Privacy Policy

Preamble

We only pass on your data if this is necessary for performing your contract or if there is any other statutory legitimate reason to do so, and we will ensure that our employees and partners will handle your data just as carefully. Furthermore, we analyze your usage of our platform to improve the usability of our offer and use your contact data for sales approaches – by phone, mail, but also via a newsletter from which you may unsubscribe at any time – but we will comply with the applicable data protection rules and regulations. For details on data use and your rights, among them the rights to access, erasure, withdrawal, and other rights please refer to our Privacy Policy.

1. General Provisions

This Privacy Policy informs the user (“User”) about the collection and processing of personal data in connection with all web pages (hereinafter “Website”) operated by ITscope GmbH, (hereinafter “ITscope”) and the web applications and services provided by ITscope (hereinafter “Platform”).

This Privacy Policy describes the handling of the following data types:

a) Data generated by visiting the Website without registration

b) Data processed for the purposes of contract performance or while using the Platform

Collection, processing, and use of personal data

Personal data is collected, processed, and used by ITscope exclusively in accordance with the applicable statutory provisions, including, but not limited to the General Data Protection Regulation (GDPR) and Federal Data Protection Act (BDSG).

Controller and Data Protection Officer

The responsible party for data processing (“Controller”) within the meaning of the European Data Protection Law (GDPR) is:

ITscope GmbH | Durlacher Allee 73 | 76131 Karlsruhe | Germany

E-Mail: sales@itscope.com

You may access our Legal Notice at https://www.itscope.com/en/legal-info/.

Data Protection

The Privacy Policy of ITscope is subject to regular reviews, e.g., due to new technical features in the Platform. The Privacy Policy, as amended, that is provided for download by the User shall apply.

You may contact our Data Protection Officer at:

ITscope GmbH | Durlacher Allee 73 | 76131 Karlsruhe | Germany

E-Mail: privacy@itscope.com

phone: +49 721 627376-0

2. Use of the Website without registration (cookies, web analysis, retargeting)

I. Server logfiles

(1) The web pages can be visited without registration and, thus, also without providing personal data. If the User discloses personal data on the web pages, this will occur on a voluntary basis.

(2) When a User visits our Website, this access is stored in logfiles or log entries on the ITscope server systems in compliance with legal requirements. The following types of data will be collected:

a. Date and time of access to the service;

b. Host name of the accessing computer (IP address);


c. Referrer URL (the previously visited website);


d. User’s browser type and version;


e. User’s screen resolution;


f. User’s operating system;


g. Pages and features accessed by the User;


h. Search term by which the Website was found, e.g., in Google.

(3) ITscope will use the data referred to above based on the legitimate interests of ITscope within the meaning of Art. 6 (1) (f) GDPR, namely statistical analysis and to improve the usability of the Website. This data will not be linked with personal data by ITscope itself nor on behalf of ITscope by a third party. The gathered data will be deleted upon the expiration of a ninety (90) days period.

II. Hosting

(1) (1) This Website is hosted by an external service provider (web host). The personal data collected on this Website is stored on the web host’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contact details, names, web page accesses, and other data generated by a website. In order to ensure data processing in compliance with data protection rules and regulations, we have concluded a contract for data processing with our web host.

III. Use of cookies

Our Website uses so-called cookies. Cookies are small text files that are stored on the User’s computer when a website is called up. Cookies help to make websites more comfortable, more efficient, and safer. Since these are text-only files, cookies cannot contain viruses or other malware. Most browsers offer the option of displaying a warning before a cookie is saved, of refusing to accept cookies altogether, and/or of deleting existing cookies.

We use cookies for different purposes and with different functions. We differentiate between whether the cookie is technically essential, for example, to provide the convenience and performance of our Website, or whether it was placed by our Website itself or by third parties to display personalized content or advertising to you. Furthermore, we use statistical cookies to better understand how visitors use our Website, as well as cookies for external media which are blocked by default, for example to display the content of video platforms.

We use certain cookies because they are essential for our Website and its functionality to work properly (“Essential” cookies). These cookies are placed automatically when you access our Website or a certain function, unless you have prevented cookies from being placed by making the appropriate settings in your web browser.

In contrast, cookies that are not absolutely essential are placed to display advertising (“Marketing”). In order to achieve an optimum Website design, we use non-essential analysis cookies (“Statistics”). In order to ensure that content from video and social media platforms is fully accessible, we also place cookies that are non-essential (“external media”).

