Privacy Policy

Party responsible for data processing

The person responsible pursuant to Art. 4 (7) GDPR is:
RIB Software GmbH
Vaihinger Str. 151
70567 Stuttgart, Germany [RIB]

E-mail: [email protected]

You can reach our data protection officer at: [email protected]

Purpose and legal basis for the processing

Personal data is only collected if you provide it to us of your own accord, e.g. by entering a contract via our website or filling out the contact form. We use this data exclusively for the purpose for which you entered your data. It will only be used for other purposes after explicit notification or after obtaining your consent, Art. 6 para. 1 lit. a) GDPR. In certain cases, personal data is used on the basis of a legitimate interest according to Art. 6 para. 1 lit. f) GDPR.

Processing based on a legitimate interest according to Art. 6 para. 1 lit. f) GDPR

A processing of personal data on the basis of Art. 6 para. 1 lit. f) GDPR takes place in the following cases:

Collection of personal data when visiting our website

When you use the website for information purposes only, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

  •     Browser type and version
  •     Operating system used
  •     Referrer URL
  •     Host name of the accessing computer
  •     Time of the server request
  •     IP address

The legitimate interest lies in the flawless presentation of its internet presence and the guarantee of the stability and security of our website.

Use of cookies

Cookies are data that are stored on your computer by a website you visit and enable your browser to be recognised repeatedly. Cookies transmit information to the entity that sets the cookie. Cookies can store various information, such as your language setting, the duration of your visit to our website or the entries you have made there. This prevents you, for example, from having to re-enter required form data each time you use the site. The information stored in cookies can also be used to recognise preferences and to tailor content according to areas of interest.

There are different types of cookies: Session cookies are sets of data that are only temporarily held in the working memory and are deleted when you close your browser. Permanent or persistent cookies are automatically deleted after a predefined period of time, which may differ depending on the cookie. With this type of cookie, the information can also be stored in text files on your computer. However, you can also delete these cookies at any time via your browser settings.

First-party cookies are set by the website you are currently visiting. Only that website is allowed to read information from these cookies. Third-party cookies are set by organisations that do not operate the website you are visiting. These cookies are used by marketing companies, for example.

The legal basis for possible processing of personal data by means of cookies and their storage period may vary. Insofar as you have given us your consent, the legal basis is Art. 6 para. 1 lit. a) GDPR. Insofar as the data processing is based on our overriding legitimate interests, the legal basis is Art. 6 para. 1 lit. f) GDPR. The stated purpose then corresponds to our legitimate interest.

We use cookies to ensure the proper operation of the website, to provide basic functionality, to measure reach and – with your consent – to tailor our services to your preferred areas of interest. We use both transient cookies and persistent cookies for this purpose.

The full list of cookies in use on this website is available in the Usercentrics Consent Management here.

You can delete cookies already stored on your end device at any time. If you want to prevent cookies from being saved, you can do this via the settings in your internet browser. Alternatively, you can also install so-called ad blockers. Please note that individual functions of our website may not work if you have deactivated the use of cookies.

Website analysis

For the purpose of analysing and optimising our websites, we use various services, which are described below. For example, we can analyse how many users visit our site, which information is most in demand or how users find the offer. Among other things, we collect data on which website a data subject came to a website from (so-called referrer), which sub-pages of the website were accessed or how often and for how long a sub-page was viewed. This helps us to design and improve our offers in a user-friendly way. The data collected in this way does not serve to identify individual users personally.

Advertising

We use cookies for marketing purposes to target our users with interest-based advertising. In addition, we use the cookies to limit the likelihood of an ad being served and to measure the effectiveness of our advertising efforts. This information may also be shared with third parties, such as ad networks. The legal basis for this is Art. 6 para. 1 a) and f) GDPR.

Your rights

You have the following rights in relation to personal data relating to you:

  1. General Rights

You have the right to information, correction, deletion, restriction of processing, objection to processing and data portability. If processing is based on your consent, you have the right to revoke this consent with effect for the future.

  1. Your Rights Regarding Processing based on Legitimate Interest

Pursuant to Art. 21 (1) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) e GDPR (data processing in the public interest) or on the basis of Art. 6 (1) f GDPR (data processing for the protection of a legitimate interest); this also applies to profiling based on this provision. In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

  1. Your Rights in Case of Direct Marketing

If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing in accordance with Art. 21 (2) of the German Data Protection Act (GDPR); this also applies to profiling insofar as it is associated with such direct marketing.

In the event of your objection to processing for the purposes of direct marketing, we will no longer process your personal data for these purposes

  1. Right to complain to a Supervisory Authority

You also have the right to complain to a competent data protection supervisory authority about our processing of your personal data.

