Data Protection Policies
This translated document is provided solely for informational purposes and is not intended to be relied upon as legal or professional advice. The accuracy, completeness, and adequacy of the translation cannot be guaranteed and there may be errors, omissions, or mistranslations. The original document in the source language should be consulted for accuracy. Status August 2023
We are very pleased about your interest in our company. Data protection is of a particularly high priority for the management of Quiply Technologies GmbH. The use of the Internet pages of the Quiply Technologies GmbH is possible without any indication of personal data. However, if a data subject wants to use special services of our enterprise via our website, processing of personal data could become necessary. If processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the country-specific data protection regulations applicable to the Quiply Technologies GmbH. By means of this data protection declaration, our company would like to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this data protection declaration.
As the controller, the Quiply Technologies GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions can always be vulnerable to security risks, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
Introduction
With the following data protection declaration, we would like to inform you about the types of your personal data (hereinafter also referred to as "data" for short) that we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both as part of the provision of our services and, in particular, on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "Online Offer").
The terms used are not gender-specific.
Status: August 24, 2021
Table of contents
IntroductionResponsible
Overview of processing operations
Contact Data Protection Officer
Applicable legal basis
Security measures
Use of cookies
Provision of the online offer and web hosting
Purchase of applications via app stores
Community
Functions
Blogs and publication media
Contact and request management
Communication via messenger
Chatbots and chat functions
Video conferencing, online meetings, webinars and screen sharing
Application process
Cloud services
Newsletters and electronic notifications
Promotional communications via email, mail, fax, or phone
Sweepstakes and contests
Surveys and polls
Web analysis, monitoring and optimization
Online marketing
Offer of an affiliate program
Evaluation platforms
Presence in social networks (social media)
Plugins and embedded functions and content
Management, organization and support tools
Modification and updating of the privacy policy
Rights of data subject
Responsible
Quiply Technologies GmbH
Elsaßstrasse 40
50677 Cologne
Germany
Persons authorized to represent the company: Management: Michael Schulz & Mathias Würthle.
E-mail address: hello[at]quiply.com
Phone: +49 (0)221 975 815 10.
Imprint: https://www.quiply.com/impress...
Contact data protection officer
DAWOCON GmbH
An der Müllerwiese 10
51069 Köln
0221 68 00 376 - 7
Overview of processing
The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.
Overview of the processing operations
- The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects.
Types of data processed - Event Data (Facebook) ("Event Data" is data that may be transmitted by us to Facebook, e.g. via Facebook Pixel (via Apps or in other ways), and relates to individuals or their actions; the data includes, for example, information about visits to websites, interactions with content, features, installations of Apps, purchases of products, etc. Event data is processed for the purpose of creating target groups for content and advertising information (Custom Audiences); Event data does not include the actual content (such as written comments), no login information and no contact information (i.e. no names, email addresses and phone numbers). Event data is deleted by Facebook after a maximum of two years, and the target groups formed from it are deleted when our Facebook account is deleted).
- Inventory data (e.g. names, addresses).
- Applicant data (e.g. personal details, postal and contact addresses, the documents belonging to the application and the information contained therein, such as cover letter, curriculum vitae, certificates, as well as other information provided with regard to a specific position or voluntarily by applicants regarding their person or qualifications).
- Content data (e.g. entries in online forms).
- Contact data (e.g. email, phone numbers).
- Meta/communication data (e.g. device information, IP addresses)
- Usage data (e.g. websites visited, interest in content, access times).
- Contract data (e.g. subject matter of contract, term, customer category).
- Payment data (e.g. bank details, invoices, payment history).
Categories of data subjects
- Employees (e.g., employees, applicants, former employees).
- Applicants.
- Business and contractual partners.
- Interested parties.
- Communication partners.
- Customers.
- Users (e.g., website visitors, users of online services).
- Sweepstakes and contest participants.
Purposes of processing
- A/B testing.
- Affiliate tracking.
- Provision of our online offer and user experience.
- Conversion measurement (measuring the effectiveness of marketing measures).
- Application procedure (establishment and possible subsequent implementation as well as possible subsequent termination of the employment relationship).
- Office and organizational procedures.
- Click tracking.
- Content Delivery Network (CDN).
- Direct marketing (e.g., via e-mail or postal mail).
- Conducting sweepstakes and contests.
- Target group formation.
- Heatmaps (mouse movements on the part of users that are combined to form an overall image).
Marketing. - Contact requests and communication.
- Profiles with user-related information (creating user profiles).
- Remarketing.
- Reach measurement (e.g. access statistics, recognition of returning visitors).
- Security measures.
- Surveys and questionnaires (e.g. surveys with input options, multiple choice questions).
- Provision of contractual services and customer service.
- Managing and responding to requests.
- Targeting (determination of target groups relevant for marketing purposes or other output of content).
Relevant legal bases
The following is an overview of the legal basis of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Furthermore, should more specific legal bases be relevant in individual cases, we will inform you of these in the data protection declaration.
- Consent (Art. 6 para. 1 p. 1 lit. a. DSGVO) - The data subject has given his/her consent to the processing of personal data relating to him/her for a specific purpose or purposes.
- Performance of a contract and pre-contractual requests (Art. 6 (1) p. 1 lit. b. DSGVO) - Processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures carried out at the data subject's request.
- Legitimate interests (Art. 6 (1) p. 1 lit. f. DSGVO) - Processing is necessary for the purposes of the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.
- Application procedure as a pre-contractual or contractual relationship (Art. 9 (2) (b) GDPR) - Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR (e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants as part of the application procedure, so that the controller or the data subject can exercise his or her rights under labor law and social security and social protection law and fulfill his or her obligations in this regard, they are processed in accordance with Art. 9 (2) (b) GDPR. rights under labor law and social security and social protection law and to comply with his or her obligations in this regard, their processing is carried out in accordance with Art. 9(2)(b). DSGVO, in case of protection of vital interests of the applicants or other persons according to Art. 9 para. 2 lit. c. DSGVO or for the purposes of preventive health care or occupational medicine, for the assessment of the employee's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the management of systems and services in the health or social sector pursuant to Art. 9 para. 2 lit. h. DSGVO. In the case of a communication of special categories of data based on voluntary consent, their processing is based on Art. 9 para. 2 lit. a. DSGVO.
- Contract performance and pre-contractual inquiries (EKD) (Section 6 No. 5 DSG-EKD) - Processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the data subject's request.
National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. These include, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). In particular, the BDSG contains special regulations on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for employment purposes (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships as well as the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.
Security measures
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk. The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of availability of and segregation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects' rights, the deletion of data, and responses to data compromise. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software as well as procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings. SSL encryption (https): To protect your data transmitted via our online offer, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.
