“Controller” in terms of the General Data Protection Regulation (GDPR) of the European Union as well as other data protection regulations is the
1515 7th Street, #424
Santa Monica CA 90401, USA
Tel.: (917) 409-7025
Email address: firstname.lastname@example.org
referred to hereinafter as “controller” or “we”.
The responsible data protection officer is:
Please be aware that you may be redirected to other web pages via links on our website which other pages are not operated by us but by third parties. We either clearly mark such links or you can recognise them by the change of the URL in your browser. We are not responsible for compliance with the applicable data protection regulations and secure handling of your personal data by third parties operating such other webpages.
2.1. According to the GDPR
Cookies are small units of information which a website places on your terminal or which are read there. This serves the purpose of being able to use this information again at a later point in time. They contain letter- and number combinations to, for instance when a connection is again established with the website that places the cookies, facilitate the recognition of the user and his settings, to enable you to stay logged into a customer account or to conduct statistical analyses of a certain user behaviour.
3. General information about data processing
We only process personal data to the extent permitted by law. Disclosure or transfer to third parties takes place only in the cases described below (see sec. 4 below).
The personal data is deleted or protected by technical and organisational measures (e.g. pseudonymisation, encryption) as soon as the data processing purpose ceases to exist. This is also the case as soon as a prescribed storage period expires unless continued storage of the personal data is necessary for the purpose of conclusion or performance of a contract.
Unless we are obliged by law to ensure extended storage or disclose or transfer personal data to third parties (including but not limited to criminal prosecution authorities), the decision which personal data is collected by us, how long it is stored and to which extent you may be required to disclose your data depends on which functions and features of the website you use in particular cases.
4. Data processing in connection with the use of the website
The use of the website and its functions and features regularly requires the processing of certain personal data
4.1. Use of the website for information purposes
When you access our website and use it for mere information purposes, e.g. without using additional functions or features such as contact forms, we automatically collect personal data. We thereby collect the following information: IP address of your terminal as well as date and time of your access to the website. This information is transferred by your browser unless you have configured it in such a way that the information transfer is prevented.
The personal data is processed for purposes of functionality and optimisation of the website and to ensure the security of our information technology systems. This is at the same time our legitimate interest which renders the processing permissible according to Art. 6 subs. 1 f) GDPR.
The personal data is stored for a period of 4 weeks. We do not combine the personal data with other data sources. The data is only disclosed or transferred to third parties if and to the extent this is necessary for operating our website. For such purpose, the personal data is transferred to our Hosting-Provider “Heroku”. Heroku is a web hosting service provided by Salesforce.com Inc. (The Landmark @ One Market, Suite 300, San Francisco, California 94105, USA). Salesforce.com Inc. is certified under the Privacy Shield Agreement (EU) 2016/1250 of the EU Commission (EU-U.S. Privacy Shield), providing a guarantee of compliance with European privacy standards. In addition, we have signed a contract with Salesforce Inc. for data processing on behalf and are fully implementing and meeting the requirements of the GDPR when we use Heroku. It is not intended to transfer personal data to a third country or an international organisation.
4.3. Google Analytics
We use Google Analytics for the purposes of economic optimisation and to tailor our website to suit the customers’ demands. This constitutes a legitimate interest according to Art. 6 subs. 1 f) GDPR. In addition, we have signed a contract with Google for data processing on behalf and are fully implementing and meeting the requirements of the GDPR when we use Google Analytics.
We collect your IP address to enable the shortening and subsequent data transfer to Google in the USA. You are not obliged to provide this personal data; however, if you do not provide this data, you will not be able to use our website. You can prevent the provision of this personal data by installing the Add-on under https://tools.google.com/dlpage/gaoptout. Alternatively, you can click this link whereby a cookie is set which prevents data transfer to Google, https://developers.google.com/analytics/devguides/collection/analyticsjs/user-opt-out.
4.5. Amazon Cloudfront
We use the Content Delivery Network (CDN) “Cloudfront”, a service of Amazon Web Services Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, USA (“Amazon”). The Cloudfront-CDN provides duplicates of data from a website on various globally distributed Amazon Web Services (AWS) servers. This results in faster website load times, higher reliability and increased protection against data loss.
The images and videos embedded on this website are obtained from the Cloudfront CDN when the page is opened. This retrieval transfers information about your use of our website (such as your IP address) to Amazon servers in other EU countries and stores it there. This happens as soon as you enter our website.
Amazon Web Services and the Amazon CDN Cloudfront are used in the interests of greater reliability of the website, increased protection against data loss and better loading speed of this website. This constitutes a legitimate interest according to Art. 6 subs. 1 f) GDPR. In addition, we have signed a contract with Amazon Web Services for data processing on behalf and are fully implementing and meeting the requirements of the GDPR when we use Cloudfront. Data transfer to the USA is made in accordance with the EU Commission Implementing Decision (EU) 2016/1250 (EU-U.S. Privacy Shield).