Contact us by e-mail or contact form

When you contact us by e-mail or via a contact form, the data you provide (your e-mail address and name) is stored by us in order to answer your questions. Insofar as we request input via our contact form that is not required for contacting us, we have always marked this as optional. We use this information to specify your enquiry and to improve the processing of your request. Any communication of this information is expressly on a voluntary basis and with your consent, Art. 6 para. 1 lit. a) GDPR. Insofar as this involves information on communication channels (e.g. e-mail address, telephone number), you also consent to us contacting you via this communication channel, if necessary, in order to respond to your request. Of course, you can revoke this consent at any time for the future.

We delete the data accruing in this context after the storage is no longer required or restrict the processing if there are statutory retention obligations.

Processing of your data as a new and existing customer of RIB

If you place an order with us, whether via an order form, e-mail, telephone, live chat, or in person at one of our trade fair stands, we will add you to our customer file. The scope of the data corresponds to the mandatory data required for the specific enquiry, which are marked as such in the respective forms etc.

Our customer file is maintained in a uniform manner for the entire RIB Group, which means that your data can also be viewed by employees at all RIB locations. Your data is managed in systems from Salesforce, Microsoft Dynamics, Hubspot, VIS or RIB 4.0. RIB remains responsible for the processing of your data. Your data will be stored in our customer file until the need for processing, including legal retention periods, has expired. The legal basis for the processing is Art. 6 para. 1 lit. b) GDPR, if we process your data for the processing of an order, and Art. 6 para. 1 lit. f) GDPR for the further processing of your data as existing customer data. If we are obliged to legally store your data (e.g. due to HGB, tax law, etc.), the legal basis is Art. 6 para. 1 lit. c) GDPR.

Salesforce Marketing Cloud

Data that you provide to us via some of our websites (e.g. in forms for purchase, newsletter registration, contacting us, as well as the fact that you participate in a sweepstake) is currently stored on servers in the EU in the Salesforce Sales Cloud of salesforce.com, Salesforce Tower Dublin, 60 R801, North Dock, Dublin, Ireland, and used to send order confirmations and shipment notices. The parent company of salesforce.com Ireland is salesforce.com Inc, One Market Street, Suite 300, San Francisco, CA 94105, USA.

We use the Salesforce Marketing Cloud to send our newsletters, for automated mailings (e.g. welcome mailings) and for advertising campaigns in social networks. For this purpose, the newsletter subscriber’s data is transferred from Sales Cloud to Marketing Cloud.

The Salesforce Marketing Cloud data is stored and processed on Salesforce servers in the USA. For data transfers to the USA, the provider has signed up to the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission. Further documents on Salesforce’s compliance with GDPR can also be found at https://compliance.salesforce.com/en/gdpr.

The collection and storage of data only takes place after explicit consent according to § 25 para. 1 TTDSG, Art 6 para. 1 p. 1 lit. a GDPR. This consent can be revoked at any time with effect for the future.

With the help of so-called web beacons and pixels, we receive information on the click behaviour of users via the Marketing Cloud. Interaction data is stored in the Marketing Cloud directly on the user so that we can send you more targeted advertising via the Ad Studio, e.g. also via social networks. If you do not want this, you have the option, on the one hand, to exhibit personalised advertising in your account settings on the social networks. In addition, you can use a different email address for the newsletters or your customer account with us than the one for your social media accounts. You can find further information on an opt-out under section “Use of cookies”.

Further information on data processing by Salesforce can be found at: https://www.salesforce.com/eu/company/privacy/.

LeadLab (Wiredminds GmbH)

We use the LeadLab service from Wiredminds GmbH and its tracking pixel technology on our website to analyse user behaviour and optimise our site based on this. In particular, the service allows us to identify which companies have visited our site. In doing so, we do not receive any information that directly identifies you as an individual.

In connection with the use of LeadLab, cookies and tracking pixels are used to enable a statistical analysis of the use of this website by your visits. Information – including personal information – about your visitor behaviour is stored in the cookie and transmitted to Wiredminds or collected directly by Wiredminds. The information is processed by Wiredminds using a pseudonym in a usage profile for the purpose of analysis and anonymised as far as possible.

The data obtained in this way will not be used to identify you personally without your consent, nor will the data be merged with personal data about you as the bearer of the pseudonym.

Insofar as IP addresses are collected, these are anonymised immediately after collection by deleting the last number block.

Information on data protection at Wiredminds can be found on the company’s website.

Data processing is based on your consent in accordance with Art. 6 para 1 lit. a) GDPR. Wiredminds processes the data on our behalf on the basis of a commission processing agreement between us and Wiredminds. This ensures that the data processing on our behalf is carried out in accordance with the GDPR while guaranteeing the protection of the rights of the data subjects.

Google Analytics

Google Analytics

Where you have given your consent, this website uses Google Analytics, a web analytics service provided by Google LLC. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Scope of processing

Google Analytics uses cookies that enable an analysis of your use of our website. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.

We use the User ID feature . The User ID allows us to assign a unique, persistent ID to one or more sessions (and the activities within those sessions) and to analyse user behaviour across devices.

