MAXQDA

Privacy Statement

Last update: 16 March 2023

Introduction

This privacy policy will inform you about the collection of personal data on this website. We are committed to providing you with transparent information regarding the protection of your data. Should you have any questions or need clarification, please do not hesitate to contact us.

A. Responsible Entity

The responsible entity within the meaning of the General Data Protection Regulation (Art. 4(7) GDPR) and the other national data protection laws and data protection regulations is:

VERBI – Software. Consult. Social Research. GmbH
Invalidenstraße 74
10557 Berlin
info@maxqda.com/de
Legal info: www.maxqda.com/legalinfo

VERBI GmbH’s data protection officer can be reached at kontakt@datenschutzrechte.de.

These contact details are relevant to all questions regarding data protection nature relating to this website and for all data protection claims on your part.

B. Collection and storage of personal data when visiting our website

This section will inform you about the collection and storage of data that takes place when you visit our website.

1. Cookies

We use cookies on our website, which are small text files stored on the device you use to access our website. We use different categories of cookies, including essential cookies, functional cookies, cookies for displaying external media, and marketing cookies.

  • Essential cookies are necessary to ensure the basic functionality of the website.
  • Functional cookies are used to track user behavior on our website to improve its functionality.
  • Marketing cookies are used to display interest-based advertising.
  • External media cookies are used to display external media such as videos or maps.information about your browser type and the version you are using

The legal basis for using essential cookies is Article 6(1)(f) of the GDPR, which is our legitimate interest in providing a functioning website. The legal basis for using the other cookies is Article 6(1)(a) of the GDPR, which requires your consent. We will not set any non-essential cookies without your consent, and you can revoke your consent at any time using the link provided. You can also deactivate all non-essential cookies using the opt-out link provided or through your browser settings. Please note that deactivating cookies may limit or completely disable the functionality of the website.

2. Log files

Each time you visit our website, we automatically collect data and information from the computer system you use to access the website.

The following data is collected:

  1. information about your browser type and the version you are using
  2. information about your operating system
  3. information about your Internet service provider
  4. the date and time of your access
  5. websites that are accessed by your system via our website
  6. your IP address (if applicable, in an anonymized, shortened form)

When processing this data, we do not draw any conclusions about you as an individual person. We don’t conduct any analysis of this data for marketing purposes or personal profiling.

Your data will be deleted as soon as you leave our websites and the respective session has ended. Your IP address will be anonymized no later than thirty days after the end of your visit to our website.

We do not store the above data in combination with any other personal data. The legal basis for the temporary storage of this data is Art. 6(1)(f) GDPR. Both the collection of this data and the storage of the data in log files are absolutely necessary for the provision and operation of our website.

3. Website analysis

On this website we use the service “Google Analytics”. This is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
This service enables us to create pseudonymous usage profiles and to use cookies (see section B. 2.). The information generated by the cookie about your use of this website includes:

  1. your browser type/version,
  2. your operating system,
  3. your referring URL (the previously visited page),
  4. the time and country of the server request

This information may be transferred to a server in the USA and stored there. These servers are operated by Google Inc., USA, which means that we can’t rule out a transfer of data to the USA. An adequate level of data protection is ensured by the use of standard contractual clauses approved by the EU Commission within the meaning of Art. 46(2)(c) GDPR. The information is used to evaluate the use of our website, to compile reports on website activity, and to provide other services associated with the use of our website and the Internet for the purposes of market research and the customer-oriented design of our webpages. This information may also be transferred to third parties if required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized such that this type of combination is not possible.

You can refuse the use of cookies by selecting the appropriate settings on your browser. However, we would like to point out that this can impact the functionality of our website.

You can also prevent the collection of data generated by cookies and related to your use of the website and the processing of this data by Google Inc. by downloading and installing the following browser add-on: https://tools.google.com/dlpage/gaoptout?hl=de.

Further information on data protection in connection with Google Analytics can be found here: https://support.google.com/analytics/answer/6004245?hl=de.

The use of Google Analytics is necessary for the optimization and evaluation of our website pursuant to Art. 6(1)(f) GDPR. You can opt out via the following link: www.google.com/ads/preferences.

