Privacy hints

Table of content

The use of this website is basically possible without the indication of personal data. However, if a person concerned wishes to use special services via our website, personal data may be processed. If the processing of personal data is necessary and there is no legal basis for the processing, we generally obtain the consent of the person concerned.

The processing of personal data takes place in accordance with the requirements of the General Data Protection Regulation (GDPR) and in accordance with the applicable country-specific data protection regulations. By means of this data protection declaration, we would like to inform the public about the type, scope and purpose of the personal data processed by us. In addition, this privacy statement will inform visitors of this website about their rights. Numerous technical and organisational measures have been implemented to ensure the most complete possible protection of the personal data processed via this website. Nevertheless, internet-based data transmissions can in principle have security gaps, so that absolute protection cannot be guaranteed. For this reason, each person concerned is free to transmit personal data to us by alternative means, such as telephone or encrypted e-mail.

§ 1 Name and address of the controller

Controller according to Art. 4 (7) GDPR is:
Mataono GmbH
Mataono GmbH
Kraftwerk Mitte 7
01067 Dresden
Phone: 0351 – 41 88 840-0
E-Mail: info@mataono.com

§ 2 Name and address of the data protection officer

The data protection officer is:
Thomas Kirchner
descript Solutions GmbH
Kraftwerk Mitte 7
01067 Dresden
Phone: 0351 – 41 88 840-0
Email: datenschutz@descript.de

§ 3 Legal basis of the processing

The legal basis for all processing operations for which we obtain the consent of the data subject is Art. 6 (1) a GDPR.

Processing operations that serve to fulfil a contract are based on Art. 6 (1) b GDPR. This also applies to processing operations that are necessary to carry out pre-contractual measures.

If the processing results from a legal obligation, Art. 6 (1) c GDPR is the legal basis for the processing.

In the event that the processing is intended to protect the vital interests of the persons concerned or other natural persons, the processing is based on Art. 6 (1) d GDPR.

If the controller is obliged to carry out tasks which are in the public interest or are carried out in the exercise of official authority, Art. 6 (1) e GDPR provides the legal basis.

If the processing is necessary to safeguard the legitimate interests of the controller or third parties, the processing is based on Art. 6 (1) f GDPR. The interests or fundamental rights and freedoms of the data subject must not predominate.

§ 4 Duration of storage of personal data

Personal data is only stored for as long as the purpose for which it was collected exists. An exception exists only if statutory retention periods provide for a different period. Until then the processing of personal data will be restricted.

§ 5 Rights of the data subject

(1) Assert affected rights

If a data subject wishes to exercise the rights to which he or she is entitled, he or she may at any time contact the employee referred to in § 2.

(2) Right to obtain information

Any data subject shall have the right to obtain from the controller confirmation as to whether personal data relating to him or her are being processed. If personal data has been processed, the data subject has the right to request information free of charge on the personal data stored about him or her. It is also possible to obtain a copy of the relevant data. The controller reserves the right to verify the identity of the spplicant.

(3) Right to rectification

The data subject concerned by the processing of personal data has the right to obtain from the controller without delay the rectification of any inaccurate personal data concerning him or her. The data subject shall also have the right to request the completion of incomplete personal data, including by means of a supplementary statement, having regard to the purposes of the processing.

(4) Right to erasure

The data subject who processes personal data shall have the right to request the controller to erase personal data concerning him without delay if he or she is lawfully entitled and the data is not necessary for the processing activity.

(5) Right to restrict processing

The data subject who is subject to the processing of personal data shall have the right to request the controller to limit the processing if he or she is lawfully entitled.

(6) Right to data portability

The data subject concerned by the processing of personal data has the right to obtain the personal data concerning him which he has made available to the controller in a structured, common and machine-readable format. It shall also have the right to communicate the data to another controller without being hampered by the controller to whom the personal data have been provided, provided that he or she is lawfully entitled. Furthermore, the data subject has the right, in order to exercise his/her right to data transferability, to have personal data communicated directly by one data controller to another data controller, in so far as this is technically feasible.

(7) Right to object

The data subject who processes personal data has the right to object at any time, on grounds relating to his particular situation, to the processing of personal data concerning him on the basis of Article 6 (1) (e) or (f) of the GDPR. The controller reserves the right to thoroughly assess the particular situation and weighing it with the legitimate interest.

