Privacy Policy

We at Allthings are striving for a more connected and less complicated future of living together.
To achieve our goal, a responsible and viable approach on data security is essential.
For us at Allthings, your trust is therefore our company priority. The legal ownership of your Data is yours and remains yours alone. Accordingly, We as a company want to ensure your data remains safe during your use of our website and products.
This Privacy Policy details the ways your personal data is protected and may be used in accordance with applicable laws. The short version: Allthings will not sell personal data and only makes use of personal data in the ways described below.  

However, if you are a user of one of the products Allthings provides to its customers,,  the extend of your data we are working with may differ depending on our customers/ your service provider. This, for example, impacts the amount of Micro-Apps installed in your Personal App.
We as a company furthermore provide our customers with a Platform that enables our customers to manage their digital data subject to their own privacy policies. In that way, we enable our customers to manage their data in a responsible way.
For detailed privacy information related to an Allthings customer or partner  who uses Allthings products and services, please contact our customer or partner directly.
This Privacy Policy is intended to give you an overview of what happens to your personal data (hereinafter also referred to as "data") in our company and to inform you of the data protection claims and rights to which you are entitled in accordance with the applicable statutory provisions. These are in particular, the new Swiss Federal Law for Data Protection (nDSG) in Switzerland and the regulation to the Federal Law for Data Protection (VDSG) and any foreign data protection law, applicable for our Services and our user, in particular the European General Data Protection Regulation ("GDPR"), and the Germany Federal Law for Data Protection ("BDSG"), The EU recognizes that new Swiss data protection law ensures adequate data protection. We therefore ask you to take note of this Privacy Policy and, if necessary, to print it out or save them. 
Personal data is all data which can be used to identify you individually. Your personal data can be processed for various purposes. Essentially, Allthings Technologies AG (hereinafter also referred to as "Allthings" or "We") can divide the data processing processes into the following areas of application:
In connection with the website www.allthings.me (hereinafter referred to as "Website") or comparable external online presences, such as our social media profile (website and external online presences hereinafter referred to collectively as "online presence"), we process visitor data exchanged between their Internet-enabled terminal devices and the server operated by us, as well as data communicated to us within the framework of the use of the respective online presence. Details can be found in Part B of this Privacy Policy. 
For the purpose of providing the Allthings platform, its functions and content and related applications or micro-applications offered (collectively also referred to as "Services"). More information on this can be found in Part C.
For the purpose of processing or the initiation of contracts, we process the necessary data of our customers and interested parties. You can find more information on this in Part D.
The data of our business partners or suppliers is used exclusively for the direct placing, processing or execution of orders. You will find more information on this under Part D.

Who is responsible for data processing and who can you contact if you have any questions?

The responsible entity within the meaning of GDPR and other national data protection laws of the member states as well as other data protection regulations is Allthings Technologies AG, Lange Gasse 8, 4052 Basel (Switzerland)
Responsible contact person at Allthings is:

Rafael Klein, Head of Engineering

II. What rights do you have with regard to your personal data?
If your personal data is processed, you may be entitled to the rights described below. If you wish to exercise any rights against Allthings as the responsible party, we recommend that you send them to this address or point of contact:

Allthings Technologies AG, 
Lange Gasse 8, 
4052 Basel (Switzerland)
support@allthings.me

1. Right to information
In accordance with Art. 15 GDPR, you can request confirmation from us whether we process any kind of personal data relating to you and obtain information to what extent we process it.
2. Right to rectification 
If personal data concerning you is incorrect or incomplete, you have a right to correction and/or completion pursuant to Art. 16 GDPR.
3. Right to erasure
If the legal requirements of Art. 17 GDPR are met, you can demand that we delete your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent an immediate deletion, e.g. in the case of legally regulated storage obligations.

Irrespective of the exercise of your right to erasure, we will immediately and completely erase your data in order to fulfill our statutory erasure obligations after the processing purpose has ceased to apply, insofar as there is no legal or statutory retention period to the contrary.

4. Right to restriction of processing
In the cases specified in Art. 18 GDPR, you may request us to restrict the processing of your data. If you have restricted the processing of your personal data, this data - with the exception of storing it - may only be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of an important public interest of the European Union or a member state.
5. Right to data portability
According to Art. 20 GDPR, you have the right to request that any data provided by you, which is processed automatically by us on the basis of your consent or in fulfillment of a contract, be handed over to you personally or to a third party in a standard, computer-readable format. If you request the direct transfer of the data to another responsible person, this will only be done as far as it is technically feasible. The right to data transfer does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority assigned to the person responsible.
6. Right to object
If we process your data on the basis of a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR, you may object to this data processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions (see Art. 21 GDPR). If you file an objection, we will no longer process your personal data concerned unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms or the processing serves the assertion, exercise or defense of legal claims.
If your personal data is processed for the purpose of direct advertising, you have the right at any time to object to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct advertising. If you object, your personal data will no longer be used for direct marketing purposes. You can object to the processing of your data for the purpose of direct marketing at any time without giving reasons.
7. Right to revoke the declaration of consent under data protection law
Some data processing operations are only possible with your expressed consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time and with future effect. However, the legality of the data processing carried out until the time of revocation remains unaffected by the revocation. Please note that even after revocation of your consent, it may still be possible to process the data concerned in whole or in part on the basis of other legal principles.
8. Right to lodge a complaint with a supervisory authority
Without detriment to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, workplace or place of presumed infringement, if you are of the opinion that the processing of your personal data violates the GDPR (Art. 77 GDPR in conjunction with § 19 BDSG). A list of data protection officers in Germany and their contact details can be found at the following link:
www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
If you are of the opinion that we violate German or European data protection law when processing your data, we ask you to contact us in order to clarify any questions you may have. Of course, you also have the right to contact the supervisory authority responsible for our company headquarters.
Please note that Allthings Technologies AG, being a Swiss company, is subject to the control of the Swiss data protection authorities. If you have any questions or complaints, please feel free to contact the Swiss data protection authority in charge of Allthings directly.  

III.     Which personal data is processed and from which sources does this data originate?
1. The source of the personal data

We mainly process the data that we receive directly from the persons concerned within the scope of a business initiation or in the course of the business relationship (see also Part D). 

