Data Privacy Policy

Protecting your personal data is important to us. This data privacy policy shall help you understand what data we collect, how we collect it, why, and what we do with it.

This data privacy policy applies to our entire services and activities that support the Working Group „REFrame: Software Requirements Frameworks“ in the German Computer Society (GI, Gesellschaft für Informatik e.V.), including the related websites and other online presence.

The legal foundation of this data privacy policy and of our collection and processing of data is the General Data Protection Regulation (GDPR) of the European Parliament and of the European Council, in particular Art. 6 (1) (a-c, f) GDPR.

The body responsible for collecting and processing data under this data privacy policy is Software.Process.Management Dr. Andreas Birk, Usedomstr. 15, 70439 Stuttgart, Germany, phone +49 711 6645 324, email (controller according to GDPR, throughout this document referred to as we), in order to provide and manage the web presence of the Working Group „REFrame: Software Requirements Frameworks“ in the German Computer Society (GI, Gesellschaft für Informatik e.V.).

Data We Collect and Process

We collect and process the following data:

  • Contact data (e.g., email addresses, telephone numbers)
  • Contract data (e.g., object and period of a contract)
  • Inventory data (e.g., customer data like name and address)
  • Payment data (e.g., bank details, payment history)
  • Project data (e.g., customer requirements and documents)
  • Software user data (e.g., account information)
  • Website and software usage data (e.g., visited web pages and topical interests)
  • Content data (e.g., website user input, photographs)
  • Technical meta data (e.g., browser types, IP addresses)

Affected Types of Persons

We collect and process personal data of the following types of persons:

  • Customers, interested persons, and business partners
  • Members and interested persons of networks and communities in which we engage, and that we support actively—e.g., by management of working groups or organization of user group meetings
  • Visitors and users of our online offerings and services

Purposes of Data Collection and Processing

We collect and process personal data for the following purposes:

  • Provide consulting, coaching, and training services
  • Provide contractual services and support
  • Answer requests and communicate with customers, interested persons, and users
  • Publish and communicate on technology and business topics
  • Support networks and communities
  • Maintain customer relationships
  • Conduct marketing and sales activities
  • Conduct required administrative activities
  • Conduct security measures

Use of Personal Data

Personal data are information through which a natural person can be identified, directly or indirectly. They include name, email address, or telephone number. Personal data are, too, information on an individual’s preferences, its company or association affiliations, or what web pages a person has visited.

We collect, use, and share your personal data only as far as we are legally entitled to do so, or as far as you have declared your consent.

Contacting Us

When you contact us, for instance by email or by using a contact form, we store your information in order to process the request, or for being able to answer your follow-up questions.

Website Access Data & Server Logfiles

As providers of websites we collect data about every access to the website (so-called server log files), and our web hosting service providers do so likewise. This access data includes: Name of the called web page, file, date and time of the access, transferred data volume, notifications on successful invocation, browser type and version, the user’s operating system, referrer URL (i.e., the web page visited previously), IP address, and the requesting provider.

We use the logged data for statistical analyses in order to operate and improve our websites and their services, and for additional administrative purposes. We and our web hosting service providers reserve the right to analyze the stored data, when there are specific indications of unlawful usage of the website. Legal foundation of this data processing is Art. 6 (1) (f) GDPR in connection with Art. 28 GDPR.

User Comments

When you post comments in a blog or provide other kinds of contributions, we store your IP address. This serves our and our service providers’ security in the event any user’s comments or contributions contain unlawful content (e.g., insults or illegal propaganda). In such cases the user can be made liable for his or her comments or contributions, and we or our service providers have a direct interest in the user’s identity and stored data.



We send newsletters that inform registered recipients about specific topic areas and about offers.

If you want to receive newsletters, you must provide a valid email address and additional information. This information enables us and our service providers to validate that the user actually possesses the email address, and that the user agrees with receiving the newsletter. We may enquire additional information that is exclusively used to tailor newsletter contents according to the user’s preferences. Examples include language preferences, regional preferences for event announcements, and topic areas of special interest. We use these data only for providing the newsletter service. We do not share this information with third parties except our service providers.

When you register for a newsletter, we or our service provider stores your IP address and the registration date. This data shall enable us to prove when a third party makes unauthorized use of a person’s email address and registers for the newsletter without this person’s knowledge.

You can unsubscribe from the newsletter at any time using a link in the newsletter postings, via your profile pages, or by sending a message to our contact address above.

Transfer of Data to Third Parties

We transfer your personal data to third parties only in the following cases: You have expressed your explicit consent according to Art. 6 (1) (a) GDPR. Transfer is within our legitimate interests or those of an authorized third party, according to Art. 6 (1) (f) GDPR. Transfer must be conducted due to a legal obligation according to Art. 6 (1) (c) GDPR. Transfer is legal and required for the performance of a contract in which you are party, or in order to take steps at your request prior to entering into such a contract, according to Art. 6 (1) (b) GDPR.

Where we engage others with processing your personal data, this is governed by a contract or other legal act following Art. 28 GDPR.


Your Data Privacy Rights

You have the following rights:

Right of access (Art. 15 GDPR): You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed. Where this is the case, you have the right to obtain access to this personal data and to the associated information specified in Art. 15 GDPR.

Right to rectification (Art. 16 GDPR): You have the right to request the immediate rectification of inaccurate personal data concerning you and, if necessary, the completion of incomplete personal data.

Right to erasure (Art. 17 GDPR): You have the right to obtain the immediate erasure of personal data concerning you, under the conditions specified in Art. 17 GDPR.

Right to restrict processing (Art. 18 GDPR): You have the right to request restriction on processing your personal data, under the conditions specified in Art. 18 GDPR.

Right to object to processing (Art. 21 GDPR):

You have the right to object to the processing of your personal data that we have received pursuant Art. 6 (1) (f) GDPR, under the conditions specified in Art. 21 GDPR.

Right to data portability (Art. 20 GDPR): In certain cases specified in Art. 20 GDPR, you have the right to receive personal data concerning you in a structured, commonly used and machine-readable format, or to request the transmission of this data to a third party.

Right to withdraw consent (Art. 7 (3) GDPR): You have the right to withdraw your consent to processing your personal data. This shall not affect the lawfulness of any processing based on consent before its withdrawal.

Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you feel that the processing of your personal data infringes upon GDPR.

Changes to This Data Privacy Policy

We keep this data privacy policy under regular review and place any updates on this web page.

This data privacy policy dates from March 2023.