In order to make it easier for you to handle cookies on our Website, we have implemented the extended cookie banner “Borlabs Cookie” created by Borlabs. The cookies required for the functionality of the web pages and the services offered are pre-set. Data processing is therefore carried out to safeguard our legitimate interests pursuant to Art. 6 (1) (f) GDPR. We have a legitimate interest in the provision and maintenance of our online offer.

By unchecking the box, you can prevent the placing of cookies in the corresponding category (e.g., “Marketing”). However, if you allow us to use personalised advertising (recognition of your page views on our site and those of advertising partners or social media providers such as LinkedIn), we can continue to provide you with personalized information as before, remind you of content you have already viewed and optimize our web pages based on an anonymous analysis of your user behaviour on our web pages and in our services and platforms.

This means, we use Borlabs cookies to give you a quick overview of the cookies used on the Website and to allow you to make your own settings with regard to the placing and use of cookies. Further information about the Borlabs cookie, and the Borlabs privacy policy can be found at the following link: https://de.borlabs.io/datenschutz/. For further information on the categories and the necessary settings please refer to the cookie banner on our Website.

For detailed information on the type, scope, purposes and legal basis of data processing with cookies, please refer to the following descriptions of the individual functions based on the use of cookies. Details on the withdrawal of consent and your right to object to data processing using cookies, please refer to the following paragraph VIII.

IV. Statistics

ITscope uses the following services for web analysis and remarketing as well as their cookies (“Services”) on its Website:

(1) Google Analytics

This Website uses Google Analytics, a service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, to analyse and improve our Platform based on your user behaviour. Your IP address is shortened before the evaluation of the usage statistics so no conclusions can be drawn about your identity. Cookies, i.e., text files that are stored on the User’s computer and allow an analysis of how a User uses a particular website are used for these Services. The information generated by the cookie about the use of the Website or Platform will be transmitted to the servers of the analytical services in the U.S. and stored there. The storage of Google Analytics cookies and the use of this analytics tool are based on Art. 6 (1) (a) GDPR (Consent). For further information on how to manage your consent please refer to the following paragraph VIII.

The User’s IP addresses are anonymized using “anonymizeIp()” or through comparable technical means, or only used to retrieve geodata and not stored by the Services for any other purpose so that it is not possible to associate them with an internet access point or a User. According to Google, Google will not merge the IP address of the User with other Google data.

The Services will use the collected information to analyze the use of the Website, to compile reports on Website activities, and to provide ITscope with other services in connection with the Website used. This information may also be transmitted to third parties if this is required by law or if third parties process this data on behalf of the Services.

We have concluded a data processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics. User and event-level data stored by Google, which is linked to cookies, user IDs (e.g., User ID) or advertising IDs (e.g., DoubleClick cookies, Android advertising ID), is anonymized or deleted after 14 months. Please click on the following link for details: https://support.google.com/analytics/answer/7667196?hl=de

The privacy policy can be retrieved from https://policies.google.com/?hl=de.

V. Advertising

The following services process your data based on your consent (pursuant to Art. 6 (1) (a) GDPR). For further information on how to manage your consent please refer to the following paragraph VII.

(1) Google Analytics Remarketing

This Website also uses Google Analytics Remarketing in conjunction with the cross-device features of Google Ads and Google DoubleClick. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. This feature allows us to link the advertising audiences created with Google Analytics Remarketing to the cross-device capabilities of Google Ads and Google DoubleClick. This way, interest-based, personalized advertising messages that have been customized for you based on your past usage and browsing habits on one device (e.g., mobile phone) can be displayed on another of your devices (e.g., tablet or PC). If you have granted your consent, Google will connect your web and app browsing history with your Google Account for this purpose. This way, the same personalized advertising messages to be displayed on any device on which you log into your Google Account. To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to help us define and create audiences for cross-device advertising. You may opt-out of cross-device remarketing/targeting permanently by disabling personalized advertising; just click on the following link: https://adssettings.google.com.

(2) Google Ads und Google Conversion Tracking

This Website uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. As part of Google Ads, we use what is known as conversion tracking. When you click on an ad placed by Google, a conversion tracking cookie is placed. Cookies are small text files that the web browser places on the user’s computer. These cookies expire within 30 days and are not used to personally identify Users. If the User visits certain pages of this Website and the cookie has not expired, Google and we may recognize that the User clicked on the ad and was redirected to this page.

