LEARN ABOUT OUR LEGAL TOPICS

Legal

Here you will find answers to your questions about our guidelines, intellectual property, corporate governance, corporate compliance, and other topics. The protection and security of your data and other legal topics are very important to us. View legal topics below to learn more.

According to § 5 TMG

sqanit GmbH
Balanstraße 71a
81541 Munich

Represented by Business Executives
Mr. Markus Gatzke, Mr. Christian Hieronimi

Contact
sqanit GmbH
Balanstraße 71a
81541 Munich
Telephone +49 (0) 89 44451155
E-Mail: info@sqanit.com

Sales Tax Identification Number
Sales tax identification number according to §27a sales tax law:
UStID DE 297723328  

Commercial Register Entry
Register Court Munich
HRB 214318

Last update Feb 2024

The protection and security of your personal data are very important to us, sqanit GmbH. We take the legal requirements of data protection and data security very seriously. 

The following information applies to our website under https://www.sqanit.com (“sqanit website”) and provides you with an overview of which personal data we collect via The sqanit website and for what purposes. In addition, we hereby inform you of your rights in relation to us with regard to your personal data.

IN NO CASE WILL YOUR PERSONAL DATA BE FORWARDED TO THIRD PARTIES, UNLESS OTHERWISE SPECIFIED BELOW.

1. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?

sqanit GmbH, Balanstraße 71a, 81541 Munich, Germany (“sqanit”), is responsible for processing your personal data.

You can also contact us by e-mail with your data protection concerns or in exercise of your rights: privacy@sqanit.com.

“Personal data” means any information relating to an identified or identifiable natural person, i.e. in your case all information that we are able to associate with you, even if only indirectly.

We collect your data by a contact form we provide for this purpose on our sqanit  website. Other data will be automatically recorded by our IT systems when you visit the sqanit website. Further details you may find below. 

4.1 Log files (internet protocols)

When you visit our sqanit website, our IT systems automatically collect and store so-called log file information that your internet browser transmits to us. This includes:

    • Internet browser type/version
    • operating system used 
    • host name of the accessing computer (your IP address)
    • date and time of the request to our server
    • requested website.

This information is partly required for technical reasons in order to show you our sqanit website and to ensure its stability. 

IP addresses are stored in our log files in order to enable us to pursue our rights in the event of an attack on our IT systems and restore the security of the IT systems (our legitimate interest; legal basis is Art. 6(1)(f) of the General Data Protection Regulation, “GDPR“).

We are not able to assign the data to any person except for the IP address. The IP address is only assigned in the case of an attack. Beyond that we do not merge the data with other data sources. The IP addresses are deleted within 14 days.

4.2 Contact form on the sqanit website 

If you use the contact form on the sqanit website, we collect the following information from you (legal basis is Art. 6 (1)(f) GDPR):

    • Company 
    • Name
    • Email address
    • Additional data, if voluntarily provided by you

On the sqanit website, an e-mail address (contact@sqanit.com/kontakt@sqanit.com) for contacting us is provided on the contact form highlighted in blue when you click on “SEND REQUEST”. If you send us an email, the personal data transmitted with the email will be collected. If your email contact is aimed at concluding a contract (e.g. a binding offer), an additional legal basis for the processing is Art. 6(1)(b) GDPR. In case we are contacted by you, this also constitutes our necessary legitimate interest in processing the data.

The data will only be used for processing your contact request. Your personal data will be deleted as soon as they are no longer required for this purpose. This is the case when the respective request from you has been completely processed, unless (i) you consent that your data may be retained beyond this term (legal basis is Art. 6(1)(a) GDPR, (ii) we are obliged to retain your data due to statutory retention obligations, or (iii) we are entitled to retain your data for another reason.

4.3 Registration form for events on the sqanit website

If you use the registration form on the sqanit website, we collect the following data from you (legal basis is Art. 6 (1)(f) GDPR): 

    • First name
    • Last name 
    • Email address
    • Company name, which you may provide voluntarily
    • Message, which you may provide voluntarily

If you click on “SUBMIT” in the registration form on the sqanit website, you will receive an email address (webinar@sqanit.com) where you can contact us. If you send us an email, we will collect the personal data transmitted with the email. If your email contact is aimed at the conclusion of a contract (e.g. binding offer), a further legal basis for the processing is Art. 6(1)(b) GDPR. If we are contacted by you, this also constitutes our necessary legitimate interest in processing the data. 

