Privacy policy

The protection and confidentiality of your data is very important to us. In this document we would like to inform you which data we will collect, why we want to do so and how long we save these.

1. Name and contact details of the controller

The controller in charge, as defined in Art. 4 No 7 GDPR is:

EDIT GmbH
Wilhelm-Holert-Str. 61
D-21502 Geesthacht
Email: info@edit.de

2. Purposes as well as the legal basis of the processing of data

2.1. Provision of online services and creation of server log files

When visiting our websites and when using our contentDock® apps, data is automatically sent to our web servers. To this data also belong:

  • IP adress
  • Data and time of server request
  • Type and version of browser
  • The operating system you use
  • URL of the website visited before
  • Volume of data sent

This data are processed in server log files and stored for a limited time for backup purposes. We will evaluate this data for statistical purposes and to optimise our IT-Systems. No personal evaluation will be made and no personal profile will be created.

The data of the log files are always stored separately from other personal data of the users.

An IP address belongs to the personal data, as the person standing behind it can be identified by consulting the provider. The storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user's IP address must be stored for the duration of the session.

The storage of the IP address in log files is necessary to ensure the security and availability of our IT systems. This is our legitimate interest in data processing. The legal basis for the processing and storage of data is Article 6 (1) (f) of the GDPR.

At the latest after 7 days the data of the server log files are deleted. In the case of further storage, the IP addresses are pseudonymized. If attacks have been detected by individual, specific IP addresses and should therefore be blocked or used for criminal charges, longer storage of these IP addresses is possible.

2.2. Contact via our online forms

Take the opportunity to contact us via one of the online forms provided, we will, if you have given your consent by confirming the relevant declaration, collect, process, and store the personal data to process your request. The required data includes your name and email address.

We need this information in order to contact you for answering your request or clarifying follow-up questions. The legal basis for processing the data is Article 6 (1) (a) of the GDPR. This data will be processed and stored by us until the processing of the request has been completed and deletion does not conflict with any statutory retention periods to which we are subject.

Personal data also includes any data you provide voluntarily.

2.3. Registering on our website

When registering for a user account at contentDock®, the following personal data will be collected, processed, and stored:

  • First and second name
  • Email address
  • Company name
  • Password (stored encrypted)
  • Personal contentDock® web address

We need this data to create your user account and to fulfil our contractual obligations. This includes in particular the obligation to provide the contentDock® services on a user basis.

The legal basis for processing the data is Article 6 (1) (b) of the GDPR. This data will be processed and stored by us until the user account is deleted and deletion does not conflict with any statutory retention periods to which we are subject.

Personal data also includes any data you enter in the area “account” voluntarily.

Newsletters, e-mails

If you have granted consent in the registration process, we will use your email address to send you email newsletters to inform you about product news or general topics related to contentDock®.
The legal basis for processing the data is Article 6 (1) (a) of the GDPR. The given consent can be withdrawn at any time via the link provided at the end of the newsletter.

We will also use your email address to send you status emails, e.g. when logging in or publishing and updating content apps. The legal basis for processing the data is Article 6 (1) (b) of the GDPR.

2.4. Cookies

We use only technically necessary cookies for our services for the following purposes:

Temporary cookies:

  • Session cookie: ("_session_id") This cookie is created as soon as a page is visited by contentDock®.
  • Log in and authentication: ("admin_user_credentials") When loggin in, so-called temporary session IDs are stored. This allows you to switch from page to page without having to log in again.
  • Safity: (begin with "__session: ") We use cookies to allow requirements with timeout (e.g. system-side logout after a period of inactivity). This is intended to prevent fraud and misuse by third parties.

Temporary cookies will be deleted, if you close your browser or log off.

Permanent cookies:

  • Note to use cookies: ("cookiesDirective") When visiting our website for the first time, you will receive a note from us on the use of cookies. We will store the cookie "cookiesDirective", if you confirm that you have read the note by clicking the "OK" button. As a result, this note will no longer appear when visiting our website again. This cookie runs for a fixed term of one year.

Our own cookies serve only technical processes. There is no collection, processing or storage of personal data.

In addition, third-party cookies may be used. They allow us to gain information on the use of our website, to optimise our services and to carry out web analyses. Third-party cookies are placed on your computer not by us, but by the external analysis provider commissioned.

2.5 Tracking by using the mobile contentDock® Viewer app

When downloading or opening a contentApp, the contentDock® Viewer App automatically and anonymizly the following data are collected, processed and stored in order to make it available to the contentApp provider for statistical purposes:

  • System data: We collect, process and store information about the system that you use the Viewer App with, such as: Type of device used, operating system version of the device used and the viewer app version used
  • Usage data: We collect, process and store information on the use of contentApps as follows:
    Name of contentApp used and how often opened; Name of the visited pages of a contentApp and how often opened
  • Transfer data: We collect, process and store when and to what extent contentApps were loaded from the contentDock®Server.
    The transfer data we need too for our own billing towards to the provider of a contentApp. The legal basis for processing the data is Article 6 (1) (f) of the GDPR.

