Who we are
We are Think-CAD GmbH(“we”, “our”, “us”) of Werner-Friedmann-Bogen 12, 80993, Munich, Germany. We operate to the highest standards when protecting your personal information and respecting your privacy. If you have any questions about your personal information, or how we use it, you can contact us via email at [email protected]
We are the data “controller”, which means we are responsible for deciding how and why your personal information is used. We’re also responsible for making sure it is kept safe, secure and handled legally.
This Data Protection Policy applies to the services of Think-CAD GmbH. If you live in the European Economic Area, Regulation (EU) 2016/679 (General Data Protection Regulation) is the European Regulation and in Germany, it is the 'Data Protection Act' (Datenschutz-Grundverordnung).
The Supervisory Authority
The The Bavarian Data Protection Commissioner (DPC) in Munich is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time to the DPC (www.datenschutz-bayern.de). We would, however, appreciate the chance to deal with your concerns before you approach the DPC so please contact us in the first instance.
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
What data do we process?
- Inventory data (e.g., names, addresses).
- Contact details (e.g., e-mail, telephone numbers).
- Content data (e.g., text input, photographs, videos).
- Contract data (e.g., object of contract, duration, customer category).
- Payment data (e.g., bank details, payment history).
- Usage data (e.g., websites visited, interest in content, access times).
- Meta/communication data (e.g., device information, IP addresses).
Methods of processing
We take appropriate security measures to prevent unauthorised access, disclosure, modification, or unauthorized destruction of the Data. The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated.
Processing of special categories of data (Art. 9 para. 1 DSGVO):
No special categories data is processed.
Automated decision-making and profiling (Art.22 DSGVO)
We do not use automation for decision-making and profiling
Children Data (Art.8 DSGVO)
Our website is not intended for children and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.
What are the categories of data subjects?
Customers, interested parties, visitors and users of the online offer, business partners. Visitors and users of the online offer. In the following, we refer to the data subjects collectively as "users".
What are the purposes for processing?
- Provision of the online offer, its contents and shop functions.
- Provision of contractual services, service and customer care.
- Answering contact enquiries and communication with users.
- Marketing, advertising and market research.
- Security measures.
What are the relevant legal bases for processing your data?
In accordance with Art. 13 DSGVO the following informs you about the legal basis of us processing your data and unless the legal basis is not specifically mentioned, the following applies:
Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose. (Art. 6 Para. 1 lit. a and Art. 7 DSGVO)
Contract – This is where we process your information to fulfil a contractual arrangement we have made with you. (Art. 6 Para. 1 lit. b DSGVO)
Answering your business enquiries – This is where we process your information to reply to your messages, e-mails, posts, calls, etc. (Art. 6 Para. 1 lit. b DSGVO)
Legitimate Interests - This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and service in the most secure and appropriate way. (Art. 6 Para. 1 lit. f DSGVO). Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.
Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime. (Art. 6 Para. 1 lit. b DSGVO)
Vital interests – This is where we process your information for communications about security, privacy and performance improvements of our services. Or for establishing, exercising or defending our legal rights. (Art. 6 para. 1 lit. d DSGVO)
You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. There is more information on the Information Commissioners website www.data-protection-authority.gv.at
- information about the processing of your personal data.
- obtain access to the personal data held about you.
- ask for incorrect, inaccurate or incomplete personal data to be corrected.
- request that personal data be erased when it’s no longer needed or if processing it is unlawful.
- object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation.
- request the restriction of the processing of your personal data in specific cases.
- receive your personal data in a machine-readable format and send it to another controller (‘data portability’).
- request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers.
- You also have the right in this case to express your point of view and to contest the decision
- Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time through our contact form.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the DSB, their contact details can be found on their website.
When do we disclose your Personal Data?
We may share your information with organisations that help us provide the services described in this policy and who may process such data on our behalf and in accordance with this policy, to support this website and our services. This will only be done on the basis of a legal authorisation (e.g. if a transfer of the data to third parties, such as payment service providers, in accordance with Art. 6 para. 1 lit. b DSGVO).
Also, if you have consented to it, or where there we have a legal obligation to do so or on the basis of our legitimate interests (e.g. when using agents, hosting providers, tax, business and legal advisors, customer care, accounting, billing and similar services that allow us to perform our contractual obligations, administrative tasks and duties efficiently and effectively).
If we commission third parties to process data on the basis of a so-called "contract processing agreement", this is done on the basis of Art. 28 DSGVO.
In relation to information obtained about you from your use of our website, we may share a cookie identifier and IP data with analytic and advertising network services providers to assist us in the improvement and optimisation of our website which is subject to our Cookies Policy.
We may also disclose information in other circumstances such as when you agree to it or if the law, a Court order, a legal obligation or regulatory authority ask us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property or personal safety of our staff, the website and its users.