The data will only be used to process your contact request. Your personal data will be deleted as soon as it is no longer required for this purpose. This is the case when the respective request has been fully processed by you, unless (i) you consent that your data may be stored beyond this period (legal basis is Art. 6(1)(a) GDPR, (ii) we are obliged to store your data due to legal obligations).

4.4 Use of Matomo 

On our sqanit website, we use the web analysis service Matomo to analyze and check the use of our sqanit website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user.

Matomo cookies are stored on your computer for the purpose of web analysis. To analyze website usage, your IP address and information such as timestamps, websites visited and your language settings are recorded. We store the information collected in this way on our own server.

Our sqanit website uses Matomo with the “AnonymizeIP” extension. This shortens IP addresses. The shortened IP address transmitted by your browser using Matomo is not merged with other data collected by us. The legal basis for the use of Matomo is Art. 6(1)(a) GDPR. You can revoke your consent at any time, the easiest way to do this is via our cookie manager. 

The Matomo program is an open source project. Information from the third-party provider on data protection can be found at Privacy Policy – Analytics Platform – Matomo.

4.5 Use of Google Maps

We use Google Maps services on our sqanit website. This allows us to show you interactive maps directly on our sqanit website and enables you to use the map function conveniently. The legal basis for the use of the maps is Art. 6(1)(a) GDPR, i.e. the integration only takes place with your consent.

By visiting our sqanit website, Google receives the information that you have accessed our sqanit website. In addition, the above-mentioned basic data such as IP address and timestamp are transmitted. This occurs regardless of whether Google provides a user account, where you are logged in, or whether no user account exists. If you are logged into your Google account, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

The information collected is stored on Google servers, including in the USA. In these cases, Google has stated that it is subject to the EU-U.S. Data Privacy Framework and has undertaken to comply with applicable data protection laws when transferring data internationally. 

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider’s privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: Privacy Policy – Privacy & Terms – Google.

4.6 Use of Google Analytics

Our sqanit website uses Google Analytics, a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The purpose of this tool is to enable us to analyse your user interaction on our sqanit website and to use the statistics and reports obtained to improve our offer and make it more interesting for you as a user.

We primarily record the interactions between you as a user of the website and our sqanit website via data on the device/browser, IP addresses and website or app activities. In Google Analytics, your IP addresses are also recorded to ensure the security of the service and to provide us as the website operator with information about the country, region or location from which the respective user comes (so-called “IP location determination”). For your protection, however, we naturally use the anonymization function (“IP masking”), i.e. Google truncates the IP addresses by the last octet within the EU/EEA.

Google acts as a processor and we have concluded a corresponding contract with Google. The information generated and the (usually shortened) IP addresses about your use of our sqanit website are usually transferred to a Google server in the USA and processed there. In these cases, Google has stated that it is subject to the EU-U.S. Data Privacy Framework and has undertaken to comply with applicable data protection laws when transferring data internationally.

The legal basis for the collection and further processing of the information is your consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. In apps, you can reset the advertising ID in the Android or iOS settings or install the Google browser add-on, which can be accessed via the following link: Google Analytics Opt-out Browser Add-on Download Page.

For more information on the scope of services provided by Google Analytics, please see Terms of Service | Google Analytics – Google

Google provides information on data processing when using Google Analytics at the following link: Safeguarding your data – Analytics Help (google.com)

General information on data processing, which according to Google should also apply to Google Analytics, can be found in Google’s privacy policy under Privacy Policy – Privacy & Terms – Google.

4.7 Use of LinkedIn Insight Tag 

Furthermore, the sqanit website uses the LinkedIn Insight Tag (or LinkedIn Pixel) of LinkedIn Ireland Unlimited Company (“LinkedIn”). By integrating this JavaScript tag, we can show you, as a user of our sqanit website, interest-based advertisements that are relevant to you when you visit the LinkedIn social network or other websites that also use the process, and we receive statistics about website visitors and demographics. Furthermore, we can evaluate your use of our LinkedIn advertising and interest in our offers using a conversion tracking function and also show you LinkedIn ads on other websites via retargeting. In this way, we pursue the interest of improving the effectiveness of LinkedIn ads and making our sqanit website more interesting for you.

By integrating the LinkedIn Insight tag, your browser automatically establishes a direct connection with the LinkedIn server, both when you visit the LinkedIn website and from websites that have integrated the LinkedIn Insight tag. We have no influence on the extent and type of use of the data by LinkedIn, we therefore inform you according to our level of knowledge: By integrating the LinkedIn Insight tag, LinkedIn receives the information that you have accessed the corresponding website of our internet presence or have clicked on an advertisement from us. If you are registered with a LinkedIn service, LinkedIn can assign the visit to your account. Even if you are not registered with LinkedIn or have not logged in, there is a possibility that the provider will find out your IP address, time window and other identifying features and link them to the actions assigned to you.

