PRIVACY POLICY
CONTENTS
1. Privacy Policy: General Information
The following notes provide a simple overview of what happens to your personal data when you visit our website. Personal data refers to all data that can be used to personally identify you. Detailed information on data protection can be found in our privacy policy listed below this text.
Data Protection
The responsible parties take the protection of your personal data very seriously. We handle your personal data confidentially and in accordance with legal data protection regulations and this privacy policy.
When you use this website, our services, or our software, various personal data are collected. Personal data includes data that can personally identify you. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this happens.
Please note that data transmission over the Internet (e.g., via email communication) can have security vulnerabilities. Complete protection of data from third-party access is not possible.
Who is responsible for data collection?
Responsible Party
The entity responsible for data processing on this website and through our services and applications is:
PointCab GmbH
Managing Director: Dr.-Ing. Richard Steffen
Authorized Officer: Dr. Ulrich Franz
Talstraße 8
D-73249 Wernau, Germany
Phone: +49 (0)7153 929 59 30
Email: info@pointcab-software.com
The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses).
Data Protection Officer
We have appointed a Data Protection Officer for our company:
PointCab GmbH
Dr.-Ing. Richard Steffen
Talstraße 8
D-73249 Wernau, Germany
Phone: +49 (0)7153 929 59 30
Email: richard.steffen@pointcab-software.com
Right to Object to Advertising Emails
The use of contact information published within the legal notice obligation for sending unsolicited advertisements and informational materials is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited promotional information, such as spam emails.
How do we collect your data?
Your data is collected in part when you provide it to us or grant our applications access to it. For example, this may include data you enter into a contact form or share via PointCab Nebula.
Other data is automatically collected by our IT systems when you visit the website or use our software. This primarily includes technical data (e.g., internet browser, operating system, or time and date). This data is collected automatically.
What are your rights regarding your data?
- Access, Restriction, Deletion
You have the right, within the scope of applicable legal provisions, to request free information about your stored personal data, its origin, recipients, and the purpose of its processing at any time. You also have the right to request correction, blocking, or deletion of this data. For this purpose, or for further questions about personal data, you can contact us at any time using the contact details provided in the legal notice.
You also have the right to request the restriction of the processing of your personal data. To do so, contact us at any time using the contact details in the legal notice. The right to restrict data processing exists in the following cases:
- If you dispute the accuracy of your personal data stored with us, we typically need time to verify this. During the verification period, you have the right to request the restriction of processing your personal data.
- If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you need it to establish, exercise, or defend legal claims, you have the right to request the restriction of processing instead of deletion.
- If you object to processing under Art. 21 (1) GDPR and it is not yet clear whose interests prevail.
- If you have filed an objection under Article 21(1) GDPR, a balance must be made between your and our interests. Until it is determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
Right to File Complaints with Regulatory Authorities
In the case of violations of the GDPR, data subjects have the right to file a complaint with a supervisory authority, particularly in the member state of their habitual residence, workplace, or the place of the alleged violation. This right is without prejudice to other administrative or judicial remedies.- Withdrawal of Consent to Data Processing
Many data processing operations are only possible with your explicit consent. You can revoke your consent at any time by sending us an informal email. The legality of data processing carried out until the revocation remains unaffected. Right to Data Portability
You have the right to receive data that we process based on your consent or in fulfillment of a contract in a standard, machine-readable format. If you request the direct transfer of data to another controller, this will only be done where technically feasible.Right to Object to Data Collection in Specific Cases and to Direct Advertising (Article 21 GDPR)
If data processing is based on Article 6(1)(e) or (f) GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis for processing can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms or the processing serves the assertion, exercise, or defense of legal claims (objection under Article 21(1) GDPR).
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes; this also applies to profiling to the extent it is related to direct marketing. If you object, your personal data will no longer be used for direct marketing purposes (objection under Article 21(2) GDPR).
- Access, Restriction, Deletion
2. Data Collection on Our Website
What Do We Use Your Data For?
Some of the data is collected to ensure the error-free provision of the website. Other data may be used to analyze your user behavior.
Analytics Tools and Third-Party Tools
When visiting our website, your browsing behavior may be statistically analyzed. This is mainly done with the help of cookies and so-called analytics programs. The analysis of your browsing behavior is typically anonymous; your browsing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information about this can be found in the following privacy policy.
SSL or TLS Encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, we use SSL or TLS encryption. You can recognize an encrypted connection by the change in the browser’s address bar from “http://” to “https://” and by the lock symbol in your browser’s address bar.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Cookies
Websites sometimes use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies help make our offerings more user-friendly, effective, and secure. Cookies are small text files that are placed on your computer and stored by your browser.
Most of the cookies we use are “session cookies.” They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser during your next visit.