4. Improving the usability of our website

We use the Clarity service on our website. This service is operated by Microsoft Privacy, Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA. Clarity is a Microsoft tool with which we can detect usability problems on our website. Clarity records user interactions on our website, e.g. how the page was rendered and what functions a user used on our website, such as mouse movements, clicks, scrolling, etc. This data is deleted after three months.
The legal basis for the data processing is Art. 6(1)(f) GDPR. The troubleshooting of our website and the pursuit of user-friendliness is a legitimate interest in terms of data protection.

Further information can be found in Microsoft’s privacy policy: https://privacy.microsoft.com/de-DE/privacystatement. You can find information about which data is processed via Clarity here: https://docs.microsoft.com/en-us/clarity/clarity-data

5. Marketing

We use various marketing measures to promote our products and services under Art. 6(1)(f) GDPR.

FACEBOOK

We use an advertising service offered by the Facebook network: “Facebook Pixel”. This service is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The service involves a script (“pixel”) that we use on our website. If you are logged into Facebook at the same time as visiting our website, Facebook Ireland Ltd. will recognise that you have visited our website. This allows advertisements to be displayed on the Facebook network in a more targeted way that aligns with your interests. It also allows us to track whether and which users were directed to our website when they clicked on an advertisement in the Facebook network. Through this service, we pass on the following personal data:

  1. Facebook User ID
  2. IP address
  3. Facebook Cookie Information
  4. Pixel ID
  5. Social media friend network
  6. Usage data/user behaviour
  7. Views and interactions with content and ads and services
  8. Content viewed
  9. Device information
  10. Success of marketing campaigns
  11. Transaction information
  12. Geographical location
  13. Cookie ID
  14. Information from third party sources

We cannot guarantee that Facebook will not also process the data in the USA. An adequate level of data protection is ensured in this case through the use of standard contractual clauses approved by the EU Commission within the meaning of Art. 46(2)(c) GDPR (www.facebook.com/help/566994660333381).

The purpose and scope of the data collection and the further processing and use of the data by Facebook Ireland Ltd. as well as your rights in this respect, and setting options for protecting your privacy, can be found in Facebook’s privacy statement (www.facebook.com/about/privacy/). You adjust your advertising settings on Facebook (https://www.facebook.com/settings?tab=ads).

Among others, you can prevent the collection of data (opt-out) via the following links to third-party sites: NAI – http://optout.networkadvertising.org/ or EDAA http://www.youronlinechoices.com/uk/your-ad-choices/

BING

We use Bing Ads Universal Event Tracking (UET), a service provided by the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, to promote our products and services with the help of advertising media on external websites. We can determine how successful individual advertising measures are using data from these advertising campaigns. This data only includes information on the total number of users who have clicked on any given ad. No IP addresses are stored and no personal information about the identity of our users is transferred. If you access our website via a Bing ad, Bing Ads will store a cookie on your computer. These cookies usually expire after 90 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (signifying that the user no longer wishes to be addressed) are generally stored as analysis values in this cookie.

If you are registered with a Microsoft service, Microsoft can associate your visit with your account. Even if you are not registered with Microsoft or have not logged in, it is possible that the provider will have access to your IP address and store it.

In conjunction with Bing Ads Universal Event Tracking (UET), we also use the “Bing Ads Remarketing” application. This is a procedure with which we can advertise our products and services to you again within the Microsoft advertising network. This application allows us to show you our ads when you continue to use the Internet after you have visited our website. According to Microsoft, the data collected in the course of remarketing will not be merged with your personal data, which may be stored by Microsoft. In particular, Bing Ads Remarketing also uses pseudonymization.

The legal basis for the processing is your consent pursuant to Art. 13 (1)(c) GDPR. If you do not want any of this data to be collected and processed via BingAds, you can refuse your consent or revoke it at any time. The data will be kept for as long as it is necessary to fulfil the purpose of the processing. The data will be deleted as soon as it is no longer required to achieve this purpose.

Within the scope of processing the data, BingAds may transmit this data to the USA. The security of the transfer is ensured by standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, consent will be obtained from you in advance within the framework of the Usercentrics consent management system in accordance with Art. 49(1)(a) GDPR.

