all periods, unless you have expressly consented to further or other use. You can also assert rights during the retention periods, such as blocking your data, see Part A. Section II.
Your data will be deleted or blocked by us as soon as the purpose of storage no longer applies, or you request us to delete it.
We process, in particular store your data in principle at the longest only up to the termination of the business relation or up to the expiration of the valid guarantee, warranty, limitation periods. For example, depending on the applicable contract law, the statute of limitations is regularly three years, but in certain cases also up to thirty years. In addition, it may be necessary for data to be retained until the legally binding termination of any legal disputes in which the data is required as evidence.
Furthermore, we are subject to legal documentation and storage periods (e.g. from the German Commercial Code). The periods specified there for storage or documentation are generally between two and ten years. For example, even after termination of a contract with you, we would have to store your data for a period until the completion of the tax audit of the last calendar year in which you were our customer.

Will personal data be transferred to any third country?
As part of our processing, personal data in certain business transactions or areas of activity may also be transferred to locations in so-called third countries outside the EU or the EEA to which the EU Commission has not yet attested an adequate level of data protection, for example in the USA. If such data transfer should become necessary, this will only be done on the basis of an adequacy decision of the European Commission, standard contractual clauses, suitable guarantees for compliance with data protection or your expressed consent.

In principle, you can visit our online presences and use them for information purposes without having to provide personal details (e.g. register, place orders or otherwise provide information about yourself).  In this case, we process personal data of our users only to the extent necessary to provide a functional online presence as well as our content and services or to the extent that cookies used by us transmit personal information when visiting the online presence. Information on our own cookies used by us can be found under Part B Section II. Other cookies enable our partner companies or third parties to recognize your browser the next time you visit us, if applicable. For details on such third-party cookies, please refer to the cookie list in the details of the cookie banner implemented on the website.
In addition, the processing of personal data of our users is carried out regularly only with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by statutory provisions.  

I. Provision of the website and creation of log files

Description of data processing
Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer, which your Internet browser automatically transmits to us or our web host (so-called log files). These server logfiles contain IP addresses or other data that enable an assignment to a user. This could be the case, for example, if the link to the website from which the user accesses the website or the link to the website to which the user switches contains personal data. The following information is collected:

• Information about the browser type and version used
• The user's operating system
• The Internet service provider of the user
• The IP address of the user
• Date and time of access
• Websites from which the user's system accesses our website
• Websites accessed by the user's system through our website

This data is not stored together with any other personal data of the user.

Legal basis and purpose of data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. 
The data is stored in log files in order to ensure the functionality of the website. The data is also used to optimize the website and to ensure the security of our information technology systems. 

Duration of storage / possibility of objection and removal
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the purpose of providing the website, this is the case when the session in question has ended. 
In the case of storage of data in log files, this is the case after 90 days at the latest. We do not store data beyond this. In this case the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible. 
The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.

II.     Cookies and comparable technologies
Description of data processing
Our website uses cookies or similar methods and collects, processes and uses usage data (e.g. access times, visited websites) or meta and communication data (IP address, device information). Cookies are text files with a characteristic string of characters that are stored in the Internet browser or by the Internet browser on the user's computer system and which enable the browser to be uniquely identified when the offer is called up again. If a user calls up a website, a cookie can be stored on the user's operating system. A cookie contains a characteristic string of characters. The use of these cookies serves to make a website more user-friendly, effective and secure. When you visit a website on which a cookie is embedded, the data you enter is stored exclusively in the cookie on your computer. In this case, data will only be transmitted to the servers of our offer when a page request is made.
Some cookies are deleted after the end of the browser session when your browser is closed (so-called session cookies). These cookies are technically necessary, e.g. so that you can log in to the application and also remain logged in across pages during your visit to our website. 
Other cookies remain on your end device for a specified period of time and enable us to recognize your browser during your next visit (so-called persistent or protocol cookies). The purpose of using these cookies is to provide you with optimal user guidance, to "recognize" you and to present you with as varied a website and new content as possible when you repeatedly use it. 
Cookies from partner companies or third parties can be used, for example, to collect information for advertising, user-defined content or statistics ("third party cookies"). If we do not identify cookies as originating from third parties, the cookies originate from our offer ("first party cookies"). We will inform you separately about third party cookies or tracking technologies that we use in the following sections of our Privacy Policy.
Cookies that are essential to provide the website’s functionality are listed as “necessary”. 
For all other cookies, we need your consent. Your consent can be given in the settings of the tool we implemented on our website for obtaining consent for the use of certain categories of cookies ("cookie consent-tool"). This tool blocks all categories of cookies that are not essential for the proper operation of the Website, unless you give your consent to the use of cookies beyond this category. Your consent can be adjusted or revoked at any time via our website by emptying your cache and reloading the allhings website.
We list our used cookies in the cookie consent tool under "details".

