Privacy notice
ALLPLAN Login Service
https://login.allplan.com
Data protection is a particularly important topic for our company. In this privacy notice, we will inform you about the collection of personal data when using our ALLPLAN Shop and purchase our ALLPLAN products. We will inform you about which data we collect from you, and how we use it. We will also inform you about your rights under applicable data protection law, and tell you whom to contact if you have any questions.
Personal data is all data relating to you personally, such as name, address, email addresses or user behavior. We have put in place extensive technical and operational safeguards to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. We regularly review our security measures and adapt them to technological progress.
1.Responsible party for data processing
Jointly responsible pursuant to Article 4(7) of the EU General Data Protection Regulation (GDPR) are
ALLPLAN GmbH
Konrad-Zuse-Platz 1
81829 Munich
Germany
2. Get in touch with our data protection officer
Please contact our data protection officer at datenschutzbeauftragter (please no spam) @ (please no spam) allplan.com or our postal address by adding “data protection officer”.
3. Legal basis of our data processing
The processing of personal data may be based on various legal grounds. If we need your data to honor a contract with you or to respond to inquiries from you regarding a contract, the legal basis for this data processing is Article 6(1)(1)(b) GDPR. If we obtain your consent for the processing of certain data, the legal basis is Article 6(1)(1)(a) GDPR. We carry out some data processing on the basis of our legitimate interest, always weighing your interests worthy of protection against our legitimate interests. The legal basis is Article 6(1)(f) GDPR. Insofar as the processing is necessary for the fulfillment of a legal obligation to which we are subject, the legal basis is Article 6(1)(1)(c) GDPR.
Below we explain how we process your personal data when you visit https://login.allplan.com/.
4.Processing of personal data when accessing our ALLPLAN Shop website
Our ALLPLAN Login Service can be accessed at https://login.allplan.com. During the mere informational use of the website by calling up the ALLPLAN Login Service, i.e. if you do not register, we collect the following technical information (log file data):
Data | Purpose of processing | Duration of storage |
Operating system used | Evaluation by devices in order to ensure an optimized display of the website | The data is deleted in log files for the purpose of operating the website and to protect against misuse in accordance with our security regulations, generally after 30 days |
Information about the type of browser and the version used | Evaluation of the browser used in order to optimize our websites for this purpose | |
| IP address | Display of the website on the respective device | |
| Date and time of access | Ensuring the proper operation of the website | |
| Name of accessed site | Ensuring proper operation of the website | |
| Referrer URL (source URL from which you came to the website) | Ensuring proper operation of the website | |
We collect this data for technical reasons to display our website to you and to ensure stability and security. We (and our hosting service providers) are generally not aware of who is behind an IP address. We do not merge the above data with any other data.
The legal basis is the legitimate interest pursuant to Article 6(1)(1)(f) GDPR. Within the framework of the balancing of interests pursuant to Article 6(1)(f) GDPR, we have taken into account and weighed our interest in providing and your interest in processing your personal data in accordance with data protection. Since the following data is technically necessary for us to provide you with our service and also to ensure stability and security, in particular to protect from misuse, we have to process this data – while ensuring data security in line with the state of the art – taking due account of your interest in processing in line with data protection requirements. If the processing is based on another legal basis (e.g. consent according to Article 6(1)(a) GDPR), this will be shown accordingly.
5.Registration
In order to be able to use the ALLPLAN Login Services, a one-time prior registration and the creation of a user account is first necessary. Your registration takes place in our customer service portal "ALLPLAN Connect". Information on data protection when using our customer portal can be found at: https://connect.allplan.com/de/datenschutzbestimmungen.html.
Your registration takes place on "ALLPLAN Connect". We collect personal data from you in order to create a user profile for you in ALLPLAN Connect and to provide you with a practical login process for using the ALLPLAN login service. For this purpose, the following personal data will be processed from you as a user of the platform:
First name, last name,
Password (self-selected)
Connect ID (for assignment to a company as licensee),
E-mail address (private or business)
Customer type (simple license, license service (service-plus customer) or subscription customer)
The data is collected and stored for the purpose of creating a user profile in ALLPLAN Connect for you as a user and to enable the use of the ALLPLAN login service.
The legal basis for the data processing is our legitimate interest according to Art. 6 (1) lit. f DSGVO to provide you with our ALLPLAN Login Services, to ensure the security and stability of the website and to offer you a user-friendly operating experience.
6. ALLPLAN Login Service: Single Sign-On (SSO)
Single Sign-On (SSO) is an authentication mechanism that allows users to authenticate to multiple applications or services or systems with just one login. With SSO, users do not have to enter separate credentials for each application, but can use their credentials once to access different resources.
The basic concept of SSO is that there is a central authentication server that acts as an intermediary between the user and the various applications. When a user logs into SSO for the first time, their identity is verified and a token or ticket is issued that contains their authentication information. This token is then accepted by connected applications to authenticate the user without the need to log in again.
When a user wants to access a protected resource, the application directs him to the central authentication server. This verifies the token and ensures that it is valid. If the token is accepted, the user is considered authenticated and is granted access to the resource without having to enter additional credentials.
