In principle, we treat all personal information confidentially and affirm that we adhere strictly to the statutory data protection regulations of the Federal Data Protection Act (Bundesdatenschutzgesetz) and the EU GDPR (European General Data Protection Regulation), which came into force in May 2018.
We have taken technical and organizational measures to ensure that both we and also external service providers comply with data-protection legislation regulations.
Information about the collection of personal data
(1) The following section provides information about the collection of personal data during use of our website. Personal data means any information relating to an identified or identifiable natural person (‘data subject’), e.g. name, address, e-mail addresses, user behavior.
(2) Controller according to Art. 4 para. 7 EU General Data Protection Regulation (EU-GDPR) is baramundi software AG, Beim Glaspalast 1, 86153 Augsburg, Germany, Phone: +49 821 5 67 08 - 19, e-mail address: info(at)baramundi.com (see our Legal Information).
You can contact our data protection officer at privacy(at)baramundi.com or by sending a letter to our postal address for the attention of the “Data Protection Officer”.
(3) When you contact us by e-mail or via a contact form, the information you provide (your e-mail address, where applicable your name and telephone number) will be stored by us for the purpose of answering your questions. We delete the data that arises in this context once storage is no longer required, or limit processing in the event of statutory retention requirements.
(4) If we rely on contracted service providers for individual functions of our service or wish to use your data for advertising purposes, we will inform you in detail below about the respective procedures. In doing so, we will also designate the specified criteria for the storage duration.
(1) You have the following rights vis-à-vis ourselves in respect of the personal data about you:
- right to information,
- right to rectification or erasure,
- right to restriction of processing,
- right to object to processing,
- right to data portability.
(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
The responsible data protection supervisory authority is the Bavarian State Office for Data Protection Supervision, whose contact details are as follows: Bayerisches Landesamt für Datenschutzaufsicht, Promenade 27 (Schloss), 91522 Ansbach, Germany, Phone: +49 981 53 1300, Fax: +49 981 53 98 1300, e-mail: poststelle(at)lda.bayern.de
Collection of personal data when visiting our website
(1) If you use the website for informative purposes only, i.e. if you do not register or otherwise provide us with information, we will only collect the personal data that your browser transmits to our server. If you wish to view our website, we will collect the following data, which is technically necessary for us to display our website to you and to guarantee stability and security (legal basis is Art. 6 (1) sentence 1f GDPR):
- IP address
- date and time of the request
- time zone difference to Greenwich Mean Time (GMT)
- content of the requirement (specific page)
- access status/HTTP status code
- respective amount of data transmitted in each case
- website from which the request comes
- operating system and its interface
- language and version of the browser software.
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and by which the body that sets the cookie (in this case through us) receives certain information. Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.
a) This website uses the following types of cookies, whose scope and functioning are explained below:
- Transiente cookies (see b)
- Persistente cookies (see c)
- Required cookies (see d)
- Functional cookies (see e)
- Marketing cookies (see f)
b) Transient cookies are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
c) Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
d) Required Cookies: These cookies are necessary in order to enable the basic functions of this website (examples: Provision of a stable site, protection against misuse of online services).
Cookies: So-called session cookies fe_typo_user (contain randomly generated session identification numbers, which are deleted by closing the browser).
e) Functional cookies: These cookies allow us to analyze your website usage in order to evaluate and improve our services. They can also be used to improve the customer experience on this website, for example by remembering your language/country selection. Your consent to this use is voluntary and may be revoked at any time.
Cookies: be_typo_user, be_lastLoginProvider, PHPSESSID (only relevant for administrators of the website), fe_typo_user (standard session cookie from TYPO3).
f) Marketing cookies: These cookies are used to present you with advertisements that are better suited to you. Advertising cookies may be used, for example, to share information with advertisers so that the ads displayed are more relevant to your interests. Your consent to this use is voluntary and may be revoked at any time.
Cookies: ga and _gat for Google Analytics (see "Use of Google Analytics"), _gid for Google Tag Manager (see "Google Tag Manager"), Google Maps (see "Integration of Google Maps")
g) You can configure your browser setting according to your wishes and, for example, reject the acceptance of third-party cookies or all cookies. Please be aware that you may not be able to use all features of this site.
