Privacy Policy of the CreateCtrl AG

Thank you for your interest in our service.

The following passages provide you with detailed information about our policies for the data protection and why we collect data and how we protect it.

Article 12 of the General Data Protection Regulation (GDPR) states that the controller shall take appropriate measures to provide any information relating to processing data in a way its

  • concise
  • transparent
  • intelligible
  • easily accessible
  • and in a clear and plain language.

In order to maintain a high level of data protection as well as the faith of our customers we considered those measures and adapted our data protection policy.


Visiting & Using our Webpage

You can visit our website www.createctrl.com without providing us any personal data.

During your visit of our webpage, it is possible that we will store automatically specific types of data (e.g. cookies). The following passages will give specific information about this topic.


Cookies

Our webpage uses cookies in order to make our website more attractive for visitors and to enable the use of certain functions. Cookies are small pieces of text sent by your web browser by a website you visit. A cookie file is stored in your web browser and allows the service or a third party to recognize you and make your next visit easier and the service more useful to you.

Cookies can have a unique Cookie-ID, which consists out of a string. Webpages and servers can be assigned to the specific web browser by storage.
If you would like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages or use the preferences of your web browser.
Our webpage informs you about the use of cookies on your first visit and gives you the chance to agree to their processing or read our data protection policy.

The temporary storage or process of cookies is based on Art. 6 (1) lit f GDPR. The data is not stored consistently.


Log files of the website

Our webpage or the host of the webpage processes data in so-called log files. This type of data is used solely to ensure an operation of our webpage without any troubleshooting and improves our offers.

The following data will be protocolled:

  • Webpages visited
  • Time of access
  • Amount of send data in bytes
  • Source from which page the user came
  • Used browser
  • Used operating system
  • Used IP-addresse (in an anonymized form)

We use this data for statistical analysis and to improve our webpage.

CreateCtrl AG reserves to analyse the log-files if indications suggest an unlawful use of our webpage.

The temporary storage or process of log-files is based on Art. 6 (1) lit f GDPR. This data is not stored consistently.


Linking to other sides

Our webpage may contain links to sites operated by third parties whose policies regarding the handling of personal information may differ from us. We cannot be responsible for the information handling practices of these other websites. These linked websites have separate and independent privacy statements, notices and terms of use. We cannot take responsibility for the processing of data by third parties.


Remote maintenance

As a service, customers are able to use a remote maintenance on our webpage. We are using TeamViewer for this service. If TeamViewer will be conducted in the process of this service you are automatically agree to their terms and conditions as well as their End-User License Agreement

You can look at their privacy policy or send your specific question about their data privacy policy privacy@teamviewer.com.


Guarantee of data processing

In order to guarantee a safe data processing, we concluded data processing agreements with all controllers within the meaning of Art. 28 GDPR. The contracts have been reviewed whether they meet the prevailing standards of the GDPR. In addition, we implemented technical measures for safe data processing. The signed contracts are becoming valid after May 25th 2018.


Social Media

We are using the social media platform Facebook in order to inform our customers about news and updates regarding our company. While using or visiting our platform it is possible that data will be processed outside EU borders. Additionally it could be possible that data will be used for the purpose of market research or advertising.

The legal basis for processing the data from our platform is based on Art. 6 (1) lit. f GDPR. In this case, our interest persists in enforcing and resisting rights as well as communicating with our customers. If the users have to give consent in order to process their personal data, the legal basis is Art. 6 (1) lit. a GDPR (given consent to the processing)

Further information about the process and purpose of collecting and using personal data by the given social media platform as well as the rights of concerned people can be found here:

For information requests or enforcement of rights we highly recommend to contact Facebook directly. Neither can we access your data nor are we able to take actions.


Collection of personal data

By using the contact form on our webpage or the customer area, personal data will be compiled and saved.

The following paragraphs providing an overview of why we compile the data and how we are using it.

  • Why do we compile and save data?

