Data Protection Declaration

Group 2@3x


Basic details about data processing and legal bases

1.1 This data protection declaration will inform you about the nature, scope and purpose of processing personal data which we record and process in connection with our “online offer”.

1.2 The term “online offer” describes all websites, functions and forms of our company. Also the communication in electronic form (email) and data recorded from telephone conversations (support hotline) are a part of our online offer within the meaning of this data protection declaration.

1.3 This data protection declaration shall apply regardless of the used communication channel, domains, systems, platforms and used terminal devices (desktop or mobile).

1.4 The terms used in this data protection declaration (for example: “personal data”, “processing” “processor” etc.) are legally defined in Art. 4 GDPR.

1.5 Within the framework of our online offer we process personal data, which includes customer data (for example: company, company register number, UID number, address, phone number, email address, contact person, data of affiliated companies), contract data (software subscriptions, information about support cases (caller, date, time of the day, description of the support case, completion date, telephone number and email address of the caller), invoice data (date of invoice, data required by the tax law) and content data (details entered on the contact form, emails). Usage data (for example: visited websites of our online offer) normally does not fall under the category “personal data”, especially because our company records those data in pseudonymized form. However, because we cannot exclude the possibility that those data can be traced back to a specific person (for example, via the IP-address), those usage data are also part of this data protection declaration.

1.6 The term “User” includes both natural and legal persons unless a special action can only be done by a natural person. Usually “Users” are business partners, customers, interested persons and other visitors of our online offer. The used terms (for example: business partner) are gender neutral.

1.7 We process the User´s personal data in compliance with the data protection regulation. This means that the data will only be processed if a legal permission has been granted. A legal permission is granted when the processing of data is necessary in order to fulfill the obligations of the contract (for example: processing an order, access). The data will be processed to the extent that is necessary and legally permitted. In addition, we are only allowed to process the data if the User gives their permission or if we have a “justified interest” in processing the data. Also, in this case it is only allowed to process personal data within the framework of the legal requirements. A “justified interest” exists if we use the User´s data for analysis, optimization, the economical operation and for the security of our online offer within the meaning of Art. 6 Para. 1 lit. f GDPR.      

1.8 We would like to point out that the legal base of the permission is Art. 6 Para. 1 lit. a and Art. 7 GDPR, the legal base of processing for the purpose of carrying out our services and implementing our contractual measures is Art. 6 Para. 1 lit b. GDPR, the legal base of processing for the purpose of meeting our legal obligations is Art. 6 Para. 1 lit. c GDPR and the legal base of processing for the purpose of guarding our justified interests is Art. 6 Para. 1 lit. f GDPR.

1.9 Shiji is a group of companies within the meaning of Art. 4 Z 19 GDPR. The User gives permission for the processing of his data by Shiji and by Shiji´s subsidiaries. The following companies are subsidiaries:


Security measures

2.1 We take organizational, contractual and technical security measures in accordance with the state of art, to ensure that the provisions of the data protection laws are complied with and to protect the processed data against accidental or deliberated manipulation, loss, destruction or access by unauthorized persons.

2.2 Our security measures include encrypted transmission of the data between your Web browser and our server as well as the protection of our corporate networks against manipulation .

Transmission of Data to third parties and third-party providers

3.1 Data will only be transmitted to third parties if the User authorizes it separately or if the transmission is legally permitted. The transmission of data on the basis of Art. 6 Para. 1 lit. b GDPR (if the transmission is required for the contractual purpose) or Art. 6 Para. 1 lit. f GDPR ( justified interest)  is legally permitted.

3.2 If we engage subcontractors to provide services, we will take appropriate legal precautions as well as  organizational and technical measures to ensure the security of the personal data in accordance with the relevant statutory regulations.

3.3 If we use contents, tools or other equipment of third-party providers and if those third-party providers are located in a third country, it can be assumed that we transmit the data to the location of the third-party provider (Third country). Third countries are countries in which the GDPR is no applicable law (Countries outside of the EU / EEA). The User hereby grants SnapShot their expressed agreement to transmit data to third countries within the framework of GDPR.

Snapshot Marketplace

4.1 We process the data, described in Point 1.5 for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 Para. 1 lit. b. GDPR.

4.2 We create a User account for all our corporate customers in the Marketplace. Those employees (actual User), who have the access data,  can place new orders, manage subscriptions and see previous orders via this User account. The user will be informed which information are mandatory during the registration. The User accounts are not public and cannot be indexed by search engines. If a User terminates the user account of their company, all data, which are connected to this User account,  will be deleted. Exceptions are made for those data which have to be stored due to tax-based  reasons or the commercial law (Art. 6 Para 1lit. c GDPR). It is the responsibility of the User to save business data before the contract ends. The User, as representative of the business customer, notes that we are obligated and entitled to delete all data collected during the duration of the contract, after the end of the contractual relationship.

4.3 We save the IP-address and User name within in the framework of login operations. Those data are stored in order to protect the system against misuse and unauthorized usage.  Those data will not be transferred to third parties unless it is necessary in order to pursue our claims or there is a legal obligation pursuant to Art. 6 Para. 1 lit. c GDPR.