Additional features and services offered by our website
(1) In addition to purely informational use of our website, we offer various services that you can use if you are interested. For this, you will generally need to provide additional personal information that we will use to provide the respective service and to which the aforementioned data-processing principles will apply.
(2) In some cases, we use external service providers to process your data. These providers have been carefully selected and commissioned by us, are bound by our instructions and are regularly inspected.
(3) Furthermore, we may disclose your personal data to third parties, if we offer participation in sales campaigns, the conclusion of contracts or similar services in conjunction with partners. You will be provided with further relevant information when entering your personal data or below in the description of the service.
(4) Insofar as our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the service.
Opposition to or revocation in respect of the processing of your data
(1) If you have consented to the processing of your data, you may revoke this consent at any time. This will affect the legitimacy of the processing of your personal data after you have pronounced such revocation to us.
(2) Insofar as we base the processing of your personal data on a balancing of interests, you may object to the processing. This applies if, in particular, processing is not required in order to fulfill a contract with you, which we describe in each case in the description of functions below. If you make such an objection, we will ask you to explain the reasons why we should not process your personal data in the way we have done. If your objection is justified, we will review the situation and will either discontinue or adapt the data processing, or inform you of our compelling legitimate grounds on the basis of which we will continue to process your data.
(3) You may of course object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your objection to advertising by contacting us as follows: info(at)baramundi.com
Use of the baramundi forum
(1) Our forum can only be read if you are registered. If you would like to actively participate in the forum, you must register by entering your e-mail address, a password of your own choice and your freely selectable user name. There is no requirement to use a real name for the user name; pseudonymized use is possible. You must also provide information about your first name, last name, company name, country, zip code, city, street and house number. We require this last-mentioned information in order to be able to accurately identify an existing contractual relationship between you and baramundi software AG. We use the so-called double-opt-in process for registration, which means that your registration is only complete if you have previously confirmed your registration via a confirmation e-mail sent to you for this purpose by clicking on the link contained therein. If you do not confirm your registration in this way, it will be automatically deleted from our database.
(2) If you sign up for a forum account, we will – until cancellation of your registration and in addition to the information provided at the time of registration – store all the information which you post in the forum, such as public posts, bulletin board entries, friendships, private messages, etc., for the purpose of operating the forum. The legal basis for this storage is Art. 6 para. 1 sentence 1 lit. f GDPR. Storage takes place for security reasons if the rights of third parties are violated or illegal content is left behind (insults, slander, incitement to hatred, etc.). In this case we can be prosecuted ourselves for the contribution and are therefore interested in the identity of the author. These data will not be passed on to third parties unless such a passing on is legally prescribed or serves our legal defence.
(3) If you delete your account, your public statements, including in particular contributions to the forum, will remain visible to all readers, but your account will no longer be available and will be identified in the forum with "[guest]". All other data will be deleted.
(1) With your consent, you can subscribe to our newsletter, which informs you about our current interesting offers. The advertised goods and services are named in the declaration of consent.
(2) To register for our newsletter, we use the so-called double opt-in procedure. This means that after you have registered, we will send you an e-mail to the e-mail address specified in which we will ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be automatically deleted after one month. In addition, we will store each of your IP addresses used and the times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
(3) The only mandatory information required for sending the newsletter is your e-mail address. The provision of additional, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 (1) sentence 1 lit. a GDPR.
(4) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can pronounce such revocation by clicking on the link provided in each newsletter e-mail, by e-mail to newsletter(at)baramundi.com or by sending a message to the contact details stated in the Legal information.
All data are collected in strictly pseudonymized form; this means that the IDs are not linked to your other personal data and any direct personal identification is impossible.
Use of Google Analytics
(1) This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", which are text files that are stored on your computer that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activities and to provide other services related to website usage and internet usage to the website operator.
(2) Google will not merge the IP address transmitted by your browser as part of Google Analytics with other data.