    If you are using the customer area or the contact form in order to get in touch with us, personal data will be compiled for the following reasons:

    • Successfully Log-in and Log-out for Jira customer accounts
    • Providing customer service and customer support
    • Customer approach over the webpage
    • Submitted job applications
    • E-Mail requests

  • What data will be compiled and saved?

    Personal data can be compiled and saved in the following categories:

    • 1. Jira-customer accounts

      Customers with a support contract and a Jira account can log-in to the customer area. The following data will be compiled:

      • - Username
      • - Password (encrypted)
      • - E-mail address
      • - Profile picture (optional)
      The data storage period is aligned with the support contract period. With the expiration of the contract the data will be anonymised.

      The processing of personal data in combination of a customer account serves for the purpose of customer support services, which are defined in the support contract. The data will be solely processed for the given purpose.

      The legal basis for compiling the data is Art. 6 (1) lit. b GDPR.

    • 2. Contact form

      By using the contact form on our website, the following personal data will be compiled:

      • - Name
      • - E-mail address
      • - Message
      We collect and process the data from the contact form for the purpose of communication with our customers and to help finding the right solution for them. The contact form can also be used by customers to get in touch with us in order to close a contract.

      If a contact request will be include the conclusion of a contract, the data will be saved for a longer period.

      The legal basis for compiling the data is Art. 6 (1) lit. f GDPR.

      The legal basis for saving the data for a longer period is Art. 6 (1) lit. b GDPR.

    • 3. Job applications

      On our webpage are open vacancies to which people can send us a job application via e-mail. The personal data will be compiled for the purpose of managing the job applications. The data will be solely processed for the given purpose. Job applications can be send to us either by using the specific contact form or by sending them directly via mail. By using the contact form for job applications, the following data will be compiled:

      • Name
      • Surname
      • E-mail address
      • Phone number
      • Message
      • Job application documents

      The legal basis for compiling personal data from job applications is primarily §26 BDSG as amended. Thereafter the processing of the data, which is required in the process of justification for the employment relationship.

      Legal basis for processing the data for an application is § 26 BDSG in its applicable version starting with the 25th of May 2018. With this version, the processing will be permitted within the coherence of the decision making in order to justify the employment relationship.

      For the purpose of prosecution, the processing of data can take place on the legal base of Art. 6 (1) lit f GDPR. In this case, our interest persists in enforcing and resisting rights.

    • 4. E-mail enquiries

      If you contact us by mail for the purpose of an enquiry, your data will be saved for processing your enquiry. If the enquiry is for closing a contract with us, the processing of data can take place on the legal base of Art. 6 (1) lit b GDPR. Depending on your type of enquiry, the processed data can be your surname, first name, telephone number, e-mail or address. Further processing of your data will be limited by the given purpose (e.g. interest in using our products, contract closing, acquiring new customers). The data will be deleted after the intended purpose has been reached and all statutory retention obligations, with respect to commercial and tax law, have been met.

  • How long will the data be saved?
    • Data from Jira customer accounts
      The storage period for data of Jira customer accounts is aligned with the support contract period.
    • Data from contact form
      Data from the contact form will be deleted when the data prevail. If a contact request will be include the conclusion of a contract, the data will be saved for a longer period.
    • Data from job applications
      If the person in charge concludes a contract with the applicant, the data will be stored in his personal file for the purpose of the employment relationship. The applicable rights will be taken into account.
      If there is no conclusion of a contract, the electronic application files will be stored for six month and afterwards deleted by the person in charge. This duration of storage is to prove a legitimate interest that resides in enforcing and resisting demands.
    • E-mail enquiries
      Data from e-mail enquiries will be saved for the length of its purpose. Especially data from enquires of new customers will be deleted with reaching the intended purpose. As an exception, data of enquiries, which will be used to close a contract, will be saved for the length of the specific contract. This data will be deleted when it comes to a cancellation of the specific contract.
  • How do we use data?

    We compile personal data solely for the following purposes:

    • Log-in and Log-out process of Jira customer accounts
    • Maintenance of Jira customer accounts
    • Customer communication and support
    • Managing job applications
    • Processing e-mail enquiries
    The compiled personal data will solely processed for the given purposes.