Legal basis and purpose of data processing
The legal basis for the processing of personal data using necessary cookies is Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality and security of the website and a customer-friendly and effective design of the site visit. Other cookies are used with the users consent according to Art. 6 para. 1 lit. a GDPR. Your consent consists in your chosen cookie-bot settings.
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized also after a page change.

Duration of storage / possibility of objection and removal
Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. Thus, an objection to the use of Cookies for online marketing purposes can be declared by means of a variety of services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/ or generally on http://optout.aboutads.info. 
If Cookies are deactivated for our website, it is possible that all functions of the website can no longer be used to their full extent.

Cookiebot (Consent managing platform)
Description of data processing
We use the cookie consent tool "Cookiebot" of the company:

Usercentrics GmbH
Sendlinger Straße 7
80331 Munich
Germany
(hereinafter: "Cookiebot").

When you access our website, Cookiebot shows you a cookie list divided into functional groups by means of a pop-up window, explains the purpose of the cookie functional groups and the individual cookies as well as their storage period. You can then switch on the cookies divided into function groups by clicking on the corresponding box and declare your consent to the use of the cookies, or declare your consent altogether for all cookies. Please note that the technical cookies are already stored when you enter our website and the relevant box is preset.

Legal basis and purpose of data processing 
The legal basis for the data processed using our cookie management tool is Art. 6 para. 1 lit. c GDPR with regard to user consent data, otherwise Art. 6 para. 1 letter f GDPR to safeguard our legitimate interests in the best possible functionality and security of the website and a customer-friendly and effective design of the page visit. For this purpose, Cookiebot uses technically necessary cookies within the meaning of Art. 25 para. 2 TDDSG in order to save the content of the consent you have given for your next visit. The use of essential cookies serves to simplify the use of websites for users. We cannot offer some functions of our website without the use of cookies. For these it is necessary for the browser to be recognised even after leaving the site.

Duration of storage / possibility of objection and removal
Cookies are stored on the user's device and transmitted by the user to our website. Therefore, you as the user have full control over the use of cookies. You can disable or restrict the transfer of cookies by changing the settings in your Internet browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. However, if you wish to review or change your cookie settings, you can access Cookiebot via emptying your cache and reloading the website.
If cookies are disabled for our website, it is possible that functions of the website can no longer be fully used.

III.     Statistical analysis of the website / increase of reach

1. Hubspot
Description of data processing
This website uses the functionalities of the Customer Relations Management (CRM) system HubSpot. HubSpot is a software solution of HubSpot Inc. 25 First Street, 2nd Floor, Cambridge, MA 02141 USA, which is offered in Europe by HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. We use HubSpot to control and implement inbound marketing related to various functionalities of our online presence. The information stored is stored on HubSpot servers. The data processed may be used by us to gain detailed insight into the way our websites are used and used, to interact with visitors to our website and to determine what services our company may be of interest to them. 

The stored information is saved on HubSpot servers. The processed data can be used by us to gain detailed insights into the way our websites are used and how they are used, to get in touch with visitors to our website and to determine which of our company's services are of interest to them. 

The following data may be collected and processed via HubSpot as part of the optimisation of our marketing measures:

• Geographical location

• Type

• Navigation information

• Referral URL
• Performance data

• Information about how often the application is used

• Mobile apps data

• Login information for the HubSpot subscription service

• Files that are displayed on site

• Domain names

• Pages viewed

• Aggregated usage

• Operating system version

• Internet service provider

• IP address

• Device identifier

• Duration of the visit

• Where the application was downloaded from

• Operating system

• Events that occur within the application

• Access times

• Clickstream data

• Device model and version

HubSpot uses so-called "web beacons" (invisible graphics or code) and cookies, which are embedded in websites or emails and stored on the user's end devices. The IP address, geographical location, type of browser, duration of the visit and the pages called up are recorded here.

HubSpot also collects the data entered by the user if he (a) subscribes to our newsletter (b) uses our download area (c) writes a comment or (d) completes one of our contact forms.

Further information on data protection at HubSpot can be found at https://legal.hubspot.com/de/privacy-policy.

2. google tag manager

Description of the data processing
Google Tag Manager is a solution from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: ‘Google’), which allows marketers to manage website tags via an interface. The Google Tag Manager itself (which implements the tags) is a domain without cookies and does not collect any personal data. The Google Tag Manager helps with the integration and ensures the triggering of other tags, code snippets, tracking code and conversion pixels on a website, which in turn may collect data. Google Tag Manager does not access this data. Google Tag Manager offers us an easy-to-use user interface that does not require any in-depth programming knowledge or modifications to the website's source code. 