We use Google Signals . This captures additional information in Google Analytics about users who have enabled personalised ads (interests and demographics) and ads can be delivered to these users in cross-device remarketing campaigns.

In Google Analytics 4, the anonymisation of IP addresses is activated by default. Due to IP anonymisation, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your visit to the website, your user behaviour is recorded in the form of “events”. Events can be:

  • Page views
  • First visit to the website
  • Start of session
  • Your “click path”, interaction with the website
  • scrolls (whenever a user scrolls to the end of the page (90%))
  • Clicks on external links
  • Internal search queries
  • Interaction with videos
  • Ads seen / clicked on

It also collects:

  • Your approximate location (region)
  • Your IP address (in shortened form)
  • Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • Your Internet provider
  • The referrer URL (via which website/advertising medium you came to this website)

Purposes of the processing

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website and compiling reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website.

Recipients

Recipients of the data are/could be

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 GDPR)

Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities will access the data stored by Google.

Third country transfer

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not have any legal remedies against access by authorities.

Storage period

The data sent by us and linked to cookies are automatically deleted after 2 OR 14 months. The deletion of data whose retention period has been reached takes place automatically once a month.

Legal basis

The legal basis for this data processing is your consent pursuant to Art.6 para.1 S.1 lit. a) GDPR.

Revocation

You can revoke your consent at any time with effect for the future by accessing the cookie settings HERE and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

Alternatively, you can prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict functionalities on this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by selecting the appropriate settings on your browser.

  1. Do not give your consent to the setting of the cookie or
  2. Download and install the browser add-on to disable Google Analytics HERE.

You can find more information on the terms of use of Google Analytics and on data protection at Google at https://marketingplatform.google.com/about/analytics/terms/us/ and at https://policies.google.com/?hl=en.

Google Ads Conversion Tracking

We use the Google Ads service. Google Ads is an online advertising programme from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

This means that we display Google Ads adverts and also use Google Remarketing and Conversion Tracking as part of this. The adverts are displayed after search queries on websites in the Google advertising network. We also use Ads remarketing lists for search adverts. This enables us to customise search ad campaigns for users who have already visited our website. The services allow us to combine our adverts with certain search terms or to place adverts for previous visitors, e.g. advertising services that visitors have viewed on our website. We can therefore display interest-based adverts to users of our website on other websites within the Google advertising network (as a “Google advert” in Google search or on other websites).

An analysis of online user behaviour is necessary for interest-based offerings. Google uses cookies to carry out this analysis. When you click on an advert or visit our website, Google places a cookie on the user’s computer. These cookies have a varying durations depending on the type, please see here for more information: https://business.safety.google/adscookies/. The information collected by the respective cookie is used to target the visitor in a later search query. Further information on the cookie technology used can also be found in Google’s notes on website statistics and in the privacy policy. With the help of this technology, Google and us as a customer receive information that a user has clicked on an advert and has been redirected to our websites. The information obtained in this way is used exclusively for statistical analysis to optimise advertising. We do not receive any information that can be used to personally identify visitors. Your IP address is transferred to Google, but as we use Google’s IP masking on this website as part of the use of Google Analytics, your IP address is anonymised. The statistics provided to us by Google include the total number of users who have clicked on one of our adverts and, if applicable, whether they were redirected to a page on our website with a conversion tag. Based on these statistics, we can track which search terms were clicked on our advert particularly often and which adverts lead to the user getting in touch via the contact form.

You can find more information on data protection in the context of Google Ads at: https://policies.google.com/technologies/ads?hl=en.

If you do not want this processing to be carried out, you can block the placement of the cookie required for these technologies, for example via your browser settings. In this case, your visit will not be included in the user statistics.

You also have the option of selecting the types of Google ads or deactivating interest-based ads on Google via the ad settings (https://adssettings.google.com/authenticated?hl=en).

Alternatively, you can deactivate the use of cookies by third-party providers by calling up the deactivation help of the network advertising initiative.

However, we and Google will continue to receive statistical information about how many users have visited this site and when. If you do not wish to be included in these statistics either, you can prevent this by using additional programmes for your browser (e.g. the Privacy Badger add-on).

The legal basis for this data processing is your consent, Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future by accessing the cookie settings in our Consent Management Platform (“Cookie Settings” at the bottom of the page) and changing your selection there.

Meta Conversion Tracking

We use the Custom Audiences service of Meta Platforms, Inc, 1601 S. California Avenue, Palo Alto, CA 94304, USA (hereinafter referred to as “Facebook”) for user-based online advertising. For this purpose, we use the Facebook Ads Manager to define target groups of users based on certain characteristics, who are then shown adverts within the Facebook network. Users are selected by Facebook based on the profile information they provide and other data provided through the use of Facebook. If a user clicks on an advert and then accesses our website, Facebook receives the information that the user has clicked on the advertising banner via the Facebook pixel integrated on our website.

