Data Protection Privacy Statement


We are controller according to Article 13 (1)(a) GDPR:

CAS Software AG
CAS-Weg 1-5
76131 Karlsruhe

represented by Martin Hubschneider (CEO).

Data protection

CAS Software AG aims to respect and protect your privacy. We have designed our website so that you can visit the web pages of CAS Software AG (hereinafter referred to as website) without being personally identifiable and without any personal information about you being disclosed. If you decide to disclose personal information to us, we undertake to treat it with great care.

Personal data and recipients

The term 'personal data' refers to items of information which can give indications as to the identity or private matters of an individual.

Categories of personal data we process:

  • personal data (first name, surname)
  • contact data (address, email address, phone number and comparable data)
  • date of birth (as far as specified by you)
  • location (as far as specified by you, e.g., for the claim of place-related services given)
  • bank account data (IBAN, BIC) (as far as specified by you)
  • Internet Protocol (IP) addresses in anonymized form
  • session data as well as data required for the anonymous identification and analysis of your user behavior; these include the IP address and metadata such as the browser you use, the browser language, date and time, user preferences, e.g. by setting cookies

Based on the above definition, it does not include information, which does not give indications as to the identity or private matters of an individual, such as the number of visitors to a website.

Recipients of your personal data:

  • companies in the same group
  • processors according to Article 4 (8) GDPR
  • companies that use anonymous data of users to identify, analyze and exploit the behavior of Internet users for marketing purposes, such as: Matomo, yext, google, wiredminds, econda. This doesn‘t affect your personal contact information.
  • advertising partners
  • social media services, such as Facebook, and their users

Gathering and use of personal data

The information provided by CAS Software AG is normally freely accessible. No personal registration is required. Personal information is gathered where necessary in order to perform relevant services. This is the case, for example, if you subscribe online to the CAS@WORK customer magazine, or if you request information material or obtain test software. We only use your personal data to enable us to provide you with the services you request.

Part of the data is collected to ensure the proper functioning of the website. Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form. Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.

Some of the data collected is used to ensure the error-free provision of the website.

Your personal data will be processed for the following purposes:

a) on the basis of a given consent according to Article 6 (1) (a) GDPR
If you have given consent to the processing of your personal data, this is the legal basis of the affecting processing of data. You can revoke your consent at any time with effect for the future. The legality of the processing based on your consent until your revocation is not affected by this.

to fulfil contractual obligations and pre-contractual measures according to Article 6 (1) (b) GDPR

  • for the execution of our contracts with you
  • for the implementation of measures and activities within the framework of pre-contractual relationships

for compliance with legal obligation according to Article 6 (1) (c) GDPR
We process your personal data if this is necessary to fulfil legal obligations (e. g. commercial, tax laws).

if processing is necessary for the purposes of the legitimate interests pursued by us or a third party according to Article 6 (1) (f) GDPR
Your personal data may be used by us or by third parties on the basis of a balance of interests to protect a legitimate interest. This is done for the following interests and purposes:

  • temporary storage of automatically generated session data in log files
  • advertising or market research, provided you have not objected to the use of your data
  • the anonymous determination and evaluation of your user behaviour by third parties such as Matomo
  • the assertion of legal claims and defence in legal disputes which are not directly attributable to the contractual relationship
  • internal and external investigations and/or safety reviews
  • operation of social media services

e) your obligation to provide data

It is required that you provide information that is necessary for us to enter into a business relationship or to enter into a pre-contractual relationship or that we are required to collect by law. Without these data, we can not conclude or execute a contract with you. This may also apply to data required later in the business relationship.

Disclosure of data and Consent

When you disclose your personal data to us, you thereby give your consent for us to store and use it within the constraints of the GDPR. The personal information you provide is accessible categorically only to CAS Software AG and to its partners where appropriate.

Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

You have the following rights against us if the respective legal requirements are met: 

  • right of access by the data subject according to Article 15 GDPR,
  • right to rectification according to Article 16 GDPR
  • right to erasure (‘right to be forgotten’) according to Article 17 GDPR
  • right to restriction of processing according to Article 18 GDPR
  • right to object according to Article 21 GDPR
  • right to data portability according to Article 20 GDPR

Right to data portability

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

Right to information, blocking and deletion

As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.

Opposition to promotional emails

We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.

According to Article 21 (1) GDPR you have the following right against us to object if the respective legal requirements are met:

„The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.“

Providently we do inform you about your further possible right to object according to Article 21 (2) GDPR:

„Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.“

Right to file complaints with regulatory authorities

You have a right to lodge a complaint with a supervisory authority (Article 77 GDPR). The supervisory authority responsible for us is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit
Königstrasse 10 a
70173 Stuttgart

Transfer of data

CAS Software AG will treat your personal data in strict confidence, and will not disclose it to third parties under any circumstances (except for partners of the CAS Group).

Transfers of personal data to third countries

We only transfer your data to countries outside the European Economic Area - EEA (third countries) if this is required by law or under the following conditions of Article 49, paragraph 1, subsection 1 GDPR:

a) you have explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards;

b) the transfer is necessary for the performance of a contract between you and us or the implementation of pre-contractual measures taken at your request;

c) the transfer is necessary for the conclusion or performance of a contract concluded in your interest between us and another natural or legal person;

d) the transfer is necessary for important reasons of public interest;

e) the transfer is necessary for the establishment, exercise or defence of legal claims;

f) the transfer is necessary in order to protect the vital interests of you or of other persons, where you are physically or legally incapable of giving consent;

g) the transfer is made from a register which according to Union or Member State law is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions laid down by Union or Member State law for consultation are fulfilled in the particular case.