In addition, we process - to the extent necessary for the provision of our services or the fulfilment of a contract with you - data that we have received from other companies in our group of companies or partner companies or from locally responsible companies integrated into our sales system with which we have a long-term business relationship:

Allthings GmbH (Merzhauser Strasse 161, DE-79100 Freiburg im Breisgau) 


In individual cases, we also process data that we have received or acquired from other third parties such as credit agencies, creditor protection associations or authorities, or that we have taken, received or acquired from publicly accessible sources (e.g. telephone directories, company registers, press, Internet or other media). 

Via our website and our services, we process data which we receive during your visit or which you actively communicate to us within the scope of your use (e.g. when using our contact form). Other data is automatically collected by our IT systems when you visit our website or use one of our services. These are mainly technical data (e.g. Internet browser, operating system or time of a page call). This data is collected automatically as soon as you enter our website or call up one of our services. Details can be found under Part B and Part C.

2. Categories of personal data
Among the personal data that we regularly process are personal master/contact data such as: First and last name, address, e-mail address, telephone number, fax, position in the company.
In addition, we also process the following other personal data, depending on the order or the services to be rendered:
Information on the type and content of our business relationship such as contract data, order data, sales and document data, customer and supplier history, consulting documents.
Advertising and sales data,
Documentation data (e.g. consultation protocols, data from service meetings or support cases)
Information from your electronic dealings with us (e.g. IP address, log-in data)
other data that we have received from you in the context of our business relationship (e.g. in discussions with customers),
the documentation of declarations of consent 
Photos taken at public events

IV.     For what purposes and on what legal basis will the data be processed?
We process your data in accordance with the provisions of the Basic Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as amended, in particular on the following bases:
1. Fulfilment of (pre-)contractual obligations (Art. 6 para. 1 lit.b GDPR)
Personal data is processed on the basis of Art. 6 para. 1 lit. b GDPR in order to fulfil contractual obligations of Allthings, in particular in connection with the sale and distribution of our goods and services as well as all activities customarily required for the operation or administration of Allthings (e.g. customer administration).The data may also be processed on a pre-contractual level within the framework of a business relationship with Allthings or in the course of other contractual relationships with Allthings.
Art. 6 para. 1 lit. b GDPR, for example, is the legal basis in the following cases:
Creation and maintenance of a customer or supplier account
Keeping customer/prospect files or our customer/prospect database
Sending of information
Offering and selling Allthings software products
Offering and implementing our services (e.g. training, consulting and support services)
Details for the purpose of this data processing can be found in the respective contract documents and terms and conditions.
2. Safeguarding legitimate interests (Art. 6 para. 1 lit.f GDPR)

On the basis of a weighing of interests, data processing may take place beyond the actual fulfilment of a contract in order to safeguard the legitimate interests of Allthings or third parties. This is permissible, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail. Data processing to safeguard legitimate interests is carried out in the following cases, for example:
Transmission of data to companies affiliated with us 
Execution of payment transactions via external service providers 
Use of debt collection service providers and lawyers to collect receivables and/or enforce them in court
Assertion of other legal claims and defense in legal disputes
Advertising or marketing 
Market and opinion surveys
Image and sound recordings at public events (e.g. trade fairs, open days, workshops, industry events)
Measures for business management and further development of our services;
Maintaining databases on customers/prospects and service providers to improve our offering
Carrying out a risk assessment (due diligence) in the context of any company restructuring or a company acquisition or sale
Ensuring the IT security and IT operations of our company
Measures for building and plant safety
3. Fulfilment of legal obligations (Art. 6 para. 1 lit.c GDPR)
The processing of your data may be necessary in part for the purpose of fulfilling various legal obligations and requirements to which we are subject, e.g. from commercial law or tax law.
4. Consent (Art. 6 para. 1 lit.a GDPR):

If, in individual cases, you have given us your consent to process your data, it will be processed in accordance with the purposes and to the extent agreed in the declaration of consent. Consent given, e.g. for sending a newsletter, can be revoked at any time with effect for the future. For this purpose, "please contact the contact person listed under Part A Section I or Section II. Please note that processing which took place before the revocation is not affected by the revocation and under certain circumstances data processing may continue to be possible at least partially on the basis of another legal basis.

For this purpose, we use your data for the following purposes, for example:
Quality assurance: In order to continuously improve our services, our products and our services for you, we conduct surveys to your satisfaction, as well as your experiences from your contractual relationship.
General and personalized advertising by email, fax or telephone.
If you have given us a SEPA Direct Debit Mandate, we will use your bank details. We collect open amounts via the SEPA Direct Debit Mandate in accordance with the contractual agreements.
V. Who receives my data?
At Allthings, those employees or organizational units who need your data to fulfill our contractual and legal obligations or to process or pursue our legitimate interests receive it. 
Your data will be forwarded to companies for the initiation or execution of a contractual relationship (e.g. provision of a service or sale of goods) in accordance with Art. 6 para. 1 lit. b GDPR or - depending on the type of concrete contractual relationship - and on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, in particular to companies which we regularly use in connection with the provision of our service or for contract execution. This applies to the following recipients or recipient categories:
IT service providers (e.g. email service providers, web hosting companies)
Affiliated companies 
Partner (for example, sales partner, advertising partner)
Communication provider (e.g. telephone providers) 
Payment service provider 
Shipping and logistics service providers 
Chartered accountant
Tax and legal advisors

If we use a service provider for the purpose of order processing (see Art. 28 GDPR), we nevertheless remain responsible for the protection of your data. To the extent required by law, contract processors are contractually obligated by an order processing agreement to treat your data confidentially and to process it only within the scope of providing the service. The processors commissioned by us will receive your data insofar as they require the data for the performance of their respective services. 
Your data will only be transferred to state institutions and authorities or collected for this purpose within the framework of mandatory national legal provisions or if you have commissioned us to do so.
VI. How long will my data be stored?
Your personal data will only be used for the purpose for which you provided it to us or for which you gave us your consent and will be stored until this specific purpose has been fulfilled. After complete processing of the purpose, or as soon as you request us to delete your data, your data will only be stored as long as it is necessary due to statutory limitation periods or retention periods (in particular tax and commercial law nature). However, the data will be deleted at the latest after expiry of all periods, unless you have expressly consented to further or other use. You can also assert rights during the retention periods, such as blocking your data, see Part A. Section II.
Your data will be deleted or blocked by us as soon as the purpose of storage no longer applies, or you request us to delete it.
We process, in particular store your data in principle at the longest only up to the termination of the business relation or up to the expiration of the valid guarantee, warranty, limitation periods. For example, depending on the applicable contract law, the statute of limitations is regularly three years, but in certain cases also up to thirty years. In addition, it may be necessary for data to be retained until the legally binding termination of any legal disputes in which the data is required as evidence.
Furthermore, we are subject to legal documentation and storage periods (e.g. from the German Commercial Code). The periods specified there for storage or documentation are generally between two and ten years. For example, even after termination of a contract with you, we would have to store your data for a period until the completion of the tax audit of the last calendar year in which you were our customer. 