You can find out more about Amazon Web Services' data protection measures at: https://docs.developer.amazonservices.com/enUS/devguide/DG_DataProtectionPolicy.html
The current privacy statement of Amazon Web Services can be found at: https://aws.amazon.com/de/privacy/
On our website we use the services of Cloudflare Inc., 101 Townsend St, 94107 San Francisco, USA ("Cloudflare"). Cloudflare offers a world-wide network for the supply of distributed contents. Technically, the transmission of information between your browser and our website is done through the Cloudflare network. Cloudflare is able to monitor traffic between users and our websites, for example to detect and block attacks on our services. Cloudflare may also store cookies on your computer to optimize and analyse them.
We use Cloudflare to ensure the proper functioning of the website. This constitutes a legitimate interest according to Art. 6 subs. 1 f) GDPR. In addition, we have signed a contract with Cloudflare for data processing on behalf and we fully implementing and meeting the requirements of the GDPR when we use Cloudflare. Data transfer to the USA is made in accordance with the EU Commission Implementing Decision (EU) 2016/1250 (EU-U.S. Privacy Shield).
You can prevent the collection and processing of your data by Cloudflare by deactivating the execution of script code in your browser or by installing a script blocker in your browser (this can be found, for example, at www.noscript.net or www.ghostery.com). The data will be deleted as soon as the purpose of the collection has been fulfilled.
Further information and the Cloudflare data protection declaration can be found at: https://www.cloudflare.com/privacypolicy/.
In order to be able to process user requests faster and more efficiently, we use an external CRM system from Crisp IM SARL, 2 Boulevard de Launay, 44100 Nantes, France ("Crisp") to process service requests via our websites. Crisp uses the data of the users only for the technical processing of the inquiries and does not pass them on to third parties. In order to use Crisp, it is necessary to provide at least a correct e-mail address. A pseudonymous use is possible. In the course of processing service requests, it may be necessary to collect further data (name, address). The use of Crisp is optional and serves to improve and accelerate our customer and user service. All data that we transmit via Crisp are stored in the EU.
We use Crisp for the purpose of fast processing of customer inquiries. This constitutes a legitimate interest according to Art. 6 subs. 1 f) GDPR. In addition, we have signed a contract with Crisp for data processing on behalf and are fully implementing and meeting the requirements of the GDPR when we use Intercom.
We use Bugsnag, a service provided by Bugsnag, Inc. (939 Harrison St, San Francisco, CA 94107, USA; "Bugsnag"). Bugsnag is used by us to manage our business contacts and optimize our services and offerings for our customers and prospects.
We use Bugsnag to analyse the use of the website and to adapt and optimise our services. This constitutes a legitimate interest according to Art. 6 subs. 1 f) GDPR. In addition, we have signed a contract with Bugsnag for data processing on behalf and are fully implementing and meeting the requirements of the GDPR when we use Bugsnag. Data transfer to the USA is made in accordance with the EU Commission Implementing Decision (EU) 2016/1250 (EU-U.S. Privacy Shield).
We use services of the analysis tool "Scout", provided by the company Scout, 320 East Vine Drive, Suite 221, Fort Collins, Colorado 80524, USA. Scout helps us to evaluate loading times of our website, to identify errors in our services and to ensure the stability of our website. This analysis may also record your IP address when you visit our website.
We use Scout to ensure the stability of our website. This constitutes a legitimate interest according to Art. 6 subs. 1 f) GDPR.
4.10. Contact form / Email contact
When you use the contact form available on our website or write us an email, we will process the personal data you have provided thereby. This information is transmitted by your browser or email client and stored in our information technology systems. The processing of this personal data is necessary to answer your request. In addition, your IP address as well as the data and time of your request will be stored if you write us an email.
Data processing serves to answer your request and prevent misuse of the contact form and ensure the security of our information technology systems. These are legitimate interests according to Art. 6 subs. 1 f) GDPR.
The personal data is stored as long as this is required for answering your request. If your request should bring about subsequent contract conclusion, the data is stored as long as this is required for taking steps prior to entering into a contract or for the performance of the contract. Thereafter, the personal data is deleted routinely every 6 months. The IP address from the contact form is stored for the duration of 4 weeks. We do not combine this personal data with other data sources. The data is not disclosed or transferred to third parties. It is not intended to transfer the data to a third country or an international organisation. You are not obliged to provide this personal data; however, if you do not provide this data, you cannot use the contact form or send an email.