Before you can use SSO, the user must first register with the ALLPLAN Connect platform, where the user accounts created are stored securely in the central user management. Once registered, you can use SSO to log in with your username and password and access all applications. On the Allplan Connect platform, you also have the option of resetting your password if you have forgotten it or want to assign a new password for other reasons. For this purpose, corresponding functions are available to you to initiate the recovery process. After confirming your identity, you can set a new password that meets your security requirements. This ensures the protection of your data and allows you to access the platform securely.
7. Cookies
Our website uses cookies. Cookies are files that are placed on your computer by a website you visit and allow your browser to be reassigned. Cookies transmit information to the entity that sets the cookie. Cookies can store various information, such as your language setting, the duration of your visit to our website or the entries you have made there. This ensures, for example, that you do not have to re-enter required form data each time you use it. The information stored in cookies can also be used to identify preferences and target content according to areas of interest.
There are different types of cookies: Session cookies are sets of data that are only temporarily held in memory and are deleted when you close your browser. Permanent or persistent cookies are automatically deleted after a predefined duration, which may differ depending on the cookie. With this type of cookies, the information can also be stored on your computer in text files. You can, however, also delete these cookies at any time via your browser settings.
First-party cookies are set by the website you are currently visiting. Only this website is allowed to read information from these cookies. Third-party cookies are set by organizations that are not operators of the website you are visiting. These cookies are used by marketing companies, for example.
The legal basis for possible processing of personal data by means of cookies and their storage period may vary. If you have given us your consent, the legal basis is Article 6(1)(1)(a) GDPR. Insofar as the data processing is based on our overriding legitimate interests, the legal basis is Article 6(1)(1)(f) GDPR. The stated purpose then corresponds to our legitimate interest.
We use cookies to ensure the proper operation of the website, to provide basic functionality, to measure reach and – with your consent – to tailor our services to preferred areas of interest.
You can delete cookies already stored on your mobile device at any time. If you want to prevent cookies from being stored, you can do so via the settings in your Internet browser. Instructions for common browsers can be found here: Internet Explorer, Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge, Safari, Safari mobile. Alternatively, you can also install so-called ad blockers. Please note that individual functions of our website may not work if you have disabled the use of cookies.
The website https://login.allplan.com/ uses only technically necessary cookies:
Name des Cookies | Zweck der Verarbeitung | Speicherdauer |
AUTH_SESSION_ID | The current authentication session is identified by an ID consisting of two important components: the SessionID and the NodeID. The SessionID serves as a unique identifier for the ongoing connection and ensures the anonymity of the user session, while allowing applications to track the communication process. On the other hand, the NodeID serves as a unique identifier for the server responsible for handling requests related to that session. By including the NodeID, load balancers can efficiently route user requests to the same node, improving the overall communication process. This combined approach ensures both data protection and streamlined communication for a seamless user experience. | Until the next login. |
AUTH_SESSION_ID_LEGACY | This cookie has the same functionality as the AUTH_SESSION_ID cookie with the addition of ensuring compatibility of old operating systems and devices. | Until the next login. |
KC_RESTART | KC_RESTART is the cookie that is created at the beginning of the authentication process. It contains the client information encoded in the JWS token. The cookie is used when the root authentication session expires and to recreate the new authentication session based on the client information contained in the cookie. | max. 30 days |
KEYCLOAK_IDENTITY | The information contained in this token is critical for authentication. It consists of a JSON web token (JWT) that contains important details, including the ID of the authenticated user, the sessionID, the issuing authority, the application used, and the timestamps indicating when the token was issued and when it expires. This comprehensive information enables secure and authorized access to designated resources within the application. By including these key elements in the token, the system can ensure proper verification and authorization processes while maintaining the integrity and confidentiality of user sessions. | As long as the user is active in the services, maximum after 8 hours of inactivity. |
KEYCLOAK_IDENTITY_LEGACY | This cookie has the same functionality as the KEYCLOAK_IDENTITY cookie with the addition of ensuring compatibility of old operating systems and devices. | As long as the user is active in the services, maximum after 8 hours of inactivity. |
| ||
KEYCLOAK_SESSION | The ID serves as a unique identifier that distinguishes the session from the user's previous login. It is a randomly generated value that remains the same for all interactions with the server during this session. This ID plays an important role in maintaining continuity and tracking user activity throughout the session. By associating each session with a specific and immutable ID, the system ensures proper identification and accurate tracking of user interactions, enabling a seamless and personalized experience. This fixed ID serves as a reliable reference point and enables efficient communication and data management between the user and the server. | As long as the user is active in the services, maximum after 8 hours of inactivity. |
KEYCLOAK_SESSION_LEGACY | This cookie has the same functionality as the KEYCLOAK_SESSION cookie with the addition of ensuring compatibility of old operating systems and devices. | As long as the user is active in the services, maximum after 8 hours of inactivity. |
KEYCLOAK_LOCALE | The locale or language settings are saved to remember the preferred language the user selected the last time they visited the Keycloak login page. This feature ensures that when the user returns to the login page, they will find the same language as the last time, providing a consistent and personalized experience. By storing the locale, Keycloak can seamlessly cater to the user's language preferences and make the login process more intuitive and user-friendly. This feature simplifies interaction and improves the overall usability of the Keycloak platform for individuals with different language preferences. | As long as the user is active in the services, maximum after 8 hours of inactivity. |
The technically necessary cookies are mandatory to display the website and/or serve to re-authenticate the user in the system. Consequently, there is no possibility for the user to object, a deactivation of these cookies can be made by setting the respective browser.
