Privacy Notice

1. Introduction

With the following information, we would like to give you as a “data subject” an overview of the processing of your personal data by us and your rights under data protection law. The use of our website is generally possible without providing personal data. However, if you wish to use certain services of our company via our website, processing of personal data may become necessary. If processing of personal data is required and there is no legal basis for such processing, we generally obtain your consent.

The processing of personal data, such as your name, address or e-mail address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to braintool software GmbH. By means of this privacy notice, we would like to inform you about the scope and purpose of the personal data we collect, use and process.

As the controller, we have implemented numerous technical and organisational measures to ensure the most complete protection possible of personal data processed via this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us via alternative means, for example by telephone or by post.

You too can take simple and easy-to-implement measures to protect yourself against unauthorised access by third parties to your data. We would therefore like to give you some tips on how to handle your data securely:

Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with strong passwords.
Only you should have access to your passwords.
Make sure you only use each password for one account (login, user or customer account).
Do not use the same password for different websites, applications or online services.
In particular when using publicly accessible or shared IT systems: always make sure to log out after each session on a website, application or online service.

Passwords should consist of at least 12 characters and be chosen in such a way that they cannot be easily guessed. They should therefore not contain common everyday words, your own name or the names of relatives, but should include uppercase and lowercase letters, numbers and special characters.

2. Controller

The controller within the meaning of the GDPR is:

braintool software GmbH

Industriestr. 4

D-70565 Stuttgart

Phone: +49-(0)711-49047-880

E-Mail: datenschutz@braintool.com

Representative of the controller: Bernhard Reichl

3. Data Protection Officer

We would like to point out that there is no legal requirement to appoint a Data Protection Officer.

4. Legal Basis for Processing

Art. 6(1)(a) GDPR (in conjunction with § 25(1) TDDDG (formerly TTDSG)) serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case for example with processing operations required for the delivery of goods or the provision of any other service or consideration, the processing is based on Art. 6(1)(b) GDPR. The same applies to processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of enquiries about our products or services.

If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1)(c) GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were injured and their name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. In such cases processing would be based on Art. 6(1)(d) GDPR.

Finally, processing operations may be based on Art. 6(1)(f) GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis where processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, unless such interests are overridden by the interests, fundamental rights and freedoms of the data subject. Such processing operations are permitted in particular because they have been specifically mentioned by the European legislator, who took the view that a legitimate interest could be assumed where the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

Our services are generally aimed at adults. Persons under the age of 16 may not transmit personal data to us without the consent of a parent or legal guardian. We do not request personal data from children and young people, do not collect it and do not pass it on to third parties.

5. Transfer of Data to Third Parties

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only share your personal data with third parties if:

you have given us your explicit consent pursuant to Art. 6(1)(a) GDPR,
the transfer is permitted pursuant to Art. 6(1)(f) GDPR to safeguard our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,
there is a legal obligation for the transfer pursuant to Art. 6(1)(c) GDPR, or
it is legally permissible and required pursuant to Art. 6(1)(b) GDPR for the processing of contractual relationships with you.

In the context of the processing operations described in this privacy notice, personal data may be transferred to the USA. Companies in the USA only have an adequate level of data protection if they are certified under the EU-US Data Privacy Framework and the adequacy decision of the EU Commission pursuant to Art. 45 GDPR therefore applies. We have explicitly stated this for the relevant service providers in this privacy notice. In all other cases, to protect your data we have concluded data processing agreements based on the Standard Contractual Clauses of the European Commission. Where the Standard Contractual Clauses are insufficient to establish an adequate level of security, your consent pursuant to Art. 49(1)(a) GDPR may serve as the legal basis for transfers to third countries. This may not apply to transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

6. Technical Measures

6.1 SSL/TLS Encryption

This website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognise an encrypted connection by the fact that the address bar of your browser shows “https://” instead of “http://” and by the padlock symbol in your browser bar.

We use this technology to protect your transmitted data.

6.2 Data Collection When Visiting the Website

If you use our website for information purposes only, without registering or otherwise providing us with information or giving consent to processing that requires consent, we only collect data that is technically necessary for the provision of the service. This is regularly data that your browser transmits to our server (in so-called server log files). Each time a page on our website is accessed by you or an automated system, a series of general data and information is collected. This general data and information is stored in the server log files. The following may be collected: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-pages accessed on our website, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), and (7) the Internet service provider of the accessing system.

