Privacy policy

1. Privacy at a glance

General notes

The following notes give a high-level overview of what happens with your personal data if you visit this website. Personal data is all data with which you can be personally identified. For detailed information on the topic of privacy, please see our privacy policy below this text.

Data collection on this website

Who is responsible for data collection on this website?

Data collection on this website is performed by the website operators. You can look up their contact details in the paragraph "Note on the responsible body" in this privacy policy.

How do we collect your data?

On the one hand, your data is collected if you tell it to us, for example, if you enter data in a contact form.

On the other hand, other data is collected automatically or after your consent during your visit on the website or while using our software by our IT systems. This is predominantly technical data (e.g., Internet browser, operating system, or time of the visit).

What do we use your data for?

Part of the data is collected to ensure error-free operation of the website and of our software. Other data may be collected for providing our software licenses and for sending our newsletter.

Which rights do you have concerning your data?

You have the right to, at any time, obtain information free of charge about the source, recipient, and purpose of your personal data that we store. In addition, you have a right to request the correction or deletion of this data. If you have given an agreement to data processing, you can at any time revoke this agreement for the future. Furthermore, under certain conditions you have the right to request restricting the processing of your personal data. In addition, you have a right of complaint at the responsible regulatory authority.

Regarding this, as well as regarding other questions concerning the topic of privacy, you may contact us at any time.

2. Hosting

Host Europe

We host our website at Host Europe. The provider is Host Europe GmbH, Hansestraße 111, 51149 Köln ("Host Europe" in the following). If you visit our website, Host Europe possibly collects different log files including your IP addresses.

For details, please see the privacy policy of Host Europe: https://www.hosteurope.de/en/terms-and-conditions/privacy/.

The use of Host Europe happens on the grounds of Article 6(1)(f) GDPR. We have a legitimate interest in an as reliable as possible deployment of our website.

Data processing agreement

We have signed a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated under data protection laws which guarantees that the provider only processes the personal data of our website visitors according to our directions and while adhering to the GDPR.

3. General notes and mandatory information

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and according to the legal data protection regulations as well as this privacy policy.

If you visit this website, different personal data may be collected. Personal data is data that can be used to personally identify you. This privacy policy lays out which data we collect and what we use it for. It also lays out how and for which purpose this is done.

We would like to note that the transfer of data over the Internet (e.g., the communication by e-mail) may contain security breaches. A complete protection of the data from the access by third parties is not possible.

Note on the responsible body

The responsible body for data processing on this website is:

ScannedReality GmbH
c/o Thomas Schöps
Fichtenstr. 2
85774 Unterföhring

Telephone: +49 (0) 15735449744
EMail: contact@scanned-reality.com

The responsible body is the natural or juristic person who, on their own or together with others, decides on the purposes and means of the processing of personal data (e.g., names, e-mail-addresses, or similar).

Duration of storage

Unless a more specific duration of storage is mentioned in this privacy policy, your personal data remains with us until the purpose of the data processing ceases to exist. If you file a justified request for deletion or revoke your consent for data processing, your data will be deleted unless we have other lawful reasons for the storage of your personal data (e.g., storage periods regarding tax or commercial law); in the latter case, deletion occurs after these reasons cease to exist.

General notes on the legal basis of data processing on this website

If you have agreed to the processing of data, we process your data on the basis of Article 6(1)(a) GDPR, respectively Article 9(2)(a) GDPR if special categories of data according to Article 9(1) GDPR are processed. If your data is necessary for the fulfillment of contracts or for pre-contractual measures, we process it on the basis of Article 6(1)(b) GDPR. Furthermore, we process your data, if the data is required to fulfill a legal obligation, on the basis of Article 6(1)(c) GDPR. Data processing may further occur based on our legitimate interest on the basis of Article 6(1)(f) GDPR. The following paragraphs of this privacy policy inform about the applicable legal basis in the respective individual case.

Revocation of your consent for data processing

Many instances of data processing are only possible with your explicit consent. You may at any time revoke your already provided consent. This does not affect the legitimacy of the data processing that occurred up to the time of the revocation.