Each Google Ads customer receives a unique cookie. The cookies cannot be tracked on the websites of Google Ads customers. The information collected through the conversion cookie is used to compile conversion statistics for Google Ads customers who have opted-in to conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive information that personally identifies users. If you do not wish to be tracked, you can easily opt-out of this service by disabling the Google Conversion Tracking cookie in the user preferences of your web browser. You will then not be included in the conversion tracking statistics.

(3) LinkedIn Insight Tag

On our web pages we use the so-called Insight Tag of the LinkedIn social network. This is offered by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, U.S. (hereinafter “LinkedIn”). The LinkedIn Insight tag is a small JavaScript code snippet that we have added to our Website.

The LinkedIn Insight tag allows us to collect information abo
ut visits to our Website, including URL, referrer URL, IP address, device and browser characteristics, timestamps, and page views. This data is encrypted, anonymized within seven days, and the anonymized data is deleted within 90 days. This technology allows us to generate reports on the performance of our advertisements and information on website interaction. To do this, the LinkedIn Insight tag is embedded in this Website, which connects to the LinkedIn server when you visit this Website while you are logged into your LinkedIn account.


The LinkedIn Insight tag is used for the purpose of providing detailed campaign reporting and information about visitors to our Website. We use the LinkedIn Insight tag to track conversions, retarget our Website visitors, and gather additional information about the LinkedIn members who view our ads. For details about data collection (purpose, scope, further processing, use) and your rights and preferences, please refer to the LinkedIn privacy policy. LinkedIn provides this document at
https://www.linkedin.com/legal/privacy-policy.

You can disable the LinkedIn Insight tool and interest-based advertising by opting out at
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

(4) HubSpot

(1) Our Website uses the services of HubSpot for various reasons. HubSpot is an U.S. software company with a subsidiary in Ireland. Contact details: HubSpot, 2nd floor, 30 North Wall Quay, Dublin 1, Ireland, phone: +353 1 5187500.

(2) HubSpot is an integrated software solution that we use to cover several aspects of our online marketing, including:

(3) Email marketing, social media publishing & reporting, reporting, contact management (e.g., user segmentation and CRM), and landing pages. In addition, we use HubSpot for providing contact forms. For further information please refer to section 3 (III) “Forms”.

(4) For further information on the topics above, please refer to the relevant explanations regarding the specific online marketing activities for which we hereby provide further additional information:

(5) We use the gathered information only for the purpose of optimizing our marketing and advertising activities.

As part of the optimization of our marketing and advertising activities, the following data may be gathered and processed via HubSpot:

a) geographic position

b) browser type

c) domain names

d) viewed pages

e) operating system version

f) internet service provider

g) IP address

h) device ID

i) duration of website visit

j) operating system

k) events that occurred within the application

l) access times

m) device model and version

(6) Data will be stored and further processed on the servers of this service provider. Insofar, HubSpot acts as our data processor and processes data only as instructed by us. For further information on the various types of use please refer to: https://www.hubspot.de/ .

(7) Whenever we request your consent to certain online marketing activities, your consent to data processing is required pursuant to Art. 6 (1) (a) GDPR. To the extent data is processed for the purpose of performing a contract that we entered with you, this is subject to Art. 6 (1) (b) the GDPR. Otherwise, data processing is based on Article 6 (1) (f) GDPR, pursuant to which the processing of personal data is also permissible without the consent from the data subject, where such processing is required for the purposes of the legitimate interests pursued by the controller or a third part, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data. In this regard, we rely on our legitimate interest in direct advertising pursuant to recital 47 of the German GDPR version. Our legitimate interest is based on the fact that specific online marketing activities allow us to ensure the efficiency of the campaigns created by us und an effective use of the allocated funds. Furthermore, you will only receive such advertising that is potentially relevant and interesting to you.

(8) If you do not want HubSpot to collect and process the aforementioned data, you can refuse your consent or revoke it at any time with effect for the future. To do so, simply use the button below and select the section “Marketing.” in the cookie banner. Click on “Show cookie information” to open the list of cookies set. Set the slider with the name “Hubspot” to “Off” and confirm your selection via the button “Save”. Opt-Out

(9) In connection with the processing of data via HubSpot, data may be transmitted to the United States. The security of the transmission is warranted by the so-called Standard Contract Clauses which ensure that a level of security is applied during the processing of personal data that equals the GDPR standard.