We only use Google Tag Manager to display Google Ads (formally Google AdWords) for the purposes of our search engine marketing activities.

For more information on Google Tag Manager, see: https://www.google.com/intl/de/tagmanager/use-policy.html.

3. lead info

Description of the data processing
We use the lead generation service of Leadinfo B.V., Crooswijksesingel 50, 3034 CJ, Rotterdam, Netherlands. This recognises visits from companies to our website based on IP addresses and shows us publicly available information, such as company names or addresses. In addition, Leadinfo sets two first-party cookies to evaluate user behaviour on our website and processes domains from form entries (e.g. ‘leadinfo.com’) in order to correlate IP addresses with companies and improve the services. 

Leadinfo collects and processes data about companies such as company name, phone number, address, web address, industry, company profile, turnover and key people.

Further information can be found at www.leadinfo.com.

Legal basis and purpose of data processing
The collection of data using Leadinfo cookies is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG. We process your data with the help of Leadinfo for the purpose of optimising our website and for marketing purposes on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f. GDPR.

Duration of storage / options for objection and removal

You can prevent the storage of cookies by refusing the storage of cookies or you can make use of your right to object and remove cookies as generally described in Part B Section II.

The specific storage period of the data processed by Leadinfo cannot be influenced by us, but is determined by LeadInfo B.V.. On this page: www.leadinfo.com/en/opt-out you have an opt-out option. If you opt out, your data will no longer be collected by Leadinfo. Further information can be found in the privacy policy for Leadinfo: https://www.leadinfo.com/de/datenschutz/.

IV. Further information on procedures, plug-ins and tools used to design the website

1. SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

2. reCaptcha (invisible reCaptcha)

Description of the data processing

To protect your login or registration processes and your requests in our forms and input screens, we use the service reCaptcha, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which is offered in Europe by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For this purpose, Google evaluates information on the behaviour or user actions (in particular mouse movements) of the users. In contrast to other reCaptcha procedures, the Invisible reCaptcha does not require any additional queries (tick marks, picture puzzles). Instead, a JavaScript element is integrated into the source code. reCaptcha then runs in the background and analyses the user behaviour. From the recorded user actions, the reCaptcha software calculates a captcha score from which Google draws conclusions about the probability of whether the following input is made by a human being or abusively by automated, machine processing (so-called "bots"). 

Google reCaptcha uses so-called "cookies" for this purpose. Google collects the following data for this purpose: the information from which page the CAPTCHA is integrated, the IP address of the connection, referrer URL, information on the operating system used, the screen and window resolution, the language set in the browser, the time zone in which you are located, browser plug-ins installed on your end device, the other cookies already present from Google, mouse and keyboard behavior. 
According to Google, the IP address collected is already shortened within the member states of the EU or in other states party to the Agreement on the European Economic Area and only in exceptional cases is it transmitted in full to servers in the USA, where it is then shortened. According to Google, the IP address transmitted by your browser within the framework of reCaptcha is not merged with other Google data. An exception can be made if you are logged in parallel in your own Google account. In this case, however, Google processes your data outside our area of responsibility on the basis of the terms of use concluded between you and Google.
For more information about Google's data processing practices, please read the Google Privacy Policy at https://policies.google.com/privacy?hl=de,

Legal basis and purpose of the data processing

Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR for the purpose of ensuring the integrity and functionality of our online offers and services. We have a legitimate interest in protecting our online offers and services and their users from abuse (e.g. automated spying, DDoS attacks or spam).

Duration of storage / possibility of objection and removal

The collection of data for the provision of the website is absolutely necessary for the operation of our online offers and services. Consequently, there is no possibility of objection on the part of the user. You can object to the collection and forwarding of personal data or prevent the processing of this data only by deactivating the execution of Java-Script in your browser or by installing a Java-Script blocker. In this case, however, you will not be able to use the functions of our online offers and services.

If you are already registered with a Google service, Google could merge this data on the basis of the Google terms of use and data protection conditions accepted by you. If you wish to avoid this, please log out of the Google service first. For more information, please contact Google or https://policies.google.com/privacy?hl=de.

2. content delivery network

Description of the data processing

We design our website with the help of a so-called Content Delivery Network (hereinafter referred to individually or collectively as ‘CDN’). A CDN is a network of high-performance servers that cache content at various locations around the world. A CDN essentially has two tasks: firstly, to provide content in the shortest possible time and secondly, to relieve the web host by distributing the data traffic. CDNs transmit two types of content: Static and dynamic content. 

All website visitors receive static content in the same form, such as code frameworks (e.g. Javascript). Dynamic content is initially customised to the user and only created at the moment of the enquiry. This includes content that is created via web applications or e-mail and is personalised. In order to be able to use the latter, information about the website visitor must first be transmitted to the CDN.

