Privacy policy
Introduction
With the following privacy policy, we aim to inform you about the types of your personal data (hereinafter also referred to briefly as "data") that we process, the purposes for which we process them, and the extent of this processing. The privacy policy applies to all processing of personal data conducted by us, both in the context of providing our services and specifically on our websites, in mobile applications, and within external online presences, such as our social media profiles (collectively referred to as "online services").
Date: August 23, 2024
Controller
CloudPirates GmbH & Co. KG
Hauptstraße 16
32457 Porta Westfalica
Email: hello@cloudpirates.io
Phone: +49-571-784628-20
Imprint: https://www.cloudpirates.io/imprint
Overview of Processing Operations
The following table summarises the types of data processed, the purposes for which they are processed, and the concerned data subjects.
Categories of Processed Data
Inventory data
Payment data
Contact data
Content data
Contract data
Usage data
Meta, communication, and process data
Images and/or video recordings
Audio recordings
Log data
Creditworthiness data
Categories of Data Subjects
Service recipients and clients
Employees
Prospective customers
Communication partners
Users
Business and contractual partners
Persons depicted
Third parties
Customers
Purposes of Processing
Provision of contractual services and fulfillment of contractual obligations
Communication
Security measures
Web analytics
Targeting
Office and organisational procedures
Remarketing
Conversion tracking
Affiliate tracking
Organisational and administrative procedures
Feedback
Marketing
Profiles with user-related information
Provision of our online services and usability
Assessment of creditworthiness
Information technology infrastructure
Financial and payment management
Public relations
Sales promotion
Business processes and management procedures
Relevant Legal Bases
Relevant legal bases according to the GDPR: Below, you will find an overview of the legal basis of the GDPR on which we base the processing of personal data. Please note that in addition to the provisions of the GDPR, national data protection provisions of your or our country of residence or domicile may apply. If more specific legal bases are applicable in individual cases, we will inform you of these in the data protection declaration.
Consent (Article 6 (1) (a) GDPR): The data subject has given consent to the processing of their personal data for one or more specific purposes.
Performance of a Contract and Prior Requests (Article 6 (1) (b) GDPR): Performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
Compliance with a Legal Obligation (Article 6 (1) (c) GDPR): Processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate Interests (Article 6 (1) (f) GDPR): Processing is necessary for the protection of the legitimate interests of the controller or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not prevail.
National Data Protection Regulations in Germany
In addition to the GDPR, national regulations apply to data protection in Germany. This includes, in particular, the Federal Data Protection Act (BDSG). The BDSG contains special provisions on the right to access, the right to erase, the right to object, the processing of special categories of personal data, processing for other purposes, transmission, and automated individual decision-making, including profiling. Furthermore, data protection laws of the individual federal states may apply.
Reference to the Applicability of the GDPR and the Swiss DPA
This privacy policy serves to provide information pursuant to the Swiss Federal Act on Data Protection (FADP) and the GDPR. For clarity, the terms used in the GDPR are applied. However, the legal meaning of these terms will continue to be determined according to the Swiss FADP within its scope of application.
Security Precautions
We take appropriate technical and organisational measures in accordance with legal requirements, considering the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.
The measures include safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access to, input, transmission, securing, and separation of the data. We have established procedures to ensure that data subjects' rights are respected, data is erased, and we are prepared to respond to data threats rapidly. Additionally, we take the protection of personal data into account as early as the development or selection of hardware, software, and service providers, following the principle of privacy by design and privacy by default.
Masking of the IP Address
If IP addresses are processed by us or by the service providers and technologies used and processing of a complete IP address is unnecessary, the IP address is shortened (IP masking). This process removes or replaces the last two digits or the last part of the IP address with wildcards to prevent the identification of a person by their IP address or to make such identification significantly more difficult.
Securing Online Connections through TLS/SSL Encryption Technology (HTTPS)
To protect the data of users transmitted via our online services from unauthorized access, we employ TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transferred between the website or app and the user's browser (or between two servers), thereby safeguarding the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions conform to the highest security standards. When a website is secured with an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being securely and encryptedly transmitted.
International Data Transfers
Data Processing in Third Countries: If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if the processing is done within the context of using third-party services or the disclosure or transfer of data to other individuals, entities, or companies, this is only done in accordance with legal requirements. If the data protection level in the third country has been recognized by an adequacy decision (Article 45 GDPR), this serves as the basis for data transfer. Otherwise, data transfers only occur if the data protection level is otherwise ensured, especially through standard contractual clauses (Article 46 (2)(c) GDPR), explicit consent, or in cases of contractual or legally required transfers (Article 49 (1) GDPR).
Furthermore, we provide you with the basis of third-country transfers from individual third-country providers, with adequacy decisions primarily serving as the foundation. Information regarding third-country transfers and existing adequacy decisions can be obtained from the information provided by the EU Commission: EU Commission.
EU-US Trans-Atlantic Data Privacy Framework: Within the context of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the data protection level for certain companies from the USA as secure within the adequacy decision of 10th July 2023. The list of certified companies as well as additional information about the DPF can be found on the website of the US Department of Commerce at US Department of Commerce. We will inform you which of our service providers are certified under the Data Privacy Framework as part of our data protection notices.
General Information on Data Retention and Deletion: We delete personal data that we process in accordance with legal regulations as soon as the underlying consents are revoked or no further legal bases for processing exist. This applies to cases where the original purpose of processing is no longer applicable or the data is no longer needed. Exceptions to this rule exist if statutory obligations or special interests require a longer retention or archiving of the data.