Where personal data is processed for the purpose of direct marketing, the data subject shall have the right to object at any time to the processing of personal data concerning him for the purpose of such advertising, in so far as it relates to such direct marketing. If the data subject objects to the processing for the purposes of direct marketing, the personal data shall no longer be processed for those purposes.

(8) Automated decisions in individual cases including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects upon him or her or significantly affects him or her in a similar manner. This shall not apply where the decision:

  • is necessary for the conclusion or performance of a contract between the data subject and the controller,
  • is authorised by legislation of the Union or of the Member States to which the person responsible is subject, and such legislation contains appropriate measures to safeguard the rights and freedoms and the legitimate interests of the persons concerned, or
  • with the express consent of the data subject.

(9) Right to revoke a consent

The person concerned by the processing of personal data has the right to withdraw his or her consent at any time. The revocation shall not affect the lawfulness of the processing carried out on the basis of the consent until revoked.

(10) Right to complain

Data subjects have the right to complain at the responsible supervisory authorities.
The responsible supervisory authoriy for the controller is:
Sächsischer Datenschutzbeauftragter
Adresse: Devrientstraße 1, 01067 Dresden
Postadresse: Postfach 12 00 16, 01001 Dresden
Telefon: 0351/85471 101
E-Mail: saechsdsb@slt.sachsen.de
www.datenschutz.sachsen.de

§ 6 Legitimate interests in the processing pursued by the controller or by a third party

If the processing of personal data is based on Art. 6 (1) f GDPR, the person responsible affirms that a conscientious weighing of our interests and the interests and fundamental rights of the data subject has taken place prior to the collection of the data. The data subject may demand that the legitimate interests of the data subject be substantiated.

§ 7 Legal or contractual provisions for the provision of personal data

It can happen that personal data must be provided due to legal regulations or contractual regulations. In the event of a request for an offer or the conclusion of a contract, it is necessary for the person concerned to provide us with certain personal data, which we then process. Failure to provide the necessary data would mean that the contract cannot be concluded.

Before providing personal data, the person concerned can inquire with the employee named in § 2 whether the collection of the same data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the data were not provided.

§ 8 Provision of infrastructure

All our data is hosted and stored on the servers of Hetzner Online GmbH.

Hetzner Online GmbH
Industriestrasse 25
91710 Gunzenhausen
Germany

Further information on data protection at Hetzner Online GmbH can be found at: https://www.hetzner.com/rechtliches/datenschutz?country=gb.

§ 9 Cookies

Cookies are used on our website. Cookies are text files which users of a visited website receive and which can be used to identify you to this website.

Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which web pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the person concerned from other Internet browsers that contain other cookies. A particular Internet browser can be recognized and identified by its unique cookie ID.

By using cookies, the responsible person can provide the users of this website with more user-friendly services, which would not be possible without the setting of cookies.

By means of a cookie, the information and offers on our website can be optimised in the interests of the user. The purpose of this recognition is to make it easier for users to use our website.

The person concerned can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. In addition, cookies that have already been set can be deleted at any time via the Internet browser or other software programs used. This is possible in all common Internet browsers. By deactivating cookies, it may happen that some functions of our website are no longer fully usable.

§ 10 Collecting data using server log files

On our website, a series of general data is collected each time a person concerned or an automated system accesses our website. These general data are collected anonymously and stored in the log files of the server. We record (a) the browser types and versions used, (b) the operating system used by the accessing system, (c) the website from which an accessing system accesses our website (so-called referrer), (d) the sub-sites which are accessed via an accessing system on our website, (e) the date and time of an access to the website, (f) an Internet protocol address (IP address), (g) the Internet service provider of the accessing system and (h) other similar data used to avert danger in the event of attacks on our IT systems.

The data collected is anonymised after seven days. Due to the anonymisation, the person responsible cannot draw any conclusions about the person concerned. This data is rather required to (a) correctly deliver the contents of our website, (b) optimise the contents of our website and the advertising for it, (c) guarantee the permanent functionality of our IT systems and the technology of our website and (d) provide law enforcement authorities with the data necessary for criminal prosecution in the event of a cyber attack. This anonymously collected data is therefore evaluated by the responsible person both statistically and with the aim of increasing data protection and data security in our institution. The anonymous data of the server log files are stored separately from all personal data provided by the person concerned.

