Heyflow privacy policy

1) Introduction and general information

Thank you for your interest in our website. The protection of your personal data is very important to us. Below you will find information how we handle your personal data which are collected through your use of our website. Your data will be processed in accordance with the statutory data protection regulations.

Data Controller under the GDPR

Heyflow GmbH
Jungfernstieg 49
20354 Hamburg
Hamburg, Germany
[email protected]

Contact details of the data protection officer

Proliance GmbH / www.datenschutzexperte.de
Data Protection Officer
Leopoldstr. 21
80802 Munich
[email protected]

When contacting the data protection officer, please state the company to which your request relates. Please refrain from enclosing sensitive information, such as a copy of your ID, with your request.

Definitions

Our privacy policy should be simple and understandable for everyone. As a rule, the official terms of the General Data Protection Regulation (GDPR) are used in this privacy policy. The official definitions are explained in Art. 4 GDPR.

2) Data processing when visiting the website

Access to and storage of information in terminal equipment

By using our website, information may be accessed (e.g. IP address) or information may be stored (e.g. cookies) in your terminal equipment. This access or storage may involve further processing of personal data within the meaning of the GDPR.

In cases where such access to information or such storage of information is strictly necessary for the provision of our services free from technical error, this is done under Section 25 para. 1 sentence 1, para. 2 no. 2 TTDSG.

In cases where such a process serves other purposes (e.g. the needs-based design of our website), this is carried out under Section 25 para. 1 TTDSG only with your consent in accordance with Art. 6 para. 1 lit. a GDPR. Consent for future processes can be revoked at any time. The provisions of the GDPR and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) apply to the processing of your personal data.

Further information on the processing of your personal data and the relevant legal bases in this context can be found in the following sections on the specific processing activities on our website.

Web hosting

This website is hosted by an external service provider (hoster). This website is hosted in the USA. Personal data collected on this website is stored on the hoster's servers. This may primarily include IP addresses, contact requests, meta and communication data, website access and other data generated via a website.

We use the services of the following provider to provide our website:

Netlify, Inc.
512 2nd Street, Fl 2
San Francisco, CA 94107
USA

We collect the data listed to ensure a smooth connection to the website and a provision of our services free from technical error. The processing of this data is strictly necessary to make the website available to you. The legal basis for the processing of the data is our legitimate interest in the correct presentation and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR.

We have concluded an order processing contract with the provider in accordance with the requirements of Art. 28 GDPR, in which we obligate the provider to protect our customers' data and not to pass it on to third parties without authorization. When using the service, your data may also be processed in third countries outside the European Union (EU) and the European Economic Area (EEA), particularly in the USA. For data transfers to the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 GDPR regarding companies with a certification under the EU-U.S. Data Privacy Framework.

Netlify, Inc. is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/list.

Further information on data processing by the provider used can be found at: https://www.netlify.com/privacy/.

Server log files

When you visit our website, it is technically necessary for data to be transmitted to our web server via your Internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:

Date, time and duration of the request
Name of the requested file
User agent
IP address
Referrer
URLs accessed
Access status
Amount of data transferred

We collect the data listed to ensure a smooth connection to the website and the provision of our services free from technical error. The processing of this data is strictly necessary to make the website available to you. The log files are used to evaluate system security and stability as well as for administrative purposes. The legal basis for the processing of the data is our legitimate interest in the protection and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR.

For reasons of technical security, especially to defend against attempted attacks on our web server, this data is stored by us for a short period of time. After 30 days at the latest, the data is anonymized by shortening the IP address at domain level so that it is no longer possible to establish a reference to the individual user.

The data may also be processed in anonymized form for statistical purposes. At no time will this data be stored together with other personal data of the user, compared with other databases, or passed on to third parties.

Cookies

Our website uses so-called “cookies”. Cookies are small text files that are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or language settings). Other cookies are used to evaluate user behavior or to display advertising.

The processing of data using strictly necessary cookies is based on a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in provision of our services free from technical error. For details on the processing purposes and legitimate interests, please refer to the information on the specific data processing.

The processing of personal data using other cookies is based on consent in accordance with Art. 6 para. 1 lit. a GDPR. Consent for the future can be revoked at any time. If such cookies are used for analysis and optimization purposes, we will inform you about this separately in the context of this data protection declaration and obtain your consent in accordance with Art. 6 Para. 1 lit. a GDPR.

You can set your browser so that you

will be informed about the setting of cookies,
only allow cookies in individual cases,
exclude the acceptance of cookies for certain cases or in general,
activate the automatic deletion of cookies when the browser is closed.

The cookie settings can be managed for the respective browsers under the following links

You can also manage cookies from many companies and functions that are used for advertising individually. To do this, use the corresponding user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.

Most browsers also offer a so-called “do-not-track” function. If this function is activated, the respective browser informs advertising networks, websites and applications that you do not wish to be “tracked” for the purpose of behavior-based advertising and the like.

For information and instructions on how to edit this function, please refer to the following links, depending on your browser provider:

You can also prevent so-called scripts from loading by default. “NoScript” only allows the execution of JavaScripts, Java and other plug-ins on trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/de/firefox/addon/noscript/).

Please note that the functionality of our website may be restricted if cookies are deactivated.

Consent Management (Usercentrics Consent Management)

In order to manage cookies in compliance with data protection regulations, we use the software solution from Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany.

We use the service to manage your consent to the use of cookies and similar technologies.

With Usercentrics, we provide you with a so-called cookie banner, which you can use to give us your consent to the use of cookies. The cookie banner informs you about the use of cookies when you first visit our website and asks for your consent to the use of cookies. Until you give your consent, all non-essential cookies that we use on our website are automatically blocked. You have the option to reject unwanted cookies via the cookie banner and still continue to use the website.

By using the Usercentrics Consent Management Platform, the following (personal) data is collected:

Opt-in and Opt-out data (consent status)
Referrer URL
User agent
User settings
Consent ID
Time of consent
Type of consent
Template version
Banner language
IP-Adress
Geographical location

Insofar as we use technically necessary cookies and similar technologies as part of the integration of the service, this is done in accordance with Section 25 para. 2 of the Telecommunications Telemedia Data Protection Act (TTDSG). Subsequent data processing by Cookiebot is carried out based on a purpose pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in the form of our legitimate interest in using cookies and similar technologies on our websites in compliance with data protection regulations and to enable you to easily revoke your declarations of consent.