Our main operations are based in Germany and your personal information is generally processed, stored and used within Germany and other countries in the European Economic Area (EEA). In some instances, your personal information may be processed outside the European Economic Area. If and when this is the case we take steps to ensure there is an appropriate level of security so your personal information is protected in the same way as if it was being used within the EEA.
Where we need to transfer your data outside Germany or EEA we will use one of the following safeguards as set out in (Art. 44 ff. DSGVO) :
- The use of European Commission approved standard contractual clauses in contracts for the transfer of personal data to third countries.
- Transfers to a non-EEA country with privacy laws that give the same protection as the EEA.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, the data processed by us will be deleted or restricted in their processing in accordance with Art. 17 and 18 DSGVO. If the data is not deleted because they are required for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
How do we protect your Personal Data?
We protect your data using state of the art technical, and physical safeguards and operate a firm system of policies, confidentiality agreements, digital safeguards and procedures to ensure the highest level of administrative protection.
In more detail to access our database the user must be authorised, is challenged through a two-way authentication system and use an encrypted VPN. Also, the removal of Personal Data from our location is forbidden and made by using a complex encryption system very difficult. We use cutting edge antivirus and anti-malware software and up-to-date firewall protection. Moreover, authorised personnel must have a legitimate need to know interest such as being your point of contact or service your user account.
The data we collect from you may be stored, with appropriate technical and organisational security measures applied to it, on our servers in Germany. In all cases, we follow generally high data protection standards and advanced security measures to protect the personal data submitted to us, both during transmission and once we receive it.
To exercise any of your rights, or if you have any questions or complaints about our use of your Personal Data and this policy, please contact us.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Economic Analyses and Market Research
In order to run our business economically, to identify market trends, customer and user wishes, we analyse the data available to us on business transactions, contracts, enquiries, etc. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6 para. 1 lit. f. DSGVO, whereby the persons concerned include customers, interested parties, business partners, visitors and users of the online offer. The analyses are carried out for the purposes of business management evaluations, marketing and market research.
In doing so, we may take into account the profiles of registered users with details, for example, of their purchasing transactions. The analyses serve us to increase user-friendliness, to optimise our offer and business efficiency and are not disclosed externally, unless they are anonymous analyses with summarised values.
If these analyses or profiles are personal, they will be deleted or made anonymous upon termination by the user, otherwise after two years from conclusion of the contract. In all other respects, the macroeconomic analyses and general trend determinations are prepared anonymously wherever possible.
Hosting and Content Delivery Networks (CDN)
This website is hosted by an external service provider (Bluehost – Endurance International Group of 10 Corporate Drive, Suite #300, Burlington, MA 01803 USA). The personal data collected on this website is stored on Bluehost’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact data, names, website accesses and other data generated via a website. Bluehost is used for the purpose of fulfilling the contract with our potential and existing visitors and users and in the interest of a secure, fast and efficient provision of our online offer by a professional provider.Bluehost will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.
Our course content is hosted by an external service provider (Kajabi – 17100 Laguna Canyon Rd #100, Irvine, CA 92618, United States). The personal data collected on this website is stored on Kajabi’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact data, names, website accesses and other data generated via a website. Kajabi is used for the purpose of fulfilling the contract with our potential and existing visitors and users and in the interest of a secure, fast and efficient provision of our online offer by a professional provider. Kajabi will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.
Online presences in social media
We maintain online presences on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. DSGVO. We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users who are active there. Unless otherwise stated in this policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages.
Communication by mail, e-mail, fax or telephone
We use means of distance communication, such as post, telephone or e-mail, for business and marketing purposes. We process inventory data, address and contact data as well as contract data of customers, participants, interested parties and communication partners.
The processing is based on Art. 6 para. 1 lit a, Art. 7 DSG, Art. 6 para. 1 lit f DSG in connection with legal requirements for advertising communications. Contact shall only be established with the consent of the contact partners or within the scope of the statutory permissions and the processed data shall be deleted as soon as they are not required and otherwise with objection/ revocation or discontinuation of the basis for authorisation or statutory archiving obligations.
What are Cookies?
"Cookies" are small files that are stored on the user's computer. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his visit within an online offer.
Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. In such a cookie, for example, the contents of a shopping basket in an online shop or a login status can be stored.
Cookies are described as "permanent" or "persistent" if they remain stored even after the browser is closed. For example, the login status can be saved if the user visits it after several days. Similarly, the interests of the users can be stored in such a cookie, which are used for coverage measurement or marketing purposes.
Third party cookies" are cookies from providers other than the person responsible for operating the online service (otherwise, if it is only their cookies, it is referred to as "first party cookies").
Furthermore, the storage of cookies can be influenced by deactivating them in your browser settings. Please note that in this case not all functions of this online offer can be used.
Collection of access data and log files
On the basis of our legitimate interests within the meaning of Article 6 paragraph 1 letter f. DSGVO, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the website previously visited), IP address and the requesting provider.