When using this general data and information, we do not draw any conclusions about your identity. This information is rather needed to (1) deliver the content of our website correctly, (2) optimise the content of our website and the advertising for it, (3) ensure the long-term functionality of our IT systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. This collected data and information is therefore evaluated by us both statistically and with the aim of increasing data protection and data security in our company, ultimately to ensure an optimal level of protection for the personal data we process. The data in the server log files are stored separately from all personal data provided by a data subject.

The legal basis for data processing is Art. 6(1)(f) GDPR. Our legitimate interest follows from the purposes for data collection listed above.

6.3 Hosting by Mittwald

We host our website with Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp (hereinafter referred to as Mittwald).

When you visit our website, your personal data (e.g. IP addresses in log files) is processed on Mittwald’s servers.

The use of Mittwald is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable possible presentation, provision and security of our website.

We have concluded a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR with Mittwald. This is a data protection legally required contract that ensures that Mittwald processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Further information on Mittwald’s data protection provisions can be found at: https://www.mittwald.de/datenschutz

7. Cookies

7.1 General Information on Cookies

Cookies are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our website.

Information is stored in the cookie that arises in connection with the specific device used. This does not, however, mean that we thereby become directly aware of your identity.

The use of cookies serves to make the use of our services more convenient for you. For example, we use session cookies to recognise that you have already visited individual pages of our website. These are deleted automatically after you leave our website.

In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your device for a specified period of time. If you visit our website again to use our services, it is automatically recognised that you have already been with us and what inputs and settings you have made, so that you do not have to enter these again.

We also use cookies to statistically record the use of our website and to evaluate our services for the purpose of optimising our offering. These cookies allow us to automatically recognise on a return visit that you have already visited our website. These cookies are automatically deleted after a defined period of time. The respective storage duration of the cookies can be found in the settings of the consent tool used.

7.2 Legal Basis for the Use of Cookies

The data processed by cookies that are required for the proper functioning of the website are necessary to safeguard our legitimate interests and those of third parties pursuant to Art. 6(1)(f) GDPR.

For all other cookies, you have given your consent via our opt-in cookie banner within the meaning of Art. 6(1)(a) GDPR.

7.3 Borlabs Cookie (Consent Management Tool)

We use the WordPress cookie plugin “Borlabs Cookie” by Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany. This service enables us to obtain and manage the consent of website users to data processing.

Borlabs Cookie uses cookies to collect data generated by end users who use our website. When an end user gives consent, the following data is automatically logged, among other things:

Cookie duration,
Cookie version,
Domain and path of the WordPress site,
Selection in the cookie banner,
UID (a randomly generated ID).

The consent status is also stored in the end user’s browser so that the website can automatically read and comply with the end user’s consent for all subsequent page requests and future end user sessions for up to 12 months. The consent data (consent and withdrawal of consent) is stored for three years. The retention period corresponds to the standard limitation period pursuant to § 195 of the German Civil Code (BGB). The data is then immediately deleted.

The functionality of the website cannot be guaranteed without the described processing. There is no possibility for the user to object as long as the legal obligation exists to obtain the user’s consent to certain data processing operations, Art. 7(1), 6(1)(c) GDPR.

The collected data is neither forwarded to Borlabs GmbH nor does it receive access to it.

Further information can be found at: https://de.borlabs.io/borlabs-cookie/

8. Content of Our Website

8.1 Contact / Contact Form

When you contact us (e.g. via contact form or e-mail), personal data is collected. The data collected when using a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your enquiry and for the related technical administration. The legal basis for the processing of data is our legitimate interest in responding to your enquiry pursuant to Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted after your enquiry has been fully processed; this is the case when the circumstances indicate that the matter in question has been conclusively resolved and there are no statutory retention obligations preventing deletion.

9. Newsletter

9.1 Promotional Newsletter

On our website, you are given the opportunity to subscribe to our company’s newsletter. The personal data transmitted to us when ordering the newsletter can be seen from the input form used for this purpose.

We regularly inform our customers and business partners about our offers by means of a newsletter. Our newsletter can generally only be received by you if (1) you have a valid e-mail address and (2) you have registered for the newsletter. For legal reasons, a confirmation e-mail is sent to the e-mail address you first entered for the newsletter using the double opt-in procedure. This confirmation e-mail is used to verify whether you, as the owner of the e-mail address, have authorised receipt of the newsletter.