The deactivation of the LinkedIn Insight tag and other advertising objections are possible in the settings for advertisements under Manage your advertising preferences | LinkedIn Help and additionally under Ads unsubscribe (Ads unsubscribe  (linkedin.com). Further setting options and information can be found in the LinkedIn Privacy Center: Privacy Center (Datenschutz (linkedin.com).

The legal basis for the processing of your data is Art. 6(1)(a) GDPR, i.e. the integration only takes place with your consent. You can revoke your consent at any time, the easiest way is via our cookie manager. LinkedIn also processes your personal data in the USA and, according to its own information, has submitted to the EU-U.S. Data Privacy Framework (EU/EEA, UK, and Swiss data transfers | LinkedIn Help).

Further information on data processing by LinkedIn can be obtained from the provider, LinkedIn Ireland Unlimited Company, Attn: Legal Dept, Wilton Plaza, Wilton Place, Dublin 2, Ireland; information on the LinkedIn Insight Tag: LinkedIn Insight-Tag | LinkedIn Marketing SolutionsUser Agreement | LinkedIn and the data protection information: LinkedIn Privacy Policy.

4.8 Social Media Links

We also use the following social media sites. The integration takes place via a linked graphic of the respective provider. The use of these graphics, which are stored on our own servers, prevents the automatic connection to the servers of the respective provider. You will only be redirected to the service of the respective social network if you click on the corresponding graphic.

As soon as you click on it, the social network can record information about you and your visit to our sqanit website. It cannot be ruled out that this data will be processed in the United States of America.

This includes the following data: Your IP address, the date and time and the page visited. If you are logged into your user account with the provider at the same time, the provider can assign the information collected about your visit to our sqanit website to your personal account. If you interact by clicking on “Like”, “Share”, etc., this information may be stored in your personal user account and possibly published on the respective social network. To prevent this, you must log out of your social media account before clicking on the graphic.

Networks also offer corresponding options in their settings to avoid this or to configure it accordingly.

The following social networks are integrated on our website: YouTube. 

Integrated YouTube videos

a. Data processing

We have integrated YouTube videos into our online offering, which are stored on the YouTube platform and can be played directly from our sqanit website. YouTube is a service provided by Google LLC, D/B/A YouTube, 901 Cherry Ave, San Bruno, CA 94066, USA (“Google”). The videos are all integrated using the so-called “2-click mode”, which means that no data about you as a user is transmitted to Google if you do not activate the video function. Before the video function is activated, only a preview image is displayed, which is loaded from our own web server.

Data is only transmitted to Google if you activate this video function. After activation, we no longer have any influence on the data transfer. Data is transferred regardless of whether you are logged into a corresponding user account with Google. If you are logged into your Google account, your data will be assigned directly to your account.

b. Processing purposes and legal basis for processing

We use YouTube videos on our sqanit website so that you can watch YouTube videos easily.

The legal basis for the processing of your personal data is your consent in accordance with Art. 6(1)(a) GDPR. You give this consent by activating the video function. If activated, your personal data will be transferred to Google as described above.

The information collected is stored on Google servers, including in the USA. In these cases, Google has stated that it is subject to the EU-U.S. Data Privacy Framework and has undertaken to comply with applicable data protection laws when transferring data internationally.

If you have given your consent, you have the right to withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can withdraw your consent at any time for the future.

c. Further information

Further information on data processing, in particular on the legal basis and the storage duration by YouTube, can be found in Google’s privacy policy (https://policies.google.com/privacy) and in the privacy policy on the YouTube platform. There you will also find further information about your rights and options for protecting your privacy. 

5.1

We may also disclose or forward your personal data to IT service providers. We carefully select the IT service providers, and they work for us as data processors. 

In order to comply with our statutory obligations regarding accounting and drawing up annual financial reportings, we use third parties who are legally obliged to maintain secrecy (tax consultants, auditors, and attorneys), because we cannot provide these services ourselves (legitimate interest). In the context of their work, they may receive your personal data as required in accordance with Clause 4 or gain access to this personal data (legal basis is Art. 6(1)(f) GDPR). 