In this process, a non-reversible and non-personalised checking sum (hash value) is generated from your user data, which is transmitted to Facebook for analysis and marketing purposes. A Facebook cookie is set in the process. This collects information about your activities on our website (e.g. surfing behaviour, subpages visited, etc.). Your IP address is also stored and used for the geographical targeting of advertising.

We do not use Facebook Custom Audiences via the customer list or the “advanced matching” function.

Further information about the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your setting options for protecting your privacy, can be found in Facebook’s privacy policy. You can make settings regarding which adverts are displayed to you on Facebook in the Facebook account settings.

You can prevent data collection by the Facebook pixel by by accessing the data protection settings in the footer (“Cookie Settings”) and making the necessary changes there.

An opt-out cookie (persistent HTML5 storage object) will be set to prevent the future collection of your data when you visit this website.

You can also prevent the storage of cookies altogether by selecting the appropriate settings in your browser software. However, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent. Further options for deactivating cookies from third-party providers can be found at www.networkadvertising.org/managing/opt_out.asp or on the Digital Advertising Alliance opt-out platform at http://optout.aboutads.info/?c=2&lang=en.

LinkedIn conversion tracking

If you have given your consent, we use the online marketing tool LinkedIn Ads. The responsible service provider in the EU is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

For this purpose, we use the LinkedIn Campaign Manager to define target groups of users based on certain characteristics, who are then shown adverts within the LinkedIn network. The users are selected by LinkedIn based on the profile information they provide and other data provided when using LinkedIn. If a user clicks on an advert and then reaches our website, LinkedIn receives the information that the user has clicked on the advertising banner via the conversion tag integrated on our website.

The LinkedIn tag enables the recording of visited websites, including the URL, referrer ID, IP address, device and browser characteristics and timestamp. The IP addresses are shortened by LinkedIn or (in the case of cross-device use) hashed.

With the help of the LinkedIn pixel, we can show personalised ads outside our website without identifying individual members. Data that does not identify you is also used to improve the relevance of adverts and to reach LinkedIn members across different devices. LinkedIn members can control the use of their personal data for advertising purposes via their account settings. LinkedIn refers to the following link to customise advertising preferences: https://www.linkedin.com/psettings/advertising/actions-that-showed-interest

We process this data to analyse our advertising campaigns. Further information about the purpose and scope of data collection and the further processing and use of the data by LinkedIn, as well as your setting options for protecting your privacy, can also be found in LinkedIn’s privacy policy.

Further information on LinkedIn conversion tracking can be found at: https://business.linkedin.com/de-de/marketing-solutions/conversion-tracking#get-started

Further information on data processing and storage duration can be found at https://www.linkedin.com/help/linkedin/answer/65521?lang=en

The legal basis for this data processing is your consent, Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future by accessing the data protection settings in the footer (“Cookie Settings”) and making the necessary changes there.

Google Tag Manager

For reasons of transparency, we would like to point out that we use Google Tag Manager. This is a tag management system for managing JavaScript and HTML tags, which is used for the implementation of tracking and analysis tools. It is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The controller in the EU/EEA is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

The Google Tag Manager itself does not collect any personal data. The Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements that are used to measure traffic and visitor behaviour, record the performance of online advertising and social channels, set up remarketing and targeting and to test and optimise websites. If you have opted out, this opt-out will be taken into account by Google Tag Manager.

Recipients of the data are:

Google Ireland Limited, EU,

Google LLC, USA,

Alphabet Inc, USA.

This service may process data outside the European Union and the European Economic Area (EEA) and transfer it to a country that does not offer an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you having any legal options for judicial remedy.

The legal basis for this data processing is your consent, Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future by accessing the cookie settings in our Consent Management Platform (“Cookie Settings” at the bottom of the page) and changing your selection there. The lawfulness of the data processing until the withdrawal remains unaffected.

For more information about Google Tag Manager, please visit: https://www.google.com/intl/de/tagmanager/use-policy.html

Google Web Fonts (Offline variant)

This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. We have opted for the offline variant, in which the Google Fonts are stored locally on our web server. The fonts can then be managed – using CSS – as with any other font family. The IP address and other data are not transmitted to Google.

Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers with regard to efficiency and cost-saving considerations. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f) GDPR. If your browser does not support web fonts, a standard font from your computer will be used.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq?hl=en and in Google’s privacy policy: https://policies.google.com/privacy?hl=en-US

Google reCaptcha

We use reCaptcha v2 on our website. reCaptcha is a service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

ReCaptcha serves to prevent abusive automated entries in web forms and thus to protect the technical systems of the hoster.

When you call up one of our websites in which reCaptcha is integrated, a connection to Google’s servers is established. A reCaptcha cookie is set. Your IP address is transmitted to Google.

