Privacy policy for the use of the Foresight Strategy Cockpit (FSC)

User accounts in the FSC can be created either by the person concerned or by authorized administrators. When setting up an account and using the software, personal data is processed that is necessary for the provision and administration of user accounts.

The processing is based on Art. 6 (1) lit. b GDPR (performance of a contract) and Art. 6 (1) lit. f GDPR (legitimate interest in secure and traceable system use).

No separate consent is required for this.

If users voluntarily provide additional information (e.g., profile information), this is processed on the basis of consent in accordance with Art. 6 (1) (a) GDPR.

1. Controller

The controller within the meaning of the GDPR is generally the respective customer (company or organization) that uses the FSC and manages users.

In this context, 4strat GmbH acts as a processor within the meaning of Art. 28 GDPR and processes personal data on behalf of and according to the instructions of the controller.

For data that is processed during the operation of the platform or for support purposes (e.g. log files, technical contact data), 4strat GmbH is the independent controller.

2. Data collected

The following data is processed when creating a user account:

Mandatory information:

– First name

– Last name

– Email address

– User name (freely selectable)

– Other optional attributes, if created by the platform administrator

Additionally collected during use:

– User actions within the software (e.g., surveys, ratings) with timestamp

In addition, administrators can define their own data fields and forms to collect further personal information. This content is determined and remains the responsibility of the respective customers. 4strat GmbH has no influence on the selection, content, or sensitivity of this information.

Customers are obliged to ensure that the collection of such data is in accordance with the GDPR and that the persons concerned are informed accordingly.

3. Purposes and legal bases of the processing

Your data is processed for the following purposes:

a) Use of the software and user administration

We require the mandatory information to create, manage, and authenticate your user account, as well as for the collaborative use of the software.

Legal basis: Art. 6 para. 1 lit. b GDPR (performance of a contract).

b) Traceability and collaboration between users

To ensure collaborative cooperation within the software, the following data is collected and stored:

– Login times

– User name and timestamp (date and time) when creating and editing content

– User name and timestamp (date and time) for text-based communication between users

– IP address

This information is necessary so that users can be identified in the system and correctly assigned to each other. For collaboration in joint processes, it is essential that users can track which content was created or modified by which persons and at what time. In addition, administrators can use email addresses to reset passwords or send direct messages to users if necessary.

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in transparent, secure, and effective collaboration in the system).

If customers create their own data fields or process additional personal information, this processing is the responsibility of the respective customer. 4strat GmbH merely provides the technical infrastructure and processes this data exclusively on behalf of the customer on the basis of a data processing agreement in accordance with Art. 28 GDPR.

c) Support and IT operations

Your data may be processed for the purpose of maintaining the secure technical operation within the scope of IT support and maintenance.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in secure system operation).

4. Disclosure to third parties

Your data will only be disclosed to the extent necessary to:

– Internal IT administrators and support staff

– Service providers for technical support of the platform

– Authorities as required by law

– Legal advisors in the event of legal disputes

No data will be transferred to third countries unless this is explicitly necessary and secured in accordance with Art. 44 ff. GDPR.

Personal data entered by customers will only be passed on to third parties on behalf of the respective customer.

4strat GmbH may use subcontractors (e.g., hosting service providers) who are contractually obliged to process data in accordance with the GDPR.

5. Storage duration

The storage period for data collected from customers is determined by their specifications. After termination of the contract or deletion of the customer account, the data will be deleted or anonymized as instructed by the customer.

6. Your rights

You have the right to:

– Information about your stored data (Art. 15 GDPR)

– Correction of incorrect data (Art. 16 GDPR)

– Erasure of your data (Art. 17 GDPR)

– Restriction of processing (Art. 18 GDPR)

– Objection to the processing (Art. 21 GDPR)

– Data portability (Art. 20 GDPR)

You can withdraw any consent you have given at any time by sending an email to support@4strat.de. The lawfulness of the processing carried out up to that point remains unaffected.

You also have the right to lodge a complaint with a data protection supervisory authority.

7. Note on data security and responsibility for content

4strat GmbH accepts no responsibility for the legality of the data content collected by customers. Administrators are obliged to ensure that no special categories of personal data (Art. 9 GDPR, e.g., ethnic origin, political opinions, health data) are collected without an appropriate legal basis.

8. Consent

Use of the FSC is only possible if you agree to this privacy policy. By activating your user account or submitting the registration form, you confirm that you have read and understood the privacy policy and agree to the described processing of your personal data.

9. Order processing

An order processing contract is concluded between 4strat GmbH and each customer in accordance with Art. 28 GDPR. This regulates in particular the type and scope of the processed data, technical and organizational measures and the rights and obligations of the parties.

10. Data security

4strat GmbH takes technical and organizational measures in accordance with Art. 32 GDPR to protect personal data from unauthorized access, loss, or manipulation