In particular, data that must be retained for commercial or tax law reasons, or whose storage is necessary for legal prosecution or protection of the rights of other natural or legal persons, must be archived accordingly. Our privacy notices contain additional information on the retention and deletion of data specifically applicable to certain processing processes.
In cases where multiple retention periods or deletion deadlines for a date are specified, the longest period always prevails. If a period does not expressly start on a specific date and lasts at least one year, it automatically begins at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships in the context of which data is stored, the event triggering the deadline is the time at which the termination or other termination of the legal relationship takes effect.
Data that is no longer stored for its originally intended purpose but due to legal requirements or other reasons are processed exclusively for the reasons justifying their retention.
Further Information on Processing Methods, Procedures, and Services Used:
Data Retention and Deletion: The following general deadlines apply for the retention and archiving according to German law:
10 Years: Fiscal Code/Commercial Code - Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets as well as the necessary work instructions and other organizational documents, booking receipts, and invoices (Section 147 Paragraph 3 in conjunction with Paragraph 1 No. 1, 4, and 4a of the German General Tax Code (AO), Section 14b Paragraph 1 of the German VAT Act (UStG), Section 257 Paragraph 1 Numbers 1 and 4, Paragraph 4 of the German Commercial Code (HGB)).
6 Years: Other business documents: received commercial or business letters, copies of dispatched commercial or business letters, and other documents to the extent that they are significant for taxation purposes, for example, hourly wage slips, operating accounting sheets, calculation documents, price tags, as well as payroll accounting documents, provided they are not already accounting vouchers and cash register tapes (Section 147 Paragraph 3 in conjunction with Paragraph 1 No. 2, 3, 5 of the German General Tax Code (AO), Section 257 Paragraph 1 No. 2 and 3, Paragraph 4 of the German Commercial Code (HGB)).
3 Years: Data required to consider potential warranty and compensation claims or similar contractual claims and rights, as well as to process related inquiries, based on previous business experiences and common industry practices, will be stored for the duration of the regular statutory limitation period of three years. This period begins at the end of the year in which the relevant contractual transaction took place or the contractual relationship ended in the case of ongoing contracts (Sections 195, 199 of the German Civil Code).
Rights of Data Subjects
Rights of the Data Subjects under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:
Right to Object: You have the right, on grounds arising from your particular situation, to object at any time to the processing of your personal data which is based on letter (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such marketing, which includes profiling to the extent that it is related to such direct marketing.
Right of Withdrawal for Consents: You have the right to revoke consents at any time.
Right of Access: You have the right to request confirmation as to whether the data in question will be processed and to be informed of this data and to receive further information and a copy of the data in accordance with the provisions of the law.
Right to Rectification: You have the right, in accordance with the law, to request the completion of the data concerning you or the rectification of the incorrect data concerning you.
Right to Erasure and Right to Restriction of Processing: In accordance with the statutory provisions, you have the right to demand that the relevant data be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the statutory provisions.
Right to Data Portability: You have the right to receive data concerning you which you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements, or to request its transmission to another controller.
Complaint to the Supervisory Authority: In accordance with the law and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State where you habitually reside, the supervisory authority of your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
Business Services
We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") within the context of contractual and comparable legal relationships as well as associated actions and communication with the contractual partners or pre-contractually, e.g. to answer inquiries. We process this data in order to fulfill our contractual obligations. These include, in particular, the obligations to provide the agreed services, any update obligations, and remedies in the event of warranty and other service disruptions.
In addition, we process the data to protect our rights and for the purpose of administrative tasks associated with these obligations and company organization. Furthermore, we process the data on the basis of our legitimate interests in proper and economical business management as well as security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information, and rights (e.g. for the involvement of telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Within the framework of applicable law, we only disclose the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about further forms of processing, e.g. for marketing purposes, within the scope of this privacy policy.
Which data are necessary for the aforementioned purposes, we inform the contracting partners before or in the context of the data collection, e.g. in online forms by special marking (e.g. colors), and/or symbols (e.g. asterisks or the like), or personally. We delete the data after expiry of statutory warranty and comparable obligations, i.e. in principle after expiry of 4 years, unless the data is stored in a customer account or must be kept for legal reasons of archiving.
The statutory retention period for documents relevant under tax law as well as for commercial books, inventories, opening balance sheets, annual financial statements, the instructions required to understand these documents, and other organizational documents and accounting records is ten years and for received commercial and business letters and reproductions of sent commercial and business letters six years. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report was prepared, the commercial or business letter was received or sent, or the accounting document was created, furthermore, the record was made or the other documents were created.
Processed Data Types: Inventory data (For example, the full name, residential address, contact information, customer number, etc.); Payment Data (e.g. bank details, invoices, payment history); Contact data (e.g. postal and email addresses or phone numbers). Contract data (e.g. contract object, duration, customer category).
Data Subjects: Service recipients and clients; Prospective customers; Business and contractual partners.
Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Communication; Office and organizational procedures; Organizational and Administrative Procedures; Business processes and management procedures.
Retention and Deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Compliance with a legal obligation (Article 6 (1) (c) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).
Further Information on Processing Methods, Procedures, and Services Used:
Consulting: We process the data of our clients as well as prospects and other commissioning parties or contractual partners (collectively referred to as "clients") in order to be able to provide our services to them. The processes that are part of and for the purposes of consulting include: contacting and communicating with clients, conducting needs and requirements analyses, planning and implementing consulting projects, documenting project progress and results, capturing and managing client-specific information and data, scheduling and organizing appointments, providing consulting resources and materials, invoicing and payment management, post-processing and follow-up of consulting projects, quality assurance, and feedback processes.