You can configure your browser to notify you when cookies are set, allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
Cookies that are necessary for the electronic communication process or to provide certain features you desire (e.g., shopping cart function) are stored based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in storing cookies to ensure the technically error-free and optimized provision of services. Cookies for analyzing your browsing behavior are handled separately in this privacy policy.
Server Log Files
The provider of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:
- Browser type and version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of server request
- IP address
This data is not merged with other data sources.
The collection of this data is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in ensuring the technically error-free display and optimization of the website, which requires the collection of server log files.
Contact Forms
Google Ads
We use Google Ads to promote our products and services online. Cookies and other tracking technologies are used to display targeted ads to users who have visited our website or interacted with our content. Google Ads may collect and process certain information about your browsing behavior, such as visited pages, clicks, and interactions with our ads.
The collected information is used to improve the relevance of the displayed ads and measure the performance of our advertising campaigns. Google may also use this information to display personalized ads on other websites or platforms.
For more information on how Google collects and uses data, please refer to Google’s privacy policy. If you wish to disable personalized ads through Google Ads, you can adjust your ad settings in your Google account or visit the Google Ads settings page.
More details about how we use cookies and other tracking technologies can be found in this privacy policy under the “Cookies” section.
Google Analytics
This website uses the service “Google Analytics” provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) based on our legitimate interests in optimizing and analyzing our online offerings in accordance with Art. 6 para. 1 lit. f GDPR. The service (Google Analytics) uses “cookies”—text files that are stored on your device. The information collected by the cookies is generally sent to a Google server in the USA and stored there.
Google LLC complies with European data protection law and is certified under the Privacy Shield Framework: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
On this website, IP anonymization is enabled. The user’s IP address is shortened within the member states of the EU and the European Economic Area and in other contracting states of the agreement. Only in exceptional cases is the full IP address first transferred to a Google server in the USA and then shortened. This shortening removes the personal reference of your IP address. The IP address transmitted by the browser of the user is not combined with other data stored by Google.
In the context of the data processing agreement we, as the website operator, have entered into with Google Inc., Google uses the collected information to evaluate the use of the website and website activity and to provide services related to internet usage.
The data collected by Google on our behalf is used to analyze the use of our online offerings by individual users, e.g., to create reports on activity on the website and to improve our online offerings.
You have the option to prevent the storage of cookies on your device by adjusting the settings in your browser. It is not guaranteed that you will be able to access all features of this website without limitations if your browser does not allow cookies.
Additionally, you can prevent the information collected by cookies (including your IP address) from being sent to Google Inc. and used by Google Inc. by using a browser plugin. The following link leads you to the corresponding plugin: https://tools.google.com/dlpage/gaoptout?hl=en
Alternatively, by clicking this link (IMPORTANT: insert Opt-Out link), you prevent Google Analytics from collecting data about you on this website. By clicking the link above, you download an “Opt-Out Cookie”. Your browser must therefore allow the storage of cookies for this to work. If you regularly delete your cookies, you will need to click the link again during each visit to this website.
Here you can find more information on how Google Inc. handles user data:
https://policies.google.com/privacy/partners?hl=en (data collected by Google partners)
https://adssettings.google.com/authenticated (settings for ads displayed to you)
https://policies.google.com/technologies/ads?hl=en (use of cookies in ads)
YouTube
Our website uses plugins from the YouTube website, which is operated by Google. The operator of the site is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
When you visit one of our pages equipped with a YouTube plugin, a connection to YouTube’s servers is established. The YouTube server is informed about which of our pages you have visited.
If you are logged into your YouTube account, YouTube can directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.
The use of YouTube is in the interest of an appealing presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
For more information on how user data is handled, please refer to YouTube’s privacy policy: https://www.google.de/intl/de/policies/privacy.
Google Web Fonts
This page uses web fonts provided by Google to ensure uniform font display. When you visit a page, your browser loads the necessary web fonts into its browser cache to correctly display text and fonts.
To do this, the browser you use must connect to Google’s servers. This informs Google that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of uniform and appealing representation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
If your browser does not support web fonts, a standard font from your computer is used.
For more information about Google Web Fonts, please visit https://developers.google.com/fonts/faq and Google’s privacy policy: https://www.google.com/policies/privacy/.
Google Maps
This site uses the Google Maps API for map services. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
In order to use the features of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The operator of this site has no influence over this data transmission.
The use of Google Maps is in the interest of an appealing representation of our online offerings and easy identification of locations specified on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
For more information on how user data is handled, please refer to Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/.
1&1 Web Analytics
This website uses the analytics services of 1&1 Webanalytics. The provider is 1&1 Internet SE, Elgendorfer Str. 57, D – 56410 Montabaur.
