SDMetrics home page
The Software Design Metrics tool for the UML
Sitemap

Privacy Policy for SDMetrics

1. Preliminaries and contact details

The following sections lay out the privacy policy that applies to users of the websites sdmetrics.com and juergenwuest.de, as well as (prospective) licensees of the UML design quality measurement tool SDMetrics.

The responsible data controller and your main contact point for all data privacy matters is:

  • Jürgen Wüst, In der Lache 17, 67308 Zellertal, Germany.

You can find my full contact details here if you wish to exert your right of access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), or right to restriction of processing (Art. 18 GDPR).

To exert your right to lodge a complaint (Art. 77 GDPR), the competent supervisory authority for my territory is "Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz", Postfach 30 40, 55020 Mainz (https://www.datenschutz.rlp.de). If you reside inside the territorial scope of the GDPR, you can contact your local supervisory authority instead.

2. Privacy policy for visitors to the websites sdmetrics.com and juergenwuest.de

What personal data do I collect?

I don't collect any personal data about you, period. It is quite possible to deliver a bunch of static HTML pages and a blog entirely without the use of any cookies, tracking scripts, social media plugins and so forth.

What non-personal data do I collect then?

Like any serious website maintainer, I regularly check the access logs to monitor the amount of traffic to the various parts of the site, server errors, and attacks to the website. An entry in the access logs contains the following attributes, as mandated by the widely popular "HTTP over TCP/IP" protocols, and collected by just about every web server on this planet out of the box:

  • Anonymised IP address of the client. I do not have access to your full IP address, because my web hoster randomly hashes the lowest 9 bits of the IPv4 address. That way, I can identify your organization or internet provider, but not your individual machine address, let alone you personally. Full details how this anonymisation works are described here: https://www.strato.com/faq/en_us/article/557.
  • the date and time of the access
  • the HTTP method and URL requested
  • the HTTP status code for the request
  • the number of bytes sent in the reply
  • the referrer URL of the HTTP request, if any
  • the user agent (browser or bot name) of the HTTP request

I keep an archive of the access logs for historical data analyses. The access logs are not disclosed to any third parties.

3. Privacy policy for the SDMetrics academic license

What personal data do I collect?

In order to successfully apply for an SDMetrics academic license, I need to know your name, e-mail address, the name and URL of your university or research facility, and optionally the name of your department. Subsequently, you need to send me an e-mail from the provided e-mail account in which you state your consent to the SDMetrics academic license conditions.

The legal basis for this data processing is Article 6(1) point (b) of the GDPR.

How do I collect your data?

You enter the data via the SDMetrics academic license application form on the website. The data is sent to the web server over a secured connection (https). On the server, your data will be encrypted on the application layer and e-mailed to an sdmetrics.com e-mail account, where it sits until I fetch it from the mail server (over a TLS connection), decrypt the data, and process your request. The remainder of the application process happens over e-mail exchange (OpenPGP encryption is available and encouraged).

What do I use your data for?

I require the name and URL of your university or research facility to verify its non-profit status, your e-mail address to verify your affiliation with that non-profit organization, and your name and e-mail address for the subsequent processing of your request. Later on, I use your contact details to verify that you are a licensed user in case of support requests.

How long do I store your data?

Upon successful application, I'll store your data record indefinitely, as all SDMetrics licenses are perpetual. If your application process does not go through, I delete your data as soon as you cancel your application or one month after your last communication.

Whom do I share your data with?

Upon successful application, I publish the name of your university/research facility and the department on a list of SDMetrics academic license users on the SDMetrics website (https://www.sdmetrics.com/Academic.html) for promotional purposes.

Your name and e-mail address will not be disclosed to any third parties.

What happens if you request your personal data to be erased?

Your license will continue to be valid. However, I may no longer grant higher priority to any support requests you might have in the future. If you want to update or upgrade your existing license, you may need to go through the entire application process again.

4. Privacy policy when you buy an SDMetrics regular license

What personal data do I collect?

Your contract partner for the purchase is Digital River GmbH (Share-It), Cologne, Germany, who acts as a reseller. The mandatory data you need to provide when you place your order is your last name, address (street, zip code, city, country), e-mail address, and payment method. You may optionally provide your proper salutation, title, first name, company name, phone number, fax number and VAT ID.

How do I collect your data?

Upon successful payment, I receive an e-mail notification from Digital River GmbH, and can access your order details over a secure web site. I store all data mentioned above except the payment method, along with the date of purchase. Please note that I do not have access to payment details such as the credit card number or bank account number used for making the purchase.

The legal basis for this data processing is Article 6(1) point (b) of the GDPR.

What do I use your data for?

I use your name and e-mail address right away to send you a personal thank you note and contact details if you require any support. Later on, I use the data to verify that you are a licensed user in case of support requests or if you wish to update or upgrade your existing license.

How long do I store your data?

I'll store your data record indefinitely, as all SDMetrics licenses are perpetual.

Whom do I share your data with?

Your data will not be disclosed to any third parties.

What happens if you request your personal data to be erased?

Your license will continue to be valid. However, I may no longer grant higher priority to any support requests you might have in the future. If you need to update or upgrade your existing license, I won't be able to provide discounts taking into account your previous purchases.

5. Privacy policy when you buy a source code or bulk license of SDMetrics.

What personal data do I collect?

The mandatory data you need to provide is your last name, address (street, zip code, city, country), e-mail address, and VAT ID (if applicable). You may optionally provide your title, first name, company name, phone number, fax number. The legal basis for this data processing is Article 6(1) point (b) of the GDPR.

How do I collect your data?

You provide the data in the course of prior negotiations of the contract details in form of e-mails (OpenPGP encryption is available and encouraged), phone calls, or documents sent by mail.

What do I use your data for?

I require the data for invoicing. Later on, I use the data to verify that you are a licensed user in case of support requests or if you wish to update or upgrade your existing license.

How long do I store your data?

I'll store your data record indefinitely, as all SDMetrics licenses are perpetual.

Whom do I share your data with?

Your data will not be disclosed to any third parties.

What happens if you request your personal data to be erased?

I am required to keep a copy of your invoice, which contains most of your personal data, for 10 years (Germany's §14b Umsatzsteuergesetz).

If you purchased a source code license, I will keep my copy of the mutually signed source code license agreement, which also contains most of your personal data. Otherwise I could not sue you if you chose to violate any conditions of the source code license agreement later on.

Other than that, I will delete your data, of course, but there are so few of you out there that I'll easily recognize your names from memory and know what licenses you bought anyway. My control over the delete function of my brain is somewhat limited, and probably outside the scope of your "right to be forgotten" as per Article 17 of the GDPR.

Either way, your source code or bulk license will continue to be valid.