We use the CDN service of Cloudflare Inc. 101 Townsend St., San Francisco, California 94107, USA (hereinafter referred to as ‘Cloudflare’). You can find more information on the handling of personal data by Cloudflare in Cloudflare's privacy policy: https://www.cloudflare.com/security-policy/ and at https://www.cloudflare.com/de-de/gdpr/introduction/ 

Legal basis and purpose of data processing / duration of storage / objection and removal options

The use of CDN is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR in the attractive design of our website and the technically secure and simple integration and presentation of content, the technically flawless and fast presentation of our website and the relief of our IT infrastructure.

The collection of data for the provision of the website is absolutely necessary for the operation of our website. Consequently, the user has no option to object to this

If the CDN processes the data further independently, it is the sole controller. For further information on data protection and the storage period of the data collected by the CDN, please refer to their data protection notices and information.

3. Font Awesome

Description of data processing
This site uses Font Awesome for the standardised display of fonts and symbols. The provider is Fonticons, Inc, 6 Porter Road Apartment 3R, Cambridge, Massachusetts, USA. When you call up a page, your browser loads the required fonts into your browser cache in order to display texts, fonts and symbols correctly. For this purpose, the browser you are using must connect to Font Awesome's servers. As a result, Font Awesome becomes aware that this website has been accessed via your IP address.

Legal basis and purpose of data processing / duration of storage / objection and removal options

The use of Font Awesome is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the uniform presentation of the typeface on our website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Such consent can be revoked at any time.

As a service provider, Fonticons Inc. has committed itself to our contract data processor HubSpot within the framework of the EU standard contractual clauses that a level of data protection equivalent to that of the EU or Switzerland is guaranteed in third countries outside the EU and Switzerland to which data is exported

If your browser does not support Font Awesome, a standard font will be used by your computer. Further information about Font Awesome can be found in Font Awesome's privacy policy at: https://fontawesome.com/privacy.

VI.     Online presences on social networks and platforms
Description of data processing 

Allthings maintains further online presences within social networks and/or industry networks ( XING, LinkedIn) (hereinafter also "SN") and could link to them from our website. By clicking on the respective link-buttons (recognizable by the respective logos of the social networks or platforms) you will be forwarded to the respective online presence of the SN. The purpose of these online presences is to communicate with active customers, interested parties and users and to inform them about our services. 

When entering the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply. Since the use of SN takes place outside of our Website or Services, we have no influence on this, unless otherwise stated below. However, we would like to point out that when using the above mentioned platforms and networks to which we link, data may also be processed in the USA by those SN companys and may also be processed by the respective operators for market research and advertising purposes, including the creation of user profiles. If you are logged in to the respective networks and platforms, they may also store cookies on your device that tracks your use of our Platform or Services, as well as additional information on your usage behavior. 

Unless otherwise stated in our Privacy Policy, we process the data of users only if they communicate with us within the social networks and platforms, e.g. write comments or send us messages. 

In order to make it easier for you to find information about the respective data processing and the possibilities of objection of the respective operators, we refer below to the data protection declarations and information of the operators of the respective networks.

Legal basis and purpose of data processing

Unless otherwise stated in our privacy policy, we process user data within our online presences on SN on the basis of our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR in an effective information of users and communication it user communicate with us within social networks and platforms.

Duration of storage / possibility of objection and removal

If you are a member of one of the SN on which we maintain online presences and do not want the SN to collect data about you via our service and link it to your data at the SN, you must log out of your SN before visiting our service. For a detailed description of the respective processing operations, information on the duration of the storage of data by the respective SN and the opt-out options, please refer to the information provided by the providers linked below. 

Also, in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and give information. Should you nevertheless need help, you can contact us.

LinkedIn
LinkedIn is a service of LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA, operated in Europe by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. LinkedIn is an Internet-based social network that enables users to connect with existing business contacts and make new business contacts. Over 400 million registered people use LinkedIn in more than 200 countries. This makes LinkedIn currently the largest platform for business contacts and one of the most visited websites in the world.
Each time you visit our website, which is equipped with a LinkedIn component (LinkedIn plug-in), this component causes the browser used by the data subject to download a corresponding representation of the LinkedIn component. Further information on the LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins As part of this technical process, LinkedIn receives information about which specific subpage of our website is visited by the data subject.
If the data subject is logged in to LinkedIn at the same time, LinkedIn recognises which specific sub-page of our website the data subject is visiting each time the data subject accesses our website and for the entire duration of their stay on our website. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the data subject. If the data subject clicks on one of the LinkedIn buttons integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores this personal data.
LinkedIn always receives information via the LinkedIn component that the data subject has visited our website if the data subject is logged in to LinkedIn at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the LinkedIn component or not. If such a transmission of this information to LinkedIn is not desirable for the data subject, the delivery may be prevented if the data subject logs off from their LinkedIn account before a call-up to our website is made.
LinkedIn offers the possibility to unsubscribe from e-mail messages, SMS messages and targeted ads as well as to manage ad settings at https://www.linkedin.com/psettings/guest-controlsdie. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which may set cookies.
Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy. The applicable data protection provisions of LinkedIn may be retrieved under https://www.linkedin.com/legal/privacy-policy LinkedIn's cookie policy is available at https://www.linkedin.com/legal/cookie-policy. Objection option: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