Use of cookies
Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user's computer. A cookie is primarily used to store information about a user during or after his visit within an online offer. Stored information may include, for example, language settings on a website, login status, a shopping cart, or where a video was watched. The term cookies also includes other technologies that perform the same functions as cookies (e.g., when user information is stored using pseudonymous online identifiers, also known as "user IDs").
The following cookie types and functions are distinguished:
- Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his browser.
- Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the interests of users used for reach measurement or marketing purposes can be stored in such a cookie.
- First-party cookies: First-party cookies are set by ourselves.
- Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information. Necessary (also: essential or absolutely necessary) cookies: Cookies may be absolutely necessary for the operation of a website (e.g. to store logins or other user input or for security reasons).
- Statistical, marketing and personalization cookies: Furthermore, cookies are generally also used in the context of range measurement and when a user's interests or behavior (e.g. viewing certain content, using functions, etc.) on individual websites are stored in a user profile. Such profiles are used, for example, to show users content that matches their potential interests. This process is also referred to as "tracking", i.e., tracking the potential interests of users. Insofar as we use cookies or "tracking" technologies, we will inform you separately in our data protection declaration or in the context of obtaining consent.
Notes on legal bases: The legal basis on which we process your personal data using cookies depends on whether we ask you for consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is your declared consent. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g. in the business operation of our online offer and its improvement) or, if the use of cookies is necessary to fulfill our contractual obligations.
Storage period: If we do not provide you with explicit information on the storage period of permanent cookies (e.g. as part of a so-called cookie opt-in), please assume that the storage period can be up to two years.
General information on revocation and objection (opt-out): Depending on whether the processing is based on consent or legal permission, you have the option at any time to revoke any consent you have given or to object to the processing of your data by cookie technologies (collectively referred to as "opt-out"). You can initially declare your objection by means of your browser settings, e.g. by deactivating the use of cookies (whereby this may also restrict the functionality of our online offer). An objection to the use of cookies for online marketing purposes can also be declared by means of a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info/?... and https://www.youronlinechoices..... In addition, you can obtain further instructions on how to object in the context of the information on the service providers and cookies used.
Processing of cookie data on the basis of consent: We use a cookie consent management procedure, in the context of which the consent of users to the use of cookies, or the processing and providers mentioned in the cookie consent management procedure, can be obtained and managed and revoked by users. Here, the declaration of consent is stored in order not to have to repeat its query and to be able to prove the consent in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or with the help of comparable technologies), in order to be able to assign the consent to a user or their device. Subject to individual information on the providers of cookie management services, the following information applies: The duration of the storage of consent can be up to two years. Here, a pseudonymous user identifier is formed and stored with the time of consent, information on the scope of consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and end device used.
Types of data processed: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Data subjects: Users (e.g. website visitors, users of online services).
Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a. DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).
Services used and service providers:
ccm19: Cookie consent management; Service provider: Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany; Website: https://www.ccm19.de/; Privacy policy: https://www.ccm19.de/datenschu...; A pseudonymous user ID is stored with the consent status.
Provision of the online offer and web hosting
In order to provide our online offer securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security services and technical maintenance services. The data processed as part of the provision of the hosting offer may include all information relating to the users of our online offer, which is generated as part of the use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of online offers to browsers, and all entries made within our online offer or from websites.
Collection of access data and log files: We ourselves (or our web hosting provider) collect data on each access to the server (so-called server log files). The server log files may include the address and name of the web pages and files accessed, the date and time of access, the volume of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files may be used on the one hand for security purposes, e.g., to prevent server overload (especially in the event of abusive attacks, so-called DDoS attacks) and on the other hand, to ensure the utilization of the servers and their stability.
ServD
Types of data processed: Content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: provision of our online offer and user-friendliness, content delivery network (CDN).
Legal grounds: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).
Services used and service providers:
AWS: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacity); service provider: AWS Inc, 410 Terry Avenue North, Seattle WA 98109, USA; website: https://aws.amazon.com/de/; privacy policy: https://aws.amazon.com/de/priv....
Cloudflare: Content delivery network (CDN); service provider: Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA; Website: https://www.cloudflare.com; Privacy policy: https://www.cloudflare.com/pri....
Hetzner: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacity); Service provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany; Website: https://www.hetzner.com; Privacy policy: https://www.hetzner.com/de/legal/privacy-policy.
Netlify: hosting and services for web applications and websites; service provider: Netlify, Inc, 2343 3rd Street, Suite 296, San Francisco, California 94107, USA; Website: https://www.netlify.com/; Privacy Policy: https://www.netlify.com/privacy.
Purchase of applications via app stores
Our application is obtained via special online platforms operated by other service providers (so-called "app stores"). In this context, the privacy notices of the respective app stores apply in addition to our privacy notices. This applies in particular with regard to the methods used on the platforms for reach measurement and interest-based marketing as well as any obligation to pay costs.
Huawei App Gallery
Types of data processed: inventory data (e.g., names, addresses), payment data (e.g., bank details, invoices, payment history), contact data (e.g., email, phone numbers), contract data (e.g., subject matter of contract, term, customer category), usage data (e.g., web pages visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
Data Subjects: Customers.
Purposes of processing: provision of contractual services and customer service.
Legal Grounds: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).
Services and service providers used:
Apple App Store: app and software sales platform; service providers: Apple Inc, Infinite Loop, Cupertino, CA 95014, USA; website: https://www.apple.com/de/ios/a...; privacy policy: https://www.apple.com/legal/pr....
Google Play: App and software sales platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://play.google.com/store/...; privacy policy: https://policies.google.com/privacy.
The community services provided by us
Community
functions provided by us allow users to engage in conversations or other exchanges with each other. In doing so, we ask you to note that the use of the community functions is only permitted in compliance with the applicable legal situation, our terms and guidelines, and the rights of other users and third parties.
Storage of data for security purposes: User contributions and other input are processed for the purposes of the community and conversation functions and, subject to legal obligations or legal permission, are not released to third parties. An obligation to surrender may arise in particular in the case of illegal contributions for the purposes of legal prosecution. We point out that in addition to the content of the contributions, their time and the IP address of the user are stored. This is done in order to be able to take appropriate measures to protect other users and the community.
Right to delete: The deletion of contributions, content or information provided by users is permissible to the extent necessary after proper consideration if there are concrete indications that they represent a violation of legal regulations, our specifications or the rights of third parties. Protection of own data: Users decide for themselves what data they disclose about themselves within our online offering. For example, when users provide personal information or participate in conversations. We ask users to protect their data and to disclose personal data only with caution and only to the extent necessary. In particular, we ask users to take special care to protect login credentials and to use strong passwords (i.e., especially character combinations that are as long and random as possible).