(10) Please click this link if you wish to read further information on the HubSpot Privacy Policy: https://legal.hubspot.com/privacy-policy and https://www.hubspot.com/security. Further information on cookies used by HubSpot is available here: https://knowledge.hubspot.com/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser

(5) Use of SalesViewer®technology:

On this website, data is collected and stored for marketing, market research and optimisation purposes using the SalesViewer® technology of SalesViewer® GmbH on the basis of the legitimate interests of the website operator (Article 6, paragraph 1, point (f), GDPR).

For this purpose, a JavaScript-based code is used to collect company-related data and the corresponding use. The data collected with this technology is encrypted via a non-reversible one-way function (so-called hashing). The data is immediately pseudonymised and not used to personally identify the visitor to this website.

The data stored within the framework of SalesViewer will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations.

You can object to the collection and storage of data at any time with future effect by clicking on this link https://www.salesviewer.com/opt-out to prevent the collection of data by SalesViewer® within this website in the future. This places an opt-out cookie for this website on your device. If you delete your cookies in this browser, you must click on this link again.

VI. External media

(1) Google Maps

In our Website we use Google Maps (API), a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Maps is a web service for displaying interactive maps that allows us to visualize geographical information.

As soon as you access those web pages in which maps provided by Google Maps have been embedded, information on your use of our Website is transmitted to Google servers in the United States and stored thereon, including, but not limited to your IP address. This transmission will take place irrespective of the fact whether you have a Google account or are logged in to that account, or whether you do not have a user account. When you are logged in to your Google account, your data may be directly matched with your account.

Data will be processed based on your consent pursuant to Art. 6 (1) (a) GDPR that you may give in our cookie banners. For further information on data protection in connection with the use of Google Maps please refer to the Google website: https://www.google.de/intl/de/policies/privacy/

(2) Embedding of YouTube videos

We have embedded YouTube videos in our Website that are hosted by YouTube, but may be played directly on our Website. YouTube is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google“). By default, this service is deactivated, but may be activated by the user. When you access any page within our Website that includes a YouTube video, general basic data such as your IP address may be transmitted to Google by the embedding technology. Google processes the IP address of the user(s), since it is unable to send the contents to their browsers, unless the IP address is known. When you give your consent to this data transmission to Google, Google’s use of such data is beyond our sphere of control. For example, Google may use pixel tags for statistical or marketing purposes. Pixel tags enable Google to analyze information such as the visitor traffic on this Website and its individual pages. Furthermore, pseudonymized information may also be stored in cookies on the user’s device and, among others, include technical information on the browser and operating system, on referring websites, on the time of the visit, and other details on the use of our online offering. YouTube may store your data in the form of usage profiles and use it for the purposes of advertising, market research, and/or the needs-based design of its services. If you do not wish the gathered and transmitted data to be matched with your YouTube or Google profile, you need to log out of your account prior to viewing the video. The embedding of the YouTube services in our Website is permissible based on your consent pursuant to Art. 6 (1) (a) GDPR which you may give in our cookie banners.

(3) Wistia

We use Wistia plugins to show videos. This service is provided by Wistia, 17 Tudor Street, Cambridge, Massachusetts, U.S. When you visit one of our pages that includes a Wistia player, a connection with the Wistia servers is made. Wistia gathers the following categories of personal information in anonymized form:

• anonymized IP address, including service provider

• access time for the watched video

• details on the video sections watched

• URL of the video(s)

• type of device (stationary, mobile)

• operating system and browser used

When you are in to your Wistia member account, Wistia will match this information with your personal user account on this platform. You may prevent this matching from occurring by logging out of your user account prior to visiting our Website.

Wistia services that are embedded in our Website require your consent pursuant to Art. 6) (a) GDPR which you may give in our cookie banner.

For further information on the use of user data please refer to the Wistia privacy policy (https://wistia.com/privacy).