VII. Will personal data be transferred to any third country?
As part of our processing, personal data in certain business transactions or areas of activity may also be transferred to locations in so-called third countries outside the EU or the EEA to which the EU Commission has not yet attested an adequate level of data protection, for example in the USA. If such data transfer should become necessary in individual cases, this will only be done on the basis of an adequacy decision of the European Commission, standard contractual clauses, suitable guarantees for compliance with data protection or your expressed consent.

In principle, you can visit our online presences and use them for information purposes without having to provide personal details (e.g. register, place orders or otherwise provide information about yourself).  In this case, we process personal data of our users only to the extent necessary to provide a functional online presence as well as our content and services or to the extent that cookies used by us transmit personal information when visiting the online presence. Information on our own cookies used by us can be found under Part B Section II. Other cookies enable our partner companies or third parties to recognize your browser the next time you visit us, if applicable. For details on such third-party cookies, please refer to Part B Section III.
In addition, the processing of personal data of our users is carried out regularly only with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by statutory provisions.  

I. Provision of the website and creation of log files
Description of data processing
Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer, which your Internet browser automatically transmits to us or our web host (so-called log files). These server logfiles contain IP addresses or other data that enable an assignment to a user. This could be the case, for example, if the link to the website from which the user accesses the website or the link to the website to which the user switches contains personal data. The following information is collected:
Information about the browser type and version used
The user's operating system
The Internet service provider of the user
The IP address of the user
Date and time of access
Websites from which the user's system accesses our website 
Websites accessed by the user's system through our website
This data is not stored together with any other personal data of the user.
Legal basis and purpose of data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. 
The data is stored in log files in order to ensure the functionality of the website. The data is also used to optimize the website and to ensure the security of our information technology systems. 
Duration of storage / possibility of objection and removal
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the purpose of providing the website, this is the case when the session in question has ended. 
In the case of storage of data in log files, this is the case after 90 days at the latest. We do not store data beyond this. In this case the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible. 
The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.
II.     Cookies and comparable technologies
1. Use of Cookies on our website
Description of data processing
Our website uses cookies or similar methods and collects, processes and uses usage data (e.g. access times, visited websites) or meta and communication data (IP address, device information). Cookies are text files with a characteristic string of characters that are stored in the Internet browser or by the Internet browser on the user's computer system and which enable the browser to be uniquely identified when the offer is called up again. If a user calls up a website, a cookie can be stored on the user's operating system. A cookie contains a characteristic string of characters. The use of these cookies serves to make a website more user-friendly, effective and secure. When you visit a website on which a cookie is embedded, the data you enter is stored exclusively in the cookie on your computer. In this case, data will only be transmitted to the servers of our offer when a page request is made.
Some cookies are deleted after the end of the browser session when your browser is closed (so-called session cookies). These cookies are technically necessary, e.g. so that you can log in to the application and also remain logged in across pages during your visit to our website. 
Other cookies remain on your end device for a specified period of time and enable us to recognize your browser during your next visit (so-called persistent or protocol cookies). The purpose of using these cookies is to provide you with optimal user guidance, to "recognize" you and to present you with as varied a website and new content as possible when you repeatedly use it. 
Cookies from partner companies or third parties can be used, for example, to collect information for advertising, user-defined content or statistics ("third party cookies"). If we do not identify cookies as originating from third parties, the cookies originate from our offer ("first party cookies"). We will inform you separately about third party cookies or tracking technologies that we use in the following sections of our Privacy Policy.
Cookies that are essential to provide the website’s functionality are listed as “necessary”. 
For all other cookies, we need your consent. Your consent can be given in the settings of the tool we implemented on our website for obtaining consent for the use of certain categories of cookies ("cookie consent-tool"). This tool blocks all categories of cookies that are not essential for the proper operation of the Website, unless you give your consent to the use of cookies beyond this category. Your consent can be adjusted or revoked at any time via our website by emptying your cache and reloading the allhings website.


We use the following cookies to make our website more user-friendly and store or transmit the following data:
This list may be updated from time to time. The most current list of cookies can be found on the website.


Necessary
Necessary Cookies are helping to provide functionality of the website. The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized also after a page change.

Preferences
Preferencial cookies allow the website to recall information that alter the websites apparence. I.e. your preferred language settings.

statistical cookies/preferences 
statistical cookies record information about website usage and user behavior anonymously.
This data helps to further optimize the website in the future.

Marketing 
Marketing-cookies are used to follow website-users in order to recommend advertisements relevant to them.

Legal basis and purpose of data processing
The legal basis for the processing of personal data using necessary cookies is Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality and security of the website and a customer-friendly and effective design of the site visit. Other cookies are used with the users consent according to Art. 6 para. 1 lit. a GDPR. Your consent consists in your chosen cookie-bot settings.
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized also after a page change.
Duration of storage / possibility of objection and removal
Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. Thus, an objection to the use of Cookies for online marketing purposes can be declared by means of a variety of services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/ or generally on http://optout.aboutads.info. 
However, you can also use the functionalities of the Cookie Consent-Tool we have integrated, by clicking here.
If Cookies are deactivated for our website, it is possible that all functions of the website can no longer be used to their full extent.
2. Cookiebot (cookie-consent-tool)
Description of data processing
We use the cookie consent tool "Cookiebot" of the company Cybot A/S, 1058 Copenhagen, Denmark (hereinafter: "Cookiebot"). When you access our website, Cookiebot shows you a cookie list divided into functional groups by means of a pop-up window, explains the purpose of the cookie functional groups and the individual cookies as well as their storage period. You can then switch on the cookies divided into function groups by clicking on the corresponding box and declare your consent to the use of the cookies, or declare your consent altogether for all cookies. Please note that the technical cookies are already stored when you enter our website and the relevant box is preset.
Legal basis and purpose of data processing 
The legal basis for the processing of personal data by means of cookies within Cookiebot is Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality and security of the website and a customer-friendly and effective design of the site visit. For this purpose, Cookiebot uses technically necessary cookies to store the content of the consent you have given for your next visit. The use of technically necessary cookies serves to simplify the use of the website for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after you exit our website.
Duration of storage / possibility of objection and removal
Cookies are stored on the user's device and transmitted by the user to our website. Therefore, you as the user have full control over the use of cookies. You can disable or restrict the transfer of cookies by changing the settings in your Internet browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. However, if you wish to review or change your cookie settings, you can access Cookiebot via emptying your cache and reloading the website.
If cookies are disabled for our website, it is possible that functions of the website can no longer be fully used.