The data collected will be stored until you ask us to delete it or delete the Usercentrics cookie yourself or until the purpose for storing the data no longer applies. The consent data will be deleted by Usercentrics after one year. Mandatory statutory retention periods remain unaffected.

You can find Usercentrics' privacy policy here: https://usercentrics.com/privacy-policy/

Change cookie settings

You can revoke or change your cookie settings at any time. To do this, call up the cookie settings again via this link.

3) General data processing on the website

Customer account registration

You have the option to register for our app via the login button on our website on our subdomain https://app.heyflow.com, thus creating a user profile. We collect and use the following personal data as part of the registration and setup process:

E-mail address
Name
IP address and local currency
Browser language
Time zone, location, date and time of registration

In addition, information may be made available voluntarily (e.g. phone number etc.). Freely provided information is marked “optional” in the input mask. Your user account gives you the option of using our app and logging in to the offers you have purchased. The legal basis for data processing with consent is Art. 6 para. 1 lit. a GDPR or Art. 6 para. 1 lit. b GDPR, provided that the processing is necessary for the provision of the desired services. Your data will be deleted as soon as the user account on our website is deleted if there are no statutory retention obligations. You can change and/or delete your user account, including the data you have provided, directly in your user account after logging in or by sending a message to the controller stated initially in this document.

Please note the data protection information on data processing in our app and on the linked subdomain at: https://heyflow.com/legal/data-privacy-2021/

Contact form and contact by e-mail

If you send us inquiries via contact form or e-mail, your details from the inquiry form or your e-mail, including the personal data you provide there, will be stored by us to handle the inquiry and in the event of follow-up questions. You are required to provide an e-mail address and your first name and surname when contacting us; providing your telephone number is voluntary. The provision of further personal data in the contact form is voluntary, alternatively please contact us by e-mail. Under no circumstances will we pass on the data without your consent. The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR, if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, if there are no legal storage obligations to the contrary. In the case of Art. 6 para. 1 lit. f GDPR, you can object to the processing of your personal data at any time.

Chat function (Intercom)

This website uses a live chat to ensure the best possible user experience. Your e-mail address and the personal data and other information provided in your messages are collected to answer live inquiries.

In principle, we answer your request within the chat tool. However, you can also voluntarily provide your e-mail address and/or telephone number so that we can handle your request in this way.

To improve our customer service, we carry out statistical analyses of user behavior based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Only aggregated data records that no longer have any personal reference are used.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected, i.e. the reason for the request has been conclusively resolved. In any case, the data collected will be deleted immediately as soon as we or you have ended the chat conversation. This does not apply to data that is subject to longer storage periods due to legal obligations or to protect or defend against legal claims.

Cookies are used to operate the chat function, and a connection to the service provider's servers is established. Cookies are small text files that are stored locally in the cache of the website visitor's internet browser. Cookies make it possible to recognize the visitor's internet browser to distinguish between individual users of the chat function on our website. The information generated by the cookies regarding your use of this website (including your IP address) is transmitted to a server of the chat service provider and stored there. The legal basis for the use of cookies and the data processing associated with the chat function is your consent in accordance with Section 25 para. 1 TTDSG and Art. 6 para 1 lit. a GDPR. The legal basis for the subsequent processing of the data is our legitimate interest in responding to the request made on the initiative of the user in accordance with Art. 6 para. 1 lit. f GDPR. If the request or the messages are aimed at the fulfillment of a contract or the implementation of pre-contractual measures, the legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

To avoid the storage of cookies, you can set your Internet browser so that no more cookies can be stored on your computer in the future, and/or so that cookies that have already been stored are deleted. However, disabling all cookies may mean that the chat function on our website can no longer be used.

You can object to the processing of personal data, which is processed based on a legitimate interest, at any time. In such a case, the conversation cannot be continued.

We have concluded an order-processing contract with our service provider so that the data provided by you is processed for us strictly in accordance with instructions and directives.

Service provider:

Intercom, Inc.
55 2nd Street, 4th Fl.
San Francisco, CA 94105
USA

In the European Union, services are provided by:

Intercom R&D Unlimited Company
124 St Stephen’s Green, Dublin 2, D02 C628
Ireland

As personal data is transferred to Intercom, Inc. based in the USA, further protective mechanisms are required to ensure the level of data protection under the GDPR. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Intercom, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have also agreed on standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These obligate the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

Newsletter (HubSpot)

If you would like to receive the newsletter offered on the website with regular information about our offers and products, we require your e-mail address as mandatory information. The provision of additional data is voluntary so that we can address you personally in the newsletter.

We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you our newsletter by email if you have expressly confirmed to us that you consent to our sending you newsletters. In the first step, you will receive an e-mail with a link that you can use to confirm that you, as the owner of the corresponding e-mail address, wish to receive future newsletters. By confirming, you give us your consent in accordance with Art. 6 para. 1 lit. a GDPR that we may use your personal data for the purpose of sending the desired newsletter.

When you register for the newsletter, in addition to the email address required for sending the newsletter, we store the IP address you used to register for the newsletter as well as the date and time of registration and confirmation to be able to trace possible misuse at a later date. The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

You can unsubscribe from the newsletter at any time via the link included in every newsletter or by sending an email to the controller named above. Once you have unsubscribed, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to the continued use of the data collected or the continued processing is otherwise permitted by law.

Our e-mail newsletters are sent via a technical service provider to whom we pass on the data you provided when registering for the newsletter. We have concluded an order processing contract with our email service provider in which we obligate them to protect our customers' data and not to pass it on to third parties.

Service provider:

HubSpot, Inc.
Two Canal Park, Cambridge, MA 02141
USA
E-mail address: [email protected]
Privacy policy: https://legal.hubspot.com/de/privacy-policy

In the European Union, services are provided by:

HubSpot Ireland Limited
2nd Floor 30 North Wall Quay, Dublin 1
Ireland

As it is possible to transfer personal data to countries outside the EU and the EEA, further protection mechanisms are required to ensure the level of data protection under the GDPR. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 GDPR regarding companies certified under the EU-U.S. Data Privacy Framework. HubSpot is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search

The service provider on our behalf uses the information from the newsletter registration to send and statistically evaluate the newsletter based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. For the evaluation, the sent emails contain so-called web beacons or tracking pixels, which are one-pixel image files that are stored on our website. This allows us to determine whether a newsletter message has been opened and which links have been clicked on. Conversion tracking can also be used to analyze whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). The data is collected exclusively in pseudonymized form and is not linked to your other personal data; direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you wish to withdraw your consent to data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

Submission of applications

If you apply with us via our contact form or by e-mail, we collect personal data. This includes your contact details (such as first and last name, telephone number and e-mail address of the user) as well as other data provided by you about your background (e.g. CV, qualifications, degrees and professional experience) and your person (e.g. cover letter, personal interests). This may also include special categories of personal data (e.g. details of a severe disability).