 

XING
The operating company of Xing is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany (‘XING’)
Xing is an Internet-based social network that enables users to connect with existing business contacts and make new business contacts. Individual users can create a personal profile for themselves on Xing. Companies can, for example, create company profiles or publish job vacancies on Xing.
Each time one of the individual pages of this website is accessed, which is operated by the controller and on which a Xing component (Xing plug-in) has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Xing component to download a representation of the corresponding Xing component from Xing. Further information about the Xing plug-ins may be accessed under https://dev.xing.com/plugins. As part of this technical process, Xing receives information about which specific subpage of our website is visited by the data subject.
If the data subject is logged in to Xing at the same time, Xing recognises which specific subpage of our website the data subject is visiting each time the data subject accesses our website and for the entire duration of their stay on our website. This information is collected by the Xing component and assigned by Xing to the respective Xing account of the data subject. If the data subject clicks on one of the Xing buttons integrated on our website, for example the ‘Share’ button, Xing assigns this information to the personal Xing user account of the data subject and stores this personal data.
Xing always receives information via the Xing component that the data subject has visited our website if the data subject is logged in to Xing at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the Xing component or not. If the data subject does not want this information to be transmitted to Xing, they can prevent the transmission by logging out of their Xing account before accessing our website.
The data protection provisions published by Xing, which can be accessed at https://www.xing.com/privacy, provide information about the collection, processing and use of personal data by Xing. Xing has also published data protection information for the XING share button at https://www.xing.com/app/share?op=data_protection.

VII. Links to the websites of other providers
Our Internet presence may contain links to other websites. Allthings has no influence whatsoever on the content and design of the offers of other providers. The statements in this privacy policy therefore do not apply to external providers to whose offers or content we merely link.
If you are forwarded via links from our pages to other pages, please inform yourself there about the respective handling of your data.

VIII. Active use of our Website
1. Contact Forms and E-mail Contact
Description of data processing 
A contact form is available on our Website, which can be used for electronic contact. If a user makes use of this possibility, the data entered in the respective input mask will be transmitted to us and stored. 
Alternatively, it is possible to contact us via the email address provided. In this case the personal data of the user transmitted with the email will be stored. 
Legal basis and purpose of data processing
Art. 6 para. 1 lit. f GDPR is the legal basis for the processing of data transmitted in the course of sending a contact form request or an e-mail. If the contact form request or the e-mail contact is intended to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
The processing of personal data from the input mask serves us solely to process the establishment of contact. In the case of contact by email, this also constitutes the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
Duration of storage / possibility of objection and removal
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by email, this applies when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the relevant facts have been conclusively clarified and that no legal requirements require longer storage.
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
In this case, all personal data stored in the course of establishing contact will be deleted unless legal requirements require longer storage.

2. Newsletter

Description of data processing
We would like to inform our customers and interested parties at regular intervals about our products, services, webinars, innovations or news at Allthings by email or other electronic notifications (hereinafter referred to as "Newsletter"). We require your email address for this purpose. In the respective newsletter registration forms, further information may be requested in order to provide you with personalized content tailored to your interests. 
You can subscribe to our newsletters by using the appropriate function of a subscription form to subscribe to our newsletter, or during a registration process by ticking a box (so-called opt-in). For this purpose, we provide various options on our websites or in the context of registration or order interfaces to register for our (possibly topic-specific) newsletters. The details to the respective contents of the newsletters are described concretely in the respective registration form. This description is decisive for your consent. 
Following your registration, you will receive an email from us in which you will be asked to confirm your newsletter subscription once again (so-called double opt-in procedure). This confirmation is necessary to exclude the possibility that someone else has misused your email address to subscribe to our newsletter at a different address. Only with activation of the hyperlink sent in the email your email address will be activated for sending the newsletter.
For verification purposes, the IP address and the registration date ("timestamp") are stored in addition to your email address and name for the newsletter dispatch.