Zendesk Customer Feedback Community and Zendesk Help Center.
Types of data processed: Usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Data subjects: Users (e.g., website visitors, users of online services).
Purposes of processing: provision of contractual services and customer service, security measures.
Legal basis: Contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).
Blogs and publication media
We use blogs or comparable means of online communication and publication (hereinafter "publication medium"). Readers' data are processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers or for security reasons. For the rest, we refer to the information on the processing of visitors to our publication medium within the scope of this data protection notice.
Comments and contributions: When users leave comments or other posts, their IP addresses may be stored based on our legitimate interests. This is done for our security in case someone leaves unlawful content in comments and posts (insults, prohibited political propaganda, etc.). In this case, we ourselves may be prosecuted for the comment or post and are therefore interested in the identity of the author. Furthermore, we reserve the right, on the basis of our legitimate interests, to process users' details for the purpose of spam detection. On the same legal basis, we reserve the right, in the case of surveys, to store the IP addresses of users for their duration and to use cookies to avoid multiple votes. The personal information provided in the context of comments and contributions, any contact and website information as well as the content-related information will be stored permanently by us until the user objects.
Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Data subjects: Users (e.g., website visitors, users of online services).
Purposes of processing: provision of contractual services and customer service, feedback (e.g. collecting feedback via online form), security measures, managing and responding to requests.
Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).
Contacting and request management
When contacting us (e.g. via contact form, email, telephone or via social media), the information of the inquiring persons is processed to the extent necessary to respond to the contact inquiries and any requested measures. The response to the contact inquiries in the context of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre)contractual inquiries and otherwise on the basis of legitimate interests in responding to the inquiries.
- Types of data processed:
- inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms).
- Data subjects: Communication partners.
- Purposes of processing: contact requests and communication.
- Legal basis: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).
Services used and service providers:
HubSpot: Customer management, process and sales support software (multi-channel communication, i.e. management of customer inquiries from different channels, sales, process management, analyses, feedback and survey functions); Service provider: HubSpot, Inc, 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA; website: https://www.hubspot.de; privacy policy: https://legal.hubspot.com/de/privacy-policy.
Zendesk: contact request and communication management; service provider: Zendesk, Inc, 989 Market Street #300, San Francisco, CA 94102, USA; Website: https://www.zendesk.de; Privacy Policy: https://www.zendesk.de/company/customers-partners/privacy-policy/.
Communication via messenger
We use messengers for communication purposes and therefore ask you to observe the following information on the functionality of the messengers, on encryption, on the use of the metadata of the communication and on your objection options. You can also contact us by alternative means, e.g. via telephone or e-mail.
Please use the contact options provided to you or the contact options provided within our online offer.
In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we point out that the communication content (i.e., the content of the message and attached images) is encrypted from end to end. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use a current version of the messenger with encryption enabled to ensure that the message content is encrypted.
However, we additionally point out to our communication partners that, although the messenger providers cannot view the content, they can learn that and when communication partners communicate with us as well as process technical information about the device used by the communication partners and, depending on the settings of their device, also location information (so-called metadata).
Notes on legal basis:
If we ask communication partners for permission before communicating with them via Messenger, the legal basis for our processing of their data is their consent. Otherwise, if we do not ask for consent and they contact us on their own initiative, for example, we use Messenger in the relationship with our contractual partners and in the context of contract initiation as a contractual measure and, in the case of other interested parties and communication partners, on the basis of our legitimate interests in fast and efficient communication and meeting the needs of our communication partners in communication via Messenger. Furthermore, we would like to point out that we do not transmit the contact data communicated to us to the messengers for the first time without your consent.
Revocation, objection and deletion:
You can revoke any consent given and object to communication with us via Messenger at any time. In the case of communication via Messenger, we delete the messages in accordance with our general deletion guidelines (i.e., e.g., as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any information provided by the communication partners, if no reference to a previous conversation is to be expected and the deletion does not conflict with any legal retention obligations.
Reservation of reference to other communication channels: Finally, we would like to point out that, for reasons of your security, we reserve the right not to answer inquiries via Messenger. This is the case if, for example, contractual internals require special confidentiality or an answer via Messenger does not meet formal requirements. In such cases, we will refer you to more adequate communication channels.
Types of data processed: contact data (e.g. e-mail, telephone numbers), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Data subjects: Communication partners.
Purposes of processing: contact inquiries and communication, direct marketing (e.g. by e-mail or postal mail).
Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a. DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).
Services used and service providers:
Instagram: Messaging via the social network Instagram; service provider: Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA; parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.instagram.com; privacy policy: https://instagram.com/about/le....
Facebook Messenger: Facebook Messenger with end-to-end encryption (Facebook Messenger end-to-end encryption requires activation if it should not be activated by default); Service provider: https://www.facebook.com, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy policy: https://www.facebook.com/about...; Opt-out: https://www.facebook.com/adpre... (login to Facebook is required).
Chatbots and chat functions
We offer online chats and chatbot features (collectively, "Chat Services") as a communication option. A chat is an online conversation conducted with some degree of timeliness. A chatbot is software that answers users' questions or notifies them of messages. When you use our chat features, we may process your personal data.
If you use our chat services within an online platform, your identification number will also be stored within the respective platform. We may also collect information about which users interact with our chat services and when. Furthermore, we store the content of your conversations via the chat services and log registration and consent processes in order to be able to prove them in accordance with legal requirements.
We would like to point out to users that the respective platform provider can find out that and when users communicate with our chat services as well as collect technical information about the device used by the users and, depending on the settings of their device, also location information (so-called metadata) for the purpose of optimizing the respective services and for security purposes. Likewise, the metadata of communication via chat services (i.e., e.g., information about who communicated with whom) may be used by the respective platform providers for marketing purposes or to display advertising tailored to users in accordance with their terms and conditions, to which we refer for further information. If users agree to a chatbot to activate information with regular messages, they have the option to unsubscribe from the information for the future at any time. The chatbot instructs users how and with which terms they can unsubscribe from the messages. Unsubscribing from chatbot messages deletes users' data from the list of message recipients.
We use the aforementioned information to operate our chat services, e.g., to address users personally, to answer their inquiries, to transmit any requested content, and also to improve our chat services (e.g., to "teach" chatbots answers to frequently asked questions or to recognize unanswered inquiries).
Notes on legal basis: we use chat services on the basis of consent where we have obtained prior permission from users to process their data as part of our chat services (this applies to cases where users are asked for consent, e.g., for a chatbot to send them messages on a regular basis). If we use chat services to answer users' inquiries about our services or our company, this is done for contractual and pre-contractual communication. Otherwise, we use chat services based on our legitimate interests in optimizing the chat services, their operational efficiency, and enhancing the positive user experience.