8. Duration of storage
We store your personal data as long as it is necessary for the fulfillment of our legal and contractual obligations in connection with the ALLPLAN Login Services, unless their further processing is required for the following purposes:
After the end of the term of a contract, we usually delete your data after 10 years due to the fulfillment of commercial and tax law retention obligations (in particular retention periods from the German Commercial Code (HGB) or the German Fiscal Code (AO). For the preservation of evidence within the framework of the statute of limitations of the German Civil Code (BGB), a retention period of up to 30 years may be necessary in individual cases.
9. Data transfer
Your personal data will not be transferred to third parties for purposes other than those listed. We will only share your personal information with third parties if:
- you have given your express consent to this,
- the disclosure is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
- there is a legal obligation for the transfer, and this is legally permissible and necessary for the initiation or processing of contractual relationships with you,
External service providers and partner companies receive your data from us, only to the extent necessary to process your order. These service providers are from the following categories:
- IT service providers (e.g. maintenance and hosting service providers)
In these cases, however, the scope of the data transmitted is limited to the minimum required. Insofar as our service providers come into contact with your personal data, we ensure within the framework of commissioned processing pursuant to Article 28 GDPR that they comply with the provisions of the data protection laws in the same manner. Please also note the respective privacy notices of the providers. The respective service provider is responsible for the content of third-party services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness.
10. Data transfer to third countries
We consider it important to process your data within the EU/EEA. However, we may sometimes use service providers who process data outside the EU/EEA. In these cases, we ensure that an adequate level of data protection is established at the recipient before transferring your personal data. This means that via EU standard contracts (EU standard contractual clauses), as well as through an agreement on further measures that may be necessary, or by means of an adequacy decision of the European Commission, a level of data protection is achieved that is comparable to the standards within the EU.
In the event of data transfer outside the European Union, the high European level of data protection does generally not exist. In the case of a transfer, it may be that there is currently no adequacy decision by the EU Commission within the meaning of Article 45 (1), (3) GDPR. This means that the EU Commission has not yet positively determined that the country-specific level of data protection corresponds to the level of data protection in the European Union based on the GDPR; therefore, we have put in place the aforementioned appropriate guarantees.
Possible risks that may not be completely excluded in connection with the transfer of data include, in particular:
- Your personal data could possibly be processed beyond the actual purpose.
- In addition, there is the possibility that you may not be able to assert and enforce your rights under data protection law, such as your right to information, correction, deletion or data portability, in the long term.
- There may also be a higher probability that incorrect data processing may occur and that the protection of personal data does not fully comply with the requirements of the GDPR in terms of quantity and quality.
11. Data security
Your personal data is transferred securely at ALLPLAN using encryption. This applies to all form processes (including registration, login, ordering). ALLPLAN uses the SSL/TLS (Secure Socket Layer/Transport Layer Security) coding system. It is true that no one can guarantee absolute protection. However, ALLPLAN secures its website and other systems against loss, destruction, access, modification or distribution of your data by unauthorized persons by means of technical and organizational measures. We regularly review our security measures and adapt them to technological progress.
12. Your rights
You have the following rights with respect to us regarding personal data concerning you:
12.1. Basic permissions
You have a right to information, correction, deletion, restriction of processing, objection to processing and data portability. Insofar as processing is based on your consent, you have the right to revoke this consent with effect for the future.
To exercise your rights, please contact us by email at datenschutzbeauftragter (please no spam) @ (please no spam) allplan.com or by mail at Allplan GmbH, Konrad-Zuse-Platz 1, 81829 Munich, Germany. The exercise of your rights described in this point is free of charge for you.
12.2 Rights in data processing according to legitimate interest
Pursuant to Article 21 (1) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) (e) GDPR (data processing in the public interest) or on the basis of Article 6 (1) (f) GDPR (data processing for the purposes of safeguarding a legitimate interest); this also applies to profiling based on this provision. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
12.3 Right to complain to a supervisory authority
Without prejudice to these rights and the possibility of seeking any other administrative or judicial remedy, you may at any time exercise your right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection law (Article 77 GDPR).
13. Links to other websites
Our websites may contain links to websites of other providers. We would like to point out that this information on data protection only applies to the websitevhttps://login.allplan.com/. We have no influence on and do not control that other providers comply with the applicable data protection provisions.
14.Changes to the privacy notice
We reserve the right to change or adapt this privacy notice at any time in compliance with the applicable data protection regulations.
As of July 13, 2023