Legal basis and purpose of data processing / data recipient
The legal basis for the dispatch of newsletters is the consent given by you as the recipient pursuant to (Art. 6 para. 1 lit. a GDPR, Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG), or if consent pursuant to § 7 para. 3 UWG is not required for existing customers, on the basis of our legitimate interest in direct marketing measures pursuant to Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 UWG. § 7 para. 3 UWG. 
The logging in the registration procedure is based on our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR in a secure and targeted newsletter system that meets both our business distribution interests and the ideas and needs of the recipients, as well as the verifiability of the consents given. 
For the delivery of our general newsletter we use Mailchimp, an email marketing platform of the service provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA (hereinafter: "Mailchimp") on the basis of our entitled interest according to Art. 6 para. 1 lit. f GDPR in conjunction with a contract according to Art. 28 GDPR. 
For the delivery of our product update mailings, we use an e-mail marketing platform of the service provider Mailjet SAS,13-13 bis, rue de l'Aubrac, 75012 Paris, France on the basis of our entitled interest according to Art. 6 para. 1 lit. f GDPR in conjunction with a contract according to Art. 28 GDPR Mailjet.  Mailjet's privacy policy can be found at: https://www.mailjet.de/privacy-policy.

Duration of storage / possibility of objection and removal 
You can object to the dispatch of the newsletter at any time or revoke your consent to receive the newsletter in whole or in part. You will find the unsubscribe link at the end of each newsletter. This will take you to our Preference Center where you can unsubscribe from all newsletters by clicking on the link "no more emails" or make a topic-specific selection in the event of a partial objection. You can also contact us directly under: support@allthings.me 
By unsubscribing the newsletter, the business communication is not affected. Your data will be stored by us for the purpose of contract processing, our support and services, software updates or registration for events. In addition, we reserve the right to store the necessary proofs until the statutory limitation periods have expired in order to provide evidence of a legally compliant newsletter mailing.

3. Surveys
Description of data processing
From time to time, we may ask users who have agreed to be contacted by email, or customers to participate in surveys (e.g., customer satisfaction surveys). Participation in a survey is voluntary.
Anonymous participation: If a user participates anonymously in a survey, the data entered by him will be transmitted to us and stored. In this case, only the usage data (so-called "log files", in particular the IP address, see also the explanations under B.I) recorded as a visitor to our website or in the context of the technical provision of the survey are recorded.

Legal basis and purpose of the data processing / data recipient
The legal basis for the processing of the data transmitted to us in the course of sending a survey is our legitimate interest in the optimization of our products and services and market research, as well as in the associated technical implementation of the survey or prevention of misuse of the survey form and ensuring the security of our information technology systems (Art. 6 para. 1 lit. f GDPR). If you take part in a draw, the legal relationship resulting from your participation is subject to the additional legal basis for the processing of your user and contact data Art. 6 para. 1 lit. b GDPR for the provision, execution and handling of the draw.
On the basis of our legitimate interests (Art. 6 para. 1 lit. f DSGO) in conjunction with Pursuant to Art. 28 GDPR, we use the software of the service provider Widgix, LLC, 4888 Pearl East Cir. for our online-based surveys for sending the survey emails and for the technical implementation of the surveys. Suite 100W Boulder, CO 80301 USA (hereinafter referred to as "SurveyGizmo"). 
SurveyGizmo uses the information entered to provide us with reports to analyze customer satisfaction. SurveyGizmo also uses its own cookies for this purpose, e.g. to ensure that each respondent can only participate once in a survey, or to track survey completion rates (more information can be found at: https://www.surveygizmo.com/privacy/ and https://www.surveygizmo.com/privacy/gdpr/). According to SurveyGizmo, it also uses aggregated and anonymized data to improve or develop its services through the respondent's use of the online survey and to create industry trends, improve the user experience of surveys, or improve the completion rate of surveys.

Duration of retention/opposition and removal options
The data will be deleted as soon as the survey is finished. The user has the possibility to revoke the processing of his personal data at any time. Please note that in this case participation in the raffle may no longer be possible. You have the possibility to prevent the storage of cookies on your computer by appropriate browser settings, which can, however, limit the functionality of our offer. Information on how to remove cookies set by SurveyGizmo can be found at https://www.surveygizmo.com/privacy/.