Revocation, objection and deletion: You can revoke a granted consent or object to the processing of your data within the scope of our chat services at any time.
Types of data processed: contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Affected persons: Communication partners. Purposes of processing: contact requests and communication, direct marketing (e.g. by e-mail or post). Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a. DSGVO), Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).
Services used and service providers: HubSpot: chatbot and assistance software and associated services;
Service provider: HubSpot, Inc, 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA; Website: https://www.hubspot.de; Privacy Policy: Datenschutzerklärung: https://legal.hubspot.com/de/p....
Video conferencing, online meetings, webinars and screen sharing.
We use platforms and applications of other providers (hereinafter referred to as "conference platforms") for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings (hereinafter collectively referred to as "conference"). When selecting the Conference Platforms and their services, we comply with the legal requirements.
Data Processed by Conference Platforms: In the course of participating in a conference, the conference platforms process the personal data of the participants mentioned below. The scope of the processing depends, on the one hand, on which data is requested in the context of a specific conference (e.g., provision of access data or clear names) and which optional information is provided by the participants. In addition to processing for the purpose of conducting the conference, the participants' data may also be processed by the conference platforms for security purposes or service optimization.
The data processed includes personal data (first name, last name), contact information (e-mail address, telephone number), access data (access codes or passwords), profile pictures, information on professional position/function, the IP address of the Internet access, information on the participants' terminal devices, their operating system, the browser and its technical and language settings, information on the content of the communications, i.e. entries in chats and audio and video data, as well as the use of other available functions (e.g. surveys). Content of communications is encrypted to the extent technically provided by the conference providers. If participants are registered as users with the conference platforms, then further data may be processed according to the agreement with the respective conference provider.
Logging and recordings: If text entries, participation results (e.g., from surveys), and video or audio recordings are logged, this will be transparently communicated to the participants in advance and they will be asked for consent - if necessary.
Data privacy measures of the participants: Please observe the data privacy notices of the conference platforms regarding the details of the processing of your data and select the security and data privacy settings that are optimal for you within the framework of the settings of the conference platforms. Furthermore, please ensure data and privacy protection in the background of your recording for the duration of a videoconference (e.g., by notifying roommates, locking doors, and using the background obscuring function, if technically possible).
Links to the conference rooms as well as access data, may not be passed on to unauthorized third parties.
Notes on legal bases: if, in addition to the conference platforms, we also process users' data and ask users for their consent to use the conference platforms or certain functions (e.g. consent to a recording of conferences), the legal basis of the processing is this consent. Furthermore, our processing may be necessary for the fulfillment of our contractual obligations (e.g. in lists of participants, in the case of reprocessing of call results, etc.). Otherwise, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners.
Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses). Data subjects: Communication partners, users (e.g. website visitors, users of online services). Purposes of processing: provision of contractual services and customer service, contact requests and communication, office and organizational procedures. Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a. DSGVO), Contractual performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).
Services used and service providers:
Google Hangouts / Meet: messenger and conferencing software; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://hangouts.google.com/; privacy policy: https://policies.google.com/pr....
GoToMeeting: conferencing software; service provider: LogMeIn Ireland Limited, Bloodstone Building Block C 70, Sir John Rogerson's Quay Dublin 2, Ireland; parent company: LogMeIn, Inc, 320 Summer Street, Boston, MA 02210 320 Summer Street Boston, Massachusetts 02210, USA; website: https://www.goto.com/de/meetin... privacy policy: https://www.goto.com/de/compan...
Skype: messenger and conferencing software; service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; website: https://www.skype.com/de/; privacy policy: https://privacy.microsoft.com/..., security information: https://www.microsoft.com/de-d....
Slack: messenger and conferencing software; service provider: Slack Technologies, Inc, 500 Howard Street, San Francisco, CA 94105, USA; website: https://slack.com/intl/de-de/; privacy policy: https://slack.com/intl/de-de/l....
Whereby: video conferencing, web conferencing and webinars; service provider: Video Communication Services AS, Gate 1 no. 101, 6700 Måløy, Norway; website: https://whereby.com/; privacy policy: https://whereby.com/informatio...; standard contractual clauses (ensuring level of data protection in case of processing in third countries): Become part of the contractual relationship as part of the T&C.
Zoom: video conferencing, web conferencing and webinars; service provider: Zoom Video Communications, Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA; Website: https://zoom.us; Privacy Policy: https://explore.zoom.us/docs/d...
Standard Contractual Clauses (ensuring level of data protection in case of processing in third countries): https://zoom.us/docs/de-de/pri... (Designated as Global DPA).
Application procedure
The application procedure requires applicants to provide us with the data required for their assessment and selection. The information required can be found in the job description or, in the case of online forms, in the details provided there. In principle, the required information includes personal information such as name, address, contact details and proof of the qualifications required for a position. Upon request, we will be happy to provide additional information as to what information is required. If provided, applicants can submit their applications to us using an online form. The data is transmitted to us in encrypted form in accordance with the state of the art. Applicants can also send us their applications by e-mail. Please note, however, that e-mails sent via the Internet are generally not encrypted. As a rule, e-mails are encrypted in transit, but not on the servers from which they are sent and received. Therefore, we cannot assume any responsibility for the transmission path of the application between the sender and the reception on our server.
For the purposes of applicant search, submission of applications and selection of applicants, we may, in compliance with legal requirements, use applicant management, or recruitment software and platforms and services from third party providers. Applicants are welcome to contact us regarding the method of submission of the application or to send us the application by mail.
Processing of special categories of data: Insofar as special categories of personal data within the meaning of Article 9 (1) of the GDPR (e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants in the context of the application process so that the controller or the data subject can exercise the rights accruing to him or her under employment law and social security and social protection law and fulfill his or her obligations in this regard, their processing is carried out in accordance with Article 9 (2) b. DSGVO, in case of protection of vital interests of the applicants or other persons according to Art. 9 para. 2 lit. c. DSGVO or for the purposes of preventive health care or occupational medicine, for the assessment of the employee's ability to work, for medical diagnostics, for care or treatment in the health or social sector or for the management of systems and services in the health or social sector pursuant to Art. 9 para. 2 lit. h. DSGVO. In the case of notification of the special categories of data based on voluntary consent, their processing is based on Art. 9 para. 2 lit. a. DSGVO.
Deletion of data: The data provided by applicants may be further processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a job offer is unsuccessful, the applicants' data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. Subject to a justified withdrawal by the applicants, the deletion will take place at the latest after the expiry of a period of six months so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the regulations on equal treatment of applicants. Invoices for any reimbursement of travel expenses will be archived in accordance with tax law requirements.