For security reasons (e.g. to clarify acts of abuse or fraud), log file information is stored for a maximum of seven days and then deleted. Data whose further storage is required for evidential purposes are excluded from deletion until the respective incident has been finally clarified.
Google will use this information on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website and the internet. In doing so, pseudonymous user profiles of the users can be created from the processed data.
We only use Google Analytics with activated IP anonymisation. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.
The IP address transmitted by the user's browser will not be merged with other Google data. Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and relating to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
You can find further information on data use by Google, setting and objection options on the websites of Google: https://policies.google.com/technologies/partner-sites ("Data use by Google when you use the websites or apps of our partners"), https://policies.google.com/technologies/ads ("Data use for advertising purposes"), https://adssettings.google.com/authenticated ("Manage information that Google uses to show you advertising").
Google Marketing Services
We use the marketing and remarketing services (in short "Google Marketing Services") of Google LLC, 1600 Amphitheatre Park, Mountain View, CA 94043 on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) the marketing and remarketing services (in short "Google marketing services") of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").
The Google marketing services allow us to display advertisements for and on our website in a more targeted manner in order to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products he or she was interested in on other websites, this is referred to as "remarketing". For these purposes, when our website and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, which content he is interested in and which offers he has clicked on, as well as technical information on the browser and operating system, referring websites, time of visit and other information on the use of the online offer. The IP address of the user is also recorded, whereby we inform Google Analytics that the IP address is shortened within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area and only in exceptional cases is transferred in full to a Google server in the USA and shortened there. The IP address will not be merged with data of the user within other offers of Google. The aforementioned information may also be linked on the part of Google with such information from other sources. If the user subsequently visits other websites, he can be shown ads tailored to his interests.
The user's data is processed pseudonymously as part of the Google marketing services. I.e. Google does not store and process e.g. the name or email address of the users, but processes the relevant data cookie-related within pseudonymous user profiles. I.e. from Google's perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected by Google marketing services about users is transmitted to Google and stored on Google's servers in the USA.
The Google marketing services used by us include, among others, the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". Cookies can therefore not be tracked across the websites of AdWords customers. The information obtained using the cookie is used to create conversion statistics for AdWords customers who have opted in to conversion tracking. The AdWords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
We may also use the "Google Optimizer" service. Google Optimizer allows us to track the effects of various changes to a website (e.g. changes to the input fields, design, etc.) as part of so-called "A/B testing". Cookies are placed on users' devices for these testing purposes. Only pseudonymous data of the users is processed in the process.
Furthermore, we may use the "Google Tag Manager" to integrate and manage the Google analysis and marketing services on our website.
Furthermore, we may use "HYROS" to integrate and manage the Google analysis and marketing services on our website.
Furthermore, when using the Facebook Pixel, we use the additional function "extended matching" (here, data such as telephone numbers, email addresses or Facebook IDs of the users) to create target groups ("Custom Audiences" or "Look Alike Audiences") are transmitted to Facebook (encrypted). Further notes on "advanced matching": https://www.facebook.com/business/help/611774685654668).
We also use the "Custom Audiences from File" procedure of the social network Facebook, Inc. In this case, the e-mail addresses of the newsletter recipients are uploaded to Facebook. The upload process takes place in encrypted form. The upload is used solely to determine recipients of our Facebook ads. In this way, we want to ensure that the ads are only displayed to users who have an interest in our information and services.
To prevent the collection of your data using the Facebook pixel on our website, please click the following link: Facebook opt-out Note: If you click the link, an "opt-out" cookie will be stored on your device. If you delete the cookies in this browser, then you must click the link again. Furthermore, the opt-out only applies within the browser you are using and only within our web domain where the link was clicked.
Facebook, Custom Audiences and Facebook Marketing Services
Within our online offer, the so-called "Facebook Pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), is used due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes.
With the help of the Facebook pixel, it is possible for Facebook, on the one hand, to determine the visitors to our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
The processing of data by Facebook takes place within the framework of Facebook's data usage policy. Accordingly, general information on the display of Facebook ads, in Facebook's data usage policy: https://www.facebook.com/policy.php. Specific information and details about the Facebook Pixel and how it works can be found in Facebook's help section: https://www.facebook.com/business/help/651294705016616.
You can object to the collection by the Facebook Pixel and use of your data to display Facebook Ads. To adjust which types of ads are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are made in a platform-independent manner, i.e. they are applied to all devices, such as desktop computers or mobile devices.
The following cookies are used on our website and require consent prior installation:
- Cookie(Google AdSense):_gcl_au;
- Cookie(Google Analytics):_ga;
- Cookie(Google Analytics):_gid;
This Data Protection Policy and our commitment to protecting the privacy of your personal data can result in changes to this Data Protection Policy. Please regularly review this Data Protection Policy to keep up to date with any changes.
Queries and Complaints
Any comments or queries on this policy should be directed to us using the following contact details.
80993, Munich, Germany.
If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us. You can also make a referral to, or lodge a complaint with, the DPC.