Your personal data is either collected from you as part of the application process and encrypted during electronic transmission or collected by entering your LinkedIn profile. The primary legal basis for this is Section 26 para. 1 BDSG. In addition, consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Section 26 para. 2 BDSG can be cited as a data privacy authorization provision. If the processing of your data is based on consent, you have the right to withdraw your consent for the future at any time.

If you share your LinkedIn profile with us during the application, information required for the application (CV, qualifications, certificates, professional experience and other information shared by you on LinkedIn) will be collected through a sighting of your profile at the following controller:

LinkedIn Ireland Unlimited Company
Wilton Place, Dublin 2,
Ireland

Further information on how this controller handles your data can be found at: https://de.linkedin.com/legal/privacy-policy#others You can contact the controller’s data protection officer at: https://www.linkedin.com/help/linkedin/ask/TSO-DPO

Within our company, only those persons and departments (e.g. Human Resources) have access to your personal data that absolutely need it to carry out the application process or to fulfill our legal obligations. If necessary, your application will be forwarded to the responsible person for review. Under no circumstances will your personal data be passed on to third parties without authorization.

Your data relating to an application for a specific job advertisement will be stored and processed by us during the ongoing application process. After completion of the application process (e.g. in the form of an acceptance or rejection), the application process including all personal data will be deleted from the system no later than six months after completion of the application process. The data of selected applicants will be securely stored for up to 1 year, provided that the applicants have given their consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with § 26 para. 2 BDSG. You can withdraw your consent at any time with effect for the future. An informal email to the contact details of the controller listed above is sufficient for this purpose. If you are accepted, your application documents will be transferred to your personnel file.

Use of Personio

We use the Personio software (Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany, “Personio”) to process applicant data as part of the online application process.

Personio processes all categories of personal data that you provide in connection with the application process. This includes your name, e-mail address, telephone number, salary expectations and desired starting date, as well as all documents you provide for this purpose, such as cover letters, CVs or certificates and photos.

Furthermore, your personal data is processed by Personio regarding so-called server log files. This includes data such as the domain name of the website, the web browser and web browser version, the operating system, the IP address and the timestamp of access to the software. In the event of technical errors, data such as the domain name of the website, the web browser and web browser version, the operating system, the IP address and the time stamp when the corresponding error message/error specification occurs are also processed. This data is processed based on our legitimate interest in being able to guarantee a functional and efficient application process in accordance with Art. 6 para. 1 lit. f. GDPR.

The above information on the legal basis and storage period applies. The data provided by you or collected from you will also be used by Personio in anonymized form for statistical purposes.

We have concluded an order processing contract with the service provider in which we obligate it to protect our customers' data and not to pass it on to third parties.

You can find more information on data protection at Personio at: https://personio.personio.de/data-privacy-statement

External links

Social networks (YouTube, LinkedIn) are only integrated on our website as links to the corresponding services. After clicking on the integrated text/image link, you will be redirected to the page of the respective provider. User information is only transferred to the respective provider after you have been redirected. For information on the handling of your personal data when using these websites, please refer to the respective privacy policies of the providers you use.

4) Third-party provider services

Cloudflare CDN

We use the Content Delivery Network (CDN) by Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107 USA (Cloudflare) to increase the security and delivery speed of our website. A content delivery network is an online service that is used particularly to deliver large media files (such as graphics, page content or scripts) through a network of regionally distributed servers connected via the Internet. For this purpose, the browser you are using must connect to Cloudflare's servers. As a result, Cloudflare becomes aware that our website has been accessed via your IP address. The data collected in this process is only used for the aforementioned purpose and to maintain the functionality and security of the CDN. For this purpose, Cloudflare may process personal data in the form of server log files. The name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider can be stored in the server log files. This data also helps Cloudflare to detect new threats to websites, for example. In this way, Cloudflare can ensure a high level of security protection for our website.

The processing of personal data in connection with the use of Cloudflare is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to increase the security and delivery speed of our website.

In general, Cloudflare stores data at user level for domains in the Free, Pro and Business versions for less than 24 hours. Cloudflare only retains server log files for as long as necessary and this data is also deleted within 24 hours in most cases. However, there is also information that Cloudflare retains indefinitely as part of its permanent logs in order to improve Cloudflare's overall performance and identify any security risks. You can find out exactly which permanent logs are stored at https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/. According to Cloudflare, all data that Cloudflare permanently collects is cleansed of personal data and thus anonymized.

Data is transferred to Cloudflare Inc. based in the USA. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Cloudflare Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov)

For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These obligate the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

Further information regarding data privacy and Cloudflare can be accessed at https://www.cloudflare.com/de-de/gdpr/introduction/ and https://www.cloudflare.com/privacypolicy/

Cloudinary

Our website uses Cloudinary, a cloud service for processing, optimizing and hosting graphics from Cloudinary, Inc, Suite 220, 6201 America Center Dr, San Jose, CA 94089, USA.

All graphic assets on our website (images, videos, icons) are displayed via the provider's servers when our website is accessed. A connection to the provider's servers is established for this purpose. In particular, the following data may be transmitted to the service provider when the connection is established

Date and time of the request
Name of the requested file
Page from which the file was requested
Access status
Web browser and operating system used
Complete) IP address of the requesting computer
Amount of data transferred

The processing of personal data in connection with the use of Cloudinary is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to increase the delivery speed of our website and to be able to provide the designated assets in the best possible way.

Data is transferred to Cloudinary, Inc. based in the USA. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Cloudinary, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov)

You can find more detailed information on data processing by Cloudinary at: https://cloudinary.com/privacy

Google Tag Manager

This website uses the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This service allows website tags to be managed via an interface. The Google Tag Manager only implements tags. This means that no cookies are used and only the user's IP address is transmitted to Google to establish a connection. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, it will remain in place for all tracking tags if they are implemented with Google Tag Manager.