4.4 Our business customers are able to purchase applications from third-party providers via the Marketplace. Our customers can conclude Contracts with those third-party providers and manage those contracts via the Marketplace. The User acts as the official representative of the business customer.  The User, as the official representative of the business customer, gives us permission to transfer their data to third-party providers (for the purpose of fulfilling the contract pursuant to Art.6 Para. 1 lit. b GDPR) if the User concludes a contract with this third-party provider via the Marketplace.


The information, provided by the User when contacting us (contact form, phone or Email), will be processed for the purpose of processing and handling the contact request (Art. 6 Para. 1 lit. b GDPR).

Collection of access data and Logfiles

6.1 We create and store log files pursuant to Art. 6. Para. 1 lit f GDPR. Those log files contain the following data: URL of the visited Website, Date and time of access, Data volume transferred, Technical information about the transferred data, Browser type and version, Operating system of the User, the website the user was referred from (Referrer URL), and the IP- address. The Login process will also be recorded (successful login, incorrect password etc.)

6.2 Due to security reasons (clearing up fraud and misuse), those logfile-information will be stored for a minimal required time period and will be deleted thereafter. Those logfile-information, which are necessary for evidentiary purposes, will be excepted from deletion until the misuse or fraud is investigated.

Cookies and measurement of reach

7.1 Cookies are information which are transferred from our web server or a web server of a third party to the User´s Browser where they are saved for later retrieval. Cookies can be small data files or other types of information storage.

7.2 We use “Sessions”. Sessions are stored on our servers for the duration of the current visit on our Website (for example: to save the login-status or  shopping cart function and to make it possible to use our online offer). A randomly produced unique identification number is stored in the Cookie (in the browser of the User to be able to pair the User and the Session). This number is also called Session ID. The Session also contains Information about its origin and how long it may be stored. Those Sessions store only data required for the Marketplace to work properly.

7.3 In the context of this data protection declaration the User will be informed about the use of Cookies within the framework of pseudonymous reach measurement.

7.4 If the User does not want Cookies to be stored on his computer, the User can deactivate the relevant option in the system setting of their browser. Stored Cookies can be deleted in the system settings of the browser at any time. The deactivation of Cookies is going to cause functional limitations of the Marketplace.

Integration of services and contents of third-parties

8.1 Within our online offer we use services and contents of third-parties based on our justified interests (interest in data for analysis, optimization and the economical operation of our online offer within the meaning of Art. 6 Para. 1 lit. f GDPR). We integrate those services and contents (videos or fonts) into our website. In order to successfully integrate those services and contents into our website, we have to send the IP-address of the user to the third-party provider otherwise the third-party provider will not be able to transmit those services and contents to the browser of the User. We assess the compliance of the third-party provider with the GDPR. In regards of the data protection declaration we refer to the declaration of the respective provider.

8.2 The following table provides an overview of third-party providers (content, links to the respective data protection declaration and to the appeal procedure for the User) engaged by us:

External processing of data

9.1 We engage the following providers for storing and processing personal data. The processing and storage of User data and business customer data is performed in compliance with the legal requirements. The list can be find at

Rights of the Users

10.1 The User has the right to obtain information, upon request and free of charge, about the personal information which we have saved about the respective User. For this purpose, please contact our Data Protection Officer by email.

10.2 The User has the right to obtain deletion, correction and the limitation of data usage of the personal data of the respective User.

10.3 We inform the User about their right of data portability.

10.4 The User has the right to contact our Data Protection Officer if the User assumes that the personal data is processed unlawful. The User notes that their entitlement to submit a complaint to the supervisory authorities. Pursuant to Art. 4 Para. 22 lit. a GDPR, the competent supervisory authority is :

Aufsichtsbehörde Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit


Husarenstraße 30, D-53117 Bonn


+49 228 997799 - 0


+49 228 997799 - 916


+49 228 997799 - 550




10.5 The User notes that their entitlement to revoke their consents to personal data processing at any time (point 12).

Deletion of data

11.1. Personal data will be stored for the duration which is legally prescribed. The stored data will be deleted as soon as they are no longer required for special purposes. If personal data has to be stored due to statutory storage obligations, we will restrict the access to those category of persons who have to have access to the data pursuant to the respective legal obligation (for example: invoice data, category of persons: employees of the accounting department).

11.2. This data is stored data are stored due to the provisions of the German Commercial Code (HGB), the German Fiscal Code (AO), the Money laundering Act (Geldwäschegesetz).

Right of objection

In accordance with the legal regulations the User is entitled to revoke their consents to personal data processing at any time. The User can object to the processing of data for the purpose of direct marketing.

Changes to the Data Protection Declaration

13.1 We reserve the right to change the data protection declaration in order to adjust it to changes in legal situation and to changes to our services or processing.

13.2 We recommend to our Users to regularly inform themselves about the current content of the data protection declaration. The current version of the data protection declaration is available at


Person Responsible




Shiji Deutschland GmbH



Tassiloplatz 27

DE-81541 München


Company Register Number


Amtsgericht 80333 München    

HRB 192885

Email Address

Managing Director


Kevin Patrick King