Below we inform you about the processing of personal data in connection with the use of the inPuncto Ticket Support Portal.

I. General Information

1. Controller

Name and address of the controller:

inPuncto GmbH
Fabrikstr. 5
73728 Esslingen
Germany
Phone: +49 (0)711 / 66188500
E-mail: kontakt@inpuncto.com
Website: www.inpuncto.com

Name and address of the Data Protection Officer:

Jürgen Müller
Am Kirchert 6
72622 Nürtingen
Germany
Phone: +49 (0)173 3115137
E-mail: juergen.mueller@dsb-mueller.com

2. Hosting / Data Processing Agreement

The ticket system is operated on a server located in Germany. A data processing agreement pursuant to Art. 28 GDPR has been concluded with the hosting service provider. No data is transferred to third countries. Communication with the ticket system takes place via a TLS-encrypted connection.

II. Provision of Access to the inPuncto Ticket Support Portal

1. Description and scope of data processing
The inPuncto Ticket Support Portal is used for exchanging information with customers and partners.

Controller
Responsibility lies with inPuncto and, where applicable, with the customer/partner for the data that they themselves have provided on the Ticket Support Portal.

Scope of processing
As a matter of principle, we process personal data of our users only insofar as this is necessary to provide and exchange software and data between inPuncto and the customer/partner via a functional and secure web interface.

The following personal data is processed in order to operate internal user management:

(1) Username
(2) Password upon initial account creation
(3) Files, attachments, and ticket content submitted by the user

2. Legal basis for data processing

Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.

Where processing of personal data is necessary to comply with a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis (e.g. statutory retention obligations under tax law).

Where processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and such interests are not overridden by the interests, fundamental rights, and freedoms of the data subject, Art. 6(1)(f) GDPR serves as the legal basis.

Documentation in the event of contractual disputes

Where processing is necessary for the purposes of legitimate interests and these are not overridden by the rights of the data subject, Art. 6(1)(f) GDPR serves as the legal basis.

Technical administration of the portal

• Storage of login data to enable access.
• Protection against unauthorized access (IT security).

Customer support and communication

• Processing of contact data, support requests, and service history in order to handle requests efficiently.
• Tracking of open tickets to ensure customer satisfaction.

Security monitoring

• Detection of misuse, attempted fraud, or hacker attacks.

3. Purpose of data processing

Support requests and concerns from customers or partners are coordinated and processed via the Ticket Support Portal. Contractors provide information on requests via the web interface, including relevant documents, for the purpose of fulfilling the contract, in particular:

• Processing support requests
• Providing login access
• Invoicing, etc.
• Notifications about security patches, new features, important information regarding software usage, etc.

4. Duration of storage

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. 
Since the tickets are also used for billing customers, the statutory retention period under the German Fiscal Code (Abgabenordnung) is at least 10 years (§ 147 AO).

5. Right to object and removal option
The processing of personal data is necessary for the performance of the contract; therefore, there is no right to object or removal option in this regard. With respect to processing based on legitimate business interests, you have the right to object.

III. Erstellung von Logfiles

1. Beschreibung und Umfang der Datenverarbeitung

Each time the inPuncto Support Portal is accessed, the system automatically collects data and information from the computer system of the accessing device.

The following data is collected:
(1) Information about the browser type and version used
(2) The user’s operating system
(3) The user’s IP address
(4) Date and time of access

This data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6(1)(b) GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary in order to deliver the website to the user’s device. For this purpose, the user’s IP address must remain stored for the duration of the session. Log files are stored to ensure the functionality of the system. The data also serves to optimize the Ticket Support Portal and to ensure the security of our IT systems. This data is not evaluated for marketing purposes in this context. These purposes also constitute our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collected to provide the inPuncto Ticket Support Portal, this is the case when the respective session has ended. The controller processes and stores personal data of the data subject only for the period necessary to achieve the storage purpose, or insofar as this is provided for by the European legislator or another legislator in laws or regulations to which the controller is subject. If the storage purpose no longer applies or a statutory retention period expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.

5. Right to object and removal option
The collection of data for the provision of the Ticket Support Portal and the storage of the data in log files is strictly necessary for the operation of the system. Therefore, the user has no right to object.

IV. Use of Cookies

1. Description and scope of data processing
The inPuncto Ticket Support Portal uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the website is accessed again.

The portal uses the following cookies:

• Essential cookies (technically required)

We use a technically necessary session cookie to maintain the user’s session while using the portal. It contains a randomly generated ID and is deleted when the browser is closed. The cookie is required to ensure the functionality of the portal.

First-Party-Cookies „PHPSESSID“

2. Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6(1)(f) GDPR.

3. Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our portal cannot be offered without the use of cookies. For these functions, it is necessary that the browser can be recognized even after a page change. The user data collected through technically necessary cookies is not used to create user profiles. These purposes also constitute our legitimate interest in the processing of personal data pursuant to Art. 6(1)(f) GDPR.

4. Duration of storage and right to object / removal option

Cookies are stored on the user’s device and transmitted by the user to our Ticket Support Portal. Therefore, as a user you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies for the inPuncto portal are disabled, it may no longer be possible to fully use all functions of the portal.

5. Rights of data subjects

If personal data relating to you is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

Right of access:
You may request confirmation as to whether personal data concerning you is being processed by us. You have the right of access to such data, as well as to further information and a copy of the data in accordance with statutory requirements.

Right to rectification:
You have the right to rectification and/or completion vis-à-vis the controller if the personal data concerning you is inaccurate or incomplete.

Right to erasure and restriction of processing:
You may request that data concerning you be deleted without undue delay, or alternatively request restriction of processing in accordance with statutory requirements.

Right to be informed:
If you have asserted your right to rectification, erasure, or restriction of processing, the controller is obliged to notify all recipients to whom the personal data concerning you has been disclosed of such rectification, erasure, or restriction, unless this proves impossible or involves disproportionate effort.

Right to withdraw consent:
You have the right to withdraw any consent given with effect for the future.

Right to object:
You may object to the future processing of your data in accordance with statutory requirements at any time. The objection may in particular relate to processing for direct marketing purposes.

Right to lodge a complaint with a supervisory authority:
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg

Office address:
Lautenschlagerstr. 20
70173 Stuttgart

Postal address:
P.O. Box 10 29 32
70025 Stuttgart

Phone.: 0711/615541-0
Fax: 0711/615541-15
E-mail: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de/