We are glad to see you are using a Haufe Group app. Protecting your personal data is very important to us. This privacy policy statement provides information about the handling of your personal data and your rights while using our app.

1. About us: We,
   Haufe-Lexware GmbH & Co. KG
   a Haufe Group company
   Munzinger Straße 9
   79111 Freiburg (Germany)
   Email: htm-support@haufe.com
   
   as the controller defined by the EU General Data Protection Regulation (hereinafter referred to as GDPR), we are responsible for protecting your personal data. Our data protection officer, Raik Mickler, will be happy to assist you with any questions you may have about data processing, your rights, or this privacy policy statement in general. Please contact him directly at dsb@haufe-lexware.com.
2. What type of data is being processed during the use of our app? This section explains what type of data is being collected during the use of our app and why this data is being processed. We explain the legal basis as well as your options for controlling the collection and processing of the data. This also includes the deletion of the data.
   1. Log files
      1. Data collected:
      2. When you download or use the app for the first time, your browser automatically sends the following data to us:
3.    
   • Your IP address
   • Device type
   • Web browser (version, type)
   • The operating system used on your device
   • The date and duration of your visit.
4.  
   1. We record any IP addresses that are used for malicious behavior (DDoS attacks, brute force attacks, etc.) and block their access.
5.  
1. Purpose for the processing of this data:
2. Temporary storage of this data is necessary to download the app to your device and to ensure that the app functions properly. We also use this data to compile statistics about how our app is used. In addition, this data is collected to track and prevent unauthorized access to our systems and any improper use of the app, and to secure our information technology systems.
6.  
1. Legal basis:
2. Data is processed for the purposes of our legitimate interests in complinance with Article 6 (1)(f) GDPR, Lawfulness of processing. It is in our legitimate interest to achieve the objectives described above and to ensure the security of our systems.
7.  
1. Storage period and control options:
2. The data is deleted when it is no longer needed to achieve the described purposes. Log files are deleted after a maximum of 90 days, unless data has to be stored for a longer period of time due to malicious behavior in order to ensure network security.
8. Third-party tracking technologies
   Web analytics service:
1. Data collected:
2. We use a web analytics service in our software. It collects anonymous usage information from end users, information for error analysis and diagnostics, and information about how users use the software, functions and devices. Content is not recorded. In addition to the general user information within the software solutions, technical data such as the browser or device data will also be collected.
9.  
1. The usage information collected by the web analytics service is then transferred in anonymized form only to the server of the Licensor and saved there for analytical purposes. All diagnostics data shall be transmitted exclusively to the Licensee and the Licensor, and in no case to third parties.
10.  
1. Purpose for the processing of this data:
2. We use the web analytics service to optimize our app and adapt it to our users’ needs.
11.  
1. Storage period and control options:
2. The web analytics service stores this data and anonymizes it regularly.

1. What rights do you have and how can you exercise them?
   1. Revocation of consent
      If you have consented to the processing of your personal data, you can revoke that consent at any time with future effect. Note that such revocation has no effect on the legality of previous data processing, and that it does not extend to data processing for which a statutory justification exists, and which may therefore take place even without your consent.
2. 1. Additional rights of data subjects
      In addition, you have the following rights as a data subject under Articles 15 to 21, and Article 77 of the EU General Data Protection Regulation (GDPR), provided that the statutory requirements are met:
      1. Information:
      2. At any time, you can request that we provide you with information as to which of your personal data we process , how we process it, and that we provide you with a copy of the stored personal data that relates to you, Art. 15 GDPR.
   2. 1. Correction:
      2. You can request the correction of incorrect personal data and the completion of incomplete personal data, Art. 16 GDPR.
   3. 1. Deletion:
      2. Regarding deletion of your personal data: Please note that the right to deletion excludes data that we require for the execution and processing of contracts, and for the assertion, exercise and defense of legal claims, as well as data for which statutory, regulatory or contractual retention requirements apply, Art. 17 GDPR.
   4. 1. Restriction of processing::
      2. Under certain circumstances, you may request that processing be restricted, e.g. if you believe that your data is incorrect, that the processing of your data is unlawful, or if you have objected to the processing of your data. The result of such a request is that your data may only be processed to a very limited extent without your consent, e.g. for the assertion, exercise and defense of legal claims or to protect the rights of other natural and legal persons, Art. 18 GDPR.
   5. 1. Objection to data processing:
      2. You have the option to object at any time to data processing for purposes of direct advertising. In addition, if special reasons apply, you can object at any time to data processing on the basis of a legitimate interest, Art. 21 GDPR.
   6. 1. Data portability:
      2. You have the right to receive the data that you have provided to us, and that we process based on your consent or in order to fulfill a contract, in a common, machine-readable format and, to the extent that this is technically feasible, to request that this data be transmitted directly to third parties, Art. 20 GDPR.
   7. How to contact us You can exercise your rights via the following contact channels: Haufe Group
      Mr. Raik Mickler
      Data protection officer
      Munzinger Straße 9
      79111 Freiburg (Germany)
      Email: dsb@haufe-lexware.com
3. Right of appeal to a regulatory authority If you believe, for example, that our data processing is unlawful or that we have not protected the rights described above to the required extent, you have the right to file a complaint with the competent data protection authority.

Revision: January 2020