When registering for the newsletter, we also store the IP address assigned by your Internet Service Provider (ISP) of the IT system used by you at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to be able to trace any (possible) misuse of your e-mail address at a later point in time, and therefore serves our legal protection.

The personal data collected as part of a registration for the newsletter will be used exclusively to send our newsletter. In addition, newsletter subscribers may be informed by e-mail if this is necessary for the operation of the newsletter service or a related registration, as may be the case if changes are made to the newsletter offering or if the technical circumstances change. Personal data collected as part of the newsletter service will not be passed on to third parties. You may cancel your subscription to our newsletter at any time. Consent to the storage of personal data that you have given us for newsletter delivery may be withdrawn at any time. A corresponding link for the purpose of withdrawing consent can be found in every newsletter. You may also unsubscribe from the newsletter at any time directly on our website or communicate this to us in another way.

The legal basis for data processing for the purpose of sending newsletters is Art. 6(1)(a) GDPR.

9.2 Newsletter Tracking

Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in e-mails sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the company can recognise whether and when an e-mail was opened by you and which links in the e-mail were accessed by you.

Personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by us in order to optimise the newsletter delivery and to better tailor the content of future newsletters to your interests. This personal data will not be passed on to third parties. Data subjects are entitled at any time to withdraw the separate declaration of consent given via the double opt-in procedure. After a withdrawal, this personal data will be deleted by us. We automatically treat an unsubscription from the newsletter as a withdrawal.

Such evaluation is carried out in particular pursuant to Art. 6(1)(f) GDPR on the basis of our legitimate interests in displaying personalised advertising, market research and/or demand-oriented design of our website.

10. Web Analytics

10.1 Google Analytics 4 (GA4)

We use Google Analytics 4 (GA4) on our website, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

In this context, pseudonymised user profiles are created and cookies (see section “Cookies”) are used. The information generated by the cookie about your use of this website may include, among other things:

a brief capture of the IP address without permanent storage
location data
browser type/version
operating system used
referrer URL (previously visited page)
time of the server request

The pseudonymised data may be transferred by Google to a server in the USA and stored there.

The information is used to evaluate the use of the website, to compile reports on website activities and to provide other services related to website and internet use for the purposes of market research and demand-oriented design of these websites. This information may also be transferred to third parties where required by law or where third parties process this data on our behalf.

These processing operations are carried out exclusively upon granting explicit consent pursuant to Art. 6(1)(a) GDPR.

The default data retention period set by Google is 14 months. Otherwise, personal data is retained for as long as necessary to fulfil the processing purpose. The data is deleted as soon as it is no longer required for the purpose.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR is therefore in place, so that personal data may be transferred without further guarantees or additional measures.

Further information on data protection when using GA4 can be found at: https://support.google.com/analytics/answer/12017362?hl=en

10.2 Google Analytics 4 (GA4) – Additional Information on Google Signals

Google Signals is a feature in Google Analytics that captures session data from websites and apps where users are signed in to their Google account and have activated personalised advertising. It enables enhanced analysis by linking users’ behaviour across different devices and providing additional information such as demographic characteristics and interests. Your consent to the use of Google Analytics (see above) also includes consent to the Google Signals additional feature.

10.3 Google Analytics 4 (GA4) – Additional Information on Consent Mode, Basic Implementation

Under the Digital Markets Act, Google is required to obtain users’ consent before user data is processed by Google for personalised advertising. Google meets this requirement with “Consent Mode”. Operators are required to implement this and thereby demonstrate the collection of website visitors’ consent.

Google offers two implementation modes: basic and advanced implementation.

We use the basic implementation method of Google Consent Mode. Only when you give your consent to the use of Google Analytics (see above) is a connection to Google established, a Google code executed and the processing operations described above carried out. If you refuse consent, Google only receives information that consent has not been given. The Google code is not executed and no Google Analytics cookies are set.

11. Advertising

11.1 Google Ads (AdWords) Remarketing/Retargeting

We have integrated Google Ads on this website. The operating company of Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

We use this to advertise this website in Google search results and on third-party websites. For this purpose, Google places a cookie in your device’s browser, which automatically enables interest-based advertising based on the pages you have visited, using a pseudonymous cookie ID.