(4) Google Tag Manager

We have implemented Google Analytics (Universal) via the so-called “Google Tag Manager”. The Google Tag Manager is also a Google product that allows us to manage website tags on a user interface. The Tag Manager is a cookie-free domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If cookies were disabled at the domain or cookie level, this will affect all tracking tags implemented with Google Tag Manager. You can find more information about handling user data here: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

VII. Social Media Plugins

We do not use any social media plugins for data protection reasons. The Website has been linked to our accounts in social networks such as Xing, YouTube, Twitter, and Facebook. When you click on the embedded icons, you will be redirected to the page of the respective provider, i.e., your user data will not be transferred to the respective provider, unless you click on the respective icon. If you are logged into your user profile within the corresponding social network, your user profile will be associated with the visit of our Website when you click on the icon. If you do not want social networks to collect data about this Website, you should log out of the social networks before you visit the Website.

VIII. Note on data processing, withdrawal of opt-in, opt-out option

The User may prevent the storing of cookies by making the appropriate settings in its browser software; however, please note, that in this case you may not be able to use the full functionality of the Website or Platform.

How to withdraw a consent granted (opt-in):

If you have granted your consent to the processing of your data for advertising purposes, for statistical analyses, or for the use of external media and wish to withdraw this consent, please follow the following button. Remove the check mark from the corresponding category (“Marketing”, “Statistics”, “External media”) and click on “save”. Opt-Out

In addition, the User has the following opt-out options:

a. The User may object to the collection of data by Google Analytics with effect for the future, in particular, by installing an opt-out (deactivation) add-on (http://tools.google.com/dlpage/gaoptout) for its web browser.

b. The User can permanently object to Google Remarketing by deactivating personalised advertising in its Google Account via the following link: https://adssettings.google.com

c. The User may object to the use of data for interest-related advertisements on the following web pages: http://optout.networkadvertising.org/, https://adssettings.google.com/

d. You can disable the LinkedIn Insight tool and interest-based advertising by opting out at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

e. You can revoke your consent for the use of your data by HubSpot at any time with effect for the future. Simply use the button below. In the lower section under ‘Cookies & Tracking,’ you will find our cookie banner. Navigate to the ‘Marketing’ section. Click on ‘Show cookie information’ to open the list of set cookies. Move the slider with the name ‘HubSpot’ to ‘Off’ and confirm your selection using the ‘Save’ button.”

Opt-Out *If the link is blocked by a browser add-on, you can find our cookie banner in the lower section under ‘Cookies & Tracking.’

You can revoke your consent for the use of your data by Chatsimple at any time with effect for the future. Simply use the button below. Navigate to the ‘Marketing’ section. Click on ‘Show cookie information’ to open the list of set cookies. Move the slider with the name ‘Chatsimple’ to ‘Off’ and confirm your selection using the ‘Save’ button.

Opt-Out *If the link is blocked by a browser add-on, you can find our cookie banner in the lower section under ‘Cookies & Tracking.’

3. Special features of our Website

In addition to the informational content on our Website, we also offer various services or features which you can use if you are interested. For this purpose, you will generally have to provide additional personal data, which we use to provide the respective service or feature as described below.

I. Online job application

We offer every visitor of our Website the possibility to apply for a job via an online job application form. Alternatively, you may submit your job application by email. For further details on the job application process please refer to our hyperlinked privacy statement for job applicants.

Processing of personal data during the job application process

It is a prerequisite of the job application process that job applicants provide personal data and details to us. These include, but are not limited to: Name(s) and family name, contact details (email, telephone) as well as the cover letter and annexes (CV, certificates, etc.). Furthermore, job applicants can provide us with additional information on a voluntary basis.


Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily shared during the job application process, their processing is also subject to Art. 9 (2) (b) GDPR (e.g., health data, such as severely disabled status or ethnic origin).


All incoming job applications are handled confidentially and only by a small defined group of HR employees and the relevant parties involved in the job application process. The data will not be disclosed to third parties.

Purpose, legal basis, and storage period

We process a candidate’s data only for the purpose and within the scope of the job application procedure in accordance with the legal requirements. Candidate data is processed for the purpose of fulfilling our (pre-)contractual obligations within the scope of the job application procedure in accordance with Art. 6 (1) (b) GDPR (in Germany section 26 BDSG (Federal Data Protection Act) applies additionally). In the event of a successful job application, the data provided by the candidates may be processed by us for the purposes of the employment relationship. If the application for a job offer is not successful, the applicants’ data will be deleted. In the event that the data should still be needed for the enforcement of legal rights after the application procedure has been completed, further data processing may be carried out based on the requirements of Art. 6 GDPR, including, but not limited to the safeguarding of legitimate interests pursuant to Art. 6 (1) (f) GDPR. Our legitimate interest then consists in the assertion or defence of claims. Deletion shall take place no later than within 180 days.