Countries outside of the European Union may be considered unsafe third countries in terms of data protection. The recipients of the data are often not subject to the standards of the EU GDPR. We therefore have no influence on how such recipients handle your data or the extent to which and for what purposes the data is further processed in the third country.

Duration of data storage

We store the data given by you other than by consent according to Article 6 (1) (a) GDPR for the following duration:

  • session data until completion of the session
  • As long and as far as this is necessary for the duration of our business relationship. This also includes the initiation and execution of a contract.
  • If we are obliged to do so on the basis of storage and documentation obligations, e. g. in accordance with the German Civil Code (BGB), the German Commercial Code (HGB) or the Tax Code (AO). The periods for storage or documentation specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Data collection on our website

Our websites and pages use what the industry refers to as “cookies.” Cookies are small text files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them or they are automatically eradicated by your web browser.

In some cases it is possible that third party cookies are stored on your device once you enter our site (third party cookies). These cookies enable you or us to take advantage of certain services offered by the third party (e.g. cookies for the processing of payment services).

Cookies have a variety of functions. Many cookies are technically essential since certain website functions would not work in the absence of the cookies (e.g. the shopping cart function or the display of videos). The purpose of other cookies may be the analysis of user patterns or the display of promotional messages.

Cookies that are required for the performance of the electronic communications transaction or to provide certain functions you want to use (e.g. the shopping cart function), are stored on the basis of Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in storing cookies to ensure the technically error free and optimised provision of the operator’s services. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.

You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.

In the event that third party cookies are used or if cookies are used for analytical purposes, we will separately notify you in conjunction with this Data Protection Policy and, if applicable, ask for your consent.

Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

These data will not be combined with data from other sources.

The basis for data processing is Art. 6 (1) (b) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

Contact form

Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

Request by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.

The processing of these data is based on Art. 6 para. 1 lit. b GDPR, if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases, the processing is based on your consent (Article 6 (1) a GDPR) and/or on our legitimate interests (Article 6 (1) (f) GDPR), since we have a legitimate interest in the effective processing of requests addressed to us.

The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Newsletter data

If you would like to subscribe to the newsletter offered on this website, we will need from you an e-mail address as well as information that allow us to verify that you are the owner of the e-mail address provided and consent to the receipt of the newsletter. No further data shall be collected or shall be collected only on a voluntary basis. We shall use such data only for the sending of the requested information and shall not share such data with any third parties.

The processing of the information entered into the newsletter subscription form shall occur exclusively on the basis of your consent (Art. 6 Sect. 1 lit. a GDPR). You may revoke the consent you have given to the archiving of data, the e-mail address and the use of this information for the sending of the newsletter at any time, for instance by clicking on the “Unsubscribe” link in the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place to date.

The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

Our website uses so-called social plugins provided by selected platforms (Facebook). The plugins are usually identifiable by a logo and an additional text.

Plugins & Tools

YouTube with expanded data protection integration
Our website embeds videos of the website YouTube. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in the expanded data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. Nevertheless, this does not necessarily mean that the sharing of data with YouTube partners can be ruled out as a result of the expanded data protection mode. For instance, regardless of whether you are watching a video, YouTube will always establish a connection with the Google DoubleClick network.

As soon as you start to play a YouTube video on this website, a connection to YouTube’s servers will be established. As a result, the YouTube server will be notified, which of our pages you have visited. If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account.

Furthermore, after you have started to play a video, YouTube will be able to place various cookies on your device. With the assistance of these cookies, YouTube will be able to obtain information about our website's visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud. These cookies will stay on your device until you delete them.

Under certain circumstances, additional data processing transactions may be triggered after you have started to play a YouTube video, which are beyond our control.

The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6 Sect. 1 lit. f GDPR, this is a legitimate interest. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.

For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy under:

Google Web Fonts

This website uses so-called Web Fonts provided by Google to ensure the uniform use of fonts on this site. These Google fonts are locally installed so that a connection to Google’s servers will not be established in conjunction with this application.

For more information on Google Web Fonts, please follow this link: and consult Google’s Data Privacy Declaration under:


We are using the mapping service provided by OpenStreetMap (OSM). The provider of this service is the Open-Street-Map Foundation (OSMF), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom.

When you visit any website, into which OpenStreetMap has been embedded, your IP address and other information concerning your behavior patterns on this website will be transferred to the OSMF. Under certain circumstances, OpenStreetMap will save cookies in your browser. Cookies are text files that are stored on your computer and that make it possible to conduct an analysis of your website use. You have the option to prevent the storage of cookies by making pertinent changes to the settings of your browser software. However, we have to point out that doing so may make it impossible for you to use all of the functions of this website to their fullest extent.

Furthermore, your location may be recorded if you have permitted this in your device settings, for instance on your cell phone. The provider of this website has no control over this type of data transfer. For details, please consult the Data Privacy Policy of OpenStreetMap under the following link:

We use OpenStreetMap with the objective of ensuring the attractive presentation of our online offers and to make it easy for visitors to find the locations we specify on our website. This establishes legitimate grounds as defined in Art. 6 Sect. 1 lit. f GDPR. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.

If you have any questions or suggestions in relation to data protection, please e-mail us at:

Contact details of our data protection officer:
Thomas Heimhalt (External Data Protection Officer)

Changes to this statement
CAS Software AG reserves the right to change this Data Protection Statement at any time within the constraints of the applicable law.

Version: August 2020