5.2

Data may be transferred to third countries (i.e. countries that are neither members of the European Union nor of the European Economic Area) if this is necessary to provide services to you, is required by law or if you have given us your consent. In addition, we may also transfer your personal data to processors in third countries. 

The European Commission declares that some third countries have a level of data protection comparable to the European Union standard by means of a so-called adequacy decision. A list of these countries and a copy of the adequacy decisions can be found here: Data protection adequacy for non-EU countries (europa.eu). Please note that not all third countries have a level of data protection recognised as adequate by the European Commission. We will only transfer your personal data to third countries to the extent that this is permitted under Art. 44 – 49 GDPR. Insofar as we rely on suitable guarantees in accordance with Art. 46(2) GDPR (e.g. standard contractual clauses or binding corporate rules) when transferring to third countries, we will take additional technical and/or organisational measures insofar as this is necessary to maintain an adequate level of protection for your personal data.

We use appropriate technical and organizational security measures in order to protect your data against accidental or intentional manipulations, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in accordance with technological developments.

We use SSL or TLS encryption for our contact form. You can recognize an encrypted connection in that the address line of the browser changes from “http://” to “https://”, and the lock symbol will appear in your browser line. If SSL or TLS encryption is enabled, the data you send to us (e.g. in the context of orders or requests) cannot be read by third parties.

You have the following rights regarding your personal data (Art. 15 et seqq. GDPR):

  • Right of access
  • Right to rectification or erasure, as well as to restriction of processing (“blocking”)
  • Right to data portability

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

Right to object to further processing:

If we process personal data of you on the basis of Art. 6(1)(f) GDPR (i.e. if we process such data to exercise our legitimate interests), you have the right to object to this processing at any time for reasons arising from your particular situation. We will then no longer process your personal data, unless we can demonstrate compelling protectable reasons for the processing that outweigh your interests, rights, and freedoms, or if the processing serves to assert, exercise, or defend our legal claims. 

Last updated: April2024

Data Processing Agreement

between

the Provider

– hereinafter “Controller“-

and

sqanit GmbH, Balanstraße 71a, 81541 Munich, Germany

‍- hereinafter “Processor” –
– hereinafter Controller and Processor collectively also “Parties” –

1. GENERAL

1.1

This agreement contains a written order of the Controller to the Processor within the meaning of Article 28 of the Regulation (EU) 2016/679, the European General Data Protection Regulation (GDPR).

1.2

As far as the Federal Data Protection Act (BDSG) is mentioned here, these mentions refer exclusively to the BDSG which will be valid from 25 May 2018.

2.1

Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.2

“Processing”/”processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation,structuring, storage, adaptation or alteration, retrieval,consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

3.1

The subject, type and purpose of processing of Personal Data by the Processor on behalf of the Controller are laid down in the agreement between the Controller and the Processor according to the Processor’s Terms of Use (hereinafter “ToU Agreement“).

3.2

The following types of Personal Data are subject to this agreement:

    • Contact details such as names, e-mail-addresses, mail addresses, phone numbers, login data, profession, job title.
    • Location data and technical data for devices that can be assigned to a natural person.
    • Inquiries and data relating to the processing of orders in connection with devices, in particular communication data. Also information on malfunctions and their rectification, repairs and spare parts requirements, which may also include photos and videos and other files.
3.3
The processing concerns the following categories of data subjects:
    • Employees of the Controller
    • Contractual partners of the Controller, in particular users.
3.4
This contract does not apply to activities where the Processor independently processes the Provider’s personal data. This applies to the processing of contact data of the Controller’s contact persons who are responsible for the implementation of the contract in accordance with the ToU Agreement. The Controller is responsible for the processing within the meaning of Article 4 (7) GDPR. The assessment of whether the processing of Personal Data according to the ToU Agreement and this agreement is in compliance with the GDPR and, as the case may be, other applicable data protection laws, is at the Controller’s sole discretion. The Controller shall inform the Processor without delay if the Controller identifies mistakes or irregularities in the processing.
3.5
The term of this agreement shall be equivalent to the term of the ToU Agreement.
4.1
The Processor shall process the Personal Data of the Controller exclusively according to the ToU Agreement and in compliance with any further documented instructions issued by the Controller according to this agreement, unless the Processor is obliged to a processing pursuant to the laws of the European Union or the Federal Republic of Germany. The Processor shall inform the Controller of such legal requirements prior to such processing, unless the law prohibits such information on important grounds of public interest.

