Thank you for your interest in our service.
The following passages provide you with detailed information about our policies for the data protection and why we collect data and how we protect it.
Article 12 of the General Data Protection Regulation (GDPR) states that the controller shall take appropriate measures to provide any information relating to processing data in a way its
In order to maintain a high level of data protection as well as the faith of our customers we considered those measures and adapted our data protection policy.
You can visit our website www.createctrl.com without providing us any personal data.
During your visit of our webpage, it is possible that we will store automatically specific types of data (e.g. cookies). The following passages will give specific information about this topic.
The temporary storage or process of cookies is based on Art. 6 (1) lit f GDPR. The data is not stored consistently.
Our webpage or the host of the webpage processes data in so-called log files. This type of data is used solely to ensure an operation of our webpage without any troubleshooting and improves our offers.
The following data will be protocolled:
We use this data for statistical analysis and to improve our webpage.
CreateCtrl AG reserves to analyse the log-files if indications suggest an unlawful use of our webpage.
The temporary storage or process of log-files is based on Art. 6 (1) lit f GDPR. This data is not stored consistently.
As a service, customers are able to use a remote maintenance on our webpage. We are using TeamViewer for this service. If TeamViewer will be conducted in the process of this service you are automatically agree to their terms and conditions as well as their End-User License Agreement
In order to guarantee a safe data processing, we concluded data processing agreements with all controllers within the meaning of Art. 28 GDPR. The contracts have been reviewed whether they meet the prevailing standards of the GDPR. In addition, we implemented technical measures for safe data processing. The signed contracts are becoming valid after May 25th 2018.
We are using the social media platform Facebook in order to inform our customers about news and updates regarding our company. While using or visiting our platform it is possible that data will be processed outside EU borders. Additionally it could be possible that data will be used for the purpose of market research or advertising.
The legal basis for processing the data from our platform is based on Art. 6 (1) lit. f GDPR. In this case, our interest persists in enforcing and resisting rights as well as communicating with our customers. If the users have to give consent in order to process their personal data, the legal basis is Art. 6 (1) lit. a GDPR (given consent to the processing)
Further information about the process and purpose of collecting and using personal data by the given social media platform as well as the rights of concerned people can be found here:
For information requests or enforcement of rights we highly recommend to contact Facebook directly. Neither can we access your data nor are we able to take actions.
By using the contact form on our webpage or the customer area, personal data will be compiled and saved.
The following paragraphs providing an overview of why we compile the data and how we are using it.
WHY DO WE COMPILE AND SAVE DATA ?
If you are using the customer area or the contact form in order to get in touch with us, personal data will be compiled for the following reasons:
WHAT DATA WILL BE COMPILED AND SAVED ?
Personal data can be compiled and saved in the following categories:
Customers with a support contract and a Jira account can log-in to the customer area. The following data will be compiled:
The data storage period is aligned with the support contract period. With the expiration of the contract the data will be anonymised.
The processing of personal data in combination of a customer account serves for the purpose of customer support services, which are defined in the support contract. The data will be solely processed for the given purpose.
The legal basis for compiling the data is Art. 6 (1) lit. b GDPR.
By using the contact form on our website, the following personal data will be compiled:
We collect and process the data from the contact form for the purpose of communication with our customers and to help finding the right solution for them. The contact form can also be used by customers to get in touch with us in order to close a contract.
If a contact request will be include the conclusion of a contract, the data will be saved for a longer period.
The legal basis for compiling the data is Art. 6 (1) lit. f GDPR.
The legal basis for saving the data for a longer period is Art. 6 (1) lit. b GDPR.
On our webpage are open vacancies to which people can send us a job application via e-mail. The personal data will be compiled for the purpose of managing the job applications. The data will be solely processed for the given purpose. Job applications can be send to us either by using the specific contact form or by sending them directly via mail. By using the contact form for job applications, the following data will be compiled:
The legal basis for compiling personal data from job applications is primarily §26 BDSG as amended. Thereafter the processing of the data, which is required in the process of justification for the employment relationship.
Legal basis for processing the data for an application is § 26 BDSG in its applicable version starting with the 25th of May 2018. With this version, the processing will be permitted within the coherence of the decision making in order to justify the employment relationship.
For the purpose of prosecution, the processing of data can take place on the legal base of Art. 6 (1) lit f GDPR. In this case, our interest persists in enforcing and resisting rights.