General information about the Allthings services 
Allthings is the operator of the "Allthings Platform", a tenant management platform designed for the housing industry for interaction and communication between tenants of properties and their owners or service providers used by them in the context of building management on which applications are made available to specific user groups, usually tenants of specific properties, via various front-ends in accordance with the individual contracts concluded with Allthings' clients. The applications or apps are various individual applications that have been adapted for different mobile devices that users can use in accordance with the relevant user conditions. Additional functions (so-called "micro-apps") can be used in the various apps. 
A distinction is made between "Allthings Core Micro Apps" and "3rd Party Micro Apps". 
Allthings Core Micro Apps:
Which Allthings Core Micro Apps can be found in the apps depends in detail on the decision of our customers and the specific service agreement concluded with them. In principle, these apps include the following, but may be named differently depending on the customer:

Name of Micro App	Purpose
Pinboard	Central communication within a property: users can exchange information and interact with other users
Service Point or Service Center	Users can send messages in the form of tickets to the property management company, for example to place repair orders or to report defects and facilitate their repair
Information	Information on the building that is relevant for the user (e.g. building plans, cleaning plans, appointments, house rules etc.)
My Flat	Information and relevant documents on the rented apartment are stored centrally and made available to the tenant
Business Directory	Information and offers on local service providers and companies in the vicinity of the user's relevant property (e.g. restaurants, doctors, day care centres, etc.)
Bookings	Enables users to book e.g. common rooms or other shared spaces
My Neighbors	Enables the user to get to know other users in his environment by building a tenant community through which the user can network with neighbours and other tenants of a property, create personal profiles and exchange information with other users who are members of the community
Marketplace	Offers users a local digital marketplace to sell used items to other users in their area
Sharing	Offers users a local digital sharing service to lend items to other users in their area, or to borrow items

Allthings Platform, the Apps and Allthings Core Micro-Apps together are hereinafter also referred to as "Allthings Services". The Allthings services collect and process your personal information in a similar manner to our website. In particular, we also use cookies and similar technical means. 

3rd Party Micro Apps
3rd Party Micro Apps are functionalities integrated in the App, which are provided by third parties, hosted on their web servers and offered under their terms of use.  For some of these functionalities, data is transferred to the respective third party provider, for example access data, in order to provide you with a uniform access option to all functionalities. All services and products offered by third parties are identified as such before they are used.  Any further use of your data is the sole responsibility of the respective provider of the 3rd Party Micro App. Please read the respective data protection regulations or terms and conditions of the partners to obtain further information on how the relevant providers will process your personal data.

What data is processed during the use of the Allthings services and for what purpose?
Registration, creation of user accounts and provision of the Allthings services   
We will first process the data that is usually provided to us directly by personal input or by our customers when you register on the Allthings platform. This can be done in different ways, depending on the terms of the contract with our customers and the way you use the platform: 
a)  Invitation with activation code by our customer or by a service provider commissioned by the customer.

Our customer (e.g. the property management company or an asset manager) or one of his vicarious agents (e.g. a property manager) sends an invitation with an activation code in the form of a letter or with a personalized access URL to the e-mail address you have provided. With the activation code you can access the applications ordered by our client on the platform. Our client is solely responsible for the existence of a legal permission to send the invitation emails or letters.  
For further use (log-in) you must provide at least the following data:

Name 
Email address (must be verified)
Authentication data (password)

You can then log in using your username and password. The configurations you have made and the content you have set up will then remain in your user account and can be edited after you have logged in. The data you provide will be processed primarily for the purpose of providing access. We will only use the e-mail address you have provided for direct contact with you if there are significant changes to the applications you use, or to inform you of any failures, or if necessary, for the security of your data.

b.) Invitation by existing users

If you are a resident of a property whose tenants have been authorized by our customer to use the Allthings services, a link to the app can also be sent to you by users who are already registered. For this purpose, the already registered resident provides the e-mail address of the person to be invited. This person will then receive an activation code and a link for personal registration on the app. The invitation function can be deactivated on customer request. 
c.) Access granted by the Property Manager

If you are a resident of a property whose tenants have been authorized by our customer to use the Allthings services, you can also request access without an activation code. You can enter your address on the login page and send an access request to the relevant property manager. Your property manager can grant you access to the app after checking your application.  
d.) Legal basis and purpose of data processing

Within the scope of user registration or login, the necessary information provided by our users will be processed after acceptance of the respective terms of use of the Allthings services on the basis of Art. 6 para. 1 lit. b GDPR for the purpose of providing the user account of the Allthings services. The data entered as part of registration or use of the Allthings services is used for the purposes of operating the user account and providing the functionalities of the individual Allthings services.
After you cease being a user of the Allthings platform e.g. if you request our support team to delete your account or your right of use expires due to termination of your contract with our customers, any personal data collected in connection with the registration process or other data which may be traced back to your identity is automatically deleted and replaced by randomly created values, subject to any legal obligation to retain data or any consent given by you

Cookies on the Allthings App services  
We use the following cookies to make our App more user-friendly and store or transmit the following data:

Cookie Name	Function	Storage duration	Type of Cookie	Domain
Session	Session	1 year	First-Party-Cookie	accounts.allthings.me
ST-[unique_hash]	Used to preserve the page that user requested in the app before he's redirected to Accounts	5 minutes	First-Party-Cookie	<app>.allthings.me
cookie_checker	Check if cookies are supported	session duration	Session	<app>.allthings.me
user_logged_in_before	Recognition of the first use by a user	1 year	First-Party-Cookie	<app>.allthings.me
_attoken	auto-login	1 year	First-Party-Cookie	cockpit.allthings.me
intercom-state	intercom	1 week	Third-Party-Cookie	.allthings.me
locale	know locale upfront	1 year	First-Party-Cookie	cockpit.allthings.me
NID	Google spam/ bot detection	3 month	Third-Party	Google.com

 
Legal basis and purpose of data processing
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f DSGVO to protect our legitimate interests or those of third parties in achieving the best possible functionality and security of the Allthings services as well as a customer-friendly and effective design of Allthings services, unless we ask for your consent in accordance with Art. 6 para. 1 lit. a DSGVO.
The purpose of using technically necessary cookies is to simplify the use of online-based offers within the Allthings services for users. Some functions of the Allthings services cannot be offered without the use of cookies. For these, it is particularly necessary that the browser is recognised even after a page change.

Duration of storage / possibility of objection and removal
Cookies are stored on the user's end device and are transmitted by the user to the relevant Allthings service. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for the Allthings services, it may not be possible to use all the functions of the website to their full extent.

If you would like to learn more about cookies and comparable technical means, please read our provisions on cookies.

I. Am I obliged to disclose data?
If you enter into contract negotiations with us with questions about our services, accept one of our offers or have other contractual agreements with us, we will process the personal data you provide in this context. Which data is processed in detail depends decisively on the relevant objects of purchase or the services which you obtain from us or which you inquire about. In this context, the processing of your data is usually absolutely necessary for the preparation, conclusion and processing of the contract. If you do not provide us with this data, we may have to refuse to conclude a contract or execute an order or may no longer be able to execute an existing contract. 
As far as we use data in the context of contract initiation or performance with a customer, business or cooperation partner, our interest in handling your data lies in enabling and maintaining the exchange with the customer or the respective business or cooperation partner, typically in the context of a contract or other relationship. If you act as a contact person - typically in your function as an employee at these companies - you usually have no overriding opposing interest, insofar as this interaction with us is part of your area of responsibility, so that a right of objection is regularly excluded.
However, you are not obliged to give your consent to data processing with regard to data which is not relevant for the fulfilment of the contract or which is not required by law. 

II. Communication
In principle, we collect the necessary data from you ourselves in personal contact. Of course, you can also contact us by telephone, fax, post or alternatively via our e-mail address (see imprint) or via the e-mail addresses of our employees provided to you. In the latter case, the personal data transmitted with the e-mail will be stored. Please note that e-mail communication may not always be encrypted for technical reasons
Your data will be used for the processing of the conversation and the post-processing of the respective inquiry or meeting contents. Your data will be processed on the basis of Art. 6 para. 1 lit. b GDPR if the communication is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. 
In all other cases, processing is based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in the effective processing of enquiries addressed to us. 
In this context, the data will not be passed on to third parties unless it is necessary to pursue our claims or legitimate interests (Art. 6 para. 1 lit. f GDPR) or there is a legal obligation to do so (Art. 6 para. 1 lit. c GDPR). 

III. Data processing within the scope of distribution
Personal data is processed on the basis of Art. 6 Para. 1 lit. b GDPR in order to provide the service you have commissioned us to provide, in particular to implement our contracts or pre-contractual measures, as well as all activities required for the operation and administration of Allthings. 
The resulting purposes of data processing depend primarily on the activities and individual services specifically agreed with you and may include, among other things, consulting activities or activities within the scope of controlling sales processes (e.g. compiling documents, sending Allthings product or event information, providing Allthings services) or accompanying sales negotiations and concluding contracts.
Further details on the scope, purpose and recipients of your data can be found in the respective contract documents and associated terms and conditions.
To the extent necessary within the framework of our operational processes, we process your data in connection with our services beyond the actual fulfilment of the contract to safeguard our legitimate interests (Art. 6 para. 1 lit. f GDPR). 
In connection with the offer or provision of our services, we may be subject to special legal obligations, such as requirements of tax legislation. The purposes of processing your data may therefore include, among other things, compliance with fiscal control and reporting obligations, customs or export regulations and the assessment and control of risks. The data processing required for this is based on Art. 6 para. 1 lit. c GDPR. 

IV. Transmission of data 
Depending on the scope of the service, your data or documents may be passed on to public authorities or private service providers or persons with whom we cooperate on a regular basis during the enquiry or offer phase as well as during the execution of the contract (see Section A, Section V).

Due to the further development of our online presence or our services as well as due to changes in legal or official requirements, it may become necessary to amend this privacy policy. You can call up the current privacy policy on our website at any time and print it out if necessary.