In addition, reCaptcha collects the following data by means of “fingerprinting”:

  • Browser plugins used
  • Cookies set by Google in the last 6 months
  • Number of mouse clicks and touches you have made on this screen
  • CSS information for the page accessed
  • Javascript objects
  • Date
  • Browser language

You may refuse the use of cookies and fingerprinting by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

Where data is processed outside the European Economic Area / the EU, where there is no level of data protection equivalent to the European standard, Google states that it uses standard contractual clauses.

You can find Google’s privacy policy and terms of use here: https://policies.google.com/privacy and here: https://policies.google.com/terms.

The collection and storage of data only takes place after explicit consent according to Art. 6 para. 1 p. 1 lit. a) GDPR. This consent can be revoked at any time with effect for the future.

YouTube (without DS mode)

We use services from YouTube, LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, a subsidiary of Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website. For users who are habitually resident in the European Economic Area or Switzerland, Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland is the data controller for your data.

To protect your personal data, we use a two-click solution . If you call up a page in which a YouTube video is embedded, a connection to the YouTube servers is only established when you click on the “Confirm” button. In this case, YouTube will set cookies and use your visit data for its own purposes. If you are logged in to YouTube at this time, the information about the videos you have viewed will be assigned to your member account with YouTube. You can prevent this by logging out of your member account before visiting our website. Insofar as data is processed outside the European Economic Area / the EU, where there is no level of data protection corresponding to the European standard, Google states that it uses standard contractual clauses.
Further information on YouTube’s data protection is provided by Google at the following link: https://policies.google.com/privacy?hl=en-US

Usercentrics

Usercentrics

Usercentrics is a consent management platform that enables websites to protect the privacy of users and comply with the GDPR when it comes to cookies and tracking. “Usercentrics” is an offer of the provider Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, hereinafter referred to as “Usercentrics”.

Through the “Usercentrics” function, we inform our website visitors about the use of cookies on our website and enable them to make a decision about their use.

 If the visitor gives consent to the use of cookies, the following data is automatically logged:

  • The user’s IP number
  • The date and time of consent
  • The user agent of the end user’s browser
  • The provider’s URL
  • An anonymous, random and encrypted key


 The encrypted key and the cookie status are stored in a cookie on the user’s terminal device in order to establish the corresponding cookie status when the page is called up in the future. This cookie is automatically deleted after 12 months. 

 The legal basis for storing the data is Art. 6 para. 1 lit. c in conjunction with Art. 7 para. 1 GDPR, as Usercentrics is used to fulfil requirements under the TTDSG. Alternatively : The legal basis for storing the data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest for the use of Usercentrics lies in the fulfilment of the requirements of the TTDSG.

The user can prevent or terminate the installation of the cookie and its storage, and thus his or her cookie consent, at any time by changing the settings of his or her browser.

Further information on Usercentrics can be found at: https://usercentrics.com/privacy-policy/

Stripe

If you choose Stripe as your payment method, personal data about you will also be transmitted to and stored by Stripe (Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland). This concerns transaction data, which includes the payment method (i.e. credit card, debit card or bank account number), BIC, currency, amount and date of payment. In the case of a transaction, your name, email address, billing or shipping address and sometimes your transaction history may also be transmitted. This data is necessary for authentication. Stripe may also collect your name, address, phone number and country in addition to technical data about your device (such as IP address) for fraud prevention, financial reporting and to fully provide its services.

Stripe does not sell any of your data to independent third parties, such as marketing agencies or other companies that have nothing to do with the Stripe company. However, the data may be shared with internal departments, a limited number of external Stripe partners or for regulatory compliance purposes. Stripe also uses cookies to collect data. You can find out more about the cookies used in the Cookies section. For more information on Stripe’s privacy policy, please visit https://stripe.com/de/privacy#translation.

Customer support on Jira

Should you choose to submit a support request on Jira, you may only do so using your own Jira account. Jira is an offering of Atlassian Pty Ltd, Level 6, 341 George Street, Sydney NSW 2000, Australia and Atlassian’s terms and conditions apply to all interaction with Jira. Atlassian is responsible for the processing of your personal data on Jira.

Customer Support on Zendesk

Should you choose to submit a support request on Zendesk, you may only do so using your own Zendesk account. Zendesk is an offering of Zendesk, 989 Market St San Francisco, CA 94103, USA and Zendesk’s terms and conditions apply to all interaction with Zendesk. Zendesk is responsible for the processing of your personal data on Zendesk. For more details, see Zendesk’s privacy information https://www.zendesk.com/au/company/agreements-and-terms/privacy-notice/#.

Salesforce Service Cloud and the RIB Service Portal

RIB uses Salesforce Service Cloud to provide customer support for RIB 4.0, Candy and Connect. We use the Salesforce Service Cloud to handle and communicate with you regarding your service requests, as well as monitoring your support case progress to make sure we are providing high quality support. Your Salesforce Service Cloud data is not used for marketing purposes.