No personal data will be collected or transmitted, and no personal user profile will be created.

2.6 Using Firebase in the contentDock® apps

EDIT uses the tools "Crashlytics" and "Analytics" of the Google service "Firebase" in the contentDock® apps.

The tool "Crashlytics" automatically and anonymously sends error messages to Firebase if the app crashes or hangs. EDIT receives an evaluation of the error message, which helps us to investigate any errors that have occurred and improve the stability of the apps for the future. The error message contains the following information:

  • Type of mobile device & the version of the operating system used
  • Time at which the error occurred
  • Version number of the app used
  • The utilization of the working memory at the time of the error
  • The free hard disk space
  • The orientation of the mobile device (portrait/landscape format)
  • The use of a jailbreak (Yes/No)
  • Stack trace

The tool "Analytics" automatically and anonymously sends an evaluation of your user behavior within the app to Firebase. The analysis contains the following information:

  • Type of mobile device & the version of the operating system used
  • Time at which the event occurred
  • Version number of the app used
  • The event/function used
  • The length of stay in the event
  • The location of the mobile device at the time of the event (if released)
  • the language used on the mobile device

No personal data will be collected or transmitted, and no personal user profile will be created.

You can disable the reporting at any time by deactivating these options in the respective iOS/Android settings for the apps.

2.7 Session Handling in the contentDock® apps

When logging into the app "contentDock® Wireframer" or "contentDock® Viewer", a session ID is automatically stored on the user's tablet for the duration of the session so that the contentApps can be provided user-specifically.

The session ID has a maximum duration of 24 hours, but is automatically deleted when a logout occurs or the respective contentDock® app is terminated.

No personal data will be collected or transmitted, and no personal user profile will be created.

3. Categories of recipients of personal data

When processing personal information, we also work with external service providers (e.g., hosting providers, payment service providers). Your personal data will be passed on to the respective order processor only extent absolutely necessary for the purpose of carrying out the order. The commissioned processors are carefully selected and guarantee compliance with the provisions of the EU General Data Protection Regulation through appropriate agreements.

If you report a violation of law to us via our online form, we will forward your data directly to the provider of the relevant contentApp or design template, so that he can clarify the facts directly with you.

If you would like to contact a designer as a freelancer via our online form, we will forward your data directly to the designer, so that he can get in touch with you.

If there exist any statutory duties to provide information, we will transfer your data to third parties or government agencies, if we are obliged to do so by law on the grounds of an administrative order or a court order, or if we are authorised to do so because, for instance, this is required to prosecute criminal offences or to exercise and enforce our rights and claims.

Your data will not be transferred to third parties for any other purposes than those specified above.

4. Data transmission to a third country

Should personal data are to be transferred to countries outside the EU or the European Economic Area, we or the processor will do so only if the third country has been confirmed by the EU Commission to have an adequate level of data protection or an agreement on EU standard contractual clauses or similar guarantees ensures that the processing your data in accordance with European privacy standards.

5. Duration of storage, deletion

In accordance with Art. 17 GDPR we will process and store personal data of the affected party only as long as this is required to achieve the purpose of storage. Personal data can also be stored longer, if this is required under statutory provisions applicable to us.

If the purpose of storage is no longer applicable, or if a prescribed storage period expires, the personal data will be deleted or blocked on a routine basis.

6. Rights of the affected party

Each data subject has the following rights regarding the data stored about you:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure – ‘right to be forgotten’ (Art. 17 GDPR)
  • Right to restriction processing (Art. 18 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right to object (Art. 21 GDPR)

7. Revocation of consent

Where processing of personal data is based on point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR, the data subject shall have the right to withdraw his or her consent at any time. The withdrawel of consent shall not affect the lawfulness of processing based on consent until the withdrawel.

8. Right to complain to a supervisory authority pursuant to Art.77 GDPR

Without prejudice to any other administrative or judicial remedy, each data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of the habitual residence, place of work or place of alleged infringement if the data subject considers that the processing concerns him / her personal data breaches this Regulation.

9. Legal or contractual provisions for the provision of personal data; Necessity for the conclusion of the contract; Obligation of the data subject to provide the personal data; possible consequences of non-provision

The provision of personal data is sometimes required by law (such as tax regulations) or is also the result of contractual arrangements (such as details of the contractor).

For example, in order for the conclusion a contract, it is necessary for the data subject to provide us with personal data that we must subsequently process. Failure to provide the personal data would mean that the contract can not be concluded with the data subject.

Before the provision of personal data, the person concerned can contact us. We communicate whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data.

10. Existence of a automated decision-making including profiling

We dispense with automated decision-making and profiling.

Last Update: December 7, 2019