Further data processing only takes place if you have agreed with Google that your internet and app browsing history is linked to your Google account and information from your Google account is used to personalise ads that you view on the web. In this case, if you are logged in to Google while visiting our website, Google uses your data together with Google Analytics data to create and define audience lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google to Google Analytics data in order to form audiences.

These processing operations are carried out exclusively upon granting explicit consent pursuant to Art. 6(1)(a) GDPR.

The privacy policy and further information on Google Ads can be found at: https://www.google.com/policies/technologies/ads/

11.2 Google Ads with Conversion Tracking

We have integrated Google Ads on this website. The operating company of Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads is an internet advertising service that allows advertisers to place ads in both Google search engine results and the Google advertising network. Google Ads allows an advertiser to pre-define specific keywords by means of which an ad in Google’s search engine results is displayed exclusively when the user retrieves a keyword-relevant search result. In the Google advertising network, ads are distributed on relevant websites using an automatic algorithm, taking into account the previously defined keywords.

The purpose of Google Ads is to promote our website by displaying interest-relevant advertising on third-party websites and in the search engine results of Google, and to display third-party advertising on our website.

If you reach our website via a Google ad, a conversion cookie is placed on your IT system by Google. A conversion cookie loses its validity after thirty days and is not used to identify you. Via the conversion cookie, provided the cookie has not yet expired, it is possible to track whether certain sub-pages, for example the shopping cart of an online shop system, were accessed on our website. Through the conversion cookie, both we and Google can track whether a user who arrived at our website via an Ads ad generated revenue, i.e. completed or cancelled a purchase.

The data and information collected through the use of the conversion cookie is used by Google to compile visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users referred to us via Ads ads, i.e. to determine the success or failure of each Ads ad and to optimise our Ads ads for the future. Neither our company nor any other Google Ads advertisers receive information from Google that could be used to identify you.

Personal information, such as the websites visited by you, is stored via the conversion cookie. Each time you visit our website, personal data, including the IP address of your internet connection, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass this personal data collected through the technical process on to third parties.

These processing operations are carried out exclusively upon granting explicit consent pursuant to Art. 6(1)(a) GDPR.

The privacy policy and further information on Google AdSense can be found at: https://www.google.com/intl/en/policies/privacy/

12. Plugins and Other Services

12.1 Google Tag Manager

We use the Google Tag Manager service on this website. The operating company of Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This tool allows “website tags” (i.e. keywords embedded in HTML elements) to be implemented and managed via a single interface. By using Google Tag Manager, we can automatically track which button, link or personalised image you have actively clicked and can then record which content on our website is of particular interest to you.

The tool also triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If you have made a deactivation at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

These processing operations are carried out exclusively upon granting explicit consent pursuant to Art. 6(1)(a) GDPR.

Further information on Google Tag Manager and Google’s privacy policy can be found at: https://www.google.com/intl/en/policies/privacy/

12.2 YouTube (Videos)

We have integrated components of YouTube on this website. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

YouTube is an internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programmes, music videos, trailers or videos made by users themselves can be accessed via the portal. Each time one of the individual pages of this website operated by us is accessed and a YouTube component (YouTube video) has been integrated, the internet browser on your IT system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. In the course of this technical process, YouTube and Google obtain knowledge of which specific sub-page of our website you are visiting.

If you are simultaneously logged in to YouTube, YouTube recognises which specific sub-page of our website you are visiting when you access a sub-page that contains a YouTube video. This information is collected by YouTube and Google and assigned to your YouTube account.

YouTube and Google receive information via the YouTube component that you have visited our website whenever you are simultaneously logged in to YouTube at the time you access our website; this occurs regardless of whether you click on a YouTube video or not. If you do not wish this information to be transmitted to YouTube and Google, you can prevent it by logging out of your YouTube account before accessing our website.

These processing operations are carried out exclusively upon granting explicit consent pursuant to Art. 6(1)(a) GDPR.

The privacy policy of YouTube can be found at: https://www.google.com/intl/en/policies/privacy/

12.3 YouTube Videos in Enhanced Privacy Mode (YouTube-NoCookies)

Some sub-pages of our website contain links or connections to YouTube’s offering. As a general rule, we are not responsible for the content of linked websites. However, if you follow a link to YouTube, we would point out that YouTube stores its users’ data (e.g. personal information, IP address) in accordance with its own data usage guidelines and uses it for business purposes.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

On some sub-pages of our website we also embed videos stored on YouTube directly. When embedded in this way, content from the YouTube website is displayed in sections of a browser window. When you access a (sub-)page of our website on which YouTube videos are embedded, a connection is established to the YouTube servers and the content is displayed on the website by communication to your browser.