We use Google Tag Manager based on your consent in accordance with Art. 6 para. 1 lit. a GDPR.

As Google may transfer personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, further safeguards are required to ensure the level of data protection required by the GDPR. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search

For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have, in addition, agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These obligate the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

Google Analytics

Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies”.

Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website and compiling reports on website activity. Google will also use this information to provide the website operator with other services related to the use of the website and the internet. The IP address sent by your browser as part of Google Analytics will not be combined with other Google data. Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR based on your consent.

We only use Google Analytics with activated IP anonymization. This means that your IP address is only processed by Google in abbreviated form.

We have concluded an order processing contract with the service provider in which we obligate them to protect our customers' data and not to pass it on to third parties.

As personal data may be transferred by Google to affiliated companies and sub-processors in countries outside the EU and the EEA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search

The Google Analytics terms of use and information on data protection can be accessed via the following links

http://www.google.com/analytics/terms/de.html

https://www.google.de/intl/de/policies/

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Data at user and event level that is linked to cookies, user IDs and advertising IDs (e.g. DoubleClick cookies, Android advertising ID, IDFA [Apple ID for advertisers]) is deleted no later than 14 months after it is collected.

You can prevent the storage of cookies by adjusting the settings of your browser software accordingly. However, we would like to point out that in this case you may not be able to use all the functions of this website without restriction. You can also prevent Google from collecting the data generated by the cookie and from analyzing your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout?hl=de

Google Ads

We use “Google Ads” on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”). We use Google Ads for marketing and optimization purposes, particularly to display ads that are relevant and interesting to you.

If you have given us your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we can use Google Ads to draw attention to our attractive offers with the help of advertising material on external websites. This allows us to determine how successful individual advertising measures are.

These advertising materials are delivered by Google via so-called “AdServers”. For this purpose, we use so-called AdServer cookies, through which certain parameters for measuring success, such as the display of ads or clicks by users, can be measured.

If you access our website via a Google ad, Google Ads will store a cookie on your PC. These cookies generally lose their validity after 30 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be addressed). These cookies enable Google to recognize your web browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked via the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can recognize which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify users based on this information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google using Google Ads. To the best of our knowledge, Google receives the information that you have accessed the relevant part of our website or clicked on one of our ads. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, there is a possibility that Google will find out your IP address and store it.

As Google may transfer personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search

Further information on the use of data by Google, on setting and objection options and on data protection can be found on the following Google websites

Privacy policy: https://policies.google.com/privacy?hl=de&gl=de
Google website statistics: https://services.google.com/sitestats/de.html

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all the functions of our website to their full extent. It is also possible to prevent the storage of cookies by setting your web browser to block cookies from the domain “www.googleadservices.com” (https://www.google.de/settings/ads). Please note that this setting will be deleted if you delete your cookies. You can also deactivate interest-based ads via the link http://optout.aboutads.info. Please note that this setting will also be deleted if you delete your cookies.

Google Marketing Platform (formerly DoubleClick)

This website uses DoubleClick by the Google Marketing Platform, a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (“Google”).

DoubleClick uses cookies to present you with advertisements that are relevant to you. A pseudonymous identification number (ID) is assigned to your browser or device to check which ads have been displayed in your browser and which ads have been viewed. This can improve campaign performance or, for example, prevent you from seeing the same ad more than once. In addition, Google can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a Campaign Manager ad and later visits the advertiser's website with the same browser and makes a purchase there. According to Google, the cookies do not contain any personal information. If you have given us your consent, the data is processed under Art. 6 para. 1 lit. a GDPR.

Due to the technology used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google using this tool and therefore inform you according to our level of knowledge: Through the integration of DoubleClick, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out your IP address and store it.

Further information on the Google Marketing Platform can be found at https://marketingplatform.google.com/about/ and on data protection at Google in general: https://www.google.de/intl/de/policies/privacy

Google AdSense

This website uses Google AdSense, a service for integrating advertisements by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google AdSense uses so-called “cookies”, text files placed on your computer, to help the website analyze how users use the site. Google AdSense also uses so-called web beacons (invisible graphics). These web beacons can be used to analyze information such as visitor traffic on these pages.

The information generated by cookies and web beacons about the use of this website (including your IP address) and the delivery of advertising formats is transmitted to a Google server in the USA and stored there. This information may be passed on by Google to contractual partners of Google. However, Google will not merge your IP address with other data stored by you.

If you have given your consent to the storage of AdSense cookies, this is done under Art. 6 para. 1 lit. a GDPR.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. You can also deactivate the cookie via this link.

As it is possible for Google to transfer personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, further protective mechanisms are required to ensure the level of data protection under the GDPR. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search

For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

Further information on Google AdSense can be found in Google's privacy policy:

https://www.google.com/policies/privacy/

Google Photos

This website uses “Google Photos”, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: “Google”). Google Photos enables us to integrate and display image galleries on our website. The images are loaded by a server call, usually a Google server in the USA. This tells the server which page of our website you have visited. The IP address of the browser of the visitor's device is also stored by Google.

We use Google Photos for optimization purposes, particularly to improve the use of our website for you and to make its design more user-friendly. The processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR based on the consent you have given. This consent can be revoked at any time with effect for the future.

As personal data may be transferred by Google to affiliated companies and subcontractors in countries outside the EU and the EEA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 (1) GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search

For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

Further information on data protection can be found in Google's privacy policy: http://www.google.de/intl/de/policies/privacy

Google Fonts

We use “Google Fonts” on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as: “Google”). Google Fonts enables us to use external fonts. For this purpose, the required Google Fonts are loaded into your browser cache by your web browser when you access our website. This is necessary so that your browser can also display a visually improved presentation of our texts. If your browser does not support this function, a standard font from your computer will be used for display. These Google fonts are integrated by a server call, usually a Google server in the USA. This tells the server which page of our website you have visited. The IP address of the browser of the visitor's device is also stored by Google.

We use Google Fonts for optimization purposes, particularly to improve the use of our website for you and to make its design more user-friendly. The processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR based on your consent. This consent can be revoked at any time with effect for the future.