Inclusion in an applicant pool: Inclusion in an applicant pool, if offered, is based on consent. Applicants are informed that their consent to be included in the talent pool is voluntary, has no influence on the current application process and that they can revoke their consent at any time for the future.
Personio, Studentjob, Truffls, Indeed, LinkedIn,
Types of data processed: applicant data (e.g., personal details, postal and contact addresses, the documents belonging to the application and the information contained therein, such as cover letter, resume, references, as well as other information provided with regard to a specific job or voluntarily by applicants regarding their person or qualifications). Data subjects: Applicants. Purposes of processing: application procedure (establishment and possible subsequent implementation as well as possible subsequent termination of the employment relationship).
Legal basis: application procedure as a pre-contractual or contractual relationship (Art. 9(2)(b) DSGVO). Services used and service providers: Stepstone: recruiting platform and services; service provider: StepStone Deutschland GmbH, Völklinger Straße 1, 40219 Düsseldorf, Germany; Website: https://www.stepstone.de; Privacy Policy: https://www.stepstone.de/Ueber....
Cloud services
We use software services accessible via the Internet and running on the servers of their providers (so-called "cloud services", also referred to as "software as a service") for the following purposes: document storage and management, calendar management, sending e-mails, spreadsheets and presentations, exchanging documents, content and information with specific recipients or publishing websites, forms or other content and information as well as chats and participation in audio and video conferences. In this context, personal data may be processed and stored on the servers of the providers, insofar as these are part of communication processes with us or are otherwise processed by us as set out in this privacy policy. This data may include, in particular, master data and contact data of users, data on transactions, contracts, other processes and their content. The cloud service providers also process usage data and metadata that they use for security purposes and to optimize their services. If we use the cloud services to provide forms or other documents and content to other users or publicly accessible websites, the providers may store cookies on users' devices for the purposes of web analysis or to remember user settings (e.g. in the case of media control).
Notes on legal bases: If we ask for consent to the use of cloud services, the legal basis for processing is consent. Furthermore, their use may be part of our (pre)contractual services, provided that the use of cloud services has been agreed in this context. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient and secure administrative and collaboration processes)
Adobe Cloud
Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. entries in online forms), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).
Data subjects: Customers, employees (e.g. employees, applicants, former employees), interested parties, communication partners.
Purposes of processing: Office and organizational procedures.
Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
Services used and service providers:
Dropbox: Cloud storage service; Service provider: Dropbox, Inc., 333 Brannan Street, San Francisco, California 94107, USA; Website: https://www.dropbox.com/de; Privacy Policy: https://www.dropbox.com/privac....
Google Cloud Services: Cloud storage, cloud infrastructure services and cloud-based application software; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://cloud.google.com/; Privacy Policy: https://www.google.com/policie..., Security information: https://cloud.google.com/secur...; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://cloud.google.com/terms...; https://cloud.google.com/terms....
Microsoft cloud services: Cloud storage, cloud infrastructure services and cloud-based application software; Service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Website: https://microsoft.com/de-de; Privacy Policy: https://privacy.microsoft.com/..., Security information: https://www.microsoft.com/de-d....
Newsletter and electronic notifications
We only send newsletters, emails and other electronic notifications (hereinafter referred to as "newsletters") with the consent of the recipient or with legal permission. If the contents of the newsletter are specifically described when registering for the newsletter, they are decisive for the user's consent. Otherwise, our newsletters contain information about our services and us. To subscribe to our newsletters, it is generally sufficient to provide your e-mail address. However, we may ask you to provide a name so that we can address you personally in the newsletter, or other information if this is necessary for the purposes of the newsletter.
Double opt-in procedure: Registration for our newsletter is always carried out in a so-called double opt-in procedure. This means that after registering, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with other people's e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored by the mailing service provider are also logged.
Deletion and restriction of processing: We may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for erasure is possible at any time, provided that the former existence of consent is confirmed at the same time. In the event of obligations to permanently observe objections, we reserve the right to store the e-mail address in a block list solely for this purpose. The registration process is logged on the basis of our legitimate interests for the purpose of proving that it has been carried out properly. If we commission a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure sending system.
Notes on legal bases: The newsletter is sent on the basis of the consent of the recipient or, if consent is not required, on the basis of our legitimate interests in direct marketing, if and insofar as this is permitted by law, e.g. in the case of advertising to existing customers. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests. The registration process is recorded on the basis of our legitimate interests in order to prove that it has been carried out in accordance with the law.
Content: https://www.quiply.com/admin/e...Information about us, our services, promotions and offers.
Measurement of opening and click rates:
The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a dispatch service provider, from their server. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, is initially collected. This information is used for the technical improvement of our newsletter based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. This analysis also includes determining whether the newsletters are opened, when they are opened and which links are clicked. This information is assigned to the individual newsletter recipients and stored in their profiles until they are deleted. The evaluations help us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. The measurement of opening rates and click rates as well as the storage of the measurement results in the user profiles and their further processing are carried out on the basis of user consent. Unfortunately, it is not possible to revoke the performance measurement separately; in this case, the entire newsletter subscription must be canceled or objected to. In this case, the stored profile information will be deleted.
Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Meta/communication data (e.g. device information, IP addresses), Usage data (e.g. websites visited, interest in content, access times).
Data subjects: Communication partners. Purposes of processing: Direct marketing (e.g. by email or post).
Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).
Possibility of objection (opt-out): You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to unsubscribe from the newsletter either at the end of each newsletter or you can use one of the contact options listed above, preferably e-mail.
Services used and service providers:
HubSpot: Email marketing platform; Service provider: HubSpot, Inc, 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA; Website: https://www.hubspot.de; Privacy Policy: https://legal.hubspot.com/de/p....
Advertising communication via e-mail, post, fax or telephone
We process personal data for the purposes of advertising communication, which may take place via various channels, such as e-mail, telephone, post or fax, in accordance with legal requirements. Recipients have the right to withdraw their consent at any time or to object to advertising communication at any time. After revocation or objection, we may store the data required to prove consent for up to three years on the basis of our legitimate interests before deleting it. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for erasure is possible at any time, provided that the former existence of consent is confirmed at the same time.
Processed data types: Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers).
Data subjects: Communication partner.
Purposes of processing: Direct marketing (e.g. by email or post).
Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).
Raffles and competitions
We only process the personal data of participants in competitions and contests in compliance with the relevant data protection regulations insofar as the processing is contractually required for the provision, execution and handling of the competition, the participants have consented to the processing or the processing serves our legitimate interests (e.g. in the security of the competition or the protection of our interests against misuse through the possible collection of IP addresses when submitting competition entries). If participants' entries are published as part of the competitions (e.g. as part of a vote or presentation of the competition entries or winners or reporting on the competition), we would like to point out that the names of the participants may also be published in this context. Participants can object to this at any time. If the competition takes place within an online platform or a social network (e.g. Facebook or Instagram, hereinafter referred to as "online platform"), the terms of use and data protection provisions of the respective platforms also apply.