The processed data, the nature, scope, purpose, and necessity of their processing are determined by the underlying contractual relationship with the client. If it is necessary for our contract performance, for the protection of vital interests or legally required, or if there is consent from the clients, we disclose or transmit client data in compliance with professional legal requirements to third parties or agents such as authorities, subcontractors, or in the field of IT, office, or similar services.
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR).
IT Services: We process the data of our clients as well as contractors to enable them to plan, implement, and support IT solutions and associated services. The required information is marked as such during the contract, project, or similar agreement phase and includes details necessary for service provision and billing, as well as contact information to facilitate any necessary consultations. Insofar as we gain access to information from end customers, employees, or other individuals, we process this in accordance with legal and contractual requirements.
Processing processes include project management and documentation, which cover all phases from initial requirement analysis to project completion. This involves creating and managing project timelines, budgets, and resource allocations. Data processing also supports change management, where changes in the project flow are documented and tracked to ensure compliance and transparency.
Another process is customer relationship management (CRM), which involves recording and analyzing customer interactions and feedback to improve service quality and efficiently address individual customer needs. Additionally, the processing process encompasses technical support and troubleshooting, which includes capturing and handling support requests, error resolutions, and regular maintenance.
Furthermore, reporting and performance analysis are conducted by capturing and evaluating performance metrics to assess the effectiveness of provided IT solutions, continuously optimizing them. All these processes are aimed at ensuring high customer satisfaction and compliance with all relevant regulations.
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Compliance with a legal obligation (Article 6 (1) (c) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
Online Courses and Online Training: We process the data of participants in our online courses and training sessions (collectively referred to as "participants") in order to provide them with our course and training services. The data processed, the type, scope, purpose, and necessity of their processing are determined by the underlying contractual relationship. The data generally includes information on the courses and services utilized, as well as personal preferences and results of the participants, insofar as they are part of our service offering.
Processing forms also include performance evaluation and the evaluation of our services as well as those of the course and training instructors. Additionally, depending on the equipment and structure of the respective courses or learning content, further processing operations may be implemented, such as attendance tracking for documenting participation, progress monitoring for measuring and analyzing learning progress by collecting exam and test results, and analyzing interactions on learning platforms, such as forum posts and assignment submissions.
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR).
Software and Platform Services: We process the data of our users, registered and any test users (hereinafter uniformly referred to as "users") in order to provide them with our contractual services and on the basis of legitimate interests to ensure the security of our offer and to develop it further. The required details are identified as such within the context of the conclusion of the agreement, order, or comparable contract and include the details required for the provision of services and invoicing as well as contact information in order to be able to hold any further consultations.
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR).
Business Processes and Operations: Personal data of service recipients and clients - including customers, clients, or in specific cases, mandates, patients, or business partners as well as other third parties - are processed within the framework of contractual and comparable legal relationships and pre-contractual measures such as the initiation of business relations. This data processing supports and facilitates business processes in areas such as customer management, sales, payment transactions, accounting, and project management.
The collected data is used to fulfill contractual obligations and make business processes efficient. This includes the execution of business transactions, the management of customer relationships, the optimization of sales strategies, and ensuring internal invoicing and financial processes. Additionally, the data supports the protection of the rights of the controller and promotes administrative tasks as well as the organization of the company.
Personal data may be transferred to third parties if necessary for fulfilling the mentioned purposes or legal obligations. After legal retention periods expire or when the purpose of processing no longer applies, the data will be deleted. This also includes data that must be stored for longer periods due to tax law and legal obligations to provide evidence.
Processed Data Types: Inventory data (e.g., full name, residential address, contact information, customer number, etc.); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., postal and email addresses or phone numbers); Content data (e.g., textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.); Contract data (e.g., contract object, duration, customer category); Usage data (e.g., page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features); Meta, communication and process data (e.g., IP addresses, timestamps, identification numbers, involved parties); Log data (e.g., log files concerning logins or data retrieval or access times); Creditworthiness data (e.g., received credit score, estimated default probability, risk classification based on this, historical payment behavior).
Data Subjects: Service recipients and clients; Prospective customers; Communication partners (Recipients of e-mails, letters, etc.); Business and contractual partners; Customers; Third parties; Users (e.g., website visitors, users of online services); Employees (e.g., employees, job applicants, temporary workers, and other personnel).
Purposes of Processing: Provision of contractual services and fulfillment of contractual obligations; Office and organizational procedures; Business processes and management procedures; Security measures; Provision of our online services and usability; Communication; Marketing; Sales promotion; Public relations; Assessment of creditworthiness; Financial and payment management; Information technology infrastructure (Operation and provision of information systems and technical devices, such as computers, servers, etc.).
Retention and Deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR); Compliance with a legal obligation (Article 6 (1) (c) GDPR).
Further Information on Processing Methods, Procedures, and Services Used:
Customer Management and Customer Relationship Management (CRM): Processes required in the context of customer management and CRM include customer acquisition in compliance with data protection regulations, measures to promote customer retention and loyalty, effective customer communication, complaint management and customer service with consideration of data protection, data management and analysis to support the customer relationship, management of CRM systems, secure account management, customer segmentation and targeting.
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
Contact Management and Contact Maintenance: Processes required in the context of organizing, maintaining, and securing contact information (e.g., setting up and maintaining a central contact database, regular updates of contact information, monitoring data integrity, implementing data protection measures, ensuring access controls, conducting backups and restorations of contact data, training employees in effective use of contact management software, regular review of communication history and adjustment of contact strategies).