GOOGLE

We use the marketing service Google Ads. This service is provided by Google Inc. (https://www.google.de/intl/de/about/) (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland).

This service allows us to place advertisements for our products and services in a more targeted manner and to evaluate these advertisements pursuant to their reach. This is done through the use of cookies that are stored on your computer system when you visit our website via an advertisement on Google (so-called conversion cookie). This makes it possible to track from which page you reached our website. However, the service does not aim to identify you personally. Your data may be transferred to a server in the USA and stored there. These servers are operated by Google Inc., USA, which means that a transfer of this data to the USA cannot be ruled out. An adequate level of data protection is guaranteed by the use of standard contractual clauses approved by the EU Commission within the meaning of Art. 46 (2)(c) GDPR.

If you don’t want to participate in the tracking process, you can also refuse to accept the cookie required for this – for example, via a browser setting that deactivates the automatic acceptance of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the www.googleadservices.com domain. Google’s privacy policy on conversion tracking can be found here (https://services.google.com/sitestats/de.html).

You can prevent the collection of data (opt-out) via the following link: http://www.google.com/ads/preferences.

5. YouTube

We use the YouTube for the integration of videos on our website. YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. YouTube videos are all integrated in an “extended data protection mode”, which means that no data about website visitors is transmitted to YouTube if they do not play the videos. Only when a user plays the video is any data is transferred. We have no influence on this data transmission. If you visit a page on our website that features a YouTube video – for example, our media library – a connection is established to the YouTube servers and the plug-in is displayed. This tells the YouTube server which of our Internet pages you have visited. If you are logged in as a member of YouTube, YouTube assigns this information to your personal user account. When interacting with the video, such as clicking on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your YouTube user account and other Google user accounts before using our website and deleting the corresponding cookies from these companies.

Further information on data processing and notes on data protection by YouTube (Google) can be found at https://www.google.de/intl/de/policies/privacy/.

The use of YouTube is necessary for the optimization of our website pursuant to Art 6(1)(f) GDPR.

C. Applications for job vacancies

If you apply for a job with us by post or electronically, we will store the following personal data:

  1. Contact details
  2. Your application documents via data transmission or mail and the personal data provided therein
  3. Occupation/field of study
  4. Work experience
  5. Qualifications/experience and languages

The application data is collected, sent by e-mail to our HR department and stored on our server. The data is processed exclusively for the purposes of processing your application. The retention period for application documents is approx. 3 months, after which we delete this data.

Please note that we also advertise jobs on third-party websites. In this case, data may be collected and processed by the respective website. For further information, please contact the operators of the website in question.

D. Contact

You can contact us electronically by email, chat or via one of the contact forms on our website. You can also make an appointment to contact us via telephone or video chat.

For customer communications via e-mail and our contact forms, we use the services of third-party providers, the Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, and Freshdesk, a service of Freshworks Inc, 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066, USA. The data you provide in the course of contacting us is transferred to these companies as part processing in accordance with Article 28(3)(1) GDPR, i.e. this data is not used by the companies to write to you directly or to pass the data on to third parties. If you do not consent to your data being processed on Sendinblue’s and Freshdesk’s external system, we will provide them with an alternative means of contacting you to submit service requests by telephone or post. Data processed by Freshdesk may be transferred to and processed on servers located in the United States. Freshworks relies on standard contractual clauses approved by the EU Commission for this transfer as an assurance of a level of data protection comparable to the EU.

1. Contact by e-mail

If you write us an email, are interested in our content or have already concluded a contract with us, the legal basis for this data processing is Art. 6 (1)(b) GDPR. We process the data that you send to us by e-mail that is necessary for communicating with you. With the exception of our software provider for customer communications, the data will not be passed on to third parties. We will delete this data when it is no longer required for this purpose.

2. Contact via chat

Our website uses Zendesk Chat, a live chat software provided by the company Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102. Data processing takes place pursuant to Art. 6(1)(b) GDPR for the purposes of fulfilling our contractual and pre-contractual obligations.

Zendesk Chat lets the user of our website know if one of our representatives is online to provide an immediate response. This is an optional function and you can also contact us via email, phone or post instead. When using the chat, the IP address and the page visited (our site) are also recorded. The IP address is anonymized in the process.