In these cases, we would like to point out that we are responsible for the information provided by the participants as part of the competition and that inquiries regarding the competition should be addressed to us. The participants' data will be deleted as soon as the competition or contest has ended and the data is no longer required to inform the winners or because queries about the competition are to be expected. In principle, participants' data will be deleted no later than 6 months after the end of the competition. Winners' data may be retained for longer, e.g. in order to answer queries about the prizes or to fulfill the prize; in this case, the retention period depends on the type of prize and is up to three years for items or services, e.g. in order to be able to process warranty claims. Furthermore, participants' data may be stored for longer, e.g. in the form of reporting on the competition in online and offline media. If data has also been collected for other purposes as part of the competition, its processing and the retention period are based on the data protection information for this use (e.g. in the case of registration for the newsletter as part of a competition).
Processed data types: Inventory data (e.g. names, addresses), Content data (e.g. entries in online forms).
Data subjects: Competition and contest participants.
Purposes of the processing: Running prize draws and competitions.
Legal bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. GDPR).
Surveys and interviews
https://www.quiply.com/admin/e...The surveys and questionnaires (hereinafter "surveys") we conduct are evaluated anonymously. Personal data is only processed to the extent that this is necessary for the provision and technical implementation of the surveys (e.g. processing of the IP address in order to display the survey in the user's browser or to enable the survey to be resumed with the help of a temporary cookie (session cookie)) or if users have given their consent.
Notes on legal bases: If we ask the participants for their consent to the processing of their data, this is the legal basis for the processing, otherwise the processing of the participants' data is based on our legitimate interests in conducting an objective survey.
Processed data types: Contact data (e.g. email, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Affected persons: Communication partner.
Purposes of processing: Contact requests and communication, direct marketing (e.g. by email or post).
Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).
Services used and service providers:
Google Form: Google Cloud Forms; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://firebase.google.com; Privacy Policy: https://policies.google.com/pr...; Opt-Out: Opt-out plug-in: https://tools.google.com/dlpag...; Settings for the display of advertisements: https://adssettings.google.com....
Web analysis, monitoring and optimization
Web analysis (also referred to as "reach measurement") is used to evaluate the flow of visitors to our online offering and may include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognize at what time our online offer or its functions or content are most frequently used or invite reuse. We can also understand which areas require optimization. In addition to web analysis, we may also use test procedures, e.g. to test and optimize different versions of our online offering or its components. For these purposes, so-called user profiles can be created and stored in a file (so-called "cookie") or similar procedures with the same purpose can be used.
This information may include, for example, content viewed, websites visited and elements used there and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this may also be processed, depending on the provider. The IP addresses of users are also stored. However, we use an IP masking procedure (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored in the context of web analysis, A/B testing and optimization, but pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective processes.
Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.
Hubspot Analytics
Processed data types: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of Processing: Web Analytics (e.g. access statistics, recognition of returning visitors), Profiles with user-related information (Creating user profiles), Clicktracking, A/B Tests, Feedback (e.g. collecting feedback via online form), Heatmaps (Mouse movements of the users, which are combined to an overall picture), Polls and Questionnaires (e.g. surveys with input options, multiple choice questions), Marketing. Security measures: IP masking (pseudonymization of the IP address).
Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).
Services used and service providers:
Google Analytics: Reach measurement and web analysis; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.goog...; Privacy Policy: https://policies.google.com/pr....
Google Tag Manager:
Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus integrate other services into our online offering (please refer to further information in this privacy policy). The Tag Manager itself (which implements the tags) does not create user profiles or store cookies, for example. Google only learns the IP address of the user, which is necessary to run the Google Tag Manager. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.goog...; Privacy Policy: https://policies.google.com/pr....
Microsoft Clarity: Evaluation and measurement of usability on our website. We use Microsoft Clarity on our website, an analysis tool from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). Microsoft Clarity uses cookies that enable your use of our website to be analyzed. The information generated in this way is usually transferred to a Microsoft server in the USA and stored there.
Microsoft will use this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage. Microsoft may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Microsoft's behalf. Under no circumstances will Microsoft associate your IP address with other Microsoft data.
Privacy policy: https://privacy.microsoft.com/...
Online marketing
We process personal data for online marketing purposes, which may include in particular the marketing of advertising space or the presentation of advertising and other content (collectively referred to as "content") based on the potential interests of users and the measurement of its effectiveness. For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar procedures are used, by means of which the user data relevant for the presentation of the aforementioned content is stored.
This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this can also be processed. The IP addresses of users are also stored. However, we use available IP masking procedures (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored as part of the online marketing process, but pseudonyms. This means that neither we nor the providers of the online marketing procedures know the actual identity of the users, but only the information stored in their profiles. The information in the profiles is usually stored in cookies or by means of similar procedures.
These cookies can later generally also be read on other websites that use the same online marketing process and analyzed for the purpose of displaying content as well as supplemented with further data and stored on the server of the online marketing process provider. In exceptional cases, clear data can be assigned to the profiles. This is the case, for example, if the users are members of a social network whose online marketing process we use and the network links the user profiles with the aforementioned data. Please note that users can make additional agreements with the providers, e.g. by giving their consent during registration. In principle, we only receive access to summarized information about the success of our advertisements. However, as part of so-called conversion measurements, we can check which of our online marketing procedures have led to a so-called conversion, i.e., for example, to the conclusion of a contract with us. The conversion measurement is used solely to analyze the success of our marketing measures. Unless otherwise stated, we ask you to assume that the cookies used are stored for a period of two years.
Notes on legal bases:
If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.
With the help of the Facebook pixel (or comparable functions, for the transmission of event data or contact information by means of interfaces in apps), Facebook is able to determine the visitors of our online offer as a target group for the display of ads (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those users on Facebook and within the services of the partners cooperating with Facebook (so-called "Audience Network" https://www.facebook.com/audie... ) who have also shown an interest in our online offer or who have certain characteristics (e.g. interest in certain topics or products that can be seen from the websites visited) that we transmit to Facebook (so-called "Custom Audiences").
With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and are not annoying. With the help of the Facebook pixel, we can also track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook ad (so-called "conversion measurement"). We are jointly responsible with Facebook Ireland Ltd. for the collection or receipt in the context of a transmission (but not the further processing) of "event data" that Facebook collects by means of the Facebook pixel and comparable functions (e.g. interfaces) that are executed on our online offer or receives in the context of a transmission for the following purposes:
a) Display of content and advertising information that corresponds to the presumed interests of users;
b) Delivery of commercial and transaction-related messages (e.g. addressing users via Facebook Messenger);
c) Improvement of ad delivery and personalization of functions and content (e.g. improvement of the recognition of which content or advertising information presumably corresponds to the interests of users).
