Privacy Policy

Effective: November 2020

SitePlan GmbH (“SitePlan,” “we,” or “us”) considers the security of your data and the protection of your privacy in the processing of personal data to be a matter of great importance. Personal data means all data that can directly or indirectly identify a natural person (“data”), such as name, address, email address, etc. We process your data exclusively in accordance with the applicable legal provisions, in particular the Austrian Data Protection Act (“DSG”), the European General Data Protection Regulation (“GDPR”), and the Telecommunications Act (“TKG”).

In this Privacy Policy, we aim to explain in a clear, transparent, and comprehensible manner which data are collected when you visit our website, use our other services (such as making contact), or use our services, and for what purpose they are used and processed. You will also learn about the options you have to protect your data and what rights you have regarding the processing of your data.

1. Controller

The controller for data processing within the meaning of the GDPR is:

SitePlan GmbH
FN517375x, Commercial Court Wels
AUT - 4600 Wels, Bauernstraße 1

If you have questions about data protection at SitePlan or wish to exercise your rights under data protection law, please contact us at: privacy@siteplan.at.

2. Data Security

Our goal is to manage your data with the utmost care and to take technical and organizational security measures to protect your data against loss and misuse.

Access to our website and our web app is secured via HTTPS if your browser supports SSL. This means that communication between your device and our servers is encrypted.

If you contact us by email, please note that the confidentiality of transmitted information cannot be guaranteed. The content of regular emails can, due to their technical design, be viewed by third parties. To ensure adequate information and system security and to detect malware, we store protocol data on email traffic. If you send an email to one of our addresses, our systems log the email and IP addresses of the sender and recipient, the number of recipients, the subject line, the date and time of receipt, file names of any attachments, message size, as well as spam classification and delivery status. Emails are generally checked automatically. However, if there is suspicion of a threat to our IT systems, individual emails may be reviewed manually by responsible staff.

All data traffic within SitePlan is encrypted.

We use the services of Heroku (cloud platform), MongoDB (database), and Amazon Web Services (data storage). All services ultimately store data on AWS servers located in Ireland. These servers comply with all common security standards and are ISO/IEC 27001 certified. Service providers engaged by us are contractually obligated to meet our security requirements by applying equivalent safeguards.

3. Purposes and Legal Basis of Data Processing

We collect and process your data on a legal basis as set out in Art. 6 GDPR and only to the extent necessary for the proper provision of our services, as legally or contractually defined.

The processing of your data takes place for the following purposes:

3.1 Contact

Data processing is essential for managing the customer relationship between you and SitePlan. When you contact us, we process your data for the purpose of communication. Based on any consent you may provide, we also process your data to offer you further services from us or our partners.

3.2 When visiting our website

• To analyze user behavior on our website;
• To carry out specific marketing activities (with your consent, see Sections 7 and 8);
• To optimize the user experience;
• For hosting, maintenance, and operational support of the website;
• To respond to your inquiries via the contact form.

Data processed via the website is based on information collected through cookies (see Section 7). Please note that use of the website may be restricted if you do not allow cookies.

3.3 In the context of the business relationship

• for processing inquiries that you submit to us within the framework of a pre-contractual relationship;
• for establishing and managing the business relationship, including compliance with legal requirements;
• for handling the business relationship;
• for installation, maintenance, and updating of the SitePlan software;
• for troubleshooting the SitePlan software;
• for communicating with you and informing you about changes to our services;
• for ensuring the quality of the services we provide to our users;
• for record-keeping, statistical analyses, internal reporting, and research purposes;
• for handling a complaint on your part;
• for ensuring network and information security;
• for evidentiary purposes in an existing or potential legal dispute between you and us;
• for detecting and preventing fraud and other criminal acts;
• for risk management purposes;
• for recovery or recommissioning in the event of a crisis (e.g., creating backups);
• within the framework of retaining/storing documents;
• for database management; and
• for the protection of rights, property, and/or the safety of us, our employees, and other persons.

The processing of your data for this purpose takes place within the framework of the execution of our (pre-)contractual relationship in accordance with Art. 6(1)(b) GDPR. Any further processing of your data is carried out either on the basis of your explicit consent pursuant to Art. 6(1)(a) GDPR or on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR.