III.     Statistical analysis of the website / increase of reach
1. Hubspot
Description of data processing
This website uses the functionalities of the Customer Relations Management (CRM) system HubSpot. HubSpot is a software solution of HubSpot Inc. 25 First Street, 2nd Floor, Cambridge, MA 02141 USA, which is offered in Europe by HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. We use HubSpot to control and implement inbound marketing related to various functionalities of our online presence. The information stored is stored on HubSpot servers. The data processed may be used by us to gain detailed insight into the way our websites are used and used, to interact with visitors to our website and to determine what services our company may be of interest to them. 
HubSpot uses so-called "web beacons" (invisible graphics or code) and cookies, which are embedded in websites or emails and stored on the user's end devices. The IP address, geographical location, type of browser, duration of the visit and the pages called up are recorded here.
HubSpot also collects the data entered by the user if he (a) subscribes to our newsletter (b) uses our download area (c) writes a comment or (d) completes one of our contact forms.
Further information on data protection at HubSpot can be found at https://legal.hubspot.com/de/privacy-policy.
Legal basis and purpose of data processing 
We use all information collected about HubSpot on the basis of our legitimate interests in the optimization of our marketing and analysis of the use of our online presences as well as their continuous optimization and user-friendly design (Art. 6 para. 1 lit. f GDPR). Furthermore, we use personal data on the same basis to inform our users in a more targeted manner. 
Duration of storage / possibility of objection and removal
The user can prevent the storage of cookies by deactivating the storage of cookies in his browser settings. If the user wishes the other personal data to be deleted, he may exercise his right of opposition and removal as described in general in Part A.

2. Mixpanel
Description of Data processing
Allthings uses online marketing services of the provider Mixpanel Inc. 405 Howard Street, Floor 2, San Francisco, CA 94105 ("Mixpanel") for the statistical evaluation and optimization of the Allthings product range. The software of Mixpanel allows us to evaluate advertisements which we place on online presences in a more targeted way. For this purpose, a code from Mixpanel is executed when calling our and other websites on which Mixpanel is active and so-called "web beacons" (invisible graphics or code) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). In the process, it is stored which websites the user visits, which content he is interested in and which offers he has clicked on, as well as technical information on the browser and operating system, referring websites, visiting times and other information on the use of the online offer. 
According to Mixpanel's own statements, the above-mentioned information may also be linked to such information from other sources. The processing of user data by Mixpanel is pseudonymous, i.e. no clear user data (such as names) is processed and user IP addresses are shortened. The processing only takes place on the basis of an online identifier, a technical ID. Any IDs or e-mail addresses communicated to Mixpanel are encrypted as so-called hash values and stored as a series of characters that do not permit identification.
Legal basis and purpose of data processing
We use Mixpanel on the basis of our legitimate interests in the analysis, optimization and economic operation of our online presences (Art. 6 para. 1 lit. f. GDPR).
Duration of storage / possibility of objection and removal
Further information on data protection at Mixpanel can be found in Mixpanel's data protection regulations: https://mixpanel.com/legal/privacy-policy/.
For the possibilities to object to the registration by Mixpanel see https://mixpanel.com/optout/

V.     Further information on procedures, plug-ins and tools used to design the website
1. SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
2. reCaptcha (Invisible reCAPTCHA)
Description of the data processing
To protect your login or registration processes and your requests in our forms and input screens, we use the service reCaptcha, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which is offered in Europe by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For this purpose, Google evaluates information on the behaviour or user actions (in particular mouse movements) of the users. In contrast to other reCaptcha procedures, the Invisible reCaptcha does not require any additional queries (tick marks, picture puzzles). Instead, a JavaScript element is integrated into the source code. reCaptcha then runs in the background and analyses the user behaviour. From the recorded user actions, the reCaptcha software calculates a captcha score from which Google draws conclusions about the probability of whether the following input is made by a human being or abusively by automated, machine processing (so-called "bots"). 
Google reCaptcha uses so-called "cookies" for this purpose. Google collects the following data for this purpose: the information from which page the CAPTCHA is integrated, the IP address of the connection, referrer URL, information on the operating system used, the screen and window resolution, the language set in the browser, the time zone in which you are located, browser plug-ins installed on your end device, the other cookies already present from Google, mouse and keyboard behavior. 
According to Google, the IP address collected is already shortened within the member states of the EU or in other states party to the Agreement on the European Economic Area and only in exceptional cases is it transmitted in full to servers in the USA, where it is then shortened. According to Google, the IP address transmitted by your browser within the framework of reCaptcha is not merged with other Google data. An exception can be made if you are logged in parallel in your own Google account. In this case, however, Google processes your data outside our area of responsibility on the basis of the terms of use concluded between you and Google.