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
Customer Account: Customers can create an account within our online offer (e.g., customer or user account, "customer account" for short). If the registration of a customer account is required, customers will be informed of this as well as of the details required for registration. The customer accounts are not public and cannot be indexed by search engines. In the course of registration and subsequent registration and use of the customer account, we store the IP addresses of the contractual partners along with the access times, in order to be able to prove the registration and prevent any misuse of the customer account. If the customer account has been terminated, the customer account data will be deleted after the termination date, unless it is retained for purposes other than provision in the customer account or must be retained for legal reasons (e.g., internal storage of customer data, order transactions or invoices). It is the customers' responsibility to back up their data when terminating the customer account.
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
General Payment Transactions: Procedures required for carrying out payment transactions, monitoring bank accounts, and controlling payment flows (e.g., creation and verification of transfers, processing of direct debit transactions, checking of account statements, monitoring of incoming and outgoing payments, management of chargebacks, account reconciliation, cash management).
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
Accounting, Accounts Payable, Accounts Receivable: Procedures required for the collection, processing, and control of business transactions in the area of accounts payable and receivable accounting (e.g., creation and verification of incoming and outgoing invoices, monitoring and management of outstanding items, execution of payment transactions, handling of dunning processes, account reconciliation within the scope of receivables and payables, accounts payable accounting, and accounts receivable accounting).
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Compliance with a legal obligation (Article 6 (1) (c) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
Financial Accounting and Taxes: Procedures required for the collection, management, and control of finance-related business transactions as well as for the calculation, reporting, and payment of taxes (e.g., accounting and posting of business transactions, preparation of quarterly and annual financial statements, execution of payment transactions, handling of dunning processes, account reconciliation, tax consulting, preparation and submission of tax returns, management of tax affairs).
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Compliance with a legal obligation (Article 6 (1) (c) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
Marketing, Advertising, and Sales Promotion: Processes required in the context of marketing, advertising, and sales promotion (e.g., market analysis and audience targeting, development of marketing strategies, planning and execution of advertising campaigns, design and production of advertising materials, online marketing including SEO and social media campaigns, event marketing and trade show participation, customer loyalty programs, sales promotion measures, performance measurement and optimization of marketing activities, budget management and cost control).
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Public Relations: Processes required in the context of public relations and public relations activities (e.g., development and implementation of communication strategies, planning and execution of PR campaigns, creation and distribution of press releases, maintenance of media contacts, monitoring and analysis of media response, organization of press conferences and public events, crisis communication, creation of content for social media and corporate websites, management of corporate branding).
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Providers and Services Used in the Course of Business: As part of our business activities, we use additional services, platforms, interfaces, or plug-ins from third-party providers (in short, "services") in compliance with legal requirements. Their use is based on our interests in the proper, legal, and economic management of our business operations and internal organization.
Processed data types:
Inventory data: For example, the full name, residential address, contact information, customer number, etc.
Payment Data: e.g., bank details, invoices, payment history.
Contact data: e.g., postal and email addresses or phone numbers.
Content data: e.g., textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.
Contract data: e.g., contract object, duration, customer category.
Usage data: e.g., page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features.
Meta, communication and process data: e.g., IP addresses, timestamps, identification numbers, involved parties.
Data subjects:
Service recipients and clients; Prospective customers; Business and contractual partners. Users (e.g., website visitors, users of online services).
Purposes of processing:
Provision of contractual services and fulfillment of contractual obligations; Office and organisational procedures; Business processes and management procedures; Provision of our online services and usability. Information technology infrastructure (Operation and provision of information systems and technical devices, such as computers, servers, etc.).
Retention and deletion:
Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
Legal Basis:
Legitimate Interests (Article 6 (1) (f) GDPR).
Further information on processing methods, procedures and services used:
Jira: Web application for error management, troubleshooting, and operational project management.
Service provider: Atlassian Inc., 1098 Harrison Street, San Francisco, California 94103, USA.
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Privacy Policy: https://www.atlassian.com/legal/privacy-policy.
Data Processing Agreement: https://www.atlassian.com/legal/data-processing-addendum.
Basis for third-country transfers: Data Privacy Framework (DPF).
Further Information: Data Transfer Impact Assessment.
Microsoft Azure: Cloud storage, cloud infrastructure services, and cloud-based application software.
Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Website: https://azure.microsoft.com.
Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement.
Data Processing Agreement: https://azure.microsoft.com/en-us/support/legal/.
Basis for third-country transfers: Data Privacy Framework (DPF).
Provision of online services and web hosting
We process user data to provide them with our online services. For this purpose, we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the user's browser or terminal device.
Processed data types:
Usage data: e.g., page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features.
Meta, communication and process data: e.g., IP addresses, timestamps, identification numbers, involved parties.
Log data: e.g., log files concerning logins or data retrieval or access times.
Data subjects:
Users (e.g., website visitors, users of online services).
Purposes of processing:
Provision of our online services and usability; Information technology infrastructure (Operation and provision of information systems and technical devices, such as computers, servers, etc.); Security measures.
Retention and deletion:
Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
Legal Basis:
Legitimate Interests (Article 6 (1) (f) GDPR).
Further information on processing methods, procedures and services used:
Provision of online offer on rented hosting space: For the provision of our online services, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also referred to as a "web hoster").
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Collection of Access Data and Log Files: Access to our online service is logged in the form of "server log files". Server log files may include the address and name of the accessed web pages and files, date and time of access, transferred data volumes, notification of successful retrieval, browser type along with version, the user's operating system, referrer URL (the previously visited page), and typically IP addresses and the requesting provider.
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Retention period: Log file information is stored for a maximum period of 30 days and then deleted or anonymized. Data, the further storage of which is necessary for evidence purposes, are excluded from deletion until the respective incident has been finally clarified.