We have concluded a special agreement with Facebook ("Addendum for Data Controllers", https://www.facebook.com/legal...), which regulates in particular which security measures Facebook must observe (https://www.facebook.com/legal...) and in which Facebook has agreed to fulfill the rights of data subjects (i.e. users can, for example, send information or deletion requests directly to Facebook).
Note: When Facebook provides us with metrics, analytics and reports (which are aggregated, i.e. do not contain information about individual users and are anonymous to us), this processing is not carried out within the framework of joint responsibility, but on the basis of a data processing agreement ("Data Processing Terms", https://www.facebook.com/legal...) the "Data Security Terms" (https://www.facebook.com/legal...) and, with regard to processing in the USA, on the basis of standard contractual clauses ("Facebook-EU Data Transfer Addendum, https://www.facebook.com/legal...). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook.
Processed data types: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), event data (Facebook) ("event data" is data that can be transmitted by us to Facebook via Facebook pixels (via apps or other means), for example, and relates to individuals or their actions; the data includes, for example. Information about visits to websites, interactions with content, functions, app installations, product purchases, etc.; the event data is processed for the purpose of creating target groups for content and advertising information (custom audiences); event data does not include the actual content (such as comments written), no login information and no contact information (i.e. no names, email addresses and telephone numbers). Event data is deleted by Facebook after a maximum of two years, and the target groups formed from it are deleted when our Facebook account is deleted.)
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of Processing: Marketing, Profiles with user-related information (Creating user profiles), Conversion tracking (Measurement of the effectiveness of marketing activities), Remarketing, Custom Audiences, Custom Audiences (Selection of relevant target groups for marketing purposes or other output of content).
Security measures: IP masking (pseudonymization of the IP address).
Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).
Possibility of objection (opt-out): We refer to the data protection notices of the respective providers and the objection options specified for the providers (so-called "opt-out"). If no explicit opt-out option has been specified, you have the option of deactivating cookies in your browser settings. However, this may restrict the functions of our online offer.
We therefore recommend the following additional opt-out options, which are summarized for the respective areas:
a) Europe: https://www.youronlinechoices.....
b) Canada: https://www.youradchoices.ca/c....
c) USA: https://www.aboutads.info/choi....
d) Cross-territory: https://optout.aboutads.info.
Services used and service providers:
Google Tag Manager: Google Tag Manager is a solution with which we can manage so-called website tags via an interface and thus integrate other services into our online offer (please refer to further information in this privacy policy). The Tag Manager itself (which implements the tags) does not create user profiles or store cookies, for example. Google only learns the IP address of the user, which is necessary to run the Google Tag Manager. Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.goog...; Privacy Policy: https://policies.google.com/pr....
Google Analytics: Online marketing and web analytics; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.goog...; Privacy Policy: https://policies.google.com/pr...; Opt-Out: Opt-out plug-in: https://tools.google.com/dlpag...; Settings for the display of advertisements: https://adssettings.google.com....
Google Ads and conversion measurement: We use the online marketing process "Google Ads" to place ads in the Google advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users who are presumed to be interested in the ads. We also measure the conversion of the ads. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page with a so-called "conversion tracking tag". However, we ourselves do not receive any information that can be used to identify users; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.goog...; Privacy Policy: https://policies.google.com/pr....
Facebook pixel and target group formation (Custom Audiences): Service provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about...; Opt-Out: https://www.facebook.com/adpre... (Facebook login required).
LinkedIn: Insights Tag / Conversion measurement; Service provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal..., Cookie Policy: https://www.linkedin.com/legal...; Opt-Out: https://www.linkedin.com/psett....
Offer of an affiliate program
We offer an affiliate program, i.e. commissions or other benefits (collectively referred to as "commission") for users (referred to as "affiliates") who refer to our offers and services. The reference is made by means of a link assigned to the respective affiliate or other methods (e.g. discount codes) that allow us to recognize that the use of our services was based on the reference (collectively referred to as "affiliate links"). In order to be able to track whether users have used our services on the basis of the affiliate links used by the affiliates, it is necessary for us to know that the users have followed an affiliate link. The assignment of the affiliate links to the respective business transactions or other use of our services serves the sole purpose of commission settlement and is canceled as soon as it is no longer required for this purpose.
For the purposes of the aforementioned assignment of affiliate links, the affiliate links can be supplemented by certain values that are part of the link or can be stored elsewhere, e.g. in a cookie. The values may include, in particular, the source website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer and an online identifier of the user.
Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent. Furthermore, their use may be part of our (pre-)contractual services, provided that the use of third-party providers has been agreed in this context. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.
Processed data types: Contract data (e.g. subject matter of the contract, duration, customer category), usage data (e.g. websites visited, interest in content, access times).
Data subjects: Users (e.g. website visitors, users of online services), business and contractual partners.
Purposes of processing: Provision of contractual services and customer service, affiliate tracking.
Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR
Evaluation platforms
We participate in evaluation prcedures in order to evaluate, optimize and advertise our services. If users rate us or otherwise provide feedback via the evaluation platforms or procedures involved, the general terms and conditions or terms of use and the providers' data protection notices also apply. As a rule, the evaluation also requires registration with the respective providers. In order to ensure that the reviewers have actually used our services, we transmit the necessary data relating to the customer and the service used to the respective review platform (including name, email address and order number or item number) with the customer's consent. This data is used solely to verify the authenticity of the user.
Processed data types: Contract data (e.g. subject matter of the contract, duration, customer category), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Data subjects: Customers, users (e.g. website visitors, users of online services).
Purposes of processing: Feedback (e.g. collecting feedback via online form).
Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).
Services used and service providers:
upreview: Rating platform; Service provider: endorsal.io, Dean Walton, Worcester, WR5 3NP UK; Website: https://upreview.io/; Privacy Policy: https://endorsal.io/privacy/.
Capterra:Rating plattform, Capterra Zentrale1201 Wilson Blvd9th Floor, Arlington, VA 22209; Website: https://www.capterra.com.de/le...
USA, policy: https://www.capterra.com.de/le...
Presence in social networks (social media)
We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us. We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. Furthermore, user data is generally processed within social networks for market research and advertising purposes. For example, user profiles can be created based on user behavior and the resulting interests of users. The user profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are generally stored on the user's computer, in which the user's usage behavior and interests are stored.
Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them). For a detailed description of the respective forms of processing and the opt-out options, please refer to the data protection declarations and information provided by the operators of the respective networks.In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers.Only the providers have access to the users' data and can take appropriate measures and provide information directly.If you still need help, you can contact us.