Through 1&1 analysis, visitor numbers and behavior (e.g., page views, duration of website visit, bounce rates), visitor sources (i.e., the previous page the visitor came from), visitor locations, and technical data (browser and operating system versions) may be analyzed. For this purpose, 1&1 particularly stores the following data:
- Referrer (previously visited website)
- Requested webpage or file
- Browser type and version
- Operating system used
- Device type used
- Time of access
- IP address in anonymized form (used only for determining the location of access)
The data collection by 1&1 is fully anonymized, so it cannot be traced back to individuals. Cookies are not stored by 1&1 Webanalytics.
Data storage and analysis are based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in statistically analyzing user behavior to optimize both the website and its advertising.
For more information about data collection and processing by 1&1 Webanalytics, please refer to the following links:
https://hosting.1und1.de/hilfe/online-marketing/
https://hosting.1und1.de/hilfe/datenschutz/datenverarbeitung-von-webseitenbesuchern-ihres-company-name-produktes/webanalytics/
https://hosting.1und1.de/terms-gtc/terms-privacy/
Security Plugin Wordfence
This site uses the security plugin Wordfence to protect the website from hacker attacks, etc. The provider is Defiant, 800 5th Ave Ste 4100, Seattle, WA 98104.
The provided GDPR-compliant data processing agreement has been concluded.
Wordfence currently uses three cookies, and below is an explanation of what each cookie does, who sets the cookie, and why it contributes to the security of the site.
wfwaf-authcookie- (Hash)
What it does: This cookie is used by the Wordfence firewall to perform a capability check of the current user before loading WordPress.
Who sets the cookie: This cookie is set only for users who can log into WordPress.
How it helps: With this cookie, the Wordfence firewall identifies logged-in users and allows them increased access. Wordfence can also identify non-logged-in users and restrict their access to secure areas. The cookie informs the firewall about the visitor’s access level, helping the firewall make intelligent decisions about who should be allowed and who should be blocked.wf_loginalerted_ (Hash)
What it does: This cookie is used to alert the Wordfence administrator when an administrator logs in from a new device or location.
Who sets the cookie: This cookie is set only for administrators.
How it helps: This cookie helps website operators know if an admin login occurred from a new device or location.wfCBLBypass
What it does: Wordfence offers a site visitor the ability to bypass country blocking by accessing a hidden URL. This cookie tracks who can bypass the country block.
Who sets the cookie: When a hidden URL defined by the site administrator is accessed, this cookie checks whether the user can access the site from a country blocked by the country block.
How it helps
Newsletter Data
If you would like to receive the newsletter offered on the website, we require an email address from you, as well as information that allows us to verify that you are the owner of the provided email address and that you agree to receive the newsletter. No other data is collected, or it is only collected on a voluntary basis. We use this data exclusively for sending the requested information and do not share it with third parties.
The processing of the data entered in the newsletter sign-up form is carried out solely on the basis of your consent (Art. 6 (1) lit. a GDPR). You can revoke the consent given for the storage of the data, the email address, and their use for sending the newsletter at any time, for example, via the “unsubscribe” link in the newsletter. The legality of the data processing activities that have already taken place remains unaffected by the revocation.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you have unsubscribed. Data that was stored for other purposes (e.g., email addresses for the member area) will remain unaffected by this.
Mailchimp
This website uses the services of MailChimp for sending newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
MailChimp is a service that can be used to organize and analyze the sending of newsletters. If you enter data for the purpose of receiving the newsletter (e.g., email address), this data will be stored on MailChimp’s servers in the USA.
MailChimp is certified under the “EU-US-Privacy-Shield.” The “Privacy Shield” is an agreement between the European Union (EU) and the USA that ensures compliance with European data protection standards in the USA.
With the help of MailChimp, we can analyze our newsletter campaigns. When you open an email sent by MailChimp, a file contained in the email (called a web beacon) connects to MailChimp’s servers in the USA. This can determine whether a newsletter message was opened and which links, if any, were clicked. Additionally, technical information is collected (e.g., time of retrieval, IP address, browser type, and operating system). This information cannot be attributed to the specific newsletter recipient. It is used solely for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of the recipients.
If you do not want MailChimp to perform an analysis, you must unsubscribe from the newsletter. We provide a corresponding link in every newsletter message for this purpose. You can also unsubscribe directly on the website.
The data processing is based on your consent (Art. 6 (1) lit. a GDPR). You can withdraw this consent at any time by unsubscribing from the newsletter. The legality of the data processing activities that have already taken place remains unaffected by the revocation.
The data you provided for the purpose of receiving the newsletter will be stored by us until you unsubscribe, and after unsubscribing, it will be deleted from both our servers and MailChimp’s servers. Data stored for other purposes (e.g., email addresses for the member area) remains unaffected by this.