Data that you provide to us via our Customer Care channels (e.g. email, online form submission, or typed into the system by our team when you log issues over the phone) is currently stored on servers in the EU in the Salesforce Sales Cloud of salesforce.com, whose registered address is Salesforce Tower Dublin, 60 R801, North Dock, Dublin, Ireland. The parent company of salesforce.com Ireland is salesforce.com Inc, One Market Street, Suite 300, San Francisco, CA 94105, USA. Further information on data processing by Salesforce can be found at: https://www.salesforce.com/eu/company/privacy/.

We provide a web interface called the RIB Service Portal where you can track your tickets online. This is developed by RIB and hosted in Microsoft Azure within the EU. Should you wish to use it, when you log into the portal your Salesforce Case data will be loaded and temporary cached in Microsoft Azure. We do this so it loads quickly in your web browser. Error logs and records of certain user actions (like sign in and sign out) are maintained for troubleshooting purposes. The legal basis for this data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest here lies in the smooth and secure operation of our website. We do not share any information with third parties or track your user activity for marketing.

Omnitracker Customer Portal

Through our Omnitracker customer portal, you can sign up for and unsubscribe from newsletters, submit support requests and obtain all software updates. You can register using your customer number at  https://www.rib-software.com/rib-login.

Only your e-mail address and customer number are stored in the customer portal. If you provide further personal data in support requests, we will process this data exclusively for the purpose of the specific fulfilment of your request. The legal basis is Art. 6 para. 1 sentence 1 lit. b) GDPR, insofar as the contractual service provision takes place via or with the help of the Omnitracker customer portal (e.g. with regard to contractually owed software updates). Insofar as you make further enquiries or e.g. subscribe to newsletters, the legal basis is your consent in accordance with Art. 6 (1) sentence 1 lit. a) GDPR, which you can revoke at any time. As an existing customer registered in the system, we process your data according to our legitimate interest, Art. 6 para. 1 p.1 lit. f) GDPR.

The customer portal is provided by OMNINET Software-, System- und Projektmanagementtechnik GmbH, Dr.-Otto-Leich-Straße 3, 90542 Eckental, Germany.

Chatmarshal customer chat

You have the voluntary possibility to contact us via live chat. The live chat is provided by Chatmarshal, a service of Chatmarshal, Bevan Road, Rivonia, Gauteng, South Africa. In order to conduct the live chat, data is transmitted to Chatmarshal, including but not limited to name, e-mail, contact number and location. The servers of the underlying chat system are located in Dallas, Texas, USA. The legal basis is your consent according to Art. 6 para. 1 lit. a) GDPR. Data will be processed to RIB via Salesforce Marketing Cloud, as detailed above.

Cloudflare

For our website, we use the services of CloudFlare Inc, 101 Townsend St, San Francisco, CA 94107 USA.

Cloudflare provides a so-called Content Delivery Network (CDN). This is a network of globally distributed servers that is able to deliver optimised content to website users. This means that large media files in particular can be delivered via a network of locally distributed servers connected via the Internet. This serves the secure and efficient provision of our website and helps to improve performance and stability.

For this purpose, personal data may be processed in Cloudflare’s server log files. Cloudflare also collects statistical data about visits to this website. The data collected includes:

  • Name of the website accessed
  • Retrieved file
  • Date and time of access
  • Amount of data transferred
  • Notification of successful retrieval
  • Browser type and version
  • The user’s operating system
  • Referrer URL
  • IP address
  • Requesting provider

The legal basis for this data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Our legitimate interest here lies in the smooth and secure operation of our website. You have the right to object to the processing in accordance with Art. 21 GDPR. Whether the objection is successful must be determined as part of a balancing of interests.

Insofar as data is processed outside the EU/EEA, Cloudflare Inc. is certified under the Data Privacy Framework (DPF) programme and is listed in the Data Privacy Framework list of the International Trade Administration (ITA). This means that Cloudflare has publicly committed to complying with the DPF obligations and any data transfer to the USA is harmless due to the current adequacy decision of the European Commission of 10 July 2023.

A list of currently certified US companies can be found here: https://www.dataprivacyframework.gov/s/participant-search. You can find more information on the Data Privacy Framework Programme on the official website of the ITA: https://www.dataprivacyframework.gov/s/.

Cloudflare uses the log data for statistical evaluations for the purpose of operation, security and optimisation of its own services. Further information on data processing by Cloudflare, in particular on data protection and data security, can be found at: https://www.cloudflare.com/privacypolicy/.

GoTo Webinar

We use the “GoToMeeting or GoToWebinar” tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: online meetings). “GoToMeeting and GoToWebinar” is a service provided by GoTo Ireland Limited, Bloodstone Building Block C, 70 Sir John Rogersons Quay, Dublin 2, Ireland. GoTo’s parent company is based in the USA, which means that some data might be transferred and processed outside of the EU.

When using GoToWebinar, the following data is processed by you: First name, surname, telephone (optional), email address, password, profile picture (optional), department (optional), meeting topic, meeting description (optional), participant IP addresses, device/hardware information

The following data may also be collected for recordings: MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.