Facebook: We are jointly responsible with Facebook Ireland Ltd. for the collection (but not the further processing) of data from visitors to our Facebook page (known as a "fan page"). This data includes information about the types of content users view or interact with, or the actions they take (see under "Things you and others do and provide" in the Facebook Data Policy: https://www.facebook.com/polic...), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under "Device Information" in the Facebook Data Policy Statement: https://www.facebook.com/polic...). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, known as "Page Insights", for page operators to help them understand how people interact with their pages and the content associated with them. We have concluded a special agreement with Facebook ("Information on Page Insights", https://www.facebook.com/legal...), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of data subjects (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights" (https://www.facebook.com/legal...).
Processed data types: Contact data (e.g. e-mail, telephone numbers), Content data (e.g. entries in online forms), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of Processing: Contact requests and communication, Feedback (e.g. collecting feedback via online form), Marketing.
Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR)
Services used and service providers:
Instagram: Social network; service provider: Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/le....
Facebook: Social network; Service provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about...; Opt-Out: Settings for advertisements: https://www.facebook.com/adpre... (login to Facebook is required).
LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal...; Opt-Out: https://www.linkedin.com/psett....
SlideShare: Platform for presentations; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal....
Twitter: Social network; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Privacy Policy: https://twitter.com/de/privacy, (Settings) https://twitter.com/personaliz....
Vimeo: Social network and video platform; Service provider: Vimeo Inc, Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA; Website: https://vimeo.com; Privacy Policy: https://vimeo.com/privacy.
YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy Policy: https://policies.google.com/pr...; Opt-Out: https://adssettings.google.com....
Xing: Social network; Service provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; Website: https://www.xing.de; Privacy Policy: https://privacy.xing.com/de/da....
Plugins and embedded functions and content
We incorporate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may be, for example, graphics, videos or city maps (hereinafter uniformly referred to as "content"). The integration always requires that the third-party providers of this content process the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content or function. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes.
The "pixel tags" can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as being linked to such information from other sources. Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.
Processed data types: Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses), Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. entries in online forms).
Data subjects: Users (e.g. website visitors, users of online services).
Purposes of processing: Provision of our online services and user-friendliness, provision of contractual services and customer service, profiles with user-related information (creation of user profiles).
Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR), consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR).
Services used and service providers:
reCAPTCHA: We integrate the "reCAPTCHA" function in order to be able to recognize whether entries (e.g. in online forms) are made by humans and not by automatically acting machines (so-called "bots"). The processed data may include IP addresses, information on operating systems, devices or browsers used, language settings, location, mouse movements, keyboard strokes, time spent on websites, previously visited websites, interactions with ReCaptcha on other websites, possibly cookies and results of manual recognition processes (e.g. answering questions asked or selecting objects in images).
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.google.com/recaptc...; Privacy Policy: https://policies.google.com/pr...; Opt-Out: Opt-out plug-in: https://tools.google.com/dlpag...; Settings for the display of advertisements: https://adssettings.google.com....
YouTube videos: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/pr...; Opt-Out: Opt-out plug-in: https://tools.google.com/dlpag...; Settings for the display of advertisements: https://adssettings.google.com....
Vimeo: Video content; Service provider: Vimeo Inc, Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA; Website: https://vimeo.com; Privacy Policy: https://vimeo.com/privacy; Opt-Out: We would like to point out that Vimeo may use Google Analytics and refer you to the privacy policy (https://policies.google.com/pr...) and the opt-out options for Google Analytics (https://tools.google.com/dlpag...) or Google's settings for the use of data for marketing purposes (https://adssettings.google.com...).
Management, organization and auxiliary tools
We use services, platforms and software from other providers (hereinafter referred to as "third-party providers") for the purposes of organizing, managing, planning and providing our services. When selecting third-party providers and their services, we observe the legal requirements. In this context, personal data may be processed and stored on the servers of the third-party providers. This may affect various data that we process in accordance with this privacy policy. This data may include, in particular, master data and contact data of users, data on transactions, contracts, other processes and their content. If users are referred to the third-party providers or their software or platforms in the context of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization or marketing purposes.
We therefore ask you to observe the data protection notices of the respective third-party providers. Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent. Furthermore, their use may be part of our (pre-)contractual services, provided that the use of third-party providers has been agreed in this context. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.
notion
Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. entries in online forms), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).
Data subjects: Communication partners, users (e.g. website visitors, users of online services).
Purposes of Processing: Web Analytics (e.g. access statistics, recognition of returning visitors), Profiles with user-related information (Creating user profiles), Office and organizational procedures.
Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b. GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR), performance of a contract and pre-contractual inquiries (EKD) (Section 6 no. 5 DSG-EKD).
Services used and service providers:
HubSpot: Social media publishing, reporting (e.g. traffic sources, access figures, web analysis), contact management (e.g. contact forms, direct communication and user segmentation), landing pages; service provider: HubSpot, Inc, 25 First St., 2nd floor, Cambridge, Massachusetts 02141, USA; Website: https://www.hubspot.de; Privacy Policy: https://legal.hubspot.com/de/p....
Miro:
Online whiteboard and collaboration platform; Service provider: Realtimeboard Inc. dba Miro, 201 Spear Street Suite 1100, San Francisco, California 94105, USA; Website: https://miro.com/; Privacy Policy: https://miro.com/legal/privacy....
Trello:
Project management tool; Service provider: Trello Inc, 55 Broadway New York, NY 10006, USA, parent company: Atlassian Inc. (San Francisco, Harrison Street Location), 1098 Harrison Street, San Francisco, California 94103, USA; Website: https://trello.com/; Privacy Policy: https://trello.com/privacy.
Changes and updates to the privacy policy
We ask you to inform yourself regularly about the content of our privacy policy. We will amend the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification. If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and please check the information before contacting us.
Rights of the data subjects
As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:
• Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
• Right to withdraw consent: You have the right to withdraw any consent you have given at any time.
• Right of access: You have the right to obtain confirmation as to whether or not data in question is being processed and access to this data as well as further information and a copy of the data in accordance with the statutory provisions.
• Right to rectification: In accordance with the legal requirements, you have the right to request the completion of the data concerning you or the rectification of inaccurate data.
•Right to erasure and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the legal requirements.
• Right to data portability: You have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with the legal requirements or to request its transmission to another controller.
Complaint to the supervisory authority: In accordance with the statutory provisions and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State in which you are habitually resident, the supervisory authority of your place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
Supervisory authority responsible for us:
State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia
P.O. Box 20 04 44
40102 Düsseldorf
Phone: 0211/38424-0
Fax: 0211/38424-999
E-mail: poststelle@ldi.nrw.de