Semanux

Privacy Policy

In this privacy policy, we, Semanux GmbH, Abraham-Wolf-Straße 56, 70597 Stuttgart (hereinafter: “Semanux”, “we” or “us”) inform you about the collection of personal data when using our website semanux.com (including all its subdomains, e.g., my.semanux.com; hereinafter just “semanux.com” or “the website”), on which we inform about our company, its offerings and related services.

We take the protection of your personal data very seriously and observe the applicable data protection regulations, in particular the provisions of the General Data Protection Regulation EU 2016/679 (hereinafter: “GDPR”). With the following explanations, we are fulfilling our obligation to inform you transparently about the type, scope, purpose, duration and legal basis of the processing of your personal data.

This data protection declaration has a modular structure and consists of a general part A, which relates to all processing situations in connection with semanux.com, and special parts B to G, which relate to specific processing situations that are described in more detail there. An overview of the subdivision of this data protection declaration can be found in the following table:

PartDesignationContents
AGeneralTerminology, controller, contact details, processing principles, rights of data subjects
BUse of the WebsiteDescription of data processing as part of the use of the website
CWeb AnalyticsDescription of data processing as part of website analytics (type of data, purpose, legal basis, storage period, transfer to third parties)
DContactDescription of data processing as part of using the contact form (type of data, purpose, legal basis, storage period, transfer to third parties)
ESemanux AccountDescription of data processing as part of creating or signing in to a Semanux Account (type of data, purpose, legal basis, storage period, transfer to third parties)
FPurchases and SubscriptionsDescription of data processing as part of purchasing or subscribing to our products and services
GEmail NewsletterDescription of data processing as part of our email newsletter (type of data, purpose, legal basis, storage period, transfer to third parties)

The following terms used in this privacy policy have the meanings set out below according to the definitions used in the GDPR:

  • “Personal data” (Article 4(1) GDPR) is any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity characteristics. The identifiability can also be provided by linking such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant (photo, video or sound recordings can also contain personal data).
  • “Processing” (Article 4(2) GDPR) means any process in which personal data is handled, whether with or without the help of automated (i.e., technology-based) procedures. In particular, this includes collecting (i.e., acquiring), recording, organizing, arranging, storing, adapting or changing, reading out, querying, using, disclosing through transmission, distribution or other provision, comparison, the linking, the restriction, the deletion or the destruction of personal data as well as the change of an objective or purpose on which the data processing was originally based.
  • “Controller” (Article 4(7) GDPR) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • “Third party” (Article 4(10) GDPR) means any natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons, who under the direct responsibility of the person responsible or the processor, are authorized to process the personal data; this also includes other corporate legal entities.
  • “Processor” (Article 4(8) GDPR) means a natural or legal person, public authority, agency or another body which processes personal data on behalf of the controller, in particular in accordance with their instructions (e.g., an IT service provider). In terms of data protection law, a processor is in particular not a third party.
  • “Consent” (Article 4(11) GDPR) of the data subject means any freely given, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Insofar as we alone or jointly with others determine the purposes and means of processing your personal data, we are the controller for the processing of your personal data in accordance with Article 4(7) GDPR.

Our contact details:

Semanux GmbH
Abraham-Wolf-Strasse 456
70597 Stuttgart
Germany

According to the principles of applicable data protection law, any processing of personal data is generally prohibited and only permitted if the processing falls under at least one of the following justifications:

  • Article 6(1)(a) GDPR (“Consent”): If the data subject has freely given a specific, informed and unambiguous indication of his or her wishes, by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of his or her personal data for one or more specific purposes;
  • Article 6(1)(b) GDPR: If the processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contact;
  • Article 6(1)(c) GDPR: If the processing is necessary compliance with a legal obligation to which the controller is subject (e.g., a statutory retention obligation);
  • Article 6(1)(d) GDPR: If the processing is necessary to protect the vital interests of the data subject or another natural person;
  • Article 6(1)(e) GDPR: If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or
  • Article 6(1)(f) GDPR (“Legitimate Interests”): If the processing is necessary to protect legitimate (in particular legal or economic) interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (in particular where the data subject is a child).

For the respective processing carried out by us, we indicate below the respective applicable legal basis. Processing can also be based on several legal bases. It is then justified until the conditions of the last relevant legal basis are no longer met.