It may be possible to use the chat, question- or survey-functions in an online meeting. In this regard, the text entries made are processed in order to display them in the online meeting and, if necessary, to log them.

We use “GoToMeeting or GoToWebinar” to conduct online meetings. If we want to record, this will be announced in advance. Active recording is also displayed in the app.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content.

In the case of online seminars, we may also process the questions asked by online seminar participants for the purposes of recording and following up on webinars.

The legal basis for data processing when conducting online meetings is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings themselves are part of the contract.

If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too, we are interested in the effective organisation of “online meetings”.

“GoToMeeting and GoToWebinar” is a service provided by a provider from the USA. Personal data is therefore also processed in a third country. We have concluded an order processing agreement with the provider that meets the requirements of Art. 28 GDPR.

An appropriate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses.

Further information on data protection and data security at GoTo can be found here: https://www.goto.com/company/legal/privacy

Microsoft Booking Calendar

To book appointments with our customer service or support teams, you have the option to use Microsoft Booking Calendar, a tool provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

The usage of Booking Calendar is voluntary. If you don’t want to book an appointment via Booking Calendar, you can reach out to us via another method, e.g. a contact form or E-Mail.

If you chose to use Booking Calendar, we will process your name, e-mail, postal address and any notes in order to book the required appointment. Data will be stored on Microsoft servers in the EU and USA.

The processing is based on Art. 6 para. 1 lit. f) GDPR, in our legitimate interest to organize appointments to match our capacities. In addition, Microsoft processes usage and metadata that is used by Microsoft for security purposes and to optimize the service. As part of the use of the website, Microsoft may store cookies on users’ computers for the purposes of web analysis or to maintain user settings.

Further information can be found in Microsoft’s privacy policy. You can object to the processing of your data in the Microsoft Cloud in accordance with the legal requirements. Insofar as personal data is processed by Microsoft in the USA, we refer to the EU-SCC concluded with, by and within the Microsoft Group.

Fullstory

We use the tool “Fullstory” provided by Fullstory, Inc., 1745 Peachtree ST NE, STE N, Atlanta, GA 30309. Fullstory is a behavioral analytics tool that allows us to view the RIB Hub application from the perspective of its users. Fullstory’s session replay and analytics capabilities help web teams troubleshoot bugs, support customers, and build better applications.

The legal basis for data processing is Article 6 (1) (a) GDPR, Section 25 (1) TTDSG (German Telecommunications-Telemedia Data Protection Act). You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection there.

If you have given your consent, the following data is processed:

Master data of users:

  • First name
  • Last name
  • Email address
  • Job title
  • Country

Usage Patterns:

  • Clicks
  • Mouse movements
  • Scrolling
  • Typing (passwords, payment information, and Social Security numbers are excluded by default from being recorded)

Tech Specs:

  • Browser
  • Device type
  • Operation system
  • Resolution
  • Script errors
  • IP address (the IP address is only recorded while a user’s session is active; at the end of the session, the IP address is discarded)

Navigation:

  • Pages visited
  • Referrers
  • URL parameters
  • Session duration

All categories of information are used to improve the design of RIB Hub. Usage patterns and navigation data help identify areas of the app that are confusing or underused, enabling designers to enhance the customer experience and develop better features. Technical specifications provide insights into the devices customers use for accessing RIB Hub. Personal information helps us understand how customers in different job roles and countries use the product, enabling us to design functionality that better supports their needs. Technical specifications also provide information about bugs and errors specific to particular web browsers or device types, allowing developers to build and deploy fixes faster. Personal information is also used to find relevant records when supporting a customer.

Employees of RIB Affiliates located outside of Europe (currently in Australia, Denmark, Hong Kong, India, South Africa, the United Kingdom, and the USA) will have access to the data.

The data is stored in the europe-west3 region of Google Cloud which is located in Frankfurt, Germany. Fullstory may also process data in the USA. FullStory, Inc. is certified according to the Data Privacy Framework, so that for data transfers to FullStory, Inc. an adequacy decision of the European Commission in the sense of Art. 45 GDPR is available. The status of the certification can be accessed via the following website: https://www.dataprivacyframework.gov/list. Additionally, we have signed the EU standard contractual clauses with FullStory, Inc.

The storage period for session data is 1 month. Product analytics data is stored for 12 months.

Further information on data protection at Fullstory can be found at: https://www.fullstory.com/legal/privacy-policy/.

Microsoft Forms

This online query of your data is created using Microsoft Forms, an application of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Type and purpose of data processing:

Microsoft Forms is a type of universal survey tool, which can also be used as a tool for designing and analysing online surveys, queries and quizzes. The data you enter in the survey is sent to us and analysed by Microsoft Forms.

Recipient of the data:

According to Microsoft, data from Microsoft Forms is stored on servers in Europe if the organisation is based in Europe.