Right to object against data processing in special cases as well as against direct marketing (Article 21 GDPR)

IF DATA PROCESSING HAPPENS ON THE BASIS OF ARTICLE 6(1)(E) OR ARTICLE 6(1)(F) GDPR, YOU HAVE THE RIGHT TO, AT ANY TIME, FOR REASONS THAT RESULT FROM YOUR PARTICULAR SITUATION, ENTER AN OBJECTION AGAINST THE PROCESSING OF YOUR PERSONAL DATA. SEE THIS PRIVACY POLICY FOR THE RESPECTIVE LEGAL BASIS ON WHICH AN ACT OF DATA PROCESSING IS BASED. IF YOU ENTER AN OBJECTION, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA, UNLESS WE CAN PROVE MANDATORY REASONS WORTHY OF PROTECTION FOR THE PROCESSING WHICH OUTWEIGH YOUR INTERESTS, RIGHTS, AND LIBERTIES OR IF THE PROCESSING IS FOR THE ASSERTION, EXECUTION, OR DEFENSE OF LEGAL CLAIMS (OBJECTION ACCORDING TO ARTICLE 21(1) GDPR).

IF YOUR PERSONAL DATA IS USED FOR DIRECT MARKETING, THEN YOU HAVE THE RIGHT TO, AT ANY TIME, ENTER AN OBJECTION AGAINST THE PROCESSING OF PERSONAL DATA THAT IS RELATED TO YOU FOR THE PURPOSES OF SUCH MARKETING. IF YOU ENTER AN OBJECTION, YOUR PERSONAL DATA WILL AFTERWARDS NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION ACCORDING TO ARTICLE 21(2) GDPR).

Right of complaint at the resposible regulatory authority

In the case of violations against the GDPR, the affected have a right of complaint at a regulatory authority, in particular in the member country of their usual place of residence, of their workplace, or of the place of the suspected violation. This right of complaint is without prejudice to any other administrative or judicial remedies.

Right of data transmissibility

You have the right to have data, which we process on the basis of your consent or in fulfilling a contract in an automated way, handed out to yourself or a third party in a common, machine-readable format. If you request the direct transmission of the data to an other responsible body, this will only be done as far as it is technically feasible.

SSL respectively TLS encryption

For security reasons and to protect the transmission of confidential contents, for example orders or inquiries, that you send to us as website operators, this site uses an SSL respectively TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser switches from "http://" to "https://" and by the lock symbol in the address line.

When the SSL respectively TLS encryption is active, data that you transfer to us cannot be read by a third party during the transfer.

Information, deletion and correction

Within the bounds of the applicable provision of law, you have the right to at any time and free of charge obtain information on your stored personal data, their source and recipients and the purpose of the data processing, as well as possibly a right of correction or deletion of the data. Regarding this, as well as regarding other questions on the topic of personal data, you may contact us at any time.

Right of restriction of processing

You have a right to request the restricting of processing of your personal data. You may contact us regarding this at any time. The right of restriction of processing exists in the following cases:

If you have restricted the processing of your personal data, then this data – aside from its storage – may only be processed with your consent or for the assertion, execution, or defense of legal claims or for the protection of the rights of a different natural or juristic person or due to reasons of an important public interest of the European Union or a member country.

4. Data collection on this website

User account registration

Our website offers the possibility to register a user account. User accounts enable us, corresponding to our legitimate interest (Article 6(1)(f) GDPR), to steer the licensing of our software. At registration, we collect the following personal data:

Aside from this, the following personal data may be associated with a user account after registration:

We require these data for user authentication, for communication via email, to prove the registration, and for providing our software licenses. Email communication includes information about updates to our terms and conditions, information about software updates, sending of invoices, and messages about your user account, unless you have objected to this. The data are collected and processed for (pre)contractual measures on the basis of Article 6(1)(b) GDPR.

Registration for a user account works by so-called double opt-in. That means that after submitting the sign-up form, you receive an e-mail which asks you to confirm your sign-up. This confirmation is necessary to prevent people from signing up with other persons' email addresses. Unconfirmed registrations are deleted automatically after 24 hours.