  • How do we save data?

    Personal data is saved on our in-house databases. We implemented technical and organisational measures for the safety of the data.

    Unless there is no enactment or valid and mandatory instruction from a government or regulating authority, the data will not be disclosed.

  • How do we pass or disclose data?

    Unless there is no enactment or valid and mandatory instruction from a government or regulating authority, the data will not be passed or disclosed.

    For the safety, maintenance and service of personal data operators within our company have rights of access. In addition, affiliated companies have the same rights of access

    • Access for operators
      For the purpose of data maintenance or the customer support, Administrators and authorized employees / deputy have the right of access of personal data.
    • Subcompanies
      Data files can be exchanged with affiliates or affiliated companies. An affiliated company of CreateCtrl AG is:

      CreateCtrl Polska
      Bojkowska 37
      44-100 Gliwice
      Poland
    • Changes on the in-house business model
      Further data may be shared subjected to standard confidentiality agreements, if the following probabilities occur:

      • - Fusions
      • - Acquisitions
      • - Insolvency proceedings
      • - Closure proceedings
      • - Restructuring measures
      • - Disposal of parts or all assets or stock shares by CreateCtrl AG
      • - Fundings
      • - Public offering of sercurities
      • - Acquisition of parts of the business
      • - Similar transactions or lawsuits
      • - Steps in contemplation of such activities
  • What right do customers have?

    The GDPR provides the following rights for individuals:

    • a) The right to be informed

      Individuals have the right to be informed about the collection and use of their personal data.

    • b) The right of access

      Individuals have the right to access their personal data. It is possible to make a subject access request verbally or in writing.

    • c) The right to rectification

      Individuals have the right to have inaccurate personal data rectified, or completed if it is incomplete. They can make a request for rectification verbally or in writing.

    • d) The right to erasure

      Individuals have the right to have personal data erased. They can make a request for erasure verbally or in writing. The right is not absolute and only applies in certain circumstances.

    • e) The right to restrict processing

      Individuals have the right to request the restriction or suppression of their personal data. They can make a request for restriction verbally or in writing. The right is not absolute and only applies in certain circumstances.

    • f) The right to data portability

      Individuals have the right to obtain and reuse their personal data for their own purposes across different services.

    • g) The right to object

      Individuals have the right to object to the processing of their personal data in certain circumstances. They can make an objection verbally or in writing.

    If you have further questions or want to retrieve further information about the given rights, please feel free to contact use directly by using the contact details provided here in our data policy or in our legal notice.

    If a customer thinks that we process data unlawful and against the GDPR, he can reach out to us or the corresponding controlling institution.

  • Can the privacy policy been changed?

    If it is necessary, we may change parts of our data policy. Due to changes in law enforcement, regulations or standards, which might develop and change frequently, we have to adapt our data policy. Furthermore, changes in our business model have to be considered as well.

    Changes will be implemented in this data policy continuously.

    Therefore, we highly recommend reading our data policy from time to time in order to check if we implemented some changes.

  • Who is responsible?

    Responsible in terms of the GDPR is:

    CreateCtrl AG
    Friedenheimer Bruecke 21
    80639 Munich
    www.createctrl.com
    info@createctrl.com
    Tel.: +49 89 / 55 27 77-0

    Bezüglich Inanspruchnahme von Betroffenenrechten, können Sie sich an unseren Support oder den Datenschutzbeauftragten wenden.

  • How can I contact the data protection officer?

    Contact information:

    CreateCtrl AG
    Friedenheimer Bruecke 21
    80639 Munich
    E-mail: DSB@CreateCtrl.com

  • Is this website using Google Analytics?

    Our webpage uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. In case IP-anonymization is activated on this website, and your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area.

    Only in exceptional cases, the whole IP address will be transferred to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them other services relating to website activity and internet usage. The IP-address that your browser conveys within the scope of Google Analytics will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

    You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing Google Analytics Opt-out Browser Addon for your current web browser: Google Analytics Opt-out Browser Addon

    Here you can read further information about the data usage of Google Inc: Safeguarding your data