Use of Cookies
Cookies are small text files or other types of storage markers that store information on end devices and read information from them. For example, to save the login status in a user account, the contents of a shopping cart in an e-shop, the content accessed, or the functions used in an online offer. Furthermore, cookies can be used for various concerns, such as the functionality, security, and comfort of online offers, as well as the creation of analyses of visitor flows.
Notes on Consent:
We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users unless it is not required by law. Permission is particularly not necessary if the storage and reading of information, including cookies, are absolutely necessary to provide a telemedia service (i.e., our online offer) expressly requested by the users. The revocable consent is clearly communicated to them and contains information on the respective cookie usage.
Notes on the legal basis for data protection:
The legal basis on which we process users' personal data with the help of cookies depends on whether we ask them for consent. If users accept, the legal basis for processing their data is the declared consent. Otherwise, the data processed with the help of cookies are based on our legitimate interests (e.g., in a commercial operation of our online offer and its usability improvement) or if this occurs within the fulfillment of our contractual obligations, when the use of cookies is necessary to fulfill our contractual obligations. We clarify the purposes for which the cookies are used by us in the course of this data protection declaration or within the scope of our consent and processing processes.
Storage Duration:
Regarding the storage duration, the following types of cookies are distinguished:
Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his end device (e.g., browser or mobile application).
Permanent cookies: Permanent cookies remain stored even after closing the end device. For example, the login status can be saved, and preferred content can be displayed directly when the user revisits a site. Similarly, user data collected via cookies can be used for reach measurement. Unless we provide users with explicit information about the nature and storage duration of cookies (e.g., when obtaining consent), they should assume that they are permanent, and the storage duration can be up to two years.
General notes on revocation and objection (Opt-out):
Users can revoke the consents they have given at any time and also declare an objection to the processing according to legal requirements, also via the privacy settings of their browser.
Processed data types:
Meta, communication and process data (e.g., IP addresses, timestamps, identification numbers, involved parties).
Data subjects:
Users (e.g., website visitors, users of online services).
Legal Basis:
Legitimate Interests (Article 6 (1) (f) GDPR). Consent (Article 6 (1) (a) GDPR).
Further information on processing methods, procedures and services used:
Processing Cookie Data on the Basis of Consent:
We implement a consent management solution that obtains users' consent for the use of cookies or for the processes and providers mentioned within the consent management framework. This procedure is designed to solicit, log, manage, and revoke consents, particularly regarding the use of cookies and similar technologies employed to store, read from, and process information on users' devices. As part of this procedure, user consents are obtained for the use of cookies and the associated processing of information, including specific processing and providers named in the consent management process. Users also have the option to manage and withdraw their consents. Consent declarations are stored to avoid repeated queries and to provide proof of consent according to legal requirements. The storage is carried out server-side and/or in a cookie (so-called opt-in cookie) or by means of comparable technologies to associate the consent with a specific user or their device. If no specific details about the providers of consent management services are provided, the following general notes apply: The duration of consent storage is up to two years. A pseudonymous user identifier is created, which is stored along with the time of consent, details on the scope of consent (e.g., relevant categories of cookies and/or service providers), as well as information about the browser, system, and device used.
Legal Basis: Consent (Article 6 (1) (a) GDPR).
Registration, Login, and User Account:
Users can create a user account. Within the scope of registration, the required mandatory information is communicated to the users and processed for the purposes of providing the user account on the basis of contractual fulfillment of obligations. The processed data includes, in particular, the login information (name, password, and an e-mail address).
Within the scope of using our registration and login functions as well as the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user's protection against misuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.
Users may be informed by e-mail of information relevant to their user account, such as technical changes.
Processed data types:
Inventory data: For example, the full name, residential address, contact information, customer number, etc.
Contact data: e.g., postal and email addresses or phone numbers.
Content data: e.g., textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.
Usage data: e.g., page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features.
Log data: e.g., log files concerning logins or data retrieval or access times.
Data subjects: Users (e.g., website visitors, users of online services).
Purposes of processing:
Provision of contractual services and fulfillment of contractual obligations
Security measures
Organizational and Administrative Procedures
Provision of our online services and usability.
Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion". Deletion after termination.
Legal Basis:
Performance of a contract and prior requests (Article 6 (1) (b) GDPR)
Legitimate Interests (Article 6 (1) (f) GDPR).
Further information on processing methods, procedures, and services used:
Registration with a real name: Due to the nature of our community, we ask users to use our services only with their real names. This means that the use of pseudonyms is not permitted.
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR).
Users' profiles are public: The users' profiles are not publicly visible or accessible.
Two-factor Authentication: Two-factor authentication provides an extra layer of security for your user account and ensures that only you can access your account, even if someone else knows your password. For this purpose, in addition to your password, you must perform another authentication measure (e.g., enter a code sent to a mobile device - we will inform you about the procedure we use).
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR).
Deletion of data after termination: If users have terminated their user account, their data relating to the user account will be deleted, subject to any legal permission, obligation, or consent of the users.
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR).
No obligation to retain data: It is the responsibility of the users to secure their data before the end of the contract in the event of termination. We are entitled to irretrievably delete all user data stored during the term of the contract.
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR).
Blogs and Publication Media:
We use blogs or comparable means of online communication and publication (hereinafter "publication medium"). Readers' data will only be processed for the purposes of the publication medium to the extent necessary for its presentation and communication between authors and readers or for security reasons. For the rest, we refer to the information on the processing of visitors to our publication medium within the scope of this privacy policy.
Processed data types:
Inventory data: For example, the full name, residential address, contact information, customer number, etc.
Contact data: e.g., postal and email addresses or phone numbers.
