Privacy Policy

The controller responsible for data processing on this website is ScriptWorldX IT - Michael Schiefer, Niederweg 54, 50374 Erftstadt, Germany.

Contact for privacy requests: Michael.Schiefer@ScriptWorldX.de. A data protection officer is currently not appointed because, according to the current assessment, there is no statutory obligation to appoint one.

This policy applies to the public website and the ScriptWorldX shop. Personal data is processed only where necessary to provide the website, communicate with you, perform contracts, process payments, manage licenses, maintain security or comply with legal obligations.

• Provision of the website, shop, shopping cart and customer account
• Processing contact requests, registrations, orders and invoices
• Issuing, managing and checking software licenses and activations
• Compliance with statutory retention duties and protection against misuse and attacks

When the website is accessed, the server processes technically necessary access data, in particular IP address, date and time of access, requested URL, referrer, browser/user agent, HTTP status code and transferred data volume.

Processing is carried out to provide the website technically, analyze errors, maintain stability and protect security on the basis of Art. 6(1)(f) GDPR. The legitimate interest is the secure and uninterrupted operation of the online service.

Server log files are stored only for as long as required for security, error analysis and abuse prevention, and are then deleted or anonymized unless longer storage is required due to a security incident.

This website uses technically necessary cookies and comparable storage technologies, for example for login sessions, shopping cart, CSRF protection, language selection and the notice about necessary cookies.

Where necessary, storing or accessing information on the user device is based on Section 25(2) TDDDG. Subsequent processing of personal data is based, depending on the purpose, on Art. 6(1)(b), (c) or (f) GDPR.

Tracking, marketing or advertising cookies are not used. You can delete or block cookies in your browser; individual shop functions may then be limited.

If you use the contact form or contact us by email, we process your name, email address, subject, message and technical security data such as IP address and user agent.

Processing is carried out to handle your request on the basis of Art. 6(1)(b) GDPR where it concerns pre-contractual or contractual communication, and otherwise on the basis of Art. 6(1)(f) GDPR.

When registering and using the customer account, we process in particular email address, password hash, name, company, address, phone number, language settings, newsletter status, orders and license data.

Processing is carried out to provide the customer account, process orders and perform contracts on the basis of Art. 6(1)(b) GDPR. Legally required invoice and documentation data is processed on the basis of Art. 6(1)(c) GDPR.

For orders we process billing and contact data, ordered products, license editions, prices, tax information, payment method, payment status, order numbers and transaction references.

When paying by PayPal or credit card, the data required for payment is transmitted to the respective payment provider. PayPal payments are processed by PayPal Europe S.à r.l. et Cie, S.C.A.; credit card payments by Stripe Payments Europe, Limited. For bank transfers, we process payment receipt and payment reference.

Legal bases are Art. 6(1)(b) GDPR for contract performance and payment processing, Art. 6(1)(c) GDPR for tax and commercial law obligations and Art. 6(1)(f) GDPR for fraud and abuse prevention.

After an order, license data is generated and managed. This includes customer assignment, product, edition, serial number/license key, validity period, device or activation limits, activation status, order reference and technical log data.

This processing is required for delivering digital products, checking valid licenses, updates, support, abuse prevention and technical traceability. Legal bases are Art. 6(1)(b) and Art. 6(1)(f) GDPR.

Transactional emails, for example registration, order, payment and license emails, are sent to perform the contract. An optional newsletter is sent only if you actively subscribe to it.

For newsletters, the legal basis is your consent under Art. 6(1)(a) GDPR. You can withdraw consent at any time with effect for the future, for example by email.

Personal data is stored only for as long as required for the respective purposes. Contract, order and invoice data is regularly stored for up to ten years in accordance with statutory retention periods.

Contact requests are deleted once they have been finally processed and there are no statutory retention duties or legitimate interests in further storage. Customer account and license data is deleted or restricted when it is no longer required and no retention duties prevent this.

Personal data is disclosed to recipients only where this is required for the purposes described above or where there is a legal obligation.

• Hosting, IT and security providers for operation, maintenance and protection of the systems
• Payment providers such as PayPal, Stripe and banks as part of payment processing
• Email and SMTP providers for transactional messages and communication
• Tax, accounting or legal bodies where legally required

Data is transferred to countries outside the European Union or the European Economic Area only where this is required for the use of service providers, in particular payment or email services.

Where service providers process data in third countries, this is done in accordance with the GDPR, in particular on the basis of an adequacy decision, standard contractual clauses or other suitable safeguards.

Subject to the legal requirements, you have the following rights. Please send requests to Michael.Schiefer@ScriptWorldX.de.

• Access to the personal data processed under Art. 15 GDPR
• Rectification of inaccurate data under Art. 16 GDPR
• Erasure under Art. 17 GDPR and restriction of processing under Art. 18 GDPR
• Data portability under Art. 20 GDPR
• Objection to processing based on legitimate interests under Art. 21 GDPR
• Complaint to a data protection supervisory authority under Art. 77 GDPR

ScriptWorldX uses technical and organizational measures to protect personal data against loss, misuse, unauthorized access and unauthorized modification.

These measures include encrypted transmission via HTTPS, access restrictions, role-based administration, CSRF protection, rate limiting and logging of security-relevant events.

This privacy policy may be updated if functions, service providers, technical processes or legal requirements change. The current version is available on this page.