3.4 Processing photos taken on construction sites

We point out that, in the course of using our software by the respective user, photos may be taken on the construction site, among other things, in order to capture the surroundings and display them in the plans. The photos are stored together with other information and data that are collected and processed in connection with the creation of the plans. Deliberately allowing oneself to be photographed or placing oneself in the picture is considered consent within the meaning of Article 6(1)(a) GDPR. Should you be depicted in a photo and not wish this, you can immediately inform the author of the photo and demand the deletion of the photo. If this does not happen, you may assert your right to deletion at any time by email to: privacy@siteplan.at .

3.5 For advertising and informational purposes

The processing of your data for advertising and informational purposes takes place either within the scope of our legitimate interest pursuant to Article 6(1)(f) GDPR or on the basis of your expressly granted consent (Article 6(1)(a) GDPR). Consent to data processing that you have given can be revoked at any time by email to: privacy@siteplan.at .

The processing of your data for advertising and informational purposes takes place

• to deepen existing customer relationships or to inform prospective customers;
• to inform about current developments and our service offering (products, updates, etc.);
• to organize events;
• to conduct surveys in order to obtain feedback on our services and/or events;
• to conduct workshops.

3.6 Newsletter

You have the option to register directly on our website for our newsletter. In this case, the data you provide during registration for the newsletter will be stored by us and processed for the purpose of sending the newsletter. We send our newsletter only to the email address you have specified. For the processing of email delivery, we use the providers Zoho and Mailchimp (see Section 5). You may revoke your consent to receive the newsletter at any time either by email to privacy@siteplan.at or via the unsubscribe link contained in each newsletter. In addition, you may also change your specified email address at any time by email to the above-mentioned email address. Until your revocation is received, your data will be lawfully processed by us.

4. Business cards

If you provide us with business cards in the course of business meetings or events, we will record the data contained therein in our contact database and process them in the context of initiating/handling a business relationship with you. Any further processing takes place exclusively on the basis of your consent or within the scope of our legitimate interest (see Section 3.3).

5. Disclosure of data to third parties

Due to our business model and the complexity of today’s data processing procedures, it is essential that we engage third parties to process your data. In doing so, we obligate the service providers selected by us to comply with the European level of data protection and European data security standards. Before transferring your data, we conclude all data protection agreements required under the GDPR and the DSG.

A complete overview of all service providers cooperating with us can be found at the following link:

https://www.siteplan.at/de/privacy/services/

Regardless of the specific engagement, you will find below a general categorization of the recipients of the data:

• IT & service providers engaged by us as well as other service providers in connection with marketing activities;
• payment providers engaged by us through which payments under license agreements are processed;
• service providers engaged by us for sending newsletters to customers and prospects;
• cooperation partners and legal representatives/tax advisors/auditors engaged by us;
• administrative authorities, courts, and public law bodies;
• insurance companies in connection with the settlement of a potential insurance case.

We point out that the persons authorized for order data processing are obliged to confidentiality by us regardless of any statutory duty. Upon request, this obligation can be presented or proven. Furthermore, we point out that we take technical and organizational measures (“TOMs”) corresponding to the state of the art to protect your data.

6. Location of data processing

In order to operate our software, we have rented a server from the cloud provider Heroku located in Ireland. This is a product of Salesforce.com Inc. We have concluded all data protection agreements required with Salesforce.com Inc. in order to protect your data. All data processing takes place on Heroku’s servers. Heroku’s data center is operated via Amazon Web Services. The AWS data center is located in Ireland.

We store and process all personal data exclusively within the European Union/the EEA. A transfer of personal data to third countries does not take place.

In connection with the correction of software errors as well as the application used in the context of software usage, data may in part also be transmitted to companies located outside the European Union/the EEA. However, these are not personal data, but merely a user ID, which does not allow the identification of the user.

7. Use of Cookies

7.1 What are cookies?

Cookies are small text modules that are placed on a user’s device by a website, provided the user has given consent. Many cookies contain a so-called cookie ID, a unique identifier of the cookie in the form of an individual character string. A particular internet browser in which the cookie has been stored can be recognized and identified via the cookie ID. This enables the visited website and the server to identify and recognize the individual browser of a person.