4.2
The Processor confirms that it has appointed a data protection officer pursuant to Section 37 of the GDPR. The Processor shall provide the Controller with the contact information upon request.
4.3
The Controller is responsible for the fulfilment of the Controller’s obligation to respond to requests for exercising the data subject’s rights laid down in Articles 12 to 23 GDPR. The Processor shall inform the Controller without delay if data subjects assert such rights against the Processor. Furthermore, the Processor shall, taking into account the nature of the processing, assist the Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller’s aforementioned obligation.
4.4
In case of a Personal Data breach – including a breach of this agreement or any additional instructions of the Controller according to this agreement – the Processor shall inform the Controller without delay. The Processor is aware that pursuant to Articles 33 and 34 of the GDPR there may be notification and information obligations in case of a Personal Data breach. The Processor shall assist the Controller in fulfilling these obligations.
4.5
If the Controller is obliged pursuant to Article 35 of the GDPR to perform a data protection impact assessment, the Processor shall assist the Controller in this assessment, dependent upon the type of processing and the information provided, as well as in consultation with the supervisory authority pursuant to Article 36 of the GDPR.

5.1

The Processor shall process the Controller’s Personal Data only on documented instructions.  Such instructions shall be issued in text form. Oral instructions are permissible in urgent situations as an exception, yet shall be confirmed by the Controller in text form without delay.  If such instructions require performance of the Processor that is not included in the ToU Agreement, the Controller shall pay to the Processor a remuneration to be determined by the Processor according to Paragraph 316 German Civil Code (Bürgerliches Gesetzbuch).

5.2

The Processor shall inform the Controller without delay if it perceives that an instruction constitutes a breach of applicable data protection laws or this agreement. The Processor is permitted to suspend execution of the respective instruction until it has been confirmed or modified by the Controller.

The Processor shall take all measures required pursuant to Article 32 of the GDPR.

The Controller reserves the right to monitor compliance with the statutory provisions on data protection, compliance with the contractual agreements made between the parties and compliance with any additional instructions given by the Controller through the processor. The Processor makes available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 GDPR and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller. Implementation of technical and organisational measures may be verified with approved codes of conduct pursuant to Article 40 GDPR or a certificate granted according to an approved certification procedure pursuant to Article 42 GDPR.

If the processing of the Controller’s personal data shall involve other processors (hereinafter referred to as “subcontractors”), the following provisions shall apply:

Involving subcontractors is generally permitted. The Processor shall inform the Controller in advance of each subcontractor he intends to involve, giving the Controller the opportunity to object. When the contract is concluded, the Processor shall use the following subcontractors: the Processor shall use the following subcontractors:

Hetzner Online GmbH
Managing Directors:
Martin Hetzner, Stephan Konvickova, Günther Müller
Street / P.O. Box:
Industriestr. 25
Postcode Location:
91710 Gunzenhausen, Germany

Hetzner Online is the datacenter and infrastructure provider of sqanit’s private cloud system, which provides all the related services. A data processing agreement exists.

The Processor shall define the contractual arrangements with the subcontractor(s) in such a way that they comply with the data protection provisions applying between the Controller and the Processor.

In case of subcontracting, the Controller shall be granted control and inspection rights in relation to the subcontractor pursuant to this contract. This includes the right of the Controller to obtain information from the subcontractor on written request about the essential content of the contract and the implementation of the data protection-related obligations in the subcontracting relationship, if necessary by inspecting the relevant contract documents.

For clarification, the parties state that Article 32 (4) GDPR also applies to subcontractors.

Subcontracting relationships within the meaning of this provision shall not be understood to include services the Processor obtains from third parties as ancillary service to assist in fulfilling the order. These include, for example, telecommunication services and services of cleaning staff. However, in order to ensure the Controller’s personal data privacy and security, the Processor is obliged to enter into appropriate contractual arrangements for the safeguarding of personal data in accordance with the law. This also applies to ancillary services.

After completion of the contractually agreed services or at an earlier point in time at the request of the Controller – at the latest at the termination of the ToU Agreement – the Processor shall delete the Controller’s Personal Data, unless the laws of the European Union or the Federal Republic of Germany requires or permits further storage of the Personal Data.

The Processor warrants and guarantees that the individuals it employs for the processing of the Personal Data, including of any Subcontractors, have committed themselves to confidentiality or are subject to an adequate statutory professional obligation to confidentiality.

11.1

The remuneration of the Processor is specified in the ToU Agreement.

11.2

The Processor shall be liable to the Controller pursuant to the provisions in Clause 10 of the ToU Agreement.

Stand: April 2024