(3) You can prevent the storage of cookies by setting your browser software accordingly; however, please note that if you do this, you may not be able to use all the features of this website to the full extent possible. You may also prevent the collection by Google of the data generated by the cookie and relating to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
(4) This website uses Google Analytics with the extension "_anonymizeIp ()". Consequently, IP addresses are processed in shortened form in order to prevent direct personal references. If the data collected about you acquires a personal reference, it will therefore be excluded immediately and the personal data will thus be deleted immediately.
(5) We use Google Analytics to analyze and regularly improve the use of our website. We can use the statistics obtained in order to improve our service and make it more interesting for you as a user. For the exceptional cases in which personal data are transmitted to the US, Google has signed up to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 (1) sentence 1 lit. f GDPR.
(7) This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can disable the cross-device analysis of your usage under “My Data”, “Personal Data” in your customer account.
Use of Social-Media-plugins
(1) We currently use the following social media plugins: Facebook, Twitter, Xing and LinkedIn. We use the so-called double-click solution. This means that by default, no personal data are initially sent to plugin providers when you visit our website. You can recognize the provider of the plugin through the marking on the box, through its initial or logo. We offer you the option to communicate directly with the plugin provider through a button. The plugin provider only receives information that you have accessed the respective website of our online portfolio if you click on the marked field and therefore activate it. The above-mentioned data will also be transmitted. According to the relevant providers in Germany, Facebook and Xing anonymize the IP address immediately after it is collected. By activating the plugin, therefore, your personal data are transmitted to the respective plugin provider and stored there (in the case of US providers in the USA). Since plugin providers acquire these data mainly through cookies, we recommend that you delete all cookies via your browser’s security settings before you click on the grayed-out box.
(2) We have no influence over the collected data or data processing procedures, nor do we have knowledge about the full scale of data acquisition, the purposes for which data are processed, or the storage durations. Similarly, we do not have any information about the deletion of the collected data by the plugin provider.
(3) The plugin provider stores the data collected about you as user profiles and utilizes them for advertising, market research and/or demand-oriented design of their website. Such an analysis is in particular used to create tailored advertising (even for users who are not logged in) and to inform other users of the respective social network about your activities on our website. You have a right to object to the creation of such user profiles and must contact the respective plugin provider directly if you wish to exercise this right. Through the plugins we enable you to interact with the social networks and other users. The processing of your personal data when you visit one of our social media services is based on our legitimate interests in a diverse external presentation of our company and the use of an effective information opportunity and communication with you. The legal basis for this is Art. 6 Para. 1 lit. f GDPR. Under certain circumstances, you have also given a platform operator consent to data processing, in which case Art. 6 para. 1 lit. a GDPR is the legal basis.
(4) Data are forwarded irrespective of whether you have an account with the plugin provider or whether you are currently logged in to said account. If you are logged in with the plugin provider your data which are collected by us are directly associated with your account with the plugin provider. If you use the activated button and, for example link to the site, the plugin provider also stores this information in your user account and shares this publicly with your contacts. We recommend logging out regularly after using a social network, but especially before you activate the button. In this way you can avoid any association with your profile at the plugin provider.
(5) Additional information about the purpose and scale of data collection and the processing of these data by the plugin provider is contained in the data protection declarations of these providers notified below. These declarations also provide you with additional information concerning your associated rights and settings options for the protection of your privacy.
(6) Addresses of the respective plugin providers and URL with privacy statement references:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; additional information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has signed up to the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.
b) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has signed up to the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.
c) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
d) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has signed up to the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.
Integration of YouTube videos
(1) We have integrated YouTube videos into our online service, which are stored at http://www.YouTube.com
and which can be played directly from our website. These are all integrated in “enhanced data protection mode”, i.e. no data about you as user is transmitted to YouTube provided that you do not play the videos. The data mentioned in paragraph 2 will only be transmitted if you play the videos. We have no influence over this data transmission
(2) As a result of the visit to the website, YouTube receives information that you have requested the respective sub-page of our website. The above-mentioned data are also transmitted. This happens irrespective of whether YouTube provides an account to which you are logged in or whether you don’t have an account at all. If you are logged in to Google your data are directly associated with your account. If you do not wish to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as user profiles and utilizes them for advertising, market research and/or demand-oriented design of their website. Such an analysis is in particular used to create tailored advertising (even for users who are not logged in) and to inform other users of the respective social network about your activities on our website. You have a right to object to the creation of such user profiles and must contact YouTube directly if you wish to exercise this right.