For the processing we carry out, we state below how long the data will be stored by us and when it will be deleted or blocked.

If no explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies. In principle, your data will only be stored on servers in Germany, subject to a possible transfer according to the regulations in the special parts of this data protection declaration.

However, storage can take place beyond the specified time, for example if storage is provided for by legal regulations to which we are subject as the responsible body (e.g., Section 257 of the German Commercial Code (Handelsgesetzbuch, HGB), Section 147 of the German Fiscal Code (Abgabenordnung, AO)). If the storage period provided for in the statutory provisions expires, the personal data will be blocked or deleted, unless further storage by us is necessary and can still be supported by a legal reason.

We use appropriate technical and organizational security measures to protect your data against accidental or intentional unauthorized manipulation, partial or complete loss, destruction or against unauthorized access by third parties, taking into account the state of the art, the implementation costs and the type, the scope, the context and purpose of the processing and the risks of a data breach (including its likelihood and impact) for the data subject. Our security measures are continuously improved in line with technological developments.

We will be happy to provide you with more detailed information on request. Please contact us using the contact details given in A.2.

We use external service providers as processors to process our business transactions and provide our services. They act exclusively according to our instructions and are contractually obliged (Article 28 GDPR) to comply with data protection regulations.

To provide the services described in parts B to G, in which the software from your end device establishes an Internet connection with one of our (virtual) servers and exchanges data, we use the hosting services of the provider netcup GmbH, Daimlerstraße 25, 76185 Karlsruhe, Germany (hereinafter: “netcup”). Your data will be processed as part of the hosting services. Specifically, netcup records the time and type of connection, your IP address and the address of the service called up by the software on the server, which is technically necessary. Furthermore, netcup records this data in log files, which are automatically deleted after 14 days. You can find out more about data processing by netcup from netcup's privacy policy. The data processing serves to display and run the software and to carry out troubleshooting, analyzes of the utilization of our systems and to ward off cyber attacks. In individual cases, we can link the data recorded via netcup with other data for manual error analysis. The legal basis for data processing is Article 6(1)(f) GDPR (Legitimate Interests). The data is stored for as long as is necessary to fulfill the purpose.

As part of the granting of the use of our software, it may happen that your personal data is transmitted to other companies that we commission as service providers in the course of providing our services. These may also be located outside the European Economic Area (“EEA”), i.e., in third countries. Such processing is only carried out for the performance of contractual and business obligations, to maintain your business relationship with us or on the basis of another legitimate interest as described in this privacy policy. We will inform you about the respective details of the data exchange with companies in third countries in the appropriate places in the special part of this data protection declaration.

The European Commission certifies that some third countries have a level of data protection comparable to the EEA standard through so-called adequacy decisions (list of these countries and copies of the adequacy decisions). In other third countries to which personal data can be transmitted, however, there cannot be a uniformly high level of data protection due to the lack of legal regulations. If this is the case, we ensure that data protection is adequately guaranteed. This is possible through binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct in connection with appropriate technical measures. Please contact us using the contact details given under A.2 if you would like further information on this.

We do not intend to use the personal data collected from you for automated decision-making processes (including profiling).

We are not subject to any special legal or contractual obligations to pass on the processed personal data to third parties.

We do not make contracts with us conditional on you providing us with personal information in advance. As a user, you are also not legally or contractually obliged to provide us with your personal data; however, it may be that we can only provide certain services to a limited extent or not at all if you do not provide us with the necessary data. If this should exceptionally be the case within the scope of our services and activities to be provided to you, you will be informed of this.

You can exercise your rights as a data subject with regard to your processed personal data at any time using the contact details given under A.2. You can also lodge a complaint about the processing of your personal data with a data protection authority.