Talent pool

In some cases, we invite candidates to join our talent pool. Admission is only granted on the basis of the applicant’s consent within the meaning of Art. 6 (1) (a) GDPR. All candidates admitted to the talent pool are stored permanently and for the purpose of filling a potential vacancy. Data will only be deleted by ITscope upon request by the individual concerned or if the candidate’s profile does not match the vacancy at a later date. The deletion can be requested by email to jobs@itscope.de without stating reasons.

Notes on the job application form

If available, job applicants can send us their job applications using an online form on our Website. Their data will be encrypted and transmitted to us using state-of-the art procedures. We use software created by Personio (Personio GmbH, Buttermelcherstr. 16, 80469 Munich, Germany
) to transmit job applications via the online form. The Personio privacy policy can be retrieved from https://www.personio.com/privacy-policy/

Note on email job applications

When applying by email, please note that emails are generally not sent in encrypted form and that the job applicants themselves must ensure that they are encrypted. We can, therefore, not accept any responsibility for the transmission path of the job application between the sender and the inbox of our server and therefore recommend our job application form. Personio software is also used to process the email application to facilitate this process.

Withdrawal and deletion of job application

Applicants can demand the deletion of their data at any time without giving any details. In addition, previously granted consent (e.g., talent pool) may be withdrawn with effect for the future. The request for deletion or withdrawal must be emailed to
jobs@itscope.de. The stored data of the applicant will be deleted immediately, unless there is are legal grounds which justify their storage (e.g., an existing employment relationship). In this case, the data will be deleted after the expiration of the applicable retention period.

II. Chatbot

On selected pages, we use the AI-powered chatbot “Chatsimple” provided by Chatsimple (85 Duke St Kitchener, ON N2H0B7, Canada) for communication with you. Chatsimple acts as our data processor, operating according to our instructions and purposes, and utilizes the ChatGPT technology from the provider OpenAI (575 Florida Street San Francisco CA 94110, USA). The data processed by the chatbot is not used for training ChatGPT, improving OpenAI’s services, or similar purposes.

The interaction with the chatbot is voluntary. You alone decide whether and which personal data you disclose about yourself during the chat. When using the chatbot, your inputs in the chat window, your IP address, and possibly usage data (e.g., chat duration, number of interactions) are processed and transmitted to Chatsimple. As long as you do not provide hints about your identity, explicitly share your contact details, or give us your consent, your data remains pseudonymous. This means we will not personally associate it with you as a visitor to our website. To continuously improve the chatbot’s functionality and enable statistical analysis, your data may be pseudonymized or anonymized. Only when you disclose your identity (e.g., if you wish for personal assistance from one of our representatives) or as an existing customer give your consent (e.g., by accepting marketing cookies in our cookie banner on the website) can we personally associate the chat history with you. In these cases, your data may also be stored in our Customer Relationship Management (CRM) system, Pipedrive, provided by Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallinn, and processed through the (marketing) service HubSpot within the legally permissible framework. Acceptance of marketing cookies allows us to process the data collected for advertising purposes, such as sending you interesting updates and information about our company or services based on your individual interests. For more information on the use of HubSpot, please refer to the instructions mentioned above in Section IV. (4).

We kindly request that you refrain from using the chatbot for entries that disclose sensitive data, such as information about your health, disabilities, or religious affiliation, or any information that could allow conclusions regarding such sensitive matters. If we become aware of sensitive data through the chatbot, we will promptly and regularly delete such entries without delay.

The processing and storage of data processed by the chatbot are based on Art. 6 Abs. 1 lit. b DSGVO if your request is related to fulfilling a contract or necessary for pre-contractual measures. In all other cases, the processing is based on our legitimate interest in efficiently handling inquiries directed to us, as well as in the effective and swift processing of user requests and improving our customer communication (Art. 6 Abs. 1 lit. f DSGVO) or on your consent (Art. 6 Abs. 1 lit. a DSGVO), if requested by us.