(3) Additional information about the purpose and scale of data collection and processing by YouTube is contained in the data-protection declaration. This declaration also provides you with additional information concerning your rights and settings options with regard to the protection of your privacy: https://policies.google.com/privacy?hl=en&gl=en. Google also processes your personal data in the US and has signed up to the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.
Google Tag Manager
baramundi Mobile Devices (bMD)
baramundi Mobile Devices, the solution for managing mobile devices, has been designed and developed with the utmost care in compliance with German data privacy regulations. Our solution supports administrators in securely integrating mobile devices into their company’s internal IT infrastructure. The solution is concerned with managing devices, not the content of applications.
For the baramundi Mobile Devices (bMD) module, we warrant that the design of the baramundi Management Suite combined with the locally installed baramundi Agent app precludes the following activities:
- bMD does not read any contact data (names, telephone numbers, etc.) from the address book
- bMD cannot record SMS text messages (neither connection lists nor content)
- bMD does not enable access to the content of e-mail boxes.
- bMD does not record any call lists
- bMD does not enable access to the content of other communications apps such as WhatsApp
- bMD cannot intercept phone calls
- bMD does not have access to the microphone in order to tap the surroundings
- bMD does not enable access to media files (images, videos, etc.)
- bMD does not store location information locally, nor is it transmitted to the server. The only exception is iOS devices in “lost” mode.
The following types of access to smartphone hardware are used to only a very limited extent:
- bMD accesses the camera only in order to read the QR code as part of the registration process
- bMD uses iOS location services to locate a device in “lost” mode. If lost mode is activated, the user receives a corresponding message.
bMD is in fact designed to perform the following typical management activities (this list is not exhaustive):
- Creating an inventory of the installed apps
- Detecting manipulations of firmware (Jailbreak*, Root)
- Configuring security features and restrictions
- Remote removal of the device/installed apps
*) To optimize manipulation detection for iOS, we recommend using baramundi’s push service infrastructure. Here, the baramundi management server transmits the following data to a central baramundi service:
- A clear, anonymous identifier for the bMS installation
- The push token generated by Apple for the device
- The iOS version of the device
- The version of the bMD Agent app
This function can be activated in the bMD configuration and is disabled by default.
A more detailed description of bMD’s features can, for example, be found in the release notes.
We use the Google Remarketing application through which we are able to re-contact you. This application enables our advertisements to be displayed to you when you use the Internet after visiting our website. This is achieved using cookies stored in your browser, through which your user behavior is recorded and processed by Google when you visit different websites. This enables Google to ascertain your previous visit to our website. According to Google’s own statements, data obtained within the context of Remarketing will not be merged with your personal data which may have been stored by Google. In particular, according to Google, Remarketing uses data pseudonymization.
Integration of Google Maps
(1) On this website we use the services of Google Maps. This enables us to display interactive maps directly on the website and enables you to use the map function conveniently.
(2) By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data already mentioned above will be transmitted. This takes place regardless of whether Google provides a user account that you are logged in to or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not want your profile to be associated with Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research and / or needs-based design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
Google Play Store App
In order to provide advanced management capabilities in the baramundi Mobile Agent, a device administrator is configured on your device, which you may need to enable. The app does not independently make any automatic changes to the device configuration; this can only be done by the authorized IT administrators.
Windows Phone and iOS App
In order to provide the extended management capabilities, the baramundi Mobile Agent must be installed on your device. The app does not independently make any automatic changes to the device configuration; this can only be done by the authorized IT administrators.
Published on 5-24-2018
Updated on 6-4-2018
Updated on 7-16-2018
Updated on 10-17-2018
Updated on 4-15-2019
Updated on 5-7-2019