These data are only forwarded to third parties as explicitly described in the section "Stripe as payment provider" below. An exception exists if there is a legal obligation for passing on data.

The data are stored only as long as they are necessary for the purpose that they were collected for. Data collected for user accounts are deleted when you issue deletion of the account and no legal requirement for storage exists. At any time, you have the ability to delete your user account after login on the account page, or to object to the use of your data by contacting the responsible body for data processing on this website, who is mentioned above.

Stripe as payment provider

If you sign up for a subscription on our website, we use Stripe for billing and payment processing. Stripe's address within the EU is: Stripe Payments Europe, Limited (SPEL), 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland.

This corresponds to our legitimate interest in offering an efficient and secure means of payment (Article 6(1)(f) GDPR). In this regard we forward the following data to Stripe if necessary for contract fulfillment (Article 6(1)(b) GDPR):

Additional data that is required for payment processing is queried directly by Stripe after forwarding to a website hosted by Stripe. This includes:

Furthermore, Stripe can collect more data and uses cookies, which is being done with the goal of fraud prevention, among others. For details, please see the corresponding policy of Stripe:

For data processing, Stripe has a dual role as controller and as processor. As controller, Stripe uses your transferred data to fulfill regulatory obligations. This corresponds to Stripe's legitimate interest (cf. Article 6(1)(f) GDPR) and is done for contract fulfillment (cf. Article 6(1)(b) GDPR).

Stripe acts as processor to fulfill transactions within the payment networks. In its role as processor, Stripe will exclusively act on our instruction and was contractually obliged in the sense of Article 28 GDPR to adhere to data protection regulations.

Stripe may transfer data to countries outside of the EU, for example to the USA. Stripe implemented compliance measures for international data transfers. These apply to all worldwide activities in which Stripe manages personal data of natural persons in the EU. These measures are based on the EU standard contractual clauses (SCCs). In addition, Stripe adheres to the EU-U.S. Data Privacy Framework.

You may find further information on possibilties for objection and deletion requests against Stripe at: https://stripe.com/privacy-center/legal.

Your data will be stored as long as necessary for handling payments for your user account, as well as for processing of refunds, claim mangagement and fraud prevention, and for fulfilling legal obligations.

Data security and policy for transmission of payment card details: ScannedReality does not collect or transmit any payment details, such as credit card numbers, on its own website. Instead, payment details are exclusively entered on webpages that are designed and hosted by Stripe (using Stripe's "Checkout" feature), and are stored by Stripe in encrypted form. ScannedReality does not access these data.

Contact form

If you send us requests via the contact form, then your information from the contact form including your contact information that you specified there will be stored by us for the purpose of addressing your request and for the case of follow-up requests. We will not pass on this data to third parties without your permission.

Processing of this data is done on the basis of Article 6(1)(b) GDPR if your request is connected to the fulfillment of a contract or is necessary to perform pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effectively addressing the requests sent to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR) if this was prompted; this consent may be revoked at any time.

The data you entered in our contact form will remain with us until you request us to delete it, until you revoke your consent of storing it, or until the purpose of data processing ceases to exist (e.g., after processing your request has finished). Mandatory legal provisions – in particular storage periods – remain unaffected.

Newsletter

If you sign up for our company's newsletter, the data entered in the respective form will be transferred to the one who is responsible for processing. The sign-up process for our newsletter works by so-called double opt-in. That means that after submitting the sign-up form, you receive an e-mail which asks you to confirm your sign-up. This confirmation is necessary to prevent people from signing up other persons to the newsletter. Unconfirmed registrations are deleted automatically after 24 hours.

When signing up to the newsletter, the IP address as well as the date and time of the registration will be recorded. This has the purpose of preventing a mis-use of the services or of the e-mail address of the affected person. The data will not be passed on to third parties. An exception to this exists if we are required by law to pass on the data. The data will be used solely for sending out the newsletter.