Cookies can be stored permanently or only during a session. Two types of cookies are used: necessary cookies, in order to be able to provide basic functions of the website, and targeted cookies, which help us to optimize the structure and navigation of our website and thereby improve service quality. In both cookie applications, your IP address is immediately shortened and thus anonymized so that it can no longer be assigned to you. Consequently, neither personal data are collected or evaluated, nor are they linked with other such data.

The following categories of cookies are distinguished:

• Strictly necessary cookies: these ensure the proper functioning of a website on the internet (e.g., navigation on the website, basic functions for displaying and selecting subpages).

They are used exclusively by the respective website operator. Accordingly, data stored in these cookies are sent only to the respective website. The use of these cookies does not require the consent of the website visitor. For this reason, individual strictly necessary cookies cannot be activated or deactivated by the user. However, it is possible to generally deactivate cookies in the browser.

• Functional cookies: these store information such as usernames and language selection. Based on this information, such cookies offer improved and personalized functions. The information is stored in anonymized form. Individual cookies can be deactivated or activated by the user at any time in the cookie settings. Therefore, functional cookies are also referred to as consent-required cookies.
• Performance cookies: these are used for statistical purposes to analyze user behavior and thereby improve the user experience / to be able to provide a more user-friendly service.

In this process, data are collected for the following purposes:

• Duration and frequency of pages visited;
• Sequence of visited pages;
• Search terms used that led to visiting the respective page;
• Movements such as clicks and scrolling with the mouse;
• Country, region, and if applicable, city of access.
  The storage of this information serves to determine the main interests of the user. On this basis, the website is adapted in terms of content and functionality to the individual needs of the users. These cookies do not store personal information such as the IP address, so that it is not possible to trace back to the respective user.
• Marketing cookies: these store information about user behavior (e.g., visits to websites) in order to present individual offers within the framework of direct marketing (special offers directly on the website or in mailings) and to make the visit to the website more attractive (speeding up loading and navigation).

7.2 Cookie settings, blocking and deleting cookies

You can also set your browser to block all cookies or to display a notification as soon as a cookie is set by us. However, please note that the website may not function properly if you disable cookies.

7.3 Functional limitations without cookies

If you generally do not allow us to use cookies, certain functions and subpages of our website will not function as expected or may not be accessible at all.

7.4 Which cookies are set by us?

7.4.1 Strictly necessary session cookies

We use session cookies which are absolutely necessary for functionality purposes during the use of the website. After the end of each session (leaving the website), the data collected about you during this period are deleted. In addition, cookies are set and stored as soon as you have consented to the use and storage of cookies on our website.

7.4.2 Google Analytics

We use functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses targeted cookies. The information generated by the cookie set by Google Analytics about your use of the website (including your IP address) is transmitted to a Google server in the USA and stored there.

Google uses this information to evaluate your use of the website, to compile reports on website activities for the website operators, and to provide other services related to website usage and internet usage. Google may transfer this information to third parties if this is required by law or if third parties process these data on behalf of Google. Google will in no case associate your IP address with other data held by Google.

More information on how Google Analytics handles user data can be found in Google’s privacy policy.

You can prevent the collection of the data generated by the cookie and related to your use of the website as well as the processing of these data by Google by downloading and installing a browser plugin (http://tools.google.com/dlpage/gaoptout?hl=en).

7.4.3 Google Ads

Our website uses the service Google Ads Conversion, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads helps SitePlan to draw attention to our offers and services by means of advertising measures on external websites. Google Ads enables us to analyze the success of our advertising campaigns. This allows us to display relevant advertising content to you and to make our website more interesting for you.

These advertising measures are created and distributed by Google via so-called “ad servers.” For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the display of the ads or clicks by users, can be measured. If you access our website via a Google ad, a cookie is stored on your device by Google Ads. This does not make it possible to identify you personally. Only analytical values such as the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), as well as opt-out information (indication that the user no longer wishes to be addressed) are stored. Cookies stored in this way are usually deleted after 30 days. SitePlan itself does not collect or process any personal data in the context of the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can determine which of the advertising measures used are particularly effective. In addition, SitePlan does not receive any further data—neither personal nor otherwise—about the users, and in particular we cannot identify the users based on the information received.