The data collected via the chatbot is typically deleted after 7 days, unless we exceptionally need it for the aforementioned purposes. In such a case, we promptly delete the data after the purpose has been fulfilled and no further legal basis applies (e.g., if further processing of the data is required or will be required to fulfill a concluded contract). If and as long as legal retention obligations exist, we delete the data only after the expiration of the respective deadlines.

Your data is stored in data centers in Germany. While using the chatbot, we cannot rule out data transmission to countries outside the European Union (EU) or the European Economic Area (EEA), especially to the USA and Canada. For these cases, it is ensured that data transmission is either based on an adequacy decision by the European Commission (especially for Canada) or on suitable guarantees, such as standard contractual clauses concluded with Chatsimple.

III. Contact forms, request by email and telephone

If you send us inquiries via the contact form, your details from the contact form, including the contact data you provide therein, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent. The same applies to inquiries received by email or telephone.

This data is processed based on Art. 6 (1) (b) GDPR, if your request is related to the performance of a contract or is necessary for performing pre-contractual tasks. In all other cases, processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 (1) (f) GDPR), or on your consent (Art. 6 (1) (a) GDPR), provided that it had been obtained.


The data you enter in the contact form will remain with us until you request us to delete it, withdraw your consent to storage, or the purpose for which the data had been stored no longer applies (e.g., after your request has been fully processed). Mandatory legal provisions – including, but not limited to retention periods – remain unaffected.

IV. Newsletter

Subscribing to our newsletter via the Website is based on your consent within the meaning of Art 6 (1) (a) GDPR. The User agrees to data storage for the purpose of establishing contact. He or she will be regularly informed about products, services, and innovations regarding the ITscope Platform. The registration procedure uses a so-called double-opt-in, i.e., following your registration you will receive an email asking you to confirm your registration in order to prevent any abuse of your email account. We will record the accounts that register for our mailings in order to show that the registration procedure complies with the statutory provisions and, if applicable, to prevent or investigate any abuse of your personal data. The contact data provided will be stored until the User withdraws its consent. The User can declare its withdrawal of consent via the “unsubscribe link” in the newsletters or send a short message to marketing@itscope.com.

4. Data processing during Platform use

  1. ITscope collects personal data of the User (including, but not limited to the name and business contact data) when the User registers on this Platform or is registered by a third party, e.g., if the employer of a User creates an account for it on the Platform. If required by data protection law, rules, and regulations, the customer assures to have obtained the prior consent of its employees and to have informed them accordingly. With regard to its employees, the customer shall ensure that ITscope may process and use the contact data collected for the contractual purposes described herein and, if necessary, may contact the employees (e.g., in connection with a support ticket).
  2. During the registration process, ITscope will request the following mandatory information that is marked with an asterisk (*): family name, first name, email address, company, for newly registered companies also the full postal address of the company, and a phone number. Registration without this mandatory data is not permissible. During the registration process the User may also provide additional data on a voluntary basis, such as on its position within the company and other contact data. This information is not a prerequisite for registration.
  3. ITscope will process and use the personal data of customers and Users for contract performance and customer support (e.g., provision of support services and user support) based on Art. 6 (1) (b) GDPR. ITscope will inform Users by email about new and similar products and services as well as special offers from ITscope that might be of interest to the User in the form of a periodic newsletter. The User has the right to object to the use of its email address for such marketing purposes by notifying ITscope hereof at any time (e.g., by unsubscribing from a newsletter by activating a link at the end of each newsletter) without incurring any costs.
  4. ITscope will neither use the User’s personal data for other advertising purposes nor pass it on to third parties, unless,
    a) the User expressly grants its consent to the use of its data for advertising purposes and/or disclosure to third parties; the User may withdraw its consent at any time; or
    b) ITscope is obligated to pass on data by law, e.g., to investigative authorities.
  5. Personal data that the User voluntarily provides on the Platform via the presentation and communication features provided may be deleted by the User at any time during the existing contractual relationship. In addition, personal user data (including the User’s login data for supplier systems stored on the Platform, cf. Art. 4) will be deleted from all systems or their processing will be restricted no later than three (3) months after termination of the contractual relationship with ITscope. This can also be done by removing the personal identifiers from texts written by the User or contents uploaded to the Platform (e.g., product reviews and comments).