4.11. Opening and use of a customer account
You can open a customer account on our website. You can create a new account or log in with one of your social media accounts. In the first case, your browser transmits the personal data you entered there to us and we store it in our IT systems. In addition, we store your IP address and the time of registration. When you log into your customer account, our website places cookies on your terminal so that you can remain logged in, even if you have to reload the website in the meantime.
If you log in with one of your social media accounts, you will be redirected to the respective page of the social media channel. There you may have to allow us access to your data using an "OAuth token". OAuth (Open Authorization) is an open protocol that allows a standardized, secure API authorization for desktop, web and mobile applications. An end user (user or resource owner) can use this protocol to allow an application (client or third party) to access his data (authorization) provided by another service (resource server) without revealing secret details of his access authorization (authentication) to the client. The end user can thus instruct third parties to consume a service on his behalf. Typically, the transmission of passwords to third parties is avoided.
The processing of the personal data entered by you serves the purpose of being able to provide you with the customer account and to be able to assign future usage processes such as orders or contact enquiries to your customer account. These processing operations are justified on the basis of Art. 6 subs. 1 b) GDPR because they serve to fulfil the contract. In addition, the establishment of a customer account is a prerequisite for the purchase of one of our offers, the processing is also required for contract performance according to Art. 6 subs. 1 b) GDPR. The storage of IP address and time of registration is necessary to ensure the security of our information technology systems. This is also our legitimate interest, which is why processing is permitted according to Art. 6 subs. 1 f) GDPR.
The personal data entered by you will be stored until your customer account with us is terminated, but in any case, as long as necessary to fulfil the contract. IP address and time of registration are stored for a period of 4 weeks. The cookies lose their validity when you log out, otherwise after 6 months at the latest. We do not merge this personal data with other data sources. Data will not be passed on to third parties. A transfer to a third country or to an international organization is not intended. You are not obliged to provide this personal data, yet the establishment or use of a customer account and thus and the purchase of our products are not possible without the provision.
4.12. Subscription to a newsletter
On our website you can subscribe to our newsletter, which informs you about new entries in our blog. If you do so, the personal data you provide when registering will be transmitted to us by your browser and stored in our information technology systems. Your IP address and the time of registration are also stored.
The processing of the personal data entered by you is used to send the newsletter. This processing is legal because you have given us your consent according to Art. 6 subs. 1 a) GDPR . The storage of your IP address and the time of registration serves as proof of your consent, to which we are obliged according to Art. 6 subs. 1 c) GDPR.
The personal data you enter will be stored until your subscription is cancelled. We do not combine this personal data with other data sources. Data will not be passed on to third parties. A transfer to a third country or to an international organisation is not intended. You are not obliged to provide this personal data, but subscription to our newsletter is not possible without such provision.
This website uses the services of MailChimp for sending newsletters. Provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is a service that can be used to organize and analyse the sending of newsletters. If you enter data for newsletter subscription purposes (e.g. e-mail address), it will be stored on MailChimp's servers in the USA.
MailChimp enables us to analyse our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (so-called web beacon) connects to the servers of MailChimp in the USA. In this way it can be determined whether a newsletter message has been opened and which links have been clicked. In addition, technical information (e.g. time of retrieval, IP address, browser type and operating system) is recorded. This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
Data processing is based on our legitimate interest, Art. 6 subs. 1 f) GDPR, in delivering our newsletters to you subsequent to your subscription. Data transfer to the USA is made in accordance with the EU Commission Implementing Decision (EU) 2016/1250 (EU-U.S. Privacy Shield). In addition, we have concluded a contract with MailChimp for data processing on behalf and we fully implement and comply with the requirements of the GDPR when we use MailChimp.
If you do not wish your personal data to be processed by MailChimp, you may unsubscribe from the newsletter at any time. For this purpose, we provide a corresponding link in every newsletter message. You can also unsubscribe directly on the website.
The data you have deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the MailChimp servers after unsubscribing from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.
We use Mailgun services to ensure the secure delivery and verified delivery of automated email confirmations and email notifications. Mailgun is provided by Mailgun Technologies Inc., 535 Mission St., San Francisco, CA 94105, USA (“Mailgun”). Mailgun will receive the e-mail address you provided for delivery at the time a message is sent. The delivery status, i.e. whether a message has been delivered or rejected, can be tracked for 30 days in log files of the service provider before this information is deleted. These log files also contain detailed information about the receipt of a message. The data is analysed for internal purposes, e.g. to identify incorrect email addresses. For this purpose, the browser you are using must connect to Mailgun Technologies, Inc. servers located in the United States. As a result, Mailgun Technologies Inc. become aware that your IP address has been used to access our website.
The use of Mailgun is in the interest of secure dispatch and verified delivery of automated email confirmations and e-mail notifications. This constitutes a legitimate interest according to Art. 6 subs. 1 f) GDPR.. In addition, we have signed a contract with Mailgun for data processing on behalf and are fully implementing and meeting the requirements of the GDPR when we use Mailgun. Data transfer to the USA is made in accordance with the EU Commission Implementing Decision (EU) 2016/1250 (EU-U.S. Privacy Shield).