Content data: e.g., textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.
Usage data: e.g., page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features.
Meta, communication and process data: e.g., IP addresses, timestamps, identification numbers, involved parties.
Data subjects: Users (e.g., website visitors, users of online services).
Purposes of processing:
Feedback (e.g., collecting feedback via online form)
Provision of our online services and usability.
Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Further information on processing methods, procedures, and services used:
Gravatar Profile Pictures: We use the service Gravatar within our online offer and in particular in the blog. Gravatar is a service where users can register and store profile pictures and their e-mail addresses. If users leave contributions or comments with the respective e-mail address on other online presences (especially in blogs), their profile pictures can be displayed next to the contributions or comments. For this purpose, the e-mail address provided by the users is transmitted to Gravatar in encrypted form for the purpose of checking whether a profile is stored for it. This is the only purpose of transmitting the email address, and it will not be used for other purposes but deleted thereafter. The use of Gravatar is based on our legitimate interests, as we use Gravatar to offer authors of contributions and comments the opportunity to personalize their contributions with a profile picture. By displaying the images, Gravatar knows the IP address of the user, as this is necessary for communication between a browser and an online service. If users do not want a user image linked to their e-mail address to appear in the comments at Gravatar, they should use an e-mail address that is not stored at Gravatar for commenting. We would also like to point out that it is also possible to use an anonymous e-mail address or no e-mail address at all if users do not wish their own e-mail address to be sent to Gravatar. Users can completely prevent the transmission of data by not using our comment system.
Service provider: Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR)
Website: https://automattic.com
Privacy Policy: https://automattic.com/privacy
Basis for third-country transfers: Data Privacy Framework (DPF).
Contact and Inquiry Management:
When contacting us (e.g., via mail, contact form, e-mail, telephone, or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to respond to the contact requests and any requested measures.
Processed data types:
Inventory data: For example, the full name, residential address, contact information, customer number, etc.
Contact data: e.g., postal and email addresses or phone numbers.
Content data: e.g., textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.
Usage data: e.g., page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features.
Meta, communication and process data: e.g., IP addresses, timestamps, identification numbers, involved parties.
Data subjects: Communication partner (Recipients of e-mails, letters, etc.).
Purposes of processing:
Communication
Organizational and Administrative Procedures
Feedback (e.g., collecting feedback via online form)
Provision of our online services and usability.
Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
Legal Basis:
Legitimate Interests (Article 6 (1) (f) GDPR)
Performance of a contract and prior requests (Article 6 (1) (b) GDPR).
Further information on processing methods, procedures, and services used:
Contact form: Upon contacting us via our contact form, email, or other means of communication, we process the personal data transmitted to us for the purpose of responding to and handling the respective matter. This typically includes details such as name, contact information, and possibly additional information provided to us that is necessary for appropriate processing. We use this data exclusively for the stated purpose of contact and communication.
Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
Chatbots and Chat Functions:
We provide online chats and chatbot functions as a means of communication (together referred to as "Chat Services"). A chat is an online conversation that is conducted with a certain degree of immediacy. A chatbot is software that answers users' questions or informs them about messages. If you use our chat functions, we may process your personal data.
If you use our Chat Services within an online platform, your identification number is also stored within the respective platform. We may also collect information about which users interact with our Chat Services and when. Furthermore, we store the content of your conversations via the Chat Services and log registration and consent processes in order to be able to prove these in accordance with legal requirements.
We would like to inform users that the respective platform provider can find out that and when users communicate with our Chat Services and can collect technical information about the user's device used and, depending on the settings of their device, also location information (so-called metadata) for the purpose of optimizing the respective services and for security purposes. Likewise, the metadata of communication via Chat Services (i.e., information about who has communicated with whom) could be used by the respective platform providers for marketing purposes or to display advertising tailored to users in accordance with their regulations, to which we refer for further information.
If users agree to activate information with regular messages to a chatbot, they have the possibility to unsubscribe from the information for the future at any time. The chatbot points out to users how and with which terms they can unsubscribe the messages. By unsubscribing from the chatbot messages, users' data is deleted from the directory of message recipients.
We use the aforementioned information to operate our Chat Services, e.g., to address users personally, to answer their inquiries, to transmit any requested content, and also to improve our Chat Services (e.g., to "teach" chatbots answers to frequently asked questions or to identify unanswered inquiries).
Information on Legal Basis: We use the Chat Services on the basis of consent if we first obtain the permission of the users to process their data by the Chat Services (this applies in cases where users are asked for consent, e.g., so that a chatbot regularly sends them messages). If we use Chat Services to answer user queries about our services or our company, this is done for contractual and pre-contractual communication. In addition, we use Chat Services based on our legitimate interests in optimizing the Chat Services, its operating efficiency, and enhancing the positive user experience.
Withdrawal, objection, and deletion: You can revoke a given consent at any time or contradict the processing of your data in the context of our chatbot use.
Processed data types:
Contact data: e.g., postal and email addresses or phone numbers.
Content data: e.g., textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.
Usage data: e.g., page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features.
Data subjects: Communication partner (Recipients of e-mails, letters, etc.).
Purposes of processing: Communication.
Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
Legal Basis:
Consent (Article 6 (1) (a) GDPR)
Performance of a contract and prior requests (Article 6 (1) (b) GDPR)
Legitimate Interests (Article 6 (1) (f) GDPR).
Video Conferences, Online Meetings, Webinars and Screen-Sharing
We use platforms and applications of other providers (hereinafter referred to as "Conference Platforms") for conducting video and audio conferences, webinars, and other types of video and audio meetings (hereinafter collectively referred to as "Conference"). When using the Conference Platforms and their services, we comply with the legal requirements.