For more information about Google's data processing practices, please read the Google Privacy Policy at https://policies.google.com/privacy?hl=de,
Legal basis and purpose of the data processing
Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR for the purpose of ensuring the integrity and functionality of our online offers and services. We have a legitimate interest in protecting our online offers and services and their users from abuse (e.g. automated spying, DDoS attacks or spam).
Duration of storage / possibility of objection and removal
The collection of data for the provision of the website is absolutely necessary for the operation of our online offers and services. Consequently, there is no possibility of objection on the part of the user. You can object to the collection and forwarding of personal data or prevent the processing of this data only by deactivating the execution of Java-Script in your browser or by installing a Java-Script blocker. In this case, however, you will not be able to use the functions of our online offers and services.
If you are already registered with a Google service, Google could merge this data on the basis of the Google terms of use and data protection conditions accepted by you. If you wish to avoid this, please log out of the Google service first. For more information, please contact Google or https://policies.google.com/privacy?hl=de.
3. YouTube
Description of data processing


We may from time to time use content or services provided by YouTube LLC, 901 Cherry Ave. San Bruno, California, CA 94066, United States (hereinafter referred to as "YouTube"), a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, which is offered in Europe by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as "Google"), to include video content on our website using a plugin. 
Our YouTube videos are all embedded in "enhanced privacy mode", which means that no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos some of your data might be transferred, as described in the following. We have no influence on this data transfer. 
If you want to play the videos integrated on our Website or Services by using the YouTube plugin (by clicking the play button), your IP address will be sent to YouTube, since YouTube cannot send the video content to your browser without the IP address. The IP address is therefore required for viewing. In addition, the YouTube server receives information about which subpage of our online platform you have visited. 
If you are logged in to your YouTube account as a YouTube member, you also allow YouTube to assign your usage behavior directly to your personal profile when playing our videos. However, we have no influence on the scope and further use of the data collected and processed by YouTube.
According to Google, an evaluation of user data by Google in the context of YouTube is carried out in particular (even for users who are not logged in) to provide advertising tailored to your needs and to inform other users of the social network about your activities on our Website or Services. You have the right to object to the creation of these user profiles, whereby you have to contact YouTube to exercise this right.
For more information about YouTube's data processing practices, please refer to the YouTube privacy policy: https://policies.google.com/privacy?hl=de&gl=de 
Legal basis and purpose of data processing
YouTube is used on the basis of our legitimate interests under Art. 6 para. 1 lit. f GDPR to make video content available on our Website or Services, unless we ask you for your consent in accordance with Art. 6 para. 1 lit. a GDPR.
By playing one of the YouTube videos integrated on our Website or Services by clicking on the play button, you give your consent in each case (a) to the use of Cookies by YouTube, which may also serve to analyze the usage behavior for market research and marketing purposes by YouTube, and (b) to the processing of your data by YouTube in the USA in accordance with Art. 49 para. 1 sentence 1 lit. a GDPR. 
Duration of storage / possibility of objection and removal
In order to prevent the assignment described above, please log out of your YouTube profile before playing our video content. You have further possibilities to limit the processing of your data in the general settings of your Google Account. In addition to these tools, Google also offers specific privacy settings for YouTube. You can learn more about this in the Google Privacy Guide for Google products: https://policies.google.com/technologies/product-privacy?hl=de&gl=de 
VI.     Online presences on social networks and platforms
Description of data processing 
Allthings maintains further online presences within social networks and/or industry networks (Facebook, XING, LinkedIn, Twitter) (hereinafter also "SN") and platforms (e.g. YouTube) and links to them from our website. By clicking on the respective link-buttons (recognizable by the respective logos of the social networks or platforms) you will be forwarded to the respective online presence of the SN. The purpose of these online presences is to communicate with active customers, interested parties and users and to inform them about our services. 
When entering the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply. Since the use of SN takes place outside of our Website or Services, we have no influence on this, unless otherwise stated below. However, we would like to point out that when using the above mentioned platforms and networks to which we link, data may also be processed in the USA by those SN companys and may also be processed by the respective operators for market research and advertising purposes, including the creation of user profiles. If you are logged in to the respective networks and platforms, they may also store cookies on your device that tracks your use of our Platform or Services, as well as additional information on your usage behavior. 
Unless otherwise stated in our Privacy Policy, we process the data of users only if they communicate with us within the social networks and platforms, e.g. write comments or send us messages. 
In order to make it easier for you to find information about the respective data processing and the possibilities of objection of the respective operators, we refer below to the data protection declarations and information of the operators of the respective networks.
Legal basis and purpose of data processing
Unless otherwise stated in our privacy policy, we process user data within our online presences on SN on the basis of our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR in an effective information of users and communication it user communicate with us within social networks and platforms.
Duration of storage / possibility of objection and removal
If you are a member of one of the SN on which we maintain online presences and do not want the SN to collect data about you via our service and link it to your data at the SN, you must log out of your SN before visiting our service. For a detailed description of the respective processing operations, information on the duration of the storage of data by the respective SN and the opt-out options, please refer to the information provided by the providers linked below. 
Also, in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and give information. Should you nevertheless need help, you can contact us.
Facebook
We maintain a Facebook Company Page ("Fanpage") on the SN of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). 

Together with us, Facebook Ireland is jointly responsible for the collection of data from visitors to our Fanpage. Therefore, we have entered into a Joint Controller Agreement with Facebook pursuant to Art. 26 GDPR, as well as agreed to additional data processing conditions:
"Controller Addendum": https://www.facebook.com/legal/controller_addendum

"Data processing conditions": https://www.facebook.com/legal/terms/dataprocessing/update

We remain responsible for providing our user with at least the above and subsequent information on our joint responsibility with Facebook. The data privacy information from Facebook required under Art. 13 para. 1 lit. a and lit. b GDPR can be found in Facebook’s Privacy Policy at https://www.facebook.com/about/privacy.
Facebook Inc, Menlo Park, California, USA (hereinafter: “Facebook Inc.”) also collects and uses so-called Page Insights for analysis purposes. Page Insights is a summary of data that allows both us and Facebook Inc. to understand how our users interact with our Website or Services. Page Insights may be based on personal information collected in connection with our users' visits or interactions with our Website or Services. For this purpose, we have concluded the "Controller Addendum" with Facebook, which regulates in particular which security measures Facebook takes within the framework of the Page Insights and how Facebook answers user queries. The purposes for which the collection and transmission of personal data which constitutes a joint processing is carried out, are described in detail in Facebook’s terms of use referred to in the Controller Addendum above.
Data collected when users visit our "Fanpage" otherwise includes information about the types of content users view or interact with, or the actions they take (see "Things You and Others Do and Provide" in the Facebook Data Policy: https://www.facebook.com/policy), and information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data described in detail under "Device Information" in the Facebook Data Policy: https://www.facebook.com/policy)).
However, we share responsibility for the Insights pages by maintaining the Facebook Company Page and have agreed with Facebook Ireland that Facebook Ireland is responsible for fulfilling the rights of data subjects under Articles 15-20 of the GDPR with respect to personal data stored by Facebook Ireland following joint processing. Therefore, we have an obligation to notify Facebook if we receive data protection-related requests for Pages Insights. Please note that we forward requests regarding Page Insights to Facebook Ireland. For further information on how Facebook Ireland processes personal data, including the legal basis on which Facebook Ireland relies and the ways in which data subjects can exercise their rights against Facebook Ireland, please refer to the Facebook Ireland Privacy Policy at https://www.facebook.com/about/privacy.
The evaluation of the data collected via Page Insights serves to improve our Website and Services, as well as for advertising purposes. We maintain our Facebook Fanpage for the purpose of communication and simple channeling of contact requests from Facebook users. The collection of this data and its further processing is in our legitimate interest and in the legitimate interest of Facebook Inc. in accordance with Art. 6 para. 1 lit. f GDPR.
We would like to point out that we cannot switch the Page-Insights technology on or off. Therefore we have to forward corresponding requests to Facebook-Ireland for the most part, unless we have collected data ourselves. If you do not want Facebook Inc. to collect your data, please do not use our Facebook Fanpage and/or use your browser settings to prevent cookies from being set and/or log out of Facebook while you are using our Website or Services. 
Privacy Policy: 
https://www.facebook.com/about/privacy/  https://www.facebook.com/legal/terms/information_about_page_insights_data  
Possibility of objection: 
https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com 
LinkedIn
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland.

