ESS Engineering Software Steyr GmbH
Berggasse 35, 4400 Steyr, Austria
email: office@essteyr.com
alsim CLOUD
Data Protection Declaration
In the following Data Protection Declaration we provide you with transparent information about the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data. As far as EU law is concerned, we refer to EU General Data Protection Regulation (GDPR). You can of course read this GDPR online on EUR-Lex, the access to EU law, at link
Data Controller
The Data Controller within the meaning of the EU General Data Protection Regulation and other national data protection laws of the EU member states as well as other data protection regulations is:
The website operator takes your data protection very seriously and treats your personal data confidentially and in accordance with the legal regulations. Since new technologies and the continuous development of this website may result in changes to this privacy policy, we recommend that you read through the privacy policy again at regular intervals. This Data Protection Declaration applies to the internet offer of ESS Engineering Software Steyr GmbH, which can be accessed under the domain www.alsimcloud.com as well as the subdomains (in the following referred to as "our website").
Collection and Processing of Personal Data
Access Data
We, the Data Controller, collect data about accesses to the website on the basis of our legitimate interest (see Art. 6 para. 1 lit. f. GDPR) and store them as "server log files" on the website server. The following data is logged in this way:
- Visited page
- Access Time
- Amount of data sent in bytes
- Source / reference from which you came to the site
- Browser used
- Operating system used
- IP address used
Reach measurement & cookies
This website uses cookies for pseudonymous range measurement, which are transmitted to the user's browser either by our server or the server of a third party, on the basis of our legitimate interest (see Art. 6 para. 1 lit. f. GDPR). Cookies are small files that are stored on your terminal device. Your browser accesses these files. The use of cookies increases the user-friendliness and security of this website. If you do not want cookies to be stored on your end device for range measurement, you can object to the use of these files here:
- Cookie deactivation page of the network advertising initiative: http://optout.networkadvertising.org/?c=1#!/
- Cookie deactivation page of the US website: http://optout.aboutads.info/?c=2#!/
- Cookie deactivation page of the European website: http://optout.networkadvertising.org/?c=1#!/
Popular browsers offer the setting option to not allow cookies. Note: It is not guaranteed that you will be able to access all functions of this website without restrictions if you set the appropriate preferences. Required cookies:
- Storing the session id – 1 session number
- Google Analytics – 2 entries needed by Google Analytics
- Consent status – 1 entries
Registration/Creation of a user account
On our website, we offer you the opportunity to register by providing personal data. With the processed data, we create an individualised user account for you, with which you can use certain contents and services such as details of simulation tasks launched via applications. We process your e-mail address so that we can send you new access data if you would forget it. The following overview shows you in detail which personal data we process when you register:
- Name
- e-mail address
In accordance with Art. 6 para. 1 lit. a GDPR, the processing of the personal data presented is based on the declaration of consent voluntarily submitted by you during registration. The declaration of consent is made unambiguously, in an informed manner, relates to the specific processing and has not yet been revoked. A revocation is possible at any time with effect for the future under the followed contacts:
- Data Controller – office@essteyr.com
- Development Team – contact@alsimcloud.com
As soon as the registration or the user account on our website is deleted or modified, the data processed during the registration process will be deleted or modified. Further storage will take place in individual cases if required by law. You have the option to delete the user account at any time. You can also have the data stored about you changed at any time. In case of doubt, please contact us at the above-mentioned e-mails addresses. Earlier deletion of the data is only possible insofar as this does not conflict with contractual or legal obligations. If the processed data is required to fulfil a contract or to carry out pre-contractual measures, deletion is not possible until the purpose has been achieved.
Handling of Contact Data
If you contact us through the contact options offered, your following personal data will be stored so that we can use them to process and respond to your request. The data processing described above for the purpose of contacting you is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the basis of the declaration of consent voluntarily submitted by you during the sending process. As soon as your request has been dealt with and the matter in question has been conclusively clarified, the personal data processed via the contact form will be deleted. Further storage may take place in individual cases if this is required by law.
Google Analytics
This website uses the "Google Analytics" service on the basis of our legitimate interests in optimizing and analysing our online offering within the meaning of Art. 6 para. 1 lit. f. GDPR the service "Google Analytics", which is provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The service (Google Analytics) uses "cookies" - text files that are stored on your terminal device. The information collected by the cookies is usually sent to a Google server in the USA and stored there. Google LLC complies with European data protection law and is certified under the Privacy Shield agreement.
IP anonymization is used on this website. The IP address of the user is shortened within the member states of the EU and the European Economic Area and in the other contracting states of the agreement. Only in individual cases is the IP address initially transmitted unabbreviated to a Google server in the USA and shortened there. This shortening eliminates the personal reference of your IP address. The user's IP address transmitted by the browser is not combined with other data stored by Google.
As part of the agreement on the order data agreement, which we as website operators have concluded with Google Inc., the later uses the information collected to create an evaluation of website use and website activity and provides services associated with internet use.
The data collected by Google on our behalf is used to evaluate the use of our online offering by individual users, e.g. to create reports on website activity in order to improve our online offering.
You have the option of preventing cookies from being stored on your device by making the appropriate settings in your browser. It is not guaranteed that you can access all functions of this website without restrictions if your browser does not allow cookies.