As personal data may be transferred by Google to affiliated companies and subcontractors in countries outside the EU and the EEA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search

For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

Further information on data protection can be found in Google's privacy policy: http://www.google.de/intl/de/policies/privacy

Further information on Google Fonts can be found at https://fonts.google.com/

HubSpot

We use HubSpot for marketing activities on our website. We use this integrated software solution for our own marketing, lead generation and customer service purposes. These include email marketing, which regulates the sending of newsletters and automated mailings, social media publishing and reporting, contact management such as user segmentation and CRM, landing pages and contact forms. HubSpot uses cookies, small text files that are stored locally in the cache of your web browser on your end device and enable us to analyze your use of the website. HubSpot evaluates the information collected (e.g. IP address, geographical location, type of browser, duration of the visit and pages accessed) on our behalf so that we can generate reports on the visit and the pages visited. Information collected by HubSpot and the content of our website is stored on the servers of HubSpot's service providers. Such processing of your data is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The data will be deleted no later than 13 months after collection.

You can permanently object to the collection of data by HubSpot and the setting of cookies by preventing the storage of cookies through your browser settings.

Service provider:

HubSpot, Inc,
25 First St., 2nd floor, Cambridge,
Massachusetts 02141,
USA
E-mail: [email protected]
Privacy policy: https://legal.hubspot.com/de/privacy-policy

In the European Union, the services are provided by

HubSpot Ireland Limited
2nd Floor 30 North Wall Quay, Dublin 1
Ireland

As HubSpot may transfer personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. HubSpot, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search

For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

Further information can be found in the provider's privacy policy: https://legal.hubspot.com/de/privacy-policy

Facebook and Instagram ads using Facebook Pixel

We use “Facebook Pixel” and Instagram Pixel on our website, a service provided by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland (hereinafter referred to as: “Facebook / Instagram”).

If you have given us your consent in accordance with Art. 6 para. 1 lit. a GDPR, we use Facebook/Instagram Pixel for marketing and optimization purposes, particularly to place relevant and interesting ads for you on Facebook and Instagram and thus improve our offer, make it more interesting for you as a user and avoid annoying ads.

Facebook Pixel makes it possible to display our ads on Facebook and Instagram, so-called “Facebook/Instagram ads”, only to those Facebook and Instagram users who have visited our website, particularly those who have shown interest in our online offering. In this case, Facebook Pixel also makes it possible to check whether a user was redirected to our website after clicking on our Facebook/Instagram ads. Among other things, Facebook Pixel uses cookies, i.e. small text files that are stored locally in the cache of your web browser on your end device. If you are logged in to Facebook or Instagram with your user account, your visit to our website will be noted in your user account. The data collected about you is anonymous to us and does not allow us to draw any conclusions about the identity of the user. However, this data can be linked by Facebook or Instagram to your user account there. If you have a user account with Facebook or Instagram and are registered, Facebook or Instagram can assign the visit to your user account.

As personal data may be transferred by Facebook / Instagram to affiliated companies and sub-service providers in countries outside the EU and the EEA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Facebook / Instagram or Meta Platforms, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search

For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

Further information from the third-party provider on data protection can be found on the following Facebook or Instagram website: https://www.facebook.com/about/privacy or https://help.instagram.com/519522125107875

You can find information about Facebook Pixel on the following Facebook website: https://www.facebook.com/business/help/651294705016616

You can make the relevant settings as to which types of advertisements are displayed to you within Facebook or Instagram on the following Facebook or Instagram website: https://www.facebook.com/settings?tab=ads
or https://help.instagram.com/245100253430454

Please note that this setting will be deleted if you delete your cookies. In addition, you can deactivate cookies that are used for reach measurement and advertising purposes via the following websites:

http://optout.networkadvertising.org/
http://www.aboutads.info/choices/
http://www.youronlinechoices.com/uk/your-ad-choices/

Please note that this setting will also be deleted if you delete your cookies.

LinkedIn Ads / LinkedIn Analytics

We use the conversion tracking technology and the retargeting function of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland on our website. This enables us to display personalized ads on LinkedIn to visitors to our website. For this purpose, a cookie, LinkedIn Insight Tag, is set in your browser with a validity of 120 days, which enables LinkedIn to recognize you if you visit this website and are logged into your LinkedIn account at the same time. LinkedIn uses this data to create anonymous reports on the performance of advertisements and information on website interaction. The information generated by the cookie is usually transferred to a server in the USA of the LinkedIn Corporation and stored there.

The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

As personal data may be transferred by LinkedIn to affiliated companies and subcontractors in countries outside the EU and the EEA, further safeguards are required to ensure the level of data protection under the GDPR. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. LinkedIn Corporation is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search

You can deactivate LinkedIn Insight conversion tracking and interest-based personalized advertising by opting out at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out Further information on data protection at LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy.

Microsoft Advertising (formerly Bing Ads)

Our website uses Microsoft Advertising from Microsoft Corporation One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”) for marketing and analysis purposes.

The service enables us to track activities on our site when you access our website via a Bing ad. This is done by setting a cookie (small text file) on your device when you click on a Microsoft Bing Ads ad if you have given your consent in accordance with Art. 6 para. 1 lit. a GDPR. A UET tag is also integrated on our websites. This is a code that is used in conjunction with the cookie to store pseudonymized data about the use of the website if you have given your consent. In combination with the cookie, the tag collects pseudonymized data in order to track which actions you take on our websites after you have clicked on an advertisement on Microsoft Ads. Among other things, the time spent on the website, which areas of the website were accessed and which advertisement brought you to the website are collected. In particular, Microsoft and we learn the total number of users who have clicked on an ad and reached a previously defined target page. Microsoft processes and uses cookies to create user profiles using pseudonyms, to analyze user behavior and to display advertisements. In addition, Microsoft can track your usage behavior across several of your electronic devices through so-called cross-device tracking.

This data is stored by Microsoft for 180 days.

As personal data is transferred to the Microsoft Corporation based in the USA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Microsoft Corporation is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov). For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

Further information on data protection at Microsoft can be found on the following page: https://privacy.microsoft.com/de-de/privacystatement

Reddit Ads and Reddit Conversion Tracking (Pixel)

We place ads on Reddit (Reddit, Inc., 548 Market St. #16093, San Francisco, California 94104) and also use the “visitor action pixel” (Reddit Conversion Tracking) of the Reddit platform on our website.

We use Reddit Conversion Tracking for marketing and optimization purposes, particularly to analyze the use of our website and to improve individual functions and offers as well as the user experience. By statistically evaluating user behavior, we want to improve our offer and make it more interesting for users. With your consent, Reddit Conversion Tracking stores and processes information about your user behavior on our websites and uses cookies for this purpose, which are stored locally on your end device if you have reached our website via a Reddit ad. The legal basis for the processing of personal data in this context is your consent pursuant to Art. 6 para. 1 lit. a GDPR.