§ 11 Contact details of the provider

Due to legal regulations, our website contains information that enables us to be contacted quickly and electronically and to communicate directly with you, including a general e-mail address. If a person concerned makes contact by e-mail, the personal data transmitted by the person concerned is automatically stored. Such personal data transmitted voluntarily by an affected person will be stored for the purpose of processing or contacting the affected person. This personal data will not be passed on to third parties.

§ 12 Contact form

The website contains a contact form which can be used to contact us. The personal data transmitted by the person concerned is automatically stored. Our legitimate interest is to answer to your request. Such personal data transmitted voluntarily by an affected person will be stored for the purpose of processing or contacting the affected person. This personal data will not be passed on to third parties.

§ 13 Privacy policy on the use and application of Matomo

The responsible person has integrated the component Matomo in this application. Matomo is an open source software tool for usage analysis. Usage analysis is the collection and analysis of data about user behavior on applications. In the web the tool records from which website the user has accessed this website, which subpages have been accessed and how often and how long subpages have been viewed by the user. In a mobile app the tool records time spent in the application and user interactions. This analysis is used to optimize the application.

The software is operated on the server of the responsible person. All log files are stored exclusively on this server.

The legal basis for processing data is the legitimate interest of the controller to optimise and evaluate the use of the application (Art. 6 par. 1 (f) GDPR). A weighing of interests of the controller and of the data subject has been carried out.

Matomo places a cookie on the IT system of the user concerned. The cookie enables the analysis of usage. Each time one of the individual pages is called up, the Internet browser on the IT system of the person concerned is automatically prompted to transmit data to our server for the purpose of online analysis. In this process, we obtain knowledge of the IP address of the person concerned, which serves, among other things, to trace the origin of the visitors. In addition to the IP address, the access time, location from which the access originated and the frequency of visits to our website are stored. The IP address is made anonymous immediately upon collection.

By adjusting the settings of the Internet browser used, the setting of cookies by Matomo can be permanently rejected. In addition, set cookies can be deleted at any time via the Internet browser or other software. Furthermore, it is possible to object to the recording of the use by Matomo. The person concerned must set an opt-out cookie for this purpose. If the cookie settings of the Internet browser used are reset, this cookie would have to be set again.

The setting of the opt-out cookie may lead to restrictions in the functionality of the website.

Further information and Matomo's current data protection regulations can be found at https://matomo.org/privacy/ abgerufen werden.

§ 14 Privacy Policy on the Use and Usage of YouTube

The responsible person has integrated components of YouTube on this website. YouTube is an Internet video portal that enables video producers to post video clips and other users to view, evaluate and comment on them free of charge. The integration of videos enables the presentation of advertising material, knowledge and other interesting videos.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

When embedding YouTube videos on our website, we use the Nocookie link provided by YouTube. This means that the user is not yet analyzed when a website is called that has integrated the YouTube component (YouTube video). YouTube and Google do not know which specific subpage of the website is visited by the user until the video is played.

If the person concerned is logged in to YouTube at the same time, YouTube recognizes which specific subpage of our website the person concerned is visiting by calling up a subpage containing a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the person concerned.

YouTube and Google receive information via the YouTube component that the person concerned has visited our website if the person concerned is logged on to YouTube at the same time as the video is being played. If YouTube and Google do not want the data subject to submit this information to YouTube and Google in this way, the data subject may prevent the submission by logging out of his/her YouTube account before accessing our website.

The data protection regulations published by YouTube, which are available at https://policies.google.com/privacy/update?hl=en , provide information about the collection, processing and use of personal data by YouTube and Google.

§ 15 Troubleshooting

In order to be able to analyse and correct errors that have occurred on our website, monitoring is carried out. In the event of an error, crash, etc., the IP address of the user is collected. The data will be deleted after 35 days.

§ 16 Integration of Google reCAPTCHA

To protect the forms, the responsible person uses reCAPTCHA from Google Ireland Ltd. The query serves to differentiate whether the input is made by a human being or is abused by automated, mechanical processing. Your IP address and any other personal data may be forwarded to Google Ireland Ltd. in the process.