Data Processed by Conference Platforms
In the course of participating in a Conference, the following data of the participants are processed:
Personal information (first name, last name)
Contact information (e-mail address, telephone number)
Access data (access codes or passwords)
Profile pictures
Information on professional position/function
IP address of the internet access
Information on the participants' end devices, their operating system, browser, and its technical and linguistic settings
Information on communication processes (e.g., entries in chats and audio and video data)
Use of other available functions (e.g., surveys)
The content of communications is encrypted to the extent technically provided by the conference providers. If participants are registered as users with the Conference Platforms, additional data may be processed according to the agreement with the respective Conference Provider.
Logging and Recording
If text entries, participation results (e.g., from surveys), or video/audio recordings are recorded, this will be transparently communicated to the participants in advance, and they will be asked for their consent if necessary.
Data Protection Measures for Participants
Please refer to the data privacy information of the Conference Platforms for details on the processing of your data and select the optimum security and data privacy settings within the conference platforms. Additionally, ensure data and privacy protection during a Conference by notifying roommates, locking doors, and using the background masking function if technically possible. Links to conference rooms and access data should not be shared with unauthorized third parties.
Notes on Legal Bases
If we process users' data in addition to using Conference Platforms and request consent to use content from Conferences or certain functions (e.g., consent to recording), the legal basis for processing is this consent. Our processing may also be necessary for fulfilling contractual obligations (e.g., participant lists, reprocessing Conference results). Otherwise, user data is processed based on our legitimate interests in efficient and secure communication.
Processed Data Types
Inventory Data: Full name, residential address, contact information, customer number
Contact Data: Postal and email addresses, phone numbers
Content Data: Textual or pictorial messages and contributions, details of authorship, time of creation
Usage Data: Page views, duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features
Images and/or Video Recordings: Photographs or video recordings of a person
Audio Recordings
Log Data: Log files concerning logins, data retrieval, access times
Data Subjects
Communication partners (recipients of e-mails, letters, etc.)
Users (e.g., website visitors, users of online services)
Persons depicted
Purposes of Processing
Provision of contractual services and fulfillment of contractual obligations
Communication
Office and organizational procedures
Retention and Deletion
Deletion is done in accordance with the information provided in the section "General Information on Data Retention and Deletion". The legal basis is legitimate interests (Article 6 (1) (f) GDPR).
Further Information on Processing Methods, Procedures, and Services Used
Microsoft Teams: Audio and video conferencing, chat, file sharing, integration with Office 365 applications, real-time collaboration on documents, calendar functions, task management, screen sharing, optional recording
Service Provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR)
Website: Microsoft Teams
Privacy Policy: Privacy Statement
Security Information: Trust Center
Basis for Third-Country Transfers: Data Privacy Framework (DPF)
Cloud Services
We use Internet-accessible software services (so-called "cloud services" or "Software as a Service") provided on the servers of their providers for storing and managing content (e.g., document storage and management, exchange of documents, content, and information).
Personal data may be processed and stored on the provider's servers if it is part of communication processes or otherwise processed by us in accordance with this privacy policy. This data may include master data, contact data, process data, contracts, and usage data. Cloud service providers also process usage data and metadata for security and service optimization purposes.
If cloud services are used to provide documents or content to other users or publicly accessible websites, providers may store cookies on users' devices for web analysis or to remember user settings.
Processed Data Types
Inventory Data: Full name, residential address, contact information, customer number
Contact Data: Postal and email addresses, phone numbers
Content Data: Textual or pictorial messages and contributions, details of authorship, time of creation
Usage Data: Page views, duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features
Meta, Communication, and Process Data: IP addresses, timestamps, identification numbers, involved parties
Data Subjects
Prospective customers
Communication partners (recipients of e-mails, letters, etc.)
Business and contractual partners
Users (e.g., website visitors, users of online services)
Purposes of Processing
Office and organizational procedures
Information technology infrastructure (operation and provision of information systems and technical devices)
Provision of our online services and usability
Retention and Deletion
Deletion is done in accordance with the information provided in the section "General Information on Data Retention and Deletion". The legal basis is legitimate interests (Article 6 (1) (f) GDPR).
Further Information on Processing Methods, Procedures, and Services Used
Microsoft Azure: Cloud storage, cloud infrastructure services, and cloud-based application software
Service Provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR)
Website: Microsoft Azure
Privacy Policy: Privacy Statement
Data Processing Agreement: Legal
Basis for Third-Country Transfers: Data Privacy Framework (DPF)
Web Analysis, Monitoring, and Optimization
Web analysis is used to evaluate visitor traffic on our website and may include pseudonymous values for behavior, interests, or demographic information. This helps us identify frequently used features or areas needing optimization.
We may also use test procedures to optimize different versions of our online services. Profiles, i.e., aggregated data for usage processes, can be created, stored in a browser or terminal device, and read from it. This includes websites visited, elements used, and technical information such as browser and computer system details. If users consent to location data collection, it may also be processed.
Notes on Legal Bases
If users consent to third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed based on legitimate interests in efficient, economical, and recipient-friendly services.
Processed Data Types
Usage Data: Page views, duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features
Meta, Communication, and Process Data: IP addresses, timestamps, identification numbers, involved parties
Data Subjects
Users (e.g., website visitors, users of online services)
Purposes of Processing
Web Analytics (e.g., access statistics, recognition of returning visitors)
Profiles with user-related information (creating user profiles)
Remarketing
Conversion Tracking (measurement of marketing effectiveness)
Marketing
Retention and Deletion
Deletion is done in accordance with the information provided in the section "General Information on Data Retention and Deletion". Cookies may be stored for up to 2 years.