As a data subject, you have the following rights:

  • Right of access (Article 15 GDPR): You are entitled at any time to demand confirmation from us within the scope of Article 15 GDPR as to whether we are processing personal data relating to you; if this is the case, you are also entitled under Article 15 GDPR to obtain information about this personal data and certain other information (including processing purposes, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of an automated decision-making and, in the case of third-country transfers, the appropriate safeguards) and to receive a copy of your data. The restrictions of Section 34 of the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) apply.
  • Right to rectification (Article 16 GDPR): You have the right to demand that we rectify the personal data stored about you if it is inaccurate or incorrect.
  • Right to erasure (Article 17 GDPR): You are entitled, under the conditions of Article 17 GDPR, to demand that we delete personal data concerning you immediately. The right to deletion does not exist, among other things, if the processing of the personal data is required, for example, to fulfill a legal obligation (e.g., statutory storage obligations) or to assert, exercise or defend legal claims. In addition, the restrictions of Section 35 of the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) apply.
  • Right to restriction of processing (Article 18 GDPR): You are entitled, under the conditions of Article 18 GDPR, to require us to restrict the processing of your personal data.
  • Right to data portability (Article 20 GDPR): You are entitled, under the conditions of Article 20 GDPR, to demand that we provide you with the personal data that you have provided to us in a structured, common and machine-readable format hand over.
  • Right of revocation (Article 7(3) GDPR): You can revoke your consent to the processing of personal data at any time. Please note that the revocation only applies to the future. Processing that took place before the revocation is not affected. An informal notification, e.g., by email, to us is sufficient to declare the revocation.
  • Right to object (Article 21 GDPR): You are entitled to object to the processing of your personal data under the conditions of Article 21 GDPR, so that we must stop processing your personal data. The right to object only exists within the limits provided for in Article 21 GDPR. In addition, our interests may conflict with the termination of processing, so that we are entitled to process your personal data despite your objection. We will take into account any objection to any direct marketing measures immediately and without reconsidering existing interests.
  • Right to lodge a complaint (Article 77 GDPR): You are free to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR regarding the processing of your personal data by us. As a rule, you can contact the supervisory authority at your usual place of residence or our registered office (The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg, Lautenschlagerstraße 20, 70173 Stuttgart, Germany, T: +49 711 615541‑0, F: +49 711 615541‑15, Email: poststelle@lfdi.bwl.de).

Services and products by Semanux have a minimum age limit in each country or region. They are not directed to children whose age:

  • is under the age of 14 years,
  • makes it illegal to process their personal data, or
  • requires parental consent to process their personal data

We do not knowingly collect or use personal data from children under the applicable age limit. If you're under the age limit, do not use the services and products by Semanux, and do not provide any personal data to us. If you become aware that a child under the age limit has provided personal data to Semanux, contact us.

If we learn that we've collected the personal data of a child under the applicable age limit, we'll take reasonable steps to delete the personal data. This may require us to delete the Semanux account for that child.

We reserve the right to make changes to this privacy policy.

When we make material changes to this privacy policy, we will provide you with prominent notice as appropriate under the circumstances. For example, we display a prominent notice within the mySemanux section of our website or send you an email.

This data protection declaration is valid from September 2023.

In general, browsing semanux.com and reading the contents provided on it is possible without any processing of your personal data.

When visiting the website for the first time, we attempt to display its contents in your preferred language. We do this by following your language preferences as your web browser reports them to us. At any time, you may change the selected language via the language drop-down.

Your language preference/selection does not constitute personal data by itself.

Should you choose the change the detected language, this choice is recorded within your web browser in the cookie i18n_redirected (first-party persistent cookie with a duration of 365 days). This is cookie is necessary to enable the functionality of remembering your language selection on subsequent visits.

We use the open source web analytics software Matomo to measure, collect, analyze and report visitor data. To this end, when you visit the website, Matomo records pseudonymized usage data of your visit. In particular, the following is recorded: cookies, the first half of the IP address, a randomly-generated user ID, date and time, title of the page being viewed, URL of the page being viewed, URL of the page that was viewed prior to the current page, your screen resolution, time in your local timezone, files that were clicked and downloaded, link clicks to an outside domain, page generation time, a non-precise estimate of your location based on your IP address (country, region, city), main language of your browser, and the user agent of your browser. This type of data allows us to view all of your actions during a single visit of our website grouped together during analysis. The data does not allow us or anyone else to identify the natural person that did visit the website, nor does it allow to re-recognize a visitor as being the same as an earlier one during later visits to our website.

Processing your web analytic data is helping us identify what is working and what is not on our website. For example, it helps us identify if the way we are communicating is engaging or not and how we can organize the structure of the website better. Our team is benefiting from the processing of your personal data, and they are directly acting on the website. By processing your personal data, you can profit from a website which is getting better and better.