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser.

You can also prevent Reddit from collecting the aforementioned information by changing the corresponding settings on the following linked Reddit website: https://www.reddit.com/personalization/. Please note that these settings will be deleted if you delete your cookies.

As personal data is transferred to the USA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavor to obtain additional regulations and assurances from the recipient in the USA.

Further information on the use of cookies by Reddit Ads can also be found at: https://www.redditinc.com/policies/cookies

Reddit is responsible for data processing in connection with the delivery of our ads within the social network. You can find more information about Reddit's data processing on the following website: https://www.redditinc.com/policies/privacy-policy

Posthog

Our website uses Posthog Product Analytics by PostHog Inc, 2261 Market Street #4008, San Francisco, CA 94114, USA, for marketing and analysis purposes.

The service enables us to track activities on our website and in our app to gain insights into the use of our product, track user interactions and analyze data. For this purpose, a connection is established to the provider's servers and cookies are stored on your end device. The service provider processes the following data in particular:

IP address,
MAC address,
Browser information,
Location data (country, region, city),
Behavioral data (page views, click behavior, etc.)

The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

As personal data is transferred to Posthog, Inc. based in the USA, further protective mechanisms are required to ensure the level of data protection under the GDPR. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. Posthog, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov)

Further information on data protection at Posthog can be found on the following page: https://posthog.com/privacy

G2 Track Your Prospects

Our website uses Track Your Prospects, a service provided by G2.com, Inc, 100 S Wacker Dr #600, Chicago, IL 60606, USA (“G2”) for marketing and analyses purposes.

We use G2 - Track Your Prospects to gain insights into how our G2 product profile influences buyer behavior. Track Your Prospects provides insight into how our G2 product profile influences buyer behavior by tracking visitors who navigate between our G2 product profile and our website. When a visitor interacts with our G2 product profile and then with our website (or vice versa), we receive data about the specific page visited, the duration between visits, and the visitor's company-related information. Track Your Prospects uses browser fingerprinting to capture a visitor's IP address and browser characteristics. This information is combined into a single string and processed into a hashed value to create an anonymized identifier. The hashed identifier is used to match visitors' page views on our website and on the G2 pages relevant to our product. A visitor does not have to perform a specific action on our G2 product profile or our website for event data to be recorded.

The service provider processes the following personal data as described:

IP address,
Browser properties,
Time of the calls.

The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

As personal data is transferred to G2.com, Inc. based in the USA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR regarding companies with certification under the EU-U.S. Data Privacy Framework. G2.com, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: Participant Search (dataprivacyframework.gov).

Further information on data protection at G2.com can be found at: https://legal.g2.com/privacy-policy and at https://documentation.g2.com/docs/track-your-prospects

YouTube

On our website, we embed videos from “YouTube”, a social media platform of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”). The legal basis for the processing of your personal data in this context is your consent given in accordance with Art. 6 para. 1 lit. a GDPR.

If the playback of embedded YouTube videos is started by your consent, a server call is made, usually to a Google server in the USA. This tells the server which page you have accessed and the IP address of the browser of the visitor's end device is transmitted to Google and stored by Google.

If you have given your consent, the provider “YouTube” also uses cookies to collect information about user behavior. According to information from “YouTube”, these are used, among other things, to record video statistics, improve user-friendliness and prevent abusive behavior. If you are logged in to Google, your data may also be assigned to your account when you click on a video. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the button. Google stores this data as usage profiles and uses it for the purposes of advertising, market research and/or the needs-based design of its websites. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. Please contact Google directly for this purpose.

As personal data may be transferred by Google to affiliated companies and subcontractors in countries outside the EU and the EEA, further protective mechanisms are required to ensure the level of data protection required by the GDPR. For the USA, there is an adequacy decision of the EU Commission pursuant to Art. 45 para. 1 GDPR with regard to companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search

For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

Further information on data protection and data use by Google can be found on the following Google website: https://policies.google.com/privacy?hl=de&gl=de

5) Data transferal and recipients

Your personal data will not be transferred to third parties unless

if we have explicitly indicated this in the description of the respective data processing,
if you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
insofar as it is necessary for the processing of contractual relationships with you pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR.

In addition, we use external service providers for the processing of our services, which we have carefully selected, commissioned in writing and with whom we have concluded order processing contracts in accordance with Art. 28 GDPR if necessary. These service providers are bound by our instructions and are regularly monitored by us. These include service providers for hosting, sending emails, maintenance and servicing of our IT systems, etc. The service providers will not pass this data on to third parties.

6) Social Media

1. Introduction and general information on data processing

The protection of your personal data is very important to us. Below you will find information on the handling of your data that is collected through your use of our social media presence on social networks and platforms. Your data will be processed in accordance with the statutory regulations.

1.1 General information about the controller

The controller named at the beginning of this privacy policy (hereinafter referred to as “we/us”) operates presences or “fan pages” on various social media platforms. We are jointly responsible for the processing of your personal data in connection with your visit to our presence or our “fan page” on the platforms [Facebook, Instagram and LinkedIn] with the operators of the respective platform named here under 1.1.1, insofar as they provide us with aggregated information about visitors to our fan page or our presence (“Insights”). Detailed information on the scope of processing under joint responsibility in relation to the respective providers can be found in the second section of this privacy policy.

1.1.1 Shared responsibility

The platform operators for Facebook and Instagram are Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour Dublin 2, a subsidiary of Meta Platforms, Inc, 1601 Willow Rd Menlo Park, CA 94025-1452, USA. The operator of the LinkedIn platform is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W Maude Ave Sunnyvale, CA, 94085-2810 USA.

We have concluded an agreement with the operators in accordance with Art. 26 GDPR on joint responsibility for the processing of your personal data (Controller Addendum) with regard to Facebook. This agreement specifies which data processing operations we or the respective operator are responsible for when you visit our fan page or our presence on the platform of the respective operator. You can view this agreement at the following link:

Facebook: https://www.facebook.com/legal/terms/page_controller_addendum

LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum

1.1.2. Sole responsibility of the platform provider

If your personal data is processed by one of the providers of social media platforms listed below, this processing is the responsibility of the platform operator within the meaning of Art. 7 No. 4 GDPR. For the assertion of your rights as a data subject, we would like to point out that these can be asserted most effectively with the respective providers. Only they have access to the data collected from you. If you still need help, please contact us at any time.