Accordingly, the data is stored on Microsoft servers in the Netherlands (Evert van de Beekstraat 354, 1118 CZ Schiphol, Netherlands) and Ireland (1, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland). Microsoft Forms data is encrypted both at rest and during transmission.

In addition, Microsoft processes usage and metadata that is used by Microsoft for security purposes and to optimise the service. As part of the use of the website, Microsoft may store cookies on users’ computers for the purposes of web analysis or to maintain user settings.

We use this Microsoft cloud service on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to standardize and streamline the way we collect and organize information so that we are able to better process, analyze and store this information and the related insights.

Further information can be found in Microsoft’s privacy policy. You can object to the processing of your data in the Microsoft Cloud in accordance with the legal requirements. We delete the data that we receive from Microsoft Forms after 3 years, after which the data is deleted from the Microsoft servers.

Insofar as personal data is processed by Microsoft in the USA, we refer to the EU-SCC concluded with, by and within the Microsoft Group.

Feature Requests on Aha!

Feature requests for the RIB CostX and RIB Benchmark products are handled using the Aha! Platform. “Aha!” is provided by Aha! Labs Inc., 800 Concar Drive, Suite 100, San Mateo, CA 94402. Aha! is a product management platform that allows us to visualize and plan our product strategy and roadmap. Aha!’s roadmapping, idea management, and strategic planning capabilities help product teams prioritize features, manage releases, and align product development with business goals. Customers must be invited to use Aha! by RIB. To send the invitation, RIB will gather the following details from the customer:

  • First name
  • Last name
  • Email address
  • Organisation

This is done on a request basis only. This data will only be processed for the purpose of creating the Aha! account. Once the account has been created, Aha! Labs Inc. terms and conditions apply to all interaction with Aha!.

Data transfer to the USA

Aha! Lab Inc. is headquartered in the USA. Where data is being processed outside the EU/EEA, Aha! Lab Inc. has certified itself under the E.U.-U.S. – Data Privacy Framework (DPF) programme. This means that Aha! has publicly committed to complying with the DPF obligations and that any data transfer to the USA is considered safe based on the current adequacy decision of the European Commission of 10 July 2023.

A list of currently certified US companies can be found here: https://www.dataprivacyframework.gov/s/participant-search

We have also concluded a data processing agreement with Aha! Lab Inc. in accordance with the requirements of Art. 28 GDPR.

Further information on data processing by Aha! Lab Inc. can be found at https://www.aha.io/legal/privacy_policy 

Legal basis for data processing

The use of Aha! and the associated processing of personal data is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to improve our product offerings based on customer feedback.

Storage period

The processed data is stored permanently as long as the account with Aha! exists.

Highspot Sales Enablement

Description, purpose and scope of data processing

We use the Highspot Sales Enablement tool, an application provided by Highspot Inc, 2211 Elliott Ave Suite 400, Seattle, WA 98121, US. The platform is a sales enablement platform that is implemented to simplify the development of sales strategies for our sales team and to provide targeted content and allow for simplified communication with customers and prospects.  

The following personal data is being processed in order to use the platform:

  • First name and surname
  • e-mail address
  • IP address
  • Date and time of use

Other details such as telephone number or location are optional and are labelled as such by us.

When our sellers share content from the system with prospects, customers or clients, Highspot stores certain information for analytics purposes, such as the recipient’s name, email address and any information we choose to use to link the content to records in our CRM, such as opportunity, contact, lead or account name and ID. This information is retrieved from our CRM via a ready-to-use integration.

In order to order to optimize our content strategy by understanding engagement patterns, and to provide optimal customer experience through data-driven insights, Highspot also processes the following data:

  • Last viewed content (date)
  • Number of views (per content)
  • Number of total views
  • Duration of viewing time (per content)
  • Total viewing time
  • Number of downloads (per content)
  • Total number of downloads

Data transfer to the USA

Highspot Inc. is headquartered in the USA. Where data is being processed outside the EU/EEA, Highspot Inc. has certified itself under the E.U.-U.S. – Data Privacy Framework (DPF) programme. This means that Highspot has publicly committed to complying with the DPF obligations and that any data transfer to the USA is considered safe based on the current adequacy decision of the European Commission of 10 July 2023.

A list of currently certified US companies can be found here: https://www.dataprivacyframework.gov/s/participant-search.

We have also concluded a data processing agreement with Highspot Inc. in accordance with the requirements of Art. 28 GDPR.

Further information on data processing by Highspot Inc. can be found at https://www.highspot.com/privacy/.

Legal basis for data processing

The use of Highspot and the associated processing of personal data is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to provide our Sales staff with an efficient and effective sales platform in order to optimise our sales processes.

If we process data for analysis purposes as described above, this only takes place on the basis of your consent in accordance with Art. 6 para. 1 lit. a) GDPR. Consent is obtained from you via our cookie banner and can be revoked at any time.

Storage period

The processed data is stored permanently as long as the account with Highspot exists