Zendesk Chat uses cookies. The information generated by the cookie about the use of our website (including your anonymized IP address) is transferred to a Zendesk Chat server in the USA and stored there. Chat discussions and, if applicable, the user-definable username voluntarily provided are logged and stored.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not have access to the full functionality of our website.

For more information about Zendesk’s data processing practices, please see Zendesk’s Privacy Policy at http://www.zendesk.com/company/privacy. If you have any questions, you can also contact Zendesk’s data protection officer directly at privacy@zendesk.com

3. Contact by form

We offer you the option to contact us via various forms depending on the purpose of your request. We process the data that you enter in these forms and send to us only for the purposes of contacting you.

If you use one of our contact forms and are interested in our content or have already concluded a contract with us, the legal basis for data processing is Art. 6(1)(b) GDPR. The data will be processed exclusively for dealing with your request and will be deleted if you do not have a contract with us or have already concluded a contract with us and there is no further reason to contact you.

If your submission via a form concerns participating in a competition, an application for grants, interest as a reseller, or the participation in the photo competition, the basis for the data processing is our legitimate interest pursuant to Art 6(1)(f) GDPR.

4. Contact with online appointment booking

We use the Microsoft Bookings service (part of Microsoft Office 365) provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521 (hereafter: “Microsoft”) to make online appointments. The software allows you to book a telephone appointment and video chat with one of our employees.

The connection to the service and thus the processing of your data only takes place when you open the online booking function via a link or button on our website, in an e-mail or in the newsletter. To make an appointment, your entries in the appointment form are transferred to Microsoft. You can find further information on the handling of your data in the Microsoft data protection declaration at https://privacy.microsoft.com/de-de/privacystatement.

The legal basis for processing your data in relation to the service “Microsoft Bookings” is the implementation of pre-contractual measures or the performance of a contract, Art. 6(1)(b) GDPR.

You are not required to use Microsoft Bookings to schedule an appointment. If you do not wish to use the service, please use another of the contact options provided to make an appointment.

E. Newsletter

In our newsletter we inform you regularly about new products, features, updates, special promotions, training sessions and other events. To register for our newsletter, we only need your e-mail address and your first and last name. We do not collect any other data. This data is used exclusively for sending our newsletter.

After sending the registration form, you will receive a confirmation e-mail from us. The newsletter order will only become effective once you have clicked on the link in the confirmation e-mail (“double opt-in”).

For the newsletter dispatch we use Sendinblue, a service provided by Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin. The above-mentioned data is transferred to this company within the framework of order processing purposes pursuant to Art. 28(3)(1) GDPR, i.e. this data is not used by the company to write to you directly or to pass the data on to third parties.

Sendinblue provides analysis tools that make it possible to evaluate the success of the newsletter dispatch. In these evaluations, we are only interested in statistical results, e.g. how many subscribers read our newsletter and which links are followed. You can find further information here: https://de.sendinblue.com/informationen-newsletter-empfaenger/?rtype=n2go

The legal basis for the transmission of your data to Sendinblue is your expressly given consent pursuant to Art. 6 (1)(1)(a) GDPR. Unsubscribing from the newsletter and thus revoking the data processing is possible at any time and can be done either via the provided link in the newsletter, by email to cs@maxda.com or via this link newsletter unsubscribe.

F. Customer Management System / Customer Administration

We use the CRM system of the provider Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany, on the basis of permission to process contractual data pursuant to Art. 6 (1) (b) and our legitimate interest in efficient customer management pursuant to Art. 6 (1) (f) DSGVO. We store here all data that you have transmitted to us for the initiation or conclusion of a contract. The provider also allows us to evaluate this data in static and historical terms. This data remains stored by us as long as we still need it for the processing of the contract or a retention is legally required.

The data you enter is stored on Sendinblue’s servers in Germany. Sendinblue is a German, certified provider, which was selected in accordance with the requirements of the General Data Protection Regulation and the Federal Data Protection Act.

We have concluded an order processing agreement with sendinblue, according to which the latter processes your data only in accordance with our instructions. They are to be protected and not passed on to third parties.

For more information, please visit https://de.sendinblue.com/legal/privacypolicy/ .