Due to the tools used, your server automatically establishes a direct connection with Google’s server when you visit our website. SitePlan has no influence on the extent and further processing of the data by Google. If you are registered with a Google service, Google may associate the visit with your account. Even if you are not registered with Google or are not logged in, there is a possibility that the provider will obtain and store your IP address.

7.4.4 Google Ads Remarketing

We use the remarketing function within the Google Ads service. With the remarketing function, we can present visitors to our website with interest-based advertisements on other websites within the Google advertising network and thereby keep you informed about our offer. For this purpose, the interaction of visitors on our website is analyzed and recorded, specifically which offers the visitor is interested in or which subject areas the visitor paid particular attention to when visiting the website. Based on these analysis results, visitors are shown targeted advertising on other sites even after visiting our website. The cookies set serve to uniquely identify a web browser on a specific end device and not to identify a person. We therefore also do not receive any personal data from Google.

Further information on the use of data by Google, on settings and opt-out options as well as on data protection can be found on the following Google web pages:

• Google Privacy Policy: http://www.google.com/intl/de/policies/privacy
• Website statistics: https://services.google.com/sitestats/de.html

8. social media plugins

8.1 YouTube plug-in

We have placed a link to the online video platform YouTube on our website. This is operated by Google LLC, D/B/A YouTube, 901 Cherry Ave., San Bruno, CA 94066, USA.

When you visit a website that contains such a button, a direct connection is established between your browser and the YouTube servers. The website operator therefore has no influence whatsoever on the nature and scope of the data that the plugin transmits to the YouTube servers.

Information on the handling of data, which data are collected and stored, and for what purpose they are processed can be found here: https://policies.google.com/privacy?hl=de&gl=en.

8.2 Facebook plugin

Remarketing tags of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, are integrated on our website.

Through these remarketing tags, when visiting the website, a direct connection between your browser and the Facebook server is established if you are logged into Facebook at the same time. Facebook thereby receives the information that you have visited the website with your IP address, which enables Facebook to assign the visit to your Facebook user account. The information thus obtained can be used by SitePlan for the creation and display of Facebook ads. SitePlan, as the provider, has no knowledge of what information is transmitted to Facebook and how Facebook uses this information. Further information can be found in Facebook’s privacy policy at https://www.facebook.com/about/privacy/. If you do not want data to be collected via Custom Audience, you can deactivate Custom Audiences at https://www.facebook.com/settings/?tab=ads deactivate.

8.2.1 Sharing function

Via the “Share” menu you can establish a direct connection to Facebook. A transfer of personal data only takes place when clicking on the share icons.

8.3 LinkedIn Plugin

Furthermore, SitePlan uses remarketing and retargeting tags of the social network LinkedIn. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

When visiting our website, here too, a direct connection is established between your browser and the LinkedIn servers if you are simultaneously logged into LinkedIn. SitePlan, as the provider, has no knowledge of what information is transmitted to LinkedIn or how LinkedIn uses this information.

Detailed information on the handling of personal data by LinkedIn, which data are collected and stored and for what purpose they are processed, can be found in LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv.

9. links from partner companies on the website

Our partner companies are linked on our website. By clicking on the logos of our partner companies, you will be linked directly to the website of the partner company. SitePlan is not responsible for the design of the partner companies' websites and accepts no liability for them.

10. Use of external fonts

External fonts from Google Fonts are used on the website. Google Fonts is a service of Google Inc. The integration of these web fonts takes place by means of a server call, usually to a Google server in the USA. In this process, the server is informed which website you have visited. The IP address of the browser of your end device is also stored by Google. Further information can be found in the Google Fonts privacy notes, which you can access here: https://fonts.google.com/about

Details on the Google Privacy Policy can be found at: http://www.google.com/intl/de/policies/privacy

With the Google Privacy Checkup you can review and change your privacy settings for Google products: https://myaccount.google.com/privacycheckup

11. Retention

We generally store your data until the termination of the business relationship within the framework of which we collected your data, or until the expiration of the applicable statutory limitation and retention periods, and beyond that until the conclusion of any legal disputes in which such data are required as evidence, and in any case for the duration of statutory warranty periods or contractually agreed guarantee periods.