Privacy Policy: https://www.linkedin.com/legal/privacy-policy 

Possibility of objection: 
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, 
Twitter
Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Privacy Policy: https://twitter.com/de/privacy
 
Possibility of objection: 
https://twitter.com/personalization

YouTube
YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland.

Privacy Policy: https://policies.google.com/privacy?hl=de&gl=de 

Possibility to object: https://adssettings.google.com/authenticated

XING
XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany („XING“).

Privacy Policy/ Possibility to object:
https://privacy.xing.com/de/datenschutzerklaerung 

VII. Links to the websites of other providers
Our Internet presence may contain links to other websites. Allthings has no influence whatsoever on the content and design of the offers of other providers. The statements in this privacy policy therefore do not apply to external providers to whose offers or content we merely link.
If you are forwarded via links from our pages to other pages, please inform yourself there about the respective handling of your data.
VIII. Active use of our Website
1. Contact Forms and E-mail Contact
Description of data processing 
A contact form is available on our Website, which can be used for electronic contact. If a user makes use of this possibility, the data entered in the respective input mask will be transmitted to us and stored. 
Alternatively, it is possible to contact us via the email address provided. In this case the personal data of the user transmitted with the email will be stored. 
Legal basis and purpose of data processing
Art. 6 para. 1 lit. f GDPR is the legal basis for the processing of data transmitted in the course of sending a contact form request or an e-mail. If the contact form request or the e-mail contact is intended to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
The processing of personal data from the input mask serves us solely to process the establishment of contact. In the case of contact by email, this also constitutes the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
Duration of storage / possibility of objection and removal
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by email, this applies when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the relevant facts have been conclusively clarified and that no legal requirements require longer storage.
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
In this case, all personal data stored in the course of establishing contact will be deleted unless legal requirements require longer storage.
2. Newsletter and Surveys
2.1. Newsletter

Description of data processing
We would like to inform our customers and interested parties at regular intervals about our products, services, webinars, innovations or news at Allthings by email or other electronic notifications (hereinafter referred to as "Newsletter"). We require your email address for this purpose. In the respective newsletter registration forms, further information may be requested in order to provide you with personalized content tailored to your interests. 
You can subscribe to our newsletters by using the appropriate function of a subscription form to subscribe to our newsletter, or during a registration process by ticking a box (so-called opt-in). For this purpose, we provide various options on our websites or in the context of registration or order interfaces to register for our (possibly topic-specific) newsletters. The details to the respective contents of the newsletters are described concretely in the respective registration form. This description is decisive for your consent. 
Following your registration, you will receive an email from us in which you will be asked to confirm your newsletter subscription once again (so-called double opt-in procedure). This confirmation is necessary to exclude the possibility that someone else has misused your email address to subscribe to our newsletter at a different address. Only with activation of the hyperlink sent in the email your email address will be activated for sending the newsletter.
For verification purposes, the IP address and the registration date ("timestamp") are stored in addition to your email address and name for the newsletter dispatch.
Legal basis and purpose of data processing / data recipient
The legal basis for the dispatch of newsletters is the consent given by you as the recipient pursuant to (Art. 6 para. 1 lit. a GDPR, Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG), or if consent pursuant to § 7 para. 3 UWG is not required for existing customers, on the basis of our legitimate interest in direct marketing measures pursuant to Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 UWG. § 7 para. 3 UWG. 
The logging in the registration procedure is based on our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR in a secure and targeted newsletter system that meets both our business distribution interests and the ideas and needs of the recipients, as well as the verifiability of the consents given. 
For the delivery of our general newsletter we use Mailchimp, an email marketing platform of the service provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA (hereinafter: "Mailchimp") on the basis of our entitled interest according to Art. 6 para. 1 lit. f GDPR in conjunction with a contract according to Art. 28 GDPR. 
For the delivery of our product update mailings, we use an e-mail marketing platform of the service provider Mailjet SAS,13-13 bis, rue de l'Aubrac, 75012 Paris, France on the basis of our entitled interest according to Art. 6 para. 1 lit. f GDPR in conjunction with a contract according to Art. 28 GDPR Mailjet.  Mailjet's privacy policy can be found at: https://www.mailjet.de/privacy-policy.
Duration of storage / possibility of objection and removal 
You can object to the dispatch of the newsletter at any time or revoke your consent to receive the newsletter in whole or in part. You will find the unsubscribe link at the end of each newsletter. This will take you to our Preference Center where you can unsubscribe from all newsletters by clicking on the link "no more emails" or make a topic-specific selection in the event of a partial objection. You can also contact us directly under: support@allthings.me 
By unsubscribing the newsletter, the business communication is not affected. Your data will be stored by us for the purpose of contract processing, our support and services, software updates or registration for events. In addition, we reserve the right to store the necessary proofs until the statutory limitation periods have expired in order to provide evidence of a legally compliant newsletter mailing.
2.2. Surveys