Furthermore, you can use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to and used by Google Inc. The following link will take you to the corresponding plugin: Google Analytics Opt-out Browser Add-on Download Page. Alternatively, you can prevent Google Analytics from collecting data about you within this website by clicking on this link. By clicking on the link, you will arrive to Google Analytics Help Centre that will provide you the instructions for "opt-out cookie". Your browser must therefore generally allow the storage of cookies for this purpose. If you delete your cookies regularly, you will need to click on the link again each time you visit our website.
Here you can find more information about the use of data by Google Inc:
Secured data transfer and processing
We only transfer or process data to countries outside the EU (partner countries) if you consent to this processing, if this is required by law or contractually necessary, and in any case only to the extent that this is generally permitted. Your consent is in most cases the most important reason that we have data processed in partner countries. Processing personal data in partner countries such as the U.S., where many software vendors provide services and have their server locations, may result in data not being processed in a way that prevents you from being identified. We explicitly point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA. Data processing by US services (such as Google Analytics) may result in data not being processed and stored anonymously, where applicable. Furthermore, US government authorities may be able to access individual data. In addition, it may happen that collected data is linked with data from other services of the same provider, if you have a corresponding user account. Where possible, we try to use server locations within the EU, if this is offered.
User Rights
As a data subject of a processing of personal data, you have the following rights under the GDPR:
- Pursuant to Art. 15 GDPR, you can obtain information about your personal data processed by us. In particular:
- you can request information about the processing purposes
- the categories of personal data
- the categories of recipients to whom your data have been or will be disclosed
- the envisaged storage period
- the existence of a right to rectification, erasure, restriction of processing or objection
- the existence of a right of complaint
- the source of your data if it has not been collected by us
- the transfer to third countries or to international organisations
- the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details
- Pursuant to Art. 16 GDPR, you may request the rectification of inaccurate or the completion of your personal data stored by us without undue delay.
- Pursuant to Art. 17 GDPR, you may request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
- Pursuant to Art. 18 GDPR, you may request the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, we no longer need the data and you object to their erasure because you need them for the assertion, exercise or defence of legal claims. You also have the right under Article 18 of the GDPR if you have objected to the processing in accordance with Art. 21 GDPR.
- Pursuant to Art. 20 GDPR, you may request to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or you may request that it be transferred to another controller.
- Pursuant to Art. 7 para. 3 GDPR, once you have given your consent, you can revoke it at any time by contacting us by the emails (data controller - office@essteyr.com or development team - contact@alsimcloud.com). This has the consequence that we may no longer continue the data processing(s) based on this consent for the future.
- Pursuant to Art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your habitual residence, your place of work or the place of our registered office, which is Steyr (Austria).
To assert your rights, please contact data controller - office@essteyr.com or development team - contact@alsimcloud.com. Alternatively, you can contact the supervisory authority. In Austria, the Datenschutzbehörde is responsible for this.
Right to object
When your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f of GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the case of direct advertising, you have a general right of objection, which is implemented by us without specifying a particular situation.
Data processing security
To protect personal data, we have implemented both technical and organizational measures. Where possible, we encrypt or pseudonymize personal data. In this way, we make it as difficult as possible, within the scope of our possibilities, for third parties to infer personal information from our data.
Art. 25 GDPR refers to "data protection through technical design and data protection-friendly default settings" and thus means that both software (e.g., forms) and hardware (e.g., access to the server room) are always designed with security in mind and that appropriate measures are taken. If necessary, we will go into more detail on specific measures below.
Data Security – TISAX
The ENX Association supports the automotive industry's common acceptance of Information Security Assessments through TISAX (Trusted Information Security Assessment Exchange) on behalf of VDA. TISAX Assessments are conducted by qualified audit providers, such as DEKRA, who demonstrate their expertise through regular qualifications. It's important to note that TISAX and its results are not intended for the general public.
At Engineering Software Steyr GmbH, safeguarding the confidentiality, integrity, and availability (CIA) of information is paramount. We have implemented rigorous measures to protect sensitive and confidential data, aligning with the comprehensive question catalogue of information security provided by the German Association of the Automotive Industry (VDA ISA). Our recent assessment was conducted by DEKRA a trusted TISAX audit provider renowned for their expertise in ensuring information security.
Our TISAX assessment encompassed a comprehensive review of our information security practices, covering a wide range of systems, processes, and data handling procedures. Specifically, the assessment focused on:
- Data Handling Procedures: Evaluation of our protocols for collecting, storing, and transmitting sensitive information to ensure compliance with industry standard.
- Network Security: Assessment of our network infrastructure, including firewalls, encryption methods, and access controls, to safeguard against unauthorized access and data breaches.
- Physical Security Measures: Examination of our physical security measures, such as access controls, surveillance systems, and facility safeguards, to protect against unauthorized entry or theft of sensitive information.
- Employee Training and Awareness: Review of our employee training programs and awareness initiatives to ensure all staff members are equipped with the knowledge and skills to mitigate security risks and adhere to best practices.
By conducting a thorough assessment across these key areas, we aim to provide our customers with the assurance that their data is handled with the utmost care and security.
To ensure transparency and accessibility, the results of our TISAX assessment are exclusively available through the ENX Portal. You can access the detailed assessment report and findings by visiting the "TISAX Assessment Results" section on the ENX Portal: TISAX Assessement Results · ENX Portal.