4.15. Blog with “Disqus” comment function
You can comment a blog post on our website. This website uses the Disqus comment function of Disqus Inc., 717 Market St San Francisco, CA 94103, USA ("Disqus"). Disqus is an interactive comment system that allows registered users to post comments with just one login on any website that uses Disqus. Disqus enables registration via existing accounts on Disqus, Facebook (via Facebook Connect), Twitter and Google+. If you sign in using your Disqus, Facebook, Twitter, Google+ account, data from these providers may also be collected, stored and used. For details, please refer to the privacy statement of the respective provider.
In addition to the comment text, Disqus will send us your e-mail address and IP address. We need the comment text to be able to publish it. We need the remaining information exclusively for the purpose of contacting you in connection with your use of Disqus, e.g. if we have questions about your user comment or to avoid liability and misuse. In order to avoid liability for the content of comments, it may also be necessary for us to delete comments, exclude them from publication or - as a milder measure and with appropriate labelling - edit them.
The processing of your personal data serves to display your comments on our website and the protection of our IT systems as well as misuse. This constitutes a legitimate interest according to Art. 6 subs. 1 f) GDPR. Data transfer to the USA is made in accordance with the EU Commission Implementing Decision (EU) 2016/1250 (EU-U.S. Privacy Shield).
The personal data you enter will be stored for as long as is necessary to display the comment. We do not combine this personal data with other data sources. A passing on to third parties does not take place. A transfer to a third country or to an international organisation is not planned. You are not required to provide this personal information, but it is not possible to comment on our blog without providing this information.
If you choose a payment method offered by the payment service provider "Stripe", the payment will be processed by Stripe Payments Europe Ltd., C/O A&L Goodbody, Ifsc, North Wall Quay, Dublin 1, Ireland, to whom we pass on the information you have provided in the course of the order process together with the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) according to Art. 6 subs. 1 b) GDPR. Your data will only be passed on for the purpose of payment processing with Stripe Payments Europe Ltd. and only to the extent necessary.
The collection of your personal data serves to enable the data transfer to Stripe for the purpose of payment handling. We do not store the data for any other purposes. You are not obliged to provide this personal data, you can also pay by/against alternative payment options (PayPal).
Further information on the data protection of "Stripe" can be found at the following Internet address: https://stripe.com/de/privacy.
5. Rights of data subjects
You as the person concerned (hereinafter “data subject”) are entitled to a right to information according to Art. 15 GDPR, a right to rectification according to Art. 16 GDPR, a right to erasure according to Art. 17 GDPR, a right to restriction of processing according to Art. 18 GDPR as well as a right to data portability according to Art. 20 GDPR. The right to information as well as the right to erasure may be subject to the restrictions under domestic law. In addition, you are entitled to lodge a complaint with a supervisory authority (Art. 77 GDPR).
6. Automated case-by-case decisions including profiling
No automated case-by-case decisions are taken, including profiling.
7. Controller’s duty to inform
We will inform all recipients to whom your personal data was disclosed of any rectification or erasure of your personal data or any restriction of processing according to Art. 16, Art. 17 subs. 1 and Art. 18 GDPR unless it is impossible or requires unreasonable effort to inform them.
We will also inform you about the identity of the recipients at your request.
8. Right to oppose
You are entitled for reasons arising from your specific situation to oppose at any time the processing of your personal data which is carried out according to Art. 6 subs. 1 e) or f) GDPR. Where personal data is processed for the purpose of direct marketing, you are entitled at any time to oppose the processing of your personal data for such direct marketing purposes. The objection can be made informally and is to be addressed to:
1515 7th Street, #424
Santa Monica CA 90401, USA
Tel.: (917) 409-7025
Email address: email@example.com
9. Right to withdraw your consent to personal data processing
You are entitled according to Art. 7 subs. 3 s. 4 GDPR at any time to withdraw your consent. However, the withdrawal will leave the lawfulness of the processing that has taken place with your consent before the withdrawal unimpaired. Thus, the withdrawal only takes effect for the processing intended for the time after the withdrawal. The withdrawal can be made informally, by posted letter or email. If you oppose the processing, we will no longer process your personal data unless this is permitted by another (legal) basis. If you oppose the processing and there is no other legal basis which permits continued processing, we are obliged according to Art. 17 subs. 2 b) GDPR to erase your personal data without undue delay upon your request.
The withdrawal can be made informally and is to be addressed to:
1515 7th Street, #424
Santa Monica CA 90401, USA
Tel.: (917) 409-7025
Email address: firstname.lastname@example.org