Description of data processing
From time to time, we may ask users who have agreed to be contacted by email, or customers to participate in surveys (e.g., customer satisfaction surveys). Participation in a survey is voluntary.
Anonymous participation: If a user participates anonymously in a survey, the data entered by him will be transmitted to us and stored. In this case, only the usage data (so-called "log files", in particular the IP address, see also the explanations under B.I) recorded as a visitor to our website or in the context of the technical provision of the survey are recorded. 
Legal basis and purpose of the data processing / data recipient
The legal basis for the processing of the data transmitted to us in the course of sending a survey is our legitimate interest in the optimization of our products and services and market research, as well as in the associated technical implementation of the survey or prevention of misuse of the survey form and ensuring the security of our information technology systems (Art. 6 para. 1 lit. f GDPR). If you take part in a draw, the legal relationship resulting from your participation is subject to the additional legal basis for the processing of your user and contact data Art. 6 para. 1 lit. b GDPR for the provision, execution and handling of the draw.
On the basis of our legitimate interests (Art. 6 para. 1 lit. f DSGO) in conjunction with Pursuant to Art. 28 GDPR, we use the software of the service provider Widgix, LLC, 4888 Pearl East Cir. for our online-based surveys for sending the survey emails and for the technical implementation of the surveys. Suite 100W Boulder, CO 80301 USA (hereinafter referred to as "SurveyGizmo"). 
SurveyGizmo uses the information entered to provide us with reports to analyze customer satisfaction. SurveyGizmo also uses its own cookies for this purpose, e.g. to ensure that each respondent can only participate once in a survey, or to track survey completion rates (more information can be found at: https://www.surveygizmo.com/privacy/ and https://www.surveygizmo.com/privacy/gdpr/). According to SurveyGizmo, it also uses aggregated and anonymized data to improve or develop its services through the respondent's use of the online survey and to create industry trends, improve the user experience of surveys, or improve the completion rate of surveys. 
Duration of retention/opposition and removal options
The data will be deleted as soon as the survey is finished. The user has the possibility to revoke the processing of his personal data at any time. Please note that in this case participation in the raffle may no longer be possible. You have the possibility to prevent the storage of cookies on your computer by appropriate browser settings, which can, however, limit the functionality of our offer. Information on how to remove cookies set by SurveyGizmo can be found at https://www.surveygizmo.com/privacy/.

1. 1. General information about the Allthings services 
   Allthings is the operator of the "Allthings Platform", a tenant management platform designed for the housing industry for interaction and communication between tenants of properties and their owners or service providers used by them in the context of building management on which applications are made available to specific user groups, usually tenants of specific properties, via various front-ends in accordance with the individual contracts concluded with Allthings' clients. The applications or apps are various individual applications that have been adapted for different mobile devices that users can use in accordance with the relevant user conditions. Additional functions (so-called "micro-apps") can be used in the various apps. 
   A distinction is made between "Allthings Core Micro Apps" and "3rd Party Micro Apps". 
   Allthings Core Micro Apps:
   Which Allthings Core Micro Apps can be found in the apps depends in detail on the decision of our customers and the specific service agreement concluded with them. In principle, these apps include the following, but may be named differently depending on the customer:

   Name of Micro App	Purpose
   Pinboard	Central communication within a property: users can exchange information and interact with other users
   Service Point or Service Center	Users can send messages in the form of tickets to the property management company, for example to place repair orders or to report defects and facilitate their repair
   Information	Information on the building that is relevant for the user (e.g. building plans, cleaning plans, appointments, house rules etc.)
   My Flat	Information and relevant documents on the rented apartment are stored centrally and made available to the tenant
   Business Directory	Information and offers on local service providers and companies in the vicinity of the user's relevant property (e.g. restaurants, doctors, day care centres, etc.)
   Bookings	Enables users to book e.g. common rooms or other shared spaces
   My Neighbors	Enables the user to get to know other users in his environment by building a tenant community through which the user can network with neighbours and other tenants of a property, create personal profiles and exchange information with other users who are members of the community
   Marketplace	Offers users a local digital marketplace to sell used items to other users in their area
   Sharing	Offers users a local digital sharing service to lend items to other users in their area, or to borrow items

   
   
   
   Allthings Platform, the Apps and Allthings Core Micro-Apps together are hereinafter also referred to as "Allthings Services". The Allthings services collect and process your personal information in a similar manner to our website. In particular, we also use cookies and similar technical means. 
   3rd Party Micro Apps
   3rd Party Micro Apps are functionalities integrated in the App, which are provided by third parties, hosted on their web servers and offered under their terms of use.  For some of these functionalities, data is transferred to the respective third party provider, for example access data, in order to provide you with a uniform access option to all functionalities. All services and products offered by third parties are identified as such before they are used.  Any further use of your data is the sole responsibility of the respective provider of the 3rd Party Micro App. Please read the respective data protection regulations or terms and conditions of the partners to obtain further information on how the relevant providers will process your personal data.
   
   1.    What data is processed during the use of the Allthings services and for what purpose?
   1.1.    Registration, creation of user accounts and provision of the Allthings services   
   We will first process the data that is usually provided to us directly by personal input or by our customers when you register on the Allthings platform. This can be done in different ways, depending on the terms of the contract with our customers and the way you use the platform: 
   a)  Invitation with activation code by our customer or by a service provider commissioned by the customer.
   Our customer (e.g. the property management company or an asset manager) or one of his vicarious agents (e.g. a property manager) sends an invitation with an activation code in the form of a letter or with a personalized access URL to the e-mail address you have provided. With the activation code you can access the applications ordered by our client on the platform. Our client is solely responsible for the existence of a legal permission to send the invitation emails or letters.  
   For further use (log-in) you must provide at least the following data:
   Name 
   Email address (must be verified)
   Authentication data (password)
   You can then log in using your username and password. The configurations you have made and the content you have set up will then remain in your user account and can be edited after you have logged in. The data you provide will be processed primarily for the purpose of providing access. We will only use the e-mail address you have provided for direct contact with you if there are significant changes to the applications you use, or to inform you of any failures, or if necessary, for the security of your data.
   b.) Invitation by existing users
   If you are a resident of a property whose tenants have been authorized by our customer to use the Allthings services, a link to the app can also be sent to you by users who are already registered. For this purpose, the already registered resident provides the e-mail address of the person to be invited. This person will then receive an activation code and a link for personal registration on the app. The invitation function can be deactivated on customer request. 
   c.) Access granted by the Property Manager
   If you are a resident of a property whose tenants have been authorized by our customer to use the Allthings services, you can also request access without an activation code. You can enter your address on the login page and send an access request to the relevant property manager. Your property manager can grant you access to the app after checking your application.  
   d.) Legal basis and purpose of data processing
   Within the scope of user registration or login, the necessary information provided by our users will be processed after acceptance of the respective terms of use of the Allthings services on the basis of Art. 6 para. 1 lit. b GDPR for the purpose of providing the user account of the Allthings services. The data entered as part of registration or use of the Allthings services is used for the purposes of operating the user account and providing the functionalities of the individual Allthings services.
   After you cease being a user of the Allthings platform e.g. if you request our support team to delete your account or your right of use expires due to termination of your contract with our customers, any personal data collected in connection with the registration process or other data which may be traced back to your identity is automatically deleted and replaced by randomly created values, subject to any legal obligation to retain data or any consent given by you
   
   
   
   1.2.    Cookies on the Allthings App services  
   We use the following cookies to make our App more user-friendly and store or transmit the following data:

   Cookie Name	Function	Storage duration	Type of Cookie	Domain
   Session	Session	1 year	First-Party-Cookie	accounts.allthinge.me
   ST-[unique_hash]	Used to preserve the page that user requested in the app before he's redirected to Accounts	5 minutes	First-Party-Cookie	<app>.allthings.me
   cookie_checker	Check if cookies are supported	session duration	Session	<app>.allthings.me
   user_logged_in_before	Recognition of the first use by a user	1 year	First-Party-Cookie	<app>.allthings.me
   _attoken	auto-login	1 year	First-Party-Cookie	cockpit.allthings.me
   intercom-state	intercom	1 week	Third-Party-Cookie	.allthings.me
   locale	know locale upfront	1 year	First-Party-Cookie	cockpit.allthings.me
   NID	Google spam/ bot detection	3 month	Third-Party	Google.com

    

   
   
   
   Legal basis and purpose of data processing
   The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f DSGVO to protect our legitimate interests or those of third parties in achieving the best possible functionality and security of the Allthings services as well as a customer-friendly and effective design of Allthings services, unless we ask for your consent in accordance with Art. 6 para. 1 lit. a DSGVO.
   The purpose of using technically necessary cookies is to simplify the use of online-based offers within the Allthings services for users. Some functions of the Allthings services cannot be offered without the use of cookies. For these, it is particularly necessary that the browser is recognised even after a page change.
   Duration of storage / possibility of objection and removal
   Cookies are stored on the user's end device and are transmitted by the user to the relevant Allthings service. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for the Allthings services, it may not be possible to use all the functions of the website to their full extent.
   
   If you would like to learn more about cookies and comparable technical means, please read our provisions on cookies under Section B, Item II.

1. I. Am I obliged to disclose data?
   If you enter into contract negotiations with us with questions about our services, accept one of our offers or have other contractual agreements with us, we will process the personal data you provide in this context. Which data is processed in detail depends decisively on the relevant objects of purchase or the services which you obtain from us or which you inquire about. In this context, the processing of your data is usually absolutely necessary for the preparation, conclusion and processing of the contract. If you do not provide us with this data, we may have to refuse to conclude a contract or execute an order or may no longer be able to execute an existing contract. 
   As far as we use data in the context of contract initiation or performance with a customer, business or cooperation partner, our interest in handling your data lies in enabling and maintaining the exchange with the customer or the respective business or cooperation partner, typically in the context of a contract or other relationship. If you act as a contact person - typically in your function as an employee at these companies - you usually have no overriding opposing interest, insofar as this interaction with us is part of your area of responsibility, so that a right of objection is regularly excluded.
   However, you are not obliged to give your consent to data processing with regard to data which is not relevant for the fulfilment of the contract or which is not required by law. 
   
   II. Communication
   In principle, we collect the necessary data from you ourselves in personal contact. Of course, you can also contact us by telephone, fax, post or alternatively via our e-mail address (see imprint) or via the e-mail addresses of our employees provided to you. In the latter case, the personal data transmitted with the e-mail will be stored. Please note that e-mail communication may not always be encrypted for technical reasons
   Your data will be used for the processing of the conversation and the post-processing of the respective inquiry or meeting contents. Your data will be processed on the basis of Art. 6 para. 1 lit. b GDPR if the communication is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. 
   In all other cases, processing is based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in the effective processing of enquiries addressed to us. 
   In this context, the data will not be passed on to third parties unless it is necessary to pursue our claims or legitimate interests (Art. 6 para. 1 lit. f GDPR) or there is a legal obligation to do so (Art. 6 para. 1 lit. c GDPR). 
   III. Data processing within the scope of distribution
   Personal data is processed on the basis of Art. 6 Para. 1 lit. b GDPR in order to provide the service you have commissioned us to provide, in particular to implement our contracts or pre-contractual measures, as well as all activities required for the operation and administration of Allthings. 
   The resulting purposes of data processing depend primarily on the activities and individual services specifically agreed with you and may include, among other things, consulting activities or activities within the scope of controlling sales processes (e.g. compiling documents, sending Allthings product or event information, providing Allthings services) or accompanying sales negotiations and concluding contracts.
   Further details on the scope, purpose and recipients of your data can be found in the respective contract documents and associated terms and conditions.
   To the extent necessary within the framework of our operational processes, we process your data in connection with our services beyond the actual fulfilment of the contract to safeguard our legitimate interests (Art. 6 para. 1 lit. f GDPR). 
   In connection with the offer or provision of our services, we may be subject to special legal obligations, such as requirements of tax legislation. The purposes of processing your data may therefore include, among other things, compliance with fiscal control and reporting obligations, customs or export regulations and the assessment and control of risks. The data processing required for this is based on Art. 6 para. 1 lit. c GDPR. 
   
   IV. Transmission of data 
   Depending on the scope of the service, your data or documents may be passed on to public authorities or private service providers or persons with whom we cooperate on a regular basis during the enquiry or offer phase as well as during the execution of the contract (see Section A, Section V).
   
   

Due to the further development of our online presence or our services as well as due to changes in legal or official requirements, it may become necessary to amend this privacy policy. You can call up the current privacy policy on our website at any time and print it out if necessary.