Instagram, Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland
YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
XING incl. kununu (New Work SE), Am Strandkai 1, 20457 Hamburg, Germany
TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland

1.1.3 Heyflow's sole responsibility

We are solely responsible for the processing of your personal data in the cases mentioned under 1.4. to 1.7, which is not carried out by the operators mentioned under 1.1.2.

1.2 Data transfer and recipients, data transfer to third countries

If we pass on personal data to the providers of social media platforms, the latter are recipients of the data within the meaning of Art. 4 No. 9 GDPR. As personal data is transferred to countries outside the EU and the EEA (including the USA) when visiting and interacting with the social media platforms we use, further protective mechanisms are required to ensure the level of data protection under the GDPR.

Facebook & Instagram: Meta Platforms, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search. For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, the provider states that it uses standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe, see here: https://de-de.facebook.com/privacy/policy/
LinkedIn: according to the privacy policy, takes appropriate measures for third country transfers, including in particular standard data protection clauses, to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to the USA or other third countries outside the EU: https://www.linkedin.com/help/linkedin/answer/a1343190?trk=microsites-frontend_legal_privacy-policy&lang=de

In cases where providers process your personal data under their own responsibility (1.1.2.), we have no influence on the processing of this data by the provider and their handling of this data (at least after transmission of the data). For further information, please check the privacy policy of the respective provider and, if necessary, use the opt-out / personalization options with regard to data processing by the provider:

Instagram
Privacy policy/opt-out: http://instagram.com/about/legal/privacy/
Instagram (Meta Platforms Inc.) is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, the provider states that it uses standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe, see here http://instagram.com/about/legal/privacy/
YouTube/Google
- Privacy policy: https://policies.google.com/privacy?hl=de&gl=de
- Opt-out: https://adssettings.google.com/authenticated
Google (Google LLC) is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: https://www.dataprivacyframework.gov/s/participant-search For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, the provider states that it uses standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe, see here: https://policies.google.com/privacy?hl=de&gl=de
XING incl. kununu (New Work SE)
- Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
- Opt-out: https://nats.xing.com/optout.html?popup=1&locale=de_DE
- According to the privacy policy, XING uses appropriate measures for third country transfers, in particular standard data protection clauses, to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to the USA or other third countries outside the EU: https://privacy.xing.com/de/datenschutzerklaerung/wer-erhaelt-daten-zu-ihrer-person/drittlaender
TikTok
- Privacy policy / Opt-out: https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE
- If available, TikTok relies on an adequacy decision of the EU Commission for the transfer of personal data. Otherwise, according to the privacy policy, standard data protection clauses are used to ensure an adequate level of data protection in accordance with the requirements of the GDPR for data transfers to the USA or other third countries outside the EU. https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE (section “Our global activities and data transfers”).

1.3 Access to and storage of information in end devices (cookies)

When you visit our Facebook fan page or our other social media sites, one or more cookies are placed on your device by the platform provider. Cookies are small text files that are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.

By interacting with our Facebook fan page or our other social media presences, information (e.g. your IP address) may be accessed or information (e.g. cookies) may be stored in your end devices. This access or storage may involve further processing of personal data within the meaning of the GDPR.

The period of activity or validity of cookies can vary greatly, but you can delete them manually at any time using your web browser settings. If you have any technical questions, please contact the manufacturer of your web browser. Further information on the use of cookies and their legal basis can be found in the provider's privacy policy. You can find links to the respective data protection declarations above under “Data transfer and recipients”. If you have any further questions, please contact the provider of the respective social media platform directly.

1.4 Data processing for market research and advertising purposes

As a rule, personal data is processed on the company page for market research and advertising purposes of the provider of the social media platform. For this purpose, a cookie is set in your browser, which enables the respective provider to recognize you when you visit a website. The provider also carries out a comprehensive analysis of your interactions on the social media platform. The data collected can be used to create user profiles. These are used to place advertisements within and outside the platform that presumably correspond to your interests. Furthermore, data can also be stored in the usage profiles independently of the devices you use. This is regularly the case if you are a member of the respective platforms and are logged in to them. Further information on this can be found in the data protection information of the respective provider.

When you visit or interact with our social media presence, we may receive personal data from you which we process on our own responsibility in addition to the provider, in contrast to the cases mentioned in section 2 of this privacy policy. This may be about information that you actively provide (comments, likes and information that you make publicly available, such as your profile picture or name).

Our access to the aforementioned data results from the operation of our social media presence; no further processing of this data by us takes place except in the cases mentioned in this privacy policy. We have a legitimate interest in the operation of our social media presence and the associated processing of personal data that you actively publish or make available to us within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in the advertising approach as well as in the provision of an effective communication and interaction option with our company.

1.5 Data processing when contacting us

We collect personal data ourselves when you contact us, for example via a contact form or a messenger service of the respective platform, such as Facebook Messenger. Which data is collected depends on the information you provide and the contact details you provide or share. This data is stored by us for the purpose of processing the request and in the event of follow-up questions. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your request is aimed at concluding a contract. Your data will be deleted after the final processing of your request, if there are no legal storage obligations to the contrary. We assume that any processing is complete if it can be inferred from the circumstances that the matter in question has been conclusively clarified.

1.6 Data processing for contract execution

If your contact via a social network or other platform is aimed at concluding a contract for the delivery of goods or the provision of services with us, we process your data to fulfill the contract or to carry out pre-contractual measures or to provide the desired services. The legal basis for the processing of your data in this case is Art. 6 para. 1 lit. b GDPR. Your data will be deleted if it is no longer required for the performance of the contract or if it is clear that the pre-contractual measures will not lead to the conclusion of a contract in accordance with the purpose of the contact. Please note, however, that it may be necessary to store personal data of our contractual partners even after the conclusion of the contract in order to comply with contractual or legal obligations.

1.7 Data processing based on consent

If you are asked by the respective providers of the platforms for consent to processing for a specific purpose, the legal basis for processing is Art. 6 para. 1 lit. a., Art. 7 GDPR. Any consent given can be revoked at any time with effect for the future.