Should you wish your data to be deleted, please contact us at privacy@siteplan.at (see Section 12.3).

Users have the option to delete all work results created in the course of using the software. Deleted results can be stored in the recycle bin at the request of the licensee, to which only the users authorized by the licensee as well as SitePlan have access and deletion rights.

At the end of the business relationship, downloaded and stored plans contain only anonymized work results due to the deactivation of all users. The author is therefore no longer identifiable. The stored work results no longer contain any personal data.

SitePlan has no influence on how long data are stored by the contractual partners involved in the respective project (contractors, clients, etc.).

Even after the termination of the business relationship, company data as well as publicly available contact data (e.g., accessible on the internet) are stored in our CRM system.

For marketing purposes, we store your data until your objection or the withdrawal of your consent, insofar as the marketing activity is based on your consent and provided that we are not entitled to retain the data on the basis of another legal ground (in particular Article 6(1)(f) GDPR).

12. Rights of data subjects

With regard to the processing of your data, you have the right to access, rectification, erasure, restriction, data portability, withdrawal, and objection. If you wish to exercise any of these rights, you can contact us at any time at: privacy@siteplan.at.

If you believe that the processing of your data violates data protection law or that your data protection rights have otherwise been infringed in any way, you may also contact us at privacy@siteplan.at at any time or file a complaint with the competent supervisory authority. In Austria, this is the Data Protection Authority: privacy@siteplan.at contact us or lodge a complaint with the competent supervisory authority. In Austria, this is the data protection authority:

Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna

Telephone: +43 1 52 152-0

Email: dsb@dsb.gv.at

You have the following rights in detail:

12.1 Right of access

Upon request, we will provide you within the legally prescribed period with information about the data we have stored about you. This information includes, in addition to the data, among other things, the purpose of processing, the legal basis, and the type of processing. Your right of access is legally restricted under certain conditions. If this is the case, we will inform you of the reasons.

12.2 Right to rectification

You have the right at any time to have data collected by us that are incorrect or incomplete corrected or supplemented. In certain circumstances, we may require proof of your identity before we can comply with this right. Until your data have been corrected or supplemented, you may also request the restriction of their processing.

12.3 Right to erasure, right to restriction

You have the right to request the erasure of your data from us if and to the extent that (i) the data are no longer needed for the purposes for which they were collected, (ii) the data were unlawfully collected, or (iii) the processing is based on your consent and you have withdrawn your consent. If there is a statutory retention obligation, the data will only be deleted after this period has expired. However, these data will be blocked for any further use.

A right to erasure does not exist insofar as the data may not be deleted due to a legal obligation or the data processing is required for the establishment, exercise, or defense of legal claims. In this case, however, you have the right to have the processing of your data restricted to the use required by law or necessary for legal enforcement.

12.4 Right to data portability

You have the right, insofar as this is technically possible, to have all data stored by us about you transferred to a third party designated by you.

12.5 Right to object

You may request us to stop processing your data if this processing is carried out on the basis of our own or a legitimate interest of another person and we cannot demonstrate compelling legal grounds for the processing.

12.6 Right to withdraw consent

You may withdraw at any time, with effect for the future, any consent you have given for the collection and processing of your personal data, in whole or in part. In this case, we will immediately delete your data to the extent you request, or, insofar as this is not legally permissible, restrict their processing to use beyond the statutory requirements. To do so, please contact us at: privacy@siteplan.at.

Up to the time of withdrawal, the processing of your data remains lawful.

13. Changes

We reserve the right to amend this privacy policy as necessary to reflect technological developments and legal changes, or to update it in connection with the provision of new services or products and software as well as applications. All updates will be published on our website. We recommend that you regularly check the currently applicable version.

14. Scope of the Privacy Policy

This privacy policy applies exclusively to the website and to the services presented by SitePlan. It does not apply to websites, services, or products offered or advertised by other companies or individuals, or to linked websites.