The operating company of the Google-reCAPTCHA component is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Further information and the valid data security regulations of Google can be called up under https://policies.google.com/privacy/update?hl=en .

§ 17 Usage of HubSpot

On this website we use HubSpot for different purposes. HubSpot is a software company from the USA with a branch office in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telephone: +353 1 5187500.

HubSpot is an integrated software solution that we use to cover different aspects of our online marketing. This includes, among others:

  • Email marketing
  • reporting
  • contact management (e.g., user segmentation & CRM) and
  • contact forms.

Our registration service enables visitors to our website to find out more about our company, to download contents and to provide their contact information, together with further demographic information. This information, together with the contents of our website are stored on the servers of our software partner HubSpot. We can use it to make contact with visitors to our website and to determine which of our company’s services are interesting for them. All information collected by us is subject to this data privacy policy. We use all information collected exclusively for optimizing our marketing measures.

As part of the optimization of our marketing activities, HubSpot may collect and process the following data:

  • Geographical position
  • Browser type
  • Navigation information
  • Reference URL
  • Performance data
  • Information about how often the application is used
  • Mobile apps data
  • HubSpot subscription service credentials
  • Files that are displayed on site
  • Domain names
  • Viewed pages
  • Aggregated use
  • Version of the operating system
  • Internet service provider
  • IP address
  • Device identification
  • Duration of the visit
  • Where the application was downloaded from
  • Operating system
  • Events that occur within the application
  • Access times
  • Clickstream data
  • Device model and version

We also use HubSpot’s contact forms. More information about this can be found at section "Integration of HubSpot contact forms" of this Privacy Policy.

The legal basis of the processing is your consent according to Art. 6 (1)(a) GDPR. If you do not want Hubspot to collect and process the aforementioned data, you can refuse your consent or withdraw it at any time with effect for the future.

The data will be stored for as long as it is necessary for the purpose of the procession. The data will be deleted as soon as it is no longer needed for the processing purposes.

Data may be transferred to the USA as part of processing by Hubspot. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, Art. 49 (1)(a) GDPR can serve as a legal basis. Please note the reference to the risk of data transfer to an unsafe third-country under section "Integration of HubSpot contact forms".

§ 18 Integration of HubSpot contact forms

We use the service HubSpot to provide the following contact forms. For this purpose, we forward your data to HubSpot, which processes the data exclusively on our behalf. See data protection information on "Usage of HubSpot".

Please note: If you contact us via contact forms, personal data may be transferred to service providers in third countries. These third countries do not have an adequate level of data protection. If the data is transferred to the U.S., there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes without you possibly having any legal remedies. The security of the transfer is regularly safeguarded via so-called standard contractual clauses, which ensure that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, your acknowledgement of the privacy policy in the context of the contact forms is considered consent within the meaning of Art. 49 (1) a DSGVO, which justifies a data transfer to insecure third countries.

(1) Free offer of digital content

In order to provide you with selected digital content (e.g. whitepapers and e-books), we collect personal data from you.

  • Data collected: Email address, first name, last name, phone number, organization, role in the organization, Discovered via.
  • Processing purpose: Personalized sending of the requested digital content.
  • Storage period: the data will be stored for as long as it is necessary to achieve the purpose. After the content has been sent, the data will be deleted unless you explicitly consent to the use of the data for contacting you in the context of the content provided.
  • Legal basis: Art. 6 (1) b DSGVO (fulfillment of contract)

(2) Newsletter

If you subscribe to our newsletter, we store your e-mail address and use it to send the newsletter. Your email address will not be published or shared with third parties.

  • Data collected: Email address, first name, last name, phone number, organization, role in the organization, Discovered via.
  • Purpose of processing: sending the requested newsletter.
  • Storage period: the data will be stored as long as it is necessary to achieve the purpose. For the newsletter, the data will be stored as long as a sending of a newsletter is foreseen and you have not objected to the use of your data.
  • Legal basis: Art. 6 (1) a DSGVO (consent).
Cancellation: You can unsubscribe from our newsletter at any time via a link contained in each issue. We will then delete your e-mail address from our distribution list. Alternatively, you can unsubscribe from the newsletter at any time by sending an email to newsletter@descript.de.