G. Use of a trial version

If you request our free trial version, we will process your data to provide you with necessary information, ask about your experience with the software, and introduce you to MAXQDA and the features of the software. The following data will be processed:

  • Contact details (name, e-mail)

After the end of the trial period, your data will be deleted if you do not become a customer. We use this data within the framework of the usage contract of the trial version, Art. 6(1)(b) GDPR.

For the security of our web presence and due to the defense against unwanted, automated access in the form of spam or similar, we use the service “reCAPTCHA” in our interest form for the trial version. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In addition to your IP address, other information may be collected by Google, which is necessary for the offer and guarantee of this service. The legal basis is Art. 6 para. 1 lit. f) GDPR. An adequate level of data protection is ensured by the use of standard contractual clauses of the EU Commission within the meaning of Art. 46 (2) c) GDPR. Google offers further information on the general handling of your user data at https://policies.google.com/privacy.

H. Free offer of digital content

In order to provide you with our downloadable content (books and guides), we collect the following personal data from you:

  • Contact details (name, e-mail)

This data is processed in order to send you the requested content in a personalised manner. The legal basis for this procession is Art 6(1)(b) GDPR.

I. Online shop

When you visit our online shop or order products and services from VERBI, you leave the VERBI website and access the website of our reseller cleverbridge GmbH. All services, orders and enquiries on this page, i.e. in the “shop”, are subject to the data protection declaration of cleverbridge GmbH.

J. Online forum

We also provide a support forum on our website. To actively use the forum, you have to register. The data you provide will only be used for the purposes of the forum and will not be passed on to third parties. The basis for the storage of your data is the conclusion of the user contract pursuant to Art. 6(1)(b) GDPR. Deleting your user account and thereby your associated data is possible at any time.

K. Registrations for meetings/conferences

If you register for one of our events, we process the data provided for the purpose of organizing the event.

For the organization of the event we use the service Hopin, which is offered by Hopin Ltd, 5 Churchill Place, 10th Floor, London, E14 5HU, UK. Hopin’s privacy policy can be viewed here: https://de.hopin.com/legal/privacy

We use this data in the context of the implementation of the event, Art. 6 para. 1 lit. b DSGVO.

L. Processing in third countries in general

Unless and insofar as otherwise stated above, the processing of your personal data in countries outside the European Union (EU) or the European Economic Area (EEA) is carried out exclusively on the basis of the legal requirements pursuant to Article 44 GDPR. In the present case, this is exclusively the case either on the basis of an adequacy decision of the European Commission (Art. 45 GDPR) and/or on the basis of appropriate guarantees (Art. 46 GDPR).

M. General storage time

In general, personal data is only stored for as long as is necessary to fulfil the purpose of the data collection or to comply with the respective statutory retention period. After the purpose ceases to exist or the period expires, the data is deleted.

N. Data subject rights

Insofar as we have processed personal data from you, you are a data subject within the meaning of the GDPR and you are entitled to the following rights:

  1. Art. 15 GDPR – You can request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.
  2. Art. 16 GDPR – You can immediately request the correction of inaccurate or incomplete personal data stored by us.
  3. Art. 17 GDPR – You may request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
  4. Art. 18 GDPR – You can request the restriction of the processing of your personal data,
    • • as far as the correctness of the data is disputed by you,
    • • insofar as the processing is unlawful, but you object to its deletion and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims
    • • or insofar as you have objected to the processing in accordance with Art. 21 GDPR.
  5. Art. 20 GDPR – You may receive your personal data that you have provided to us in a structured, common and machine-readable format or request that it be transferred to another controller.
  6. Art. 7 (3) GDPR – You can revoke your consent once given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future.
  7. Art. 77 GDPR – You can complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office for this purpose.

O. Right of objection

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1)(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.

If you would like to make use of your right of revocation or objection, it is sufficient to send an e-mail to the above-mentioned e-mail address.

P. Final provisions

VERBI reserves the right to adapt this data protection declaration at any time so that it complies with the current legal requirements or in order to implement changes to the services in the data protection declaration, e.g. when introducing new services or changes to the website. The new data protection declaration will then apply for all subsequent visits to our website.