The newsletter subscription may be canceled at any time by the affected person. Similarly, the agreement to the storage of personal data can be revoked at any time. Each newsletter contains a corresponding link for this purpose.

The legal basis for processing the data after sign-up for and consent to the newsletter by the user is Article 6(1)(a) GDPR.

Cookies

Cookies are small text files which may be stored by your browser on your device upon visiting a website. They may contain information which may enable identification of a user.

This website solely uses a single technically necessary cookie. Cookies which are technically necessary do not require consent according to GDPR / German TDDDG, which is why our website does not use a cookie banner.

The legal basis for processing personal data using technically required cookies is Article 6(1)(f) GDPR: The website operator has legitimate interest in the flawless technical deployment of the website.

The details of the employed cookie are as follows:

You may also delete cookies manually via your browser's settings.

Server logfiles

The provider of the website possibly automatically collects and stores information which your browser automatically transfers to us in so-called server logfiles. These are:

No merging of this data with other sources of data will be done.

Collection of this data is done on the basis of Article 6(1)(f) GDPR. The website operator has legitimate interest in the flawless technical deployment and in the optimization of its website – to achieve this, the server log files have to be stored.

5. Data processing in our company

We process personal data on the basis of the data protection provisions of the General Data Protection Regulation (GDPR) as well as the German Bundesdatenschutzgesetzgesetz (BDSG) and possibly the state data protection laws of the German federate states (Bundesländer). Data of the folllowing groups of persons is processed by the respective responsible persons in the company for fulfilling tasks:

Inquiries by e-mail or telephone

If you contact us by e-mail or telephone, your inquiry including all personal data arising from it (name, inquiry) will be stored and processed by us for the purpose of addressing your inquiry. We will not pass on this data to third parties without your permission.

Processing of this data is done on the basis of Art. 6(1)(b) GDPR if your request is connected to the fulfillment of a contract or is necessary to perform pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effectively addressing the requests sent to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this was prompted; this consent may be revoked at any time.

The data you entered in our contact form will remain with us until you request us to delete it, until you revoke your consent of storing it, or until the purpose of data processing ceases to exist (e.g., after processing your request has finished). Mandatory legal provisions – in particular storage periods – remain unaffected.

6. Data processing in ScannedReality Studio

Copy protection

In order to implement ScannedReality Studio's copy protection mechanism, and to prevent wrongful use according to the software license terms, it is necessary to collect data while the program is used. This way, we may enforce limitations on how many devices the program is being used with, and we prevent use without a ScannedReality user account.

On the one hand, this happens when logging in with your ScannedReality account's email address and passwort in ScannedReality Studio. On the other hand, the program regularly validates its license during use.

The following personal data is collected at these points:

These data are processed based on our legitimate interest in protecting our software from unlawful copying and protecting our servers from attacks (Art. 6(1)(f) GDPR).

We will not pass on these data without your consent.

The data remains with us until the purpose of processing ceases to exist. We gather device-related data in order to limit simultaneous use of the program. Thus, these data are deleted automatically when the software has not been used on a device for two weeks. All gathered data is deleted when you delete your ScannedReality user account. Mandatory legal provisions – in particular storage periods – remain unaffected.

Crash reporting with BugSplat

We use the third-party software library BugSplat by BugSplat LLC to, in case ScannedReality Studio crashes on Windows, enabling our users to send us information about the crash in order to help us fix the issue.

The data collected includes both optional data entered by the user, such as an email address and a descriptive comment, and the user's IP address, information about the used device, and information about the state of the program at the time of the crash.

The data is collected only if you consent to sending a crash report (Art. 6(1)(a) GDPR).

The information BugSplat collects about End Users and their activities is the property of ScannedReality, not of BugSplat LLC. The data is used to detect the reason for program crashes and to fix these crashes. It is kept as long as necessary for resolving the problem. BugSplat itself uses the data only in anonymously aggregated form, as described in their privacy policy.

You may request us to delete these data by revoking your consent for storing it.

Source: https://www.e-recht24.de, with additions and adaptations by ScannedReality GmbH.