(3) Get-to-know interview

If you request an appointment for a get-to-know-you conversation, we will use your information to contact you and work with you to schedule and conduct an appointment.

  • Data collected: Email address, last name, first name, phone number, organization, role in the organization, discovered via, description of activities.
  • Purpose of processing: preparation and follow-up, coordination and implementation of the requested meeting to get to know each other.
  • Storage period: the data will be stored for as long as necessary to achieve the purpose. The data will be stored for as long as necessary to prepare, follow up and carry out the appointment.
  • Legal basis: Art. 6 (1) f DSGVO (Legitimate Interest).

(4) Webinars

If you register for a free webinar, we will use your data to send you the invitation and information related to the webinar.

  • Data collected: Last name, first name, phone number, organization, role in the organization, Discovered via.
  • Purpose of processing: sending the requested invitation to the webinar, preparing, conducting and following up the webinar, as well as using the personal data for marketing purposes.
  • Storage period: the data is stored for as long as necessary to achieve the purpose. If the consent for marketing purposes is revoked, the data stored by us will be deleted. Legal basis: Art. 6 (1) b in conjunction with. Art. 6 (1) a DSGVO.
  • Legal basis: By registering for the webinar, you also automatically agree to your personal data being processed for marketing purposes. The legal basis is your consent given to us beforehand in accordance with Art. 6 (1) a DSGVO. Consent to the use of the collected personal data for marketing purposes is a prerequisite for participation in free webinars. You can separately object to the use of personal data for marketing purposes at any time.

§ 19 Privacy Policy on the Use and Usage of Spotify

We use the provider Spotify for the integration of audio material (music and podcasts). Spotify is operated by Spotify AB, headquartered at Regeringsgatan 19, SE-111 53 Stockholm.

On some of our Internet pages, we use plugins from the provider Spotify. When you call up the web pages of our website that are provided with such a plugin, a connection to the Spotify servers is established and the plugin is displayed. This transmits to the Spotify server which of our Internet pages you have visited. If you are logged in to Spotify as a user, Spotify can assign this information to your personal user account. When using the plugin, such as clicking on the start button of an audio file or playlist, this information is also assigned to your user account. You can prevent this assignment by logging out of your Spotify user account before using our website and deleting the corresponding cookies from Spotify.

For the purpose and scope of the data collection and the further processing and use of the data by Spotify, as well as your rights in this regard and setting options for protecting your privacy, please refer to Spotify's privacy policy: https://spotify.com/de/legal/privacy-policy

§ 20 Privacy Policy on the Use and Usage of Meta Pixel

We use the visitor action pixel from Meta on our website to measure conversions. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. The data collected is also transferred by Meta to the USA and other third countries. Meta is a participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. More at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

The behavior of our site visitors can be tracked after they have been redirected to our website by clicking on a Meta advertisement. This allows us to evaluate the effectiveness of Meta ads for statistical and market research purposes and optimize them for future advertising measures.

The data collected is anonymous to us as the operator of this website and we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Meta so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes in accordance with the Meta Privacy Policy. This allows Meta to place advertisements on Meta pages and outside Meta. This use of the data cannot be influenced by us as the website operator.

The Meta pixel is used on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in effective advertising measures, including social media. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Meta, we and Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Meta. The processing carried out by Meta after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Meta pixel and for the secure implementation of the pixel on our website in accordance with data protection law. Meta is responsible for the data security of Meta products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Meta directly with Meta. If you assert your data subject rights with us, we are obliged to forward them to Meta.

You can find further information on the protection of your privacy in Meta's data protection information: https://www.facebook.com/privacy/center/.

You can also deactivate settings for advertisements at https://www.facebook.com/settings/?tab=privacy or https://www.instagram.com/accounts/privacy_and_security/. To do this, you must be logged in to Facebook or Instagram.

If you do not have a Facebook or Instagram account, you can deactivate usage-based advertising from Meta on the website of the European Interactive Digital Advertising Alliance: https://www.youronlinechoices.com/de/praferenzmanagement/.

§ 21 Facebook Conversion API

We have integrated Facebook Conversion API on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

Facebook Conversion API enables us to record the website visitor's interactions with our website and pass them on to Facebook in order to improve advertising performance on Facebook.