For more information, please refer to MailChimp’s privacy policy at: HTTPS://MAILCHIMP.COM/LEGAL/TERMS/.
Conclusion of a Data-Processing Agreement
We have concluded a “DATA-PROCESSING-AGREEMENT” with MailChimp, in which we require MailChimp to protect our customers’ data and not disclose it to third parties.
3. Data Collection via PointCab Nebula
User Data Accessed by PointCab Nebula
PointCab Nebula accesses the following data from your cloud storage provider to provide its functionality:
- File Access: Files and folders explicitly selected by the user for visualization and sharing (e.g., point cloud projects, metadata).
- Account Information: Basic account data (e.g., email address) provided by the cloud storage provider to authenticate and link your account with Nebula.
- Usage Data: Metadata about your use of Nebula (e.g., file names, timestamps) to ensure service reliability and monitor system performance.
How PointCab Nebula Uses User Data
- Visualization and Sharing: The files and folders you select are processed to enable visualization features, such as 3D point cloud rendering, orthophoto display, and measurements.
- Access Permissions: Your data is used exclusively for the purposes you authorize, such as generating sharing links or enabling collaborative features.
- Improving the Service: Aggregated and anonymized usage data may be analyzed to improve Nebula’s performance and user experience.
Data Sharing, Transfer, or Disclosure
- With Third Parties: We do not share, sell, or transfer your data to any third party without explicit consent, except where required by law.
- With Your Cloud Provider: Your cloud storage provider may process your data in accordance with its own privacy policies, which we encourage you to review.
- Internally: Data may be processed by our team solely for debugging, support, or improving the functionality of Nebula. Access is strictly limited to authorized personnel.
Minimum Scope of Access
PointCab Nebula operates with the principle of data minimization and only accesses the data necessary to fulfill its core functionalities. This includes:
- Files and folders you explicitly grant access to.
- Metadata needed to render visualizations or generate sharing links.
We do not access, collect, or store data from other parts of your cloud storage that are not relevant to the operation of PointCab Nebula.
Your Data, Your Control
You maintain full control over your data. You can:
- Revoke access at any time via your cloud storage provider.
- Delete shared files or disable sharing links through Nebula’s interface.
For more information or assistance regarding your data, you can contact our data protection officer at any time.
4. Data Collection in the Course of Job Applications
We offer you the opportunity to apply for a job with us (e.g., via email, postal mail, or through an online application form). Below, we inform you about the scope, purpose, and use of the personal data collected as part of the application process. We assure you that the collection, processing, and use of your data will be in accordance with applicable data protection laws and other legal requirements, and your data will be treated with strict confidentiality.
Scope and Purpose of Processing
When you submit an application to us, we process your associated personal data (e.g., contact and communication data, application documents, notes from interviews, etc.), as far as necessary for the decision regarding the establishment of an employment relationship. The legal basis for this is Section 26 of the Federal Data Protection Act (BDSG-new) under German law (preparation of an employment relationship), Art. 6 (1) lit. b GDPR (general contract initiation), and—if you have given consent—Art. 6 (1) lit. a GDPR. The consent can be revoked at any time. Your personal data will only be shared within our company with individuals who are involved in processing your application.
If the application is successful, the data you submitted will be stored in our data processing systems based on Section 26 BDSG-new and Art. 6 (1) lit. b GDPR for the purpose of executing the employment relationship.
Retention Period of Data
If we are unable to offer you a job, you decline a job offer, you withdraw your application, you revoke your consent for data processing, or you request the deletion of your data, the data you provided, including any remaining physical application documents, will be stored for a maximum of 6 months after the conclusion of the application process (retention period) to allow us to verify the details of the application process in case of discrepancies (Art. 6 (1) lit. f GDPR).
YOU CAN OBJECT TO THIS STORAGE IF YOU HAVE LEGITIMATE INTERESTS THAT OUTWEIGH OUR INTERESTS.
After the retention period has expired, the data will be deleted unless there is a legal obligation to retain the data or another legal reason for further storage. If it is clear that your data will need to be retained after the retention period (e.g., due to a pending or imminent legal dispute), deletion will only occur when the data is no longer relevant. Other legal retention obligations remain unaffected.
5. Data Collection via Email, Phone, or Fax
If you contact us via email, phone, or fax, your request, including any personal data arising from it (name, inquiry), will be stored and processed by us for the purpose of handling your request. We will not share this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b GDPR, if your request relates to the fulfillment of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 (1) lit. a GDPR) and/or our legitimate interests (Art. 6 (1) lit. f GDPR), as we have a legitimate interest in effectively handling inquiries directed to us.
The data you send to us via contact inquiries will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been fully processed). Mandatory legal provisions—particularly legal retention periods—remain unaffected.