Without the data, we would not be able to provide you the service we are currently offering to you. Your data will be used only to improve the user experience on our website and help you find the information you are looking for.

The data processing takes place on the basis of Article 6(1)(f) GDPR, insofar as our legitimate interests are not outweighed by your interest in the protection of your personal data.

You can opt-out of the data collection by Matomo at any time, after which no data is recorded about your usage of the website anymore. Your opt-out is stored in your web browser in the form of two cookies: MATOMO_SESSID (first party session cookie, deleted when you quit your browser) and matomo_ignore (first party persistent cookie with a duration of 30 years). These cookies are necessary to enable the functionality of remembering your opt-out.

The data will be stored for as long as is necessary to achieve the stated purposes.

On our contact form, you have the option to send us a message. We store your email address, your name (optional), and the message you enter.

The personal data that you send us will be stored by us in order to take note of your message, to carry out any actions required by your message and to contact you in order to answer your message.

The processing takes place with your consent in accordance with Article 6(1)(a) GDPR. Furthermore, when contact is made with regard to a contractual relationship, processing takes place on the basis of Article 6(1)(b) GDPR if you contact us in connection with an existing contract or a contract that you wish to conclude with us.

The data will be stored for as long as is necessary to achieve the stated purposes.

In the mySemanux area of our website, you have the option to create a Semanux account, to sign in to an existing Semanux account and to purchase or subscribe to our products and services.

When creating a Semanux Account, we collect your email address, your language preference, a voucher code (optional), the versions of this privacy policy and our terms of service we displayed to you, and whether you wish to subscribe to our newsletter (see part G) and store them in our database. Via the stated email address, we then ask you to confirm your email address and to set a password, which we record in our database.

When signing in to an existing Semanux account, we check whether a given combination of email address and password exists within our database. During this, a “hashed” identification feature of your web browser (your browser's user agent, language, and color depth) is collected and associated with your sign in. “Hashed” here means the use of a so-called one-way function that converts the identification feature into a unique character string which, according to the current state of the art, can no longer be converted back into the identification feature. It is therefore not possible for anyone to draw conclusions about the identification feature itself.

The data processing serves to allow you to create and sign in to a Semanux account. This allows you to purchase or subscribe to our products and services.

The processing takes place with your consent in accordance with Article 6(1)(a) GDPR. Furthermore, when you indicate wanting to purchase or subscribe to our products and services, processing takes place on the basis of Article 6(1)(b) GDPR.

The data will be stored for as long as is necessary to achieve the stated purposes.

All purchases and subscriptions made through the website are processed by the third party payment processor, Paddle.com Market Limited of Judd House, 18-29 Mora Street, London, EC1V 8BT, United Kingdrom (hereinafter: “Paddle”). Paddle may ask you for personal and/or non-personal information, such as your name, address, email address, credit card information, or other personal data. Please refer to Paddle's privacy policy for information on their collection and use of personal data. Semanux does not control Paddle or its collection or use of information. Any questions or concerns about Paddle’s practices should be directed to Paddle.

Paddle provides us with certain non-personal information relating to purchases and subscriptions made by visitors to the Website. The non-personal information may include details of the purchase such as the date, amount paid, and product purchased. The non-personal purchase information may be linked to the personal data you provide to us (see part E). Paddle does not supply us with any of your other personal data such as your name, street address, or credit card information.

We offer the opportunity to subscribe to our newsletter, in which we regularly inform about our new products and services as well as developments within our company. From time to time, the newsletter also contains special offers and surveys that allow you to help shape Semanux. We usually deliver our newsletter once a month to our subscribed users via email.

To subscribe to our newsletter, we collect and store your email address. To confirm your subscription, we use what's known as a double opt-in procedure, which means that we will only send you newsletters by email if you click on a link in our confirmation email to confirm that you are the owner of the email address provided. If you confirm your email address, we will store your email address, the time of registration and the IP address you used when registering until you unsubscribe from the newsletters.

You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. It is of course also sufficient if you notify us (e.g. by email or letter) using the contact details provided above or in the newsletter.

The sole purpose of storing this data is to be able to send you the newsletters and document the fact that you registered.

The processing takes place with your consent in accordance with Article 6(1)(a) GDPR.

The data will be stored for as long as is necessary to achieve the stated purposes.