In particular, the time of the call, the website called up, your IP address and your user agent and, if applicable, other specific data (e.g. products purchased, value of the shopping cart and currency) are recorded. You can find a complete overview of the data that can be collected here: https://developers.facebook.com/docs/marketing-api/conversions-api/parameters.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

If personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of data and its transfer to Facebook. The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

You can find further information on protecting your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/.

The company is certified in accordance with the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

§ 22 Heyflow

We use an external service provider for the provision of our online offer: Heyflow GmbH, Jungfernstieg 49, 20354 Hamburg, Germany (hereinafter referred to as "Heyflow"). Heyflow itself stores your data exclusively on European servers. However, there is a possibility that your data may be accessible to facilities in the United States of America, as Heyflow uses sub-processors based in the USA. Since the Commission of the European Union has determined that the data protection laws of the United States do not ensure an adequate level of protection for personal data collected from data subjects in the European Union, Heyflow provides additional measures and safeguards for data transfers to the United States in accordance with the requirements of the GDPR to ensure an adequate level of protection. For example, through the conclusion of standard contractual clauses between Heyflow and the sub-processors.

(1) Description and scope of data processing

Heyflow processes your data for us so that we can provide you with our online services. For this purpose, your IP address is automatically transmitted to Heyflow in order to transmit the content and functions of our online services to your browser or device.

The following data may be collected:

  • information about the browser type and version used
  • the operating system of your computer
  • the internet service provider you use
  • the IP address of your terminal device
  • the date and time of your access to the funnel
  • websites from which you came to our website ("referrer")

(2) Legal basis for data processing

Heyflow stores the data mentioned under (1). in so-called log files. This is done to ensure

  • ensuring a smooth connection to the website,
  • to ensure a comfortable use of our website
  • the evaluation of system security and stability and
  • for other administrative purposes.

The temporary storage of the IP address by the system is also necessary to enable the website to be delivered to your computer. For this purpose, the IP address of your computer must remain stored for the duration of the session.

Our legitimate interest in data processing also lies in these purposes. The legal basis for data processing is therefore Art. 6 para. 1 sentence 1 lit. f GDPR.

(3) Duration of the processing

The personal data processed by Heyflow will be deleted as soon as it is no longer required to achieve the purpose for which it was collected:

  • In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
  • In the case of storage of the IP address in log files, this is the case after 7 days at the latest.

(4) Rights of data subjects

The provisions of headline "Rights of the data subject" apply.

§ 23 Erstellung von Angeboten und Kostenvoranschlägen für Neukunden

Wir verarbeiten die von Ihnen bereitgestellten personenbezogenen Daten ausschließlich zur Bearbeitung Ihrer Anfrage und zur Erstellung eines Angebotes oder Kostenvoranschlags (Art. 6 Abs. 1 Buchstabe b DS-GVO).

Sollte es zur erstmaligen Beauftragung kommen, übernehmen wir Ihre personenbezogenen Daten für die Vertragserfüllung (Art. 6 Abs. 1 Buchstabe b DS-GVO). Erfolgt keine weitere Zusammenarbeit, werden die Daten gesperrt und aufbewahrt, um eine mögliche zukünftige Zusammenarbeit zu erleichtern.

§ 24 Privacy Policy on the Use and Usage of Loom

Loom is a platform that makes it possible to make recordings of the computer screen and at the same time record the person recording via a webcam and with sound. This way viewers of a video in which something is shown or explained can see the author at the same time.

The operating company of Loom is Loom, Inc., 140 2nd Street, 3rd Floor, San Francisco, CA 94105, USA.

The Loom video embedded on our pages contains the video itself, text information about the video, the publication date, the number of views and information about the author, a field for entering text relating to selected parts of the video, emoji for submitting a reaction to the video and a share menu. This includes the option to share on other platforms. No registration is required to submit a text comment, but a name is required. However, this can be chosen freely.

If the person concerned is logged in to Loom at the same time, Loom recognizes which specific video of our website the person concerned is visiting by calling up a subpage that embeds a Loom video. This information is collected by Loom and assigned to the respective Loom account of the data subject.

The data protection regulations published by Loom, which are available at https://www.loom.com/privacy , provide information about the collection, processing and use of personal data by Loom.