5. Creation and analysis of user profiles on the Platform

  1. The general information regarding the Website described in section 2 (e.g., use of cookies and analysis services) shall apply to the use of the Platform accordingly.
  2. In addition, the access of registered Users to the Platform based on the legitimate interests of ITscope in accordance with Art. 6 (1) (f) GDPR will be logged using their user ID and account number and stored for the purpose of enhancing the user experience and for statistical analysis. ITscope has the right to publish analysis results in anonymous or aggregated form, i.e., without reference to individual customers or Users, for information purposes, for instance on the Website. Beyond this, profile data will not be passed on to third parties, unless ITscope is obligated by law to do so.
  3. The User may disable the compilation of personal user profiles on the Platform in the user settings.

6. Erasure or deletion of data

  1. Personal data collected via the Website will only be stored by ITscope until the purpose for which it had been transmitted by the User has been completely fulfilled. This shall also apply to personal data if the User had granted its express consent to the collection and processing of this type of personal data.
  2. The data will not (yet) be deleted if it still needs to be retained until the purpose is completely attained or if there are other legitimates grounds for its retention and/or if statutory provisions (e.g., retention duties under trade and tax law) prohibit the erasure or deletion of data. Article 3 (5) above applies to the deletion of data collected and processed in connection with the Platform use.

7. Use of supplier services within the Platform

  1. Suppliers listed on the ITscope Platform may provide their own services on or via the Platform (“Supplier Services”), e.g., for retrieving particular purchase prices or for electronic order processing.
  2. User login data (in particular, passwords) required for using Supplier Services are electronically transmitted to the suppliers’ servers as encrypted messages at all times, unless a supplier fails to offer a secure or encrypted connection for this purpose.
  3. ITscope uses state-of-the-art, secure encryption procedures with separately stored keys to protect the User’s login data and will decrypt these only for the purpose set forth on the Platform, in particular, to retrieve prices and to transmit order documents to the User.
  4. ITscope exclusively uses its own server systems for storing such login data, which are hosted at a data center certified in accordance with the BSI Grundschutzhandbuch (Basic Protection Manual) and ISO 27001.
  5. ITscope is not responsible for the collection and processing of User’s personal data by the supplier, rather, the corresponding supplier is the Controller within the meaning of the GDPR.

8. Data subject rights

(1) Users affected by data processing (“Data Subjects”) may exercise various rights. In particular, these are:

    • Right to access: The User has the right to access information that ITscope stored about him/her.
    • Right to rectification and erasure: The User may request ITscope to rectify inaccurate data and to erase its data.
    • Restriction of processing: The User may request ITscope to restrict the processing of its data.
    • Data portability: If the User provides data to ITscope under an agreement or based on a consent, it may demand the provision of the data submitted by it in a structured, common, and machine-readable format, or that ITscope transmit this information to another controller.
    • Objection to data processing based on “legitimate interest”: If reasons exist that are based on grounds relating to the User’s particular situation, the User may object at any time to the processing of personal data by ITscope, to the extent that the “legitimate interest” is the legal basis for this objection. If the User should exercise its right to object, ITscope will discontinue the processing of its data, unless ITscope are able to show that there are compelling reasons that allow the continued data processing and override the User’s rights.
    • Objection to cookies: Furthermore, the User may object to the use of cookies at any time.
    • Withdrawal of consent: If the User has granted its consent to the processing of its data the User may withdraw this consent at any time with effect for the future. The legitimacy of processing of its data up to the date of withdrawal remains unaffected.
    • Right to lodge complaints with the supervisory authority: Furthermore, the User has the right to lodge a complaint with the competent supervisory authority, if it believes the processing of its personal data to violate the applicable statutory provisions, rules, and regulations. In this case, the User may contact the data protection authority having competence at its place of residence or in its country, or the data protection authority having competence at the place of business of ITscope.

The User is only entitled to the rights described above subject to the condition precedent that the applicable legal requirements have been complied with, including those that are not explicitly mentioned in the above explanations.

In case of any questions regarding the processing of their User data, data subject rights or any consent granted, the User may contact ITscope free of charge.

(2) If you wish to exercise any or all of your rights, please email us at privacy@itscope.com, or write a letter to the address indicated in section 1 above, or give us a call. Please ensure that we will be able to identify you without any doubt.

Data protection

The ITscope Privacy Policy is subject to regular changes, e.g., due to new technical features in the Platform. The most recent Privacy Policy, retrievable by the User, shall apply.

Last revised: May 2024