Security Measures
IP Masking (pseudonymization of the IP address)
Legal Basis
Consent (Article 6 (1) (a) GDPR)
Legitimate Interests (Article 6 (1) (f) GDPR)
Further Information on Processing Methods, Procedures, and Services Used
Information on Recipients of Consent and Cookie-Less Analytics:
Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR)
Website: Google Analytics
Privacy Policy: Privacy
Online Marketing
We process personal data for online marketing purposes, including marketing advertising space, displaying content based on user interests, and measuring effectiveness. This involves creating user profiles, which are stored in cookies or similar procedures. These profiles may include information such as viewed content, websites visited, online networks used, communication partners, and technical details (e.g., browser, computer system, usage times, and functions). If users have consented to the collection of additional data, such data may also be processed.
IP addresses are stored, but we use IP masking (pseudonymization by shortening the IP address) to protect user privacy. Typically, only pseudonyms are used in online marketing processes, meaning that neither we nor the providers of online marketing technologies have access to identifiable personal information, only to profile data.
Profile information is usually stored in cookies or similar technologies, which can be accessed and analyzed on other websites that use the same online marketing technology. This data can be supplemented and stored by the online marketing provider's server. In some cases, clear data may be assigned to profiles, particularly if users are members of a social network that links their profiles with the data.
For a detailed description of data processing and opt-out options, please refer to the privacy policies of the respective service providers. If no explicit opt-out option is provided, cookies can be deactivated in browser settings, though this may limit some functionalities of our online services. Recommended opt-out options include:
Europe: Your Online Choices
Canada: Your Ad Choices
USA: About Ads
Cross-regional: About Ads Opt-Out
Processed Data Types:
Usage Data: Page views, duration of visit, click paths, intensity and frequency of use, device types, operating systems, interactions with content.
Meta, Communication, and Process Data: IP addresses, timestamps, identification numbers, involved parties.
Data Subjects:
Users (e.g., website visitors, online service users).
Purposes of Processing:
Web Analytics (e.g., access statistics, returning visitors).
Targeting (e.g., profiling based on interests, cookies).
Affiliate Tracking.
Marketing.
Profiles with user-related information (Creating user profiles).
Conversion Tracking (Measuring marketing effectiveness).
Retention and Deletion:
Data is deleted in accordance with the "General Information on Data Retention and Deletion" section. Cookies may be stored for up to two years unless otherwise stated.
Security Measures:
IP Masking (Pseudonymization of IP addresses).
Legal Basis:
Consent (Article 6 (1) (a) GDPR).
Legitimate Interests (Article 6 (1) (f) GDPR).
Further Information on Processing Methods, Procedures, and Services Used:
Google Ads and Conversion Tracking: Online marketing process for placing content and ads within Google's advertising network. Conversion measurement helps analyze the effectiveness of ads.
Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Legal Basis: Consent (Article 6 (1) (a) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
Website: Google Ads
Privacy Policy: Google Privacy Policy
Basis for Third-Country Transfers: Data Privacy Framework (DPF).
Further Information: Google Ads Services
Profiles in Social Networks (Social Media)
We maintain online presences within social networks to communicate with users or provide information. User data may be processed outside the EU, which could pose risks, such as difficulties in enforcing user rights.
Social networks often process user data for market research and advertising, creating user profiles based on behavior and interests. Cookies are used to store user behavior and interests. Data may be stored across devices if users are members of the networks.
For details on processing and opt-out options, please refer to the privacy policies of the social networks. For requests and rights, contacting the providers directly is most effective.
Processed Data Types:
Contact Data: Postal and email addresses, phone numbers.
Content Data: Textual or pictorial messages, authorship details, time of creation.
Usage Data: Page views, duration of visit, click paths, device types, interactions with content.
Data Subjects:
Users (e.g., website visitors, online service users).
Purposes of Processing:
Communication.
Feedback (e.g., collecting feedback via online forms).
Public Relations.
Retention and Deletion:
Data is deleted as specified in the "General Information on Data Retention and Deletion" section.
Legal Basis:
Legitimate Interests (Article 6 (1) (f) GDPR).
Further Information on Processing Methods, Procedures, and Services Used:
Instagram: Social network for sharing photos and videos.
Service Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Website: Instagram
Privacy Policy: Instagram Privacy Policy
Basis for Third-Country Transfers: Data Privacy Framework (DPF).
Facebook Pages: Profiles within Facebook. Jointly responsible with Meta Platforms Ireland Limited for data collection on our Facebook page. Data includes interaction types and device information.
Service Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Website: Facebook
Privacy Policy: Facebook Privacy Policy
Basis for Third-Country Transfers: Data Privacy Framework (DPF).
LinkedIn: Social network for creating "Page Insights" statistics.
Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Website: LinkedIn
Privacy Policy: LinkedIn Privacy Policy
Basis for Third-Country Transfers: Data Privacy Framework (DPF).
Opt-Out: LinkedIn Opt-Out
YouTube: Social network and video platform.
Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Privacy Policy: YouTube Privacy Policy
Basis for Third-Country Transfers: Data Privacy Framework (DPF).
Opt-Out: YouTube Ad Personalization
Xing: Social network.
Service Provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.
Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
Website: Xing
Privacy Policy: Xing Privacy Policy
Changes and Updates
We kindly ask you to inform yourself regularly about the contents of our data protection declaration. We will adjust the privacy policy as changes in our data processing practices make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.
If we provide addresses and contact information of companies and organizations in this privacy policy, we ask you to note that addresses may change over time and to verify the information before contacting us