YouTube content is only embedded in “enhanced privacy mode”. This is provided by YouTube itself and ensures that YouTube does not initially store any cookies on your device. When the relevant pages are accessed, the IP address and possibly further data are transmitted, communicating in particular which of our web pages you have visited. However, this information cannot be attributed to you provided you have not logged in to YouTube or another Google service before the page was accessed or are not permanently logged in. As soon as you start playing an embedded video by clicking on it, YouTube stores only cookies on your device in enhanced privacy mode that do not contain personally identifiable data, unless you are currently logged in to a Google service. These cookies can be prevented by appropriate browser settings and extensions.

Requesting the video simultaneously constitutes your consent to the placement of the corresponding cookie (Art. 6(1)(a) GDPR).

This US company is certified under the EU-US Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR is therefore in place, so that personal data may be transferred without further guarantees or additional measures.

The privacy policy of YouTube can be found at: https://www.google.com/intl/en/policies/privacy/

13. Your Rights as a Data Subject

13.1 Right of Access Art. 15 GDPR

You have the right to obtain from us free information about the personal data stored about you at any time and a copy of this data in accordance with the statutory provisions.

13.2 Right to Rectification Art. 16 GDPR

You have the right to request the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data.

13.3 Right to Erasure Art. 17 GDPR

You have the right to request that we erase personal data concerning you without undue delay, provided one of the legally prescribed grounds applies and where processing or storage is not required.

13.4 Restriction of Processing Art. 18 GDPR

You have the right to request that we restrict the processing of your data where one of the legal prerequisites is met.

13.5 Right to Data Portability Art. 20 GDPR

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, provided the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and the processing is carried out by automated means, provided the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, in exercising your right to data portability pursuant to Art. 20(1) GDPR, you have the right to have personal data transmitted directly from one controller to another, where technically feasible and where doing so does not adversely affect the rights and freedoms of others.

13.6 Right to Object Art. 21 GDPR

YOU HAVE THE RIGHT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU WHICH IS BASED ON ART. 6(1)(E) (PROCESSING IN THE PUBLIC INTEREST) OR (F) (PROCESSING ON THE BASIS OF A BALANCING OF INTERESTS) GDPR.

THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS WITHIN THE MEANING OF ART. 4(4) GDPR.

IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.

IN INDIVIDUAL CASES WE PROCESS PERSONAL DATA FOR DIRECT MARKETING PURPOSES. YOU MAY OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA FOR THE PURPOSES OF SUCH MARKETING. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT TO PROCESSING FOR DIRECT MARKETING PURPOSES, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA FOR THESE PURPOSES.

YOU ALSO HAVE THE RIGHT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO OBJECT TO PROCESSING OF PERSONAL DATA CONCERNING YOU WHICH IS CARRIED OUT BY US FOR SCIENTIFIC OR HISTORICAL RESEARCH PURPOSES OR STATISTICAL PURPOSES PURSUANT TO ART. 89(1) GDPR, UNLESS THE PROCESSING IS NECESSARY FOR THE PERFORMANCE OF A TASK CARRIED OUT IN THE PUBLIC INTEREST.

YOU ARE FREE, IN THE CONTEXT OF THE USE OF INFORMATION SOCIETY SERVICES AND NOTWITHSTANDING DIRECTIVE 2002/58/EC, TO EXERCISE YOUR RIGHT TO OBJECT BY AUTOMATED MEANS USING TECHNICAL SPECIFICATIONS.

13.7 Withdrawal of Consent

You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

13.8 Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority responsible for data protection regarding our processing of personal data.

14. Duration of Storage of Personal Data

The criterion for the duration of storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted, provided it is no longer necessary for the fulfilment or initiation of a contract.

15. Currency and Amendment of this Privacy Notice

This privacy notice is currently valid and was last updated: March 2026.

It may become necessary to amend this privacy notice as a result of the further development of our website and services or due to changes in legal or regulatory requirements. The current version of this privacy notice can be accessed and printed at any time on our website at “www.braintool.com/privacy-policy”.