2. Processing in joint responsibility with the operator of the social media platform

2.1 Facebook fan page (Insights functionality)

2.1.1 Data processing with regard to “Page Insights” when visiting our Facebook fan page

When you visit our Facebook fan page, your personal data is processed by Facebook as the operator of the platform and by us as the operator of the fan page. Insofar as this data processing takes place in connection with the Insights functionality of Facebook (Meta Platforms Ireland Ltd. or Meta Platforms Inc.), we are jointly responsible with Facebook (Art. 26 para. 1 GDPR).

Page Insights (https://www.facebook.com/business/a/page/page-insights) is a function provided by Facebook that allows the operator of a Facebook fan page (us) to receive summarized data about the interaction of visitors.

Page Insights can be based on personal data that is collected in connection with a visit or interaction of people on or with our page and in connection with the content provided. Please note what personal data you share with us via Facebook. Your data may be processed for market research and advertising purposes, even if you are not logged in to Facebook or do not have a Facebook account. For example, user profiles can be created from user behavior and the resulting interests of users. The user profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. This data collection takes place via cookies that are stored on your end device. Furthermore, data that is independent of the devices used by the users may also be stored in the user profiles, especially if the users are members of the respective platforms and are logged in to them.

We only receive summarized (aggregated) data from Facebook, which does not allow any conclusions to be drawn about individual persons.

We process your personal data for advertising and marketing purposes. (e.g. increasing the reach and awareness of our fan page by designing posts to suit the target group, evaluating the success of marketing campaigns).

The legal basis for the processing of your personal data in relation to the Insights functionality is your consent given to Facebook or Meta in accordance with Art. 6 para. 1 lit. a GDPR.

For information on the purposes that Facebook pursues with the processing of your personal data and the legal basis for this data processing, please refer to Facebook's privacy policy.

Please note that we have no influence on the data collection and further processing under Facebook's responsibility. As a result, we cannot provide any information to what extent, where and for how long the data is stored by Facebook. Furthermore, we cannot make any statements to what extent Facebook complies with existing deletion obligations, what evaluations and links are made with the data on the part of Facebook and to whom the data is passed on by Facebook.

Information on the processing of your personal data, which Facebook processes for its own purposes, can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/

2.1.2 Your rights as a person affected by data processing

If, as a visitor to the site, you would like to exercise your rights (information, correction, deletion, restriction, data portability, complaint to the supervisory authority, objection or revocation), you can contact both Facebook and us. You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in:

https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com

You can restrict the visibility of your Facebook account (also) to us via the Facebook settings.

For further details, please refer to Facebook's privacy policy: https://www.facebook.com/about/privacy/

2.1.3 Data protection officer of Facebook & Instagram

To contact the data protection officer of Facebook & Instagram, you can use the online contact form supplied by the provider at the following link: https://www.facebook.com/help/contact/540977946302970

2.2 LinkedIn presence

2.2.1 Data processing with regard to “Page Insights” when visiting our LinkedIn presence

When you visit our LinkedIn page, your personal data is processed by LinkedIn as the operator of the platform and by us as the operator of our page within the platform. Insofar as this data processing takes place in connection with the Insights functionality of LinkedIn (LinkedIn Ireland Unlimited Company. or LinkedIn Corporation.), we are jointly responsible with LinkedIn (Art. 26 para. 1 GDPR).

LinkedIn Page Insights (https://legal.linkedin.com/pages-joint-controller-addendum) is a function provided by LinkedIn that allows the operator of a LinkedIn site (us) to receive summarized data about the interaction of visitors.

As part of the Page Insights function, LinkedIn evaluates your interaction with our LinkedIn presence and also uses the personal information you provide (professional activity, industry, country, etc.). The evaluated data is made available to us by LinkedIn, but only in aggregated form (i.e. LinkedIn does not provide us with specific information on individual users as part of this function, but only with summarized information). We use this aggregated data for the target group-oriented presentation of our LinkedIn presence and generally for its optimization with regard to the above-mentioned advertising purposes.

We have a legitimate interest in these advertising purposes; the processing of your data is based on Art. 6 para. 1 lit. f GDPR.

For information on the purposes that LinkedIn pursues with the processing of your personal data and on the legal basis of this data processing, please refer to LinkedIn's privacy policy.

Please note that we have no influence on the data collection and further processing under the responsibilty of LinkedIn. As a result, we cannot provide any information to what extent, where and for how long the data is stored by LinkedIn. Furthermore, we cannot make any statements to what extent Instagram complies with existing deletion obligations, what evaluations and links are made with the data by LinkedIn and to whom the data is passed on by LinkedIn.

2.2.2 Your rights as a data subject of data processing

If, as a visitor to the site, you wish to exercise your rights (information, correction, deletion, restriction, data portability, complaint to the supervisory authority, objection or revocation), you can contact both LinkedIn and us. You can restrict the visibility of your LinkedIn account (also) to us via the LinkedIn settings.

For more information on data processing by LinkedIn, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy

2.2.3 Data protection officer of LinkedIn

To contact the data protection officer of LinkedIn, you can use the contact form at the link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO.

7) Data security

We take appropriate technical and organizational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

8) Duration of storage of personal data

The duration of the storage of personal data is based on the relevant statutory retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. If data is required for contract fulfillment or contract initiation or if we have a legitimate interest in further storage, the data will be deleted when it is no longer required for these purposes or after you have exercised your right of revocation or objection.

9) Your rights

Below you will find information on the data subject rights that the applicable data protection law grants you vis-à-vis the controller regarding the processing of your personal data:

The right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.

The right, in accordance with Art. 16 GDPR, to demand the immediate completion or correction of incorrect personal data stored by us.

The right to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

The right to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR.

The right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller in accordance with Art. 20 GDPR

The right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if applicable, that of your usual place of residence or workplace.

The right to withdraw consent granted in accordance with Art. 7 para. 3 GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately

unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of the processing based on consent before its withdrawal.

10) Right to object

If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right to object without the requirement to specify a particular situation.

If you wish to exercise your right of revocation or objection, simply send an e-mail to [email protected].

11) Legal obligations

The provision of personal data for the decision on the conclusion of a contract, the fulfillment of a contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision within the framework of contractual measures if you provide such personal data that is necessary for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures.

12) Automated decision-making

Automated decision-making or profiling in accordance with Art. 22 GDPR does not take place.

13) Reservation of the right to make changes

We reserve the right to amend or update this privacy policy, where necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take into account changes to our services, e.g. when introducing new services. The respective current version applies to your visit.

Date of this privacy policy: 17/09/2024

Translated from German: 23/09/2024