If you contact us by mail for the purpose of an enquiry, your data will be saved for processing your enquiry. If the enquiry is for closing a contract with us, the processing of data can take place on the legal base of Art. 6 (1) lit b GDPR. Depending on your type of enquiry, the processed data can be your surname, first name, telephone number, e-mail or address. Further processing of your data will be limited by the given purpose (e.g. interest in using our products, contract closing, acquiring new customers). The data will be deleted after the intended purpose has been reached and all statutory retention obligations, with respect to commercial and tax law, have been met.
HOW LONG WILL THE DATA BE SAVED ?
DATA FROM JIRA CUSTOMER ACCOUNTS
The storage period for data of Jira customer accounts is aligned with the support contract period.
DATA FROM CONTACT FORM
Data from the contact form will be deleted when the data prevail. If a contact request will be include the conclusion of a contract, the data will be saved for a longer period.
DATA FROM JOB APPLICATIONS
If the person in charge concludes a contract with the applicant, the data will be stored in his personal file for the purpose of the employment relationship. The applicable rights will be taken into account. If there is no conclusion of a contract, the electronic application files will be stored for six month and afterwards deleted by the person in charge. This duration of storage is to prove a legitimate interest that resides in enforcing and resisting demands.
Data from e-mail enquiries will be saved for the length of its purpose. Especially data from enquires of new customers will be deleted with reaching the intended purpose. As an exception, data of enquiries, which will be used to close a contract, will be saved for the length of the specific contract. This data will be deleted when it comes to a cancellation of the specific contract.
HOW DO WE USE DATA ?
We compile personal data solely for the following purposes:
The compiled personal data will solely processed for the given purposes.
HOW DO WE SAVE DATA ?
Personal data is saved on our in-house databases. We implemented technical and organisational measures for the safety of the data.
Unless there is no enactment or valid and mandatory instruction from a government or regulating authority, the data will not be disclosed.
HOW DO WE PASS OR DISCLOSE DATA ?
Unless there is no enactment or valid and mandatory instruction from a government or regulating authority, the data will not be passed or disclosed.
For the safety, maintenance and service of personal data operators within our company have rights of access. In addition, affiliated companies have the same rights of access
ACCESS FOR OPERATORS
For the purpose of data maintenance or the customer support, Administrators and authorized employees / deputy have the right of access of personal data.
Data files can be exchanged with affiliates or affiliated companies. An affiliated company of CreateCtrl AG is:
Królowej Bony 13
CHANGES ON THE IN-HOUSE BUSINESS MODEL
Further data may be shared subjected to standard confidentiality agreements, if the following probabilities occur:
WHAT RIGHT DO CUSTOMERS HAVE ?
The GDPR provides the following rights for individuals:
A) THE RIGHT TO BE INFORMED
Individuals have the right to be informed about the collection and use of their personal data.
B) THE RIGHT OF ACCESS
Individuals have the right to access their personal data. It is possible to make a subject access request verbally or in writing.
C) THE RIGHT TO RECTIFICATION
Individuals have the right to have inaccurate personal data rectified, or completed if it is incomplete. They can make a request for rectification verbally or in writing.
D) THE RIGHT TO ERASURE
Individuals have the right to have personal data erased. They can make a request for erasure verbally or in writing. The right is not absolute and only applies in certain circumstances.
E) THE RIGHT TO RESTRICT PROCESSING
Individuals have the right to request the restriction or suppression of their personal data. They can make a request for restriction verbally or in writing. The right is not absolute and only applies in certain circumstances.
F) THE RIGHT TO DATA PORTABILITY
Individuals have the right to obtain and reuse their personal data for their own purposes across different services.
G) THE RIGHT TO OBJECT
Individuals have the right to object to the processing of their personal data in certain circumstances. They can make an objection verbally or in writing.
If you have further questions or want to retrieve further information about the given rights, please feel free to contact use directly by using the contact details provided here in our data policy or in our legal notice.
If a customer thinks that we process data unlawful and against the GDPR, he can reach out to us or the corresponding controlling institution.
If it is necessary, we may change parts of our data policy. Due to changes in law enforcement, regulations or standards, which might develop and change frequently, we have to adapt our data policy. Furthermore, changes in our business model have to be considered as well.
Changes will be implemented in this data policy continuously.
Therefore, we highly recommend reading our data policy from time to time in order to check if we implemented some changes.
WHO IS RESPONSIBLE ?
HOW CAN I CONTACT THE DATA PROTECTION OFFICER ?
IS THIS WEBSITE USING GOOGLE ANALYTICS ?
Our webpage uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. In case IP-anonymization is activated on this website, and your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area.
You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing Google Analytics Opt-out Browser Addon for your current web browser: Google Analytics Opt-out Browser Addon
